IoTAthena: Unveiling IoT Device Activities from Network Traffic

TL;DR

IoTAthena is a system that identifies and sequences IoT device activities from raw network traffic by using novel algorithms to match activity signatures, enhancing understanding of IoT device behaviors for security purposes.

Contribution

The paper introduces IoTAthena with two polynomial time algorithms, sigMatch and actExtract, for accurately unveiling IoT device activities from network traffic, which is a novel approach.

Findings

IoTAthena accurately characterizes IoT device activities.

The system successfully unveils activity sequences in real-world and public datasets.

It demonstrates high precision in activity detection from raw network data.

Abstract

The recent spate of cyber attacks towards Internet of Things (IoT) devices in smart homes calls for effective techniques to understand, characterize, and unveil IoT device activities. In this paper, we present a new system, named IoTAthena, to unveil IoT device activities from raw network traffic consisting of timestamped IP packets. IoTAthena characterizes each IoT device activity using an activity signature consisting of an ordered sequence of IP packets with inter-packet time intervals. IoTAthena has two novel polynomial time algorithms, sigMatch and actExtract. For any given signature, sigMatch can capture all matches of the signature in the raw network traffic. Using sigMatch as a subfunction, actExtract can accurately unveil the sequence of various IoT device activities from the raw network traffic. Using the network traffic of heterogeneous IoT devices collected at the router of a real-world smart home testbed and a public IoT dataset, we demonstrate that IoTAthena is able to characterize and generate activity signatures of IoT device activities and accurately unveil the sequence of IoT device activities from raw network traffic.