In cyberspace, a large number of Internet of Things (IoT) devices from different manufacturers with hetero-geneous functionalities are connected together. It is challenging to identify all these devices in an IoT ecosystem. The situation becomes even more complicated when the devices come from the same manufacturer and of similar types due to their analogous network communication behaviour. In this paper, a device fingerprinting (DFP) approach based on a set of combined features from packet-level and frame-level has been proposed. A large number of features has been studied, and consequently, a suitable subset of features has been selected according to gain-ratio and device-specific features for DFP. Furthermore, experiments with different types of IoT devices in a laboratory environment to collect network traffic traces have been conducted and used to evaluate the performance of the proposed approach using the J48 (C4.5) algorithm. It has been shown that the proposed model is able to identify individual device types with 99.0% precision and 98.9% recall with the approach capable of classifying IoT devices coming from the same manufacturer and of similar types, with higher accuracy. These results are significant as it can be used as a security reinforcement tool towards increasing the security and resilience of IoT networks.
Network packet analysis, MAC frame analysis, device fingerprinting (DFP), probe request frame, Internet of Things (IoT)
CHOWDHURY, RAJARSHI ROY; IDRIS, AZAM CHE; and ABAS, PG EMEROYLARIFFION
"Packet-level and IEEE 802.11 MAC frame-level analysis for IoT device identification,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 30:
5, Article 18.
Available at: https://journals.tubitak.gov.tr/elektrik/vol30/iss5/18