ScaNeF-IoT: scalable network fingerprinting for IoT device
ScaNeF-IoT: scalable network fingerprinting for IoT device
Recognising IoT devices through network fingerprinting contributes to enhancing the security of IoT networks and supporting forensic activities. Machine learning techniques have been extensively utilised in the literature to optimise IoT fingerprinting accuracy. Given the rapid proliferation of new IoT devices, a current challenge in this field is around how to make IoT fingerprinting scalable, which involves efficiently updating the used machine learning model to enable the recognition of new IoT devices. Some approaches have been proposed to achieve scalability, but they all suffer from limitations like large memory requirements to store training data and accuracy decrease for older devices.
In this paper, we propose ScaNeF-IoT, a novel scalable network fingerprinting approach for IoT devices based on online stream learning and features extracted from fixed-size session payloads. Employing online stream learning allows to update the model without retaining training data. This, alongside relying on fixed-size session payloads, enables scalability without deteriorating recognition accuracy. We implement ScaNeF-IoT by analysing TCP/UDP payloads and utilising the Aggregated Mandrian Forest as the online stream learning algorithm. We provide a preliminary evaluation of ScaNeF-IoT accuracy and how it is affected as the model is updated iteratively to recognise new IoT devices. Furthermore, we compare ScaNeF-IoT accuracy with other IoT fingerprinting approaches, demonstrating that it is comparable to the state of the art and does not worsen as the classifier model is updated, despite not requiring to retain any training data for older IoT devices.
Internet of Things (IoT), IoT device fingerprinting, device identification, passive scanning, scalability
Association for Computing Machinery
Alyahya, Tadani Nasser
ab766419-1522-4e6e-9ab5-1de79c54a111
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
30 July 2024
Alyahya, Tadani Nasser
ab766419-1522-4e6e-9ab5-1de79c54a111
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Alyahya, Tadani Nasser, Aniello, Leonardo and Sassone, Vladimiro
(2024)
ScaNeF-IoT: scalable network fingerprinting for IoT device.
In ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security.
Association for Computing Machinery.
9 pp
.
(doi:10.1145/3664476.3670892).
Record type:
Conference or Workshop Item
(Paper)
Abstract
Recognising IoT devices through network fingerprinting contributes to enhancing the security of IoT networks and supporting forensic activities. Machine learning techniques have been extensively utilised in the literature to optimise IoT fingerprinting accuracy. Given the rapid proliferation of new IoT devices, a current challenge in this field is around how to make IoT fingerprinting scalable, which involves efficiently updating the used machine learning model to enable the recognition of new IoT devices. Some approaches have been proposed to achieve scalability, but they all suffer from limitations like large memory requirements to store training data and accuracy decrease for older devices.
In this paper, we propose ScaNeF-IoT, a novel scalable network fingerprinting approach for IoT devices based on online stream learning and features extracted from fixed-size session payloads. Employing online stream learning allows to update the model without retaining training data. This, alongside relying on fixed-size session payloads, enables scalability without deteriorating recognition accuracy. We implement ScaNeF-IoT by analysing TCP/UDP payloads and utilising the Aggregated Mandrian Forest as the online stream learning algorithm. We provide a preliminary evaluation of ScaNeF-IoT accuracy and how it is affected as the model is updated iteratively to recognise new IoT devices. Furthermore, we compare ScaNeF-IoT accuracy with other IoT fingerprinting approaches, demonstrating that it is comparable to the state of the art and does not worsen as the classifier model is updated, despite not requiring to retain any training data for older IoT devices.
Text
3664476.3670892
- Version of Record
More information
Published date: 30 July 2024
Venue - Dates:
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security, , Vienna, Austria, 2024-07-30 - 2024-08-02
Keywords:
Internet of Things (IoT), IoT device fingerprinting, device identification, passive scanning, scalability
Identifiers
Local EPrints ID: 493231
URI: http://eprints.soton.ac.uk/id/eprint/493231
PURE UUID: f808a5ab-51f6-4859-a14e-3da5a7209595
Catalogue record
Date deposited: 28 Aug 2024 16:52
Last modified: 10 Sep 2024 01:40
Export record
Altmetrics
Contributors
Author:
Tadani Nasser Alyahya
Author:
Leonardo Aniello
Author:
Vladimiro Sassone
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics