The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Scalable network fingerprinting for IoT devices

Scalable network fingerprinting for IoT devices
Scalable network fingerprinting for IoT devices
Recognising IoT devices through network fingerprinting contributes to enhancing the security of IoT networks and supporting forensic activities. Network fingerprinting for IoT devices involves analysing the traffic from these devices to accurately identify them without relying on explicit identifiers within the transmitted packets, which can be spoofed. Machine learning techniques have been extensively utilised in the literature to optimise IoT fingerprinting accuracy. Given the rapid proliferation of new IoT devices, a current challenge in this field is around how to make IoT fingerprinting scalable, which involves efficiently updating the used machine learning model to enable the recognition of new IoT devices. Some approaches have been proposed to achieve scalability, but they all suffer from limitations like large memory requirements to store training data and accuracy decrease for older devices. In this research, we propose a novel, scalable network fingerprinting method for IoT devices that leverages online stream learning and fixed-size session payloads. This approach enables the model to be updated periodically without needing to retain data, ensuring scalability and maintaining high recognition accuracy. Moreover, our method includes a mechanism for detecting unknown IoT devices. Our contributions are multifaceted, beginning with a comprehensive survey of passive IoT device fingerprinting that leverages machine learning and network characteristics, systematically reviewing the literature and detailing the network traffc features used for device identification. We identify key open research problems and future directions in this domain, highlighting significant challenges and gaps. A notable advancement is the introduction of ScaNeF-IoT, a scalable IoT fingerprinting approach utilising online stream learning and fixed-size traffic payload sessions, demonstrating high accuracy and adaptability. The scalability of the approach lies in its ability to continuously update the machine learning model with minimal resource overhead, allowing for the seamless recognition of new IoT devices without retraining from scratch. We further investigate feature extraction method, which indicates the instances of interest from network traffic, such as packets, fows, or sessions, for further analysis and feature extraction, finding that fixed-size payload sessions outperform others with an accuracy of over 99.5% and an average false positive rate of 2.25%. Additionally, our scalable system is able to detect unknown IoT devices using online stream learning and z-score analysis, showcasing efficiency and adaptability. Our scalable IoT device fingerprinting approach achieves 100% accuracy in detecting unknown devices and 94% average accuracy in identifying known devices in streaming data.
University of Southampton
Alyahya, Tadani Nasser
ab766419-1522-4e6e-9ab5-1de79c54a111
Alyahya, Tadani Nasser
ab766419-1522-4e6e-9ab5-1de79c54a111
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Sassone, vladi
df7d3c83-2aa0-4571-be94-9473b07b03e7

Alyahya, Tadani Nasser (2024) Scalable network fingerprinting for IoT devices. University of Southampton, Doctoral Thesis, 158pp.

Record type: Thesis (Doctoral)

Abstract

Recognising IoT devices through network fingerprinting contributes to enhancing the security of IoT networks and supporting forensic activities. Network fingerprinting for IoT devices involves analysing the traffic from these devices to accurately identify them without relying on explicit identifiers within the transmitted packets, which can be spoofed. Machine learning techniques have been extensively utilised in the literature to optimise IoT fingerprinting accuracy. Given the rapid proliferation of new IoT devices, a current challenge in this field is around how to make IoT fingerprinting scalable, which involves efficiently updating the used machine learning model to enable the recognition of new IoT devices. Some approaches have been proposed to achieve scalability, but they all suffer from limitations like large memory requirements to store training data and accuracy decrease for older devices. In this research, we propose a novel, scalable network fingerprinting method for IoT devices that leverages online stream learning and fixed-size session payloads. This approach enables the model to be updated periodically without needing to retain data, ensuring scalability and maintaining high recognition accuracy. Moreover, our method includes a mechanism for detecting unknown IoT devices. Our contributions are multifaceted, beginning with a comprehensive survey of passive IoT device fingerprinting that leverages machine learning and network characteristics, systematically reviewing the literature and detailing the network traffc features used for device identification. We identify key open research problems and future directions in this domain, highlighting significant challenges and gaps. A notable advancement is the introduction of ScaNeF-IoT, a scalable IoT fingerprinting approach utilising online stream learning and fixed-size traffic payload sessions, demonstrating high accuracy and adaptability. The scalability of the approach lies in its ability to continuously update the machine learning model with minimal resource overhead, allowing for the seamless recognition of new IoT devices without retraining from scratch. We further investigate feature extraction method, which indicates the instances of interest from network traffic, such as packets, fows, or sessions, for further analysis and feature extraction, finding that fixed-size payload sessions outperform others with an accuracy of over 99.5% and an average false positive rate of 2.25%. Additionally, our scalable system is able to detect unknown IoT devices using online stream learning and z-score analysis, showcasing efficiency and adaptability. Our scalable IoT device fingerprinting approach achieves 100% accuracy in detecting unknown devices and 94% average accuracy in identifying known devices in streaming data.

Text
Scalable Network Fingerprinting for IoT_PhD_Thesis_TadaniAlyahya-a3u - Accepted Manuscript
Available under License University of Southampton Thesis Licence.
Download (3MB)
Text
Final-thesis-submission-Examination-Mrs-Tadani-Alyahya
Restricted to Repository staff only

More information

Published date: 2024
Learn more about School of Electronics and Computer Science research

Identifiers

Local EPrints ID: 496611
URI: http://eprints.soton.ac.uk/id/eprint/496611
PURE UUID: 425fbfd3-ad1b-4f01-8e9b-827d2dfe56d7
ORCID for Tadani Nasser Alyahya: ORCID iD orcid.org/0000-0001-8570-5445
ORCID for Leonardo Aniello: ORCID iD orcid.org/0000-0003-2886-8445
ORCID for vladi Sassone: ORCID iD orcid.org/0000-0002-6432-1482

Catalogue record

Date deposited: 07 Jan 2025 17:28
Last modified: 08 Feb 2025 03:03

Export record

Contributors

Author: Tadani Nasser Alyahya ORCID iD
Thesis advisor: Leonardo Aniello ORCID iD
Thesis advisor: vladi Sassone ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

Loading...

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

Back to top

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×