Early-Stage IoT Device Identification Using Passive Network Traffic Analysis

TL;DR

This paper demonstrates that IoT devices can be accurately identified within seconds of network connection using passive traffic metadata, enabling real-time security and management without payload inspection.

Contribution

It introduces a lightweight, passive approach for early IoT device identification based solely on flow-level metadata, achieving high accuracy without payload analysis.

Findings

Device signatures emerge within seconds of connection.

High identification accuracy (up to 99%) achieved early.

Extending observation time does not significantly improve accuracy.

Abstract

The rapid proliferation of Internet of Things (IoT) devices introduces significant security challenges due to limited visibility and weak device-level guarantees. Accurate and timely identification of devices is essential for enforcing network policies and detecting unauthorised hardware, yet existing approaches often rely on long-term traffic observation, payload inspection, or infrastructure-dependent features. In this paper, we investigate whether IoT devices can be reliably identified during the early stages of network attachment using only passive traffic analysis. We propose a lightweight approach based on flow-level features extracted from metadata, avoiding payload inspection and active probing. Through systematic evaluation across multiple observation windows, we show that device-specific signatures emerge within the first few seconds of communication, enabling high-accuracy identification (up to 99%) across 37 IoT devices. Notably, extending the observation window does not consistently improve performance and may slightly degrade accuracy, indicating that the most discriminative behaviour occurs during initial device startup. These findings demonstrate the feasibility of fast, privacy-preserving IoT device identification at the network edge, supporting real-time enforcement, device inventory, and anomaly detection in practical deployments.