IoT Device Identification Based on Network Traffic Characteristics

TL;DR

This paper presents iotID, a machine learning-based system that accurately identifies IoT devices by analyzing network traffic features, addressing traffic imbalance issues, and achieving over 99% accuracy in smart home environments.

Contribution

The paper introduces a novel IoT device identification scheme that considers traffic imbalance and extracts comprehensive features from network flows.

Findings

Achieves over 99% balanced accuracy in device identification.

Effectively handles traffic imbalance during learning and evaluation.

Utilizes 70 features from multiple traffic aspects for improved accuracy.

Abstract

IoT device identification plays an important role in monitoring and improving the performance and security of IoT devices. Compared to traditional non-IoT devices, IoT devices provide us with both unique challenges and opportunities in detecting the types of IoT devices. Based on critical insights obtained in our previous work on understanding the network traffic characteristics of IoT devices, in this paper we develop an effective machine-learning based IoT device identification scheme, named iotID. In developing iotID, we extract 70 features of TCP flows from three complementary aspects: remote network servers and port numbers, packet-level traffic characteristics such as packet inter-arrival times, and flow-level traffic characteristics such as flow duration. Different from existing work, we take into account the imbalance nature of network traffic generated by various devices in both the learning and evaluation phases of iotID. Our performance studies based on network traffic collected on a typical smart home environment consisting of both IoT and non-IoT devices show that iotID can achieve a balanced accuracy score of above 99%.