Rapid IoT Device Identification at the Edge

TL;DR

This paper presents a neural network-based method for rapid identification of IoT devices at the network edge using DNS traffic, enabling immediate security and privacy threat detection.

Contribution

The paper introduces a novel neural network approach that classifies IoT devices within seconds using DNS traffic, improving speed and accuracy over existing methods.

Findings

82% accuracy in product type classification

93% accuracy in manufacturer identification

Classified 30 IoT devices from 27 manufacturers

Abstract

Consumer Internet of Things (IoT) devices are increasingly common in everyday homes, from smart speakers to security cameras. Along with their benefits come potential privacy and security threats. To limit these threats we must implement solutions to filter IoT traffic at the edge. To this end the identification of the IoT device is the first natural step. In this paper we demonstrate a novel method of rapid IoT device identification that uses neural networks trained on device DNS traffic that can be captured from a DNS server on the local network. The method identifies devices by fitting a model to the first seconds of DNS second-level-domain traffic following their first connection. Since security and privacy threat detection often operate at a device specific level, rapid identification allows these strategies to be implemented immediately. Through a total of 51,000 rigorous automated experiments, we classify 30 consumer IoT devices from 27 different manufacturers with 82% and 93% accuracy for product type and device manufacturers respectively.