Detection of Unauthorized IoT Devices Using Machine Learning Techniques

Security experts have demonstrated numerous risks imposed by Internet of Things (IoT) devices on organizations. Due to the widespread adoption of such devices, their diversity, standardization obstacles, and inherent mobility, organizations require an intelligent mechanism capable of automatically detecting suspicious IoT devices connected to their networks. In particular, devices not included in a white list of trustworthy IoT device types (allowed to be used within the organizational premises) should be detected. In this research, Random Forest, a supervised machine learning algorithm, was applied to features extracted from network traffic data with the aim of accurately identifying IoT device types from the white list. To train and evaluate multi-class classifiers, we collected and manually labeled network traffic data from 17 distinct IoT devices, representing nine types of IoT devices. Based on the classification of 20 consecutive sessions and the use of majority rule, IoT device types that are not on the white list were correctly detected as unknown in 96% of test cases (on average), and white listed device types were correctly classified by their actual types in 99% of cases. Some IoT device types were identified quicker than others (e.g., sockets and thermostats were successfully detected within five TCP sessions of connecting to the network). Perfect detection of unauthorized IoT device types was achieved upon analyzing 110 consecutive sessions; perfect classification of white listed types required 346 consecutive sessions, 110 of which resulted in 99.49% accuracy. Further experiments demonstrated the successful applicability of classifiers trained in one location and tested on another. In addition, a discussion is provided regarding the resilience of our machine learning-based IoT white listing method to adversarial attacks.

[1]  John Thielens Why APIs are central to a BYOD security strategy , 2013, Netw. Secur..

[2]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[3]  Urs Gasser,et al.  Don't Panic: Making Progress on the "Going Dark" Debate , 2016 .

[4]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[5]  Sachchidanand Singh,et al.  Internet of Things (IoT): Security challenges, business opportunities & reference architecture for E-commerce , 2015, 2015 International Conference on Green Computing and Internet of Things (ICGCIoT).

[6]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[7]  Leyla Bilge,et al.  Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis , 2012, ACSAC '12.

[8]  Ali A. Ghorbani,et al.  Comparative Study of Supervised Machine Learning Techniques for Intrusion Detection , 2007, Fifth Annual Conference on Communication Networks and Services Research (CNSR '07).

[9]  Bill Morrow,et al.  BYOD security challenges: control and protect your most sensitive data , 2012, Netw. Secur..

[10]  Aiko Pras,et al.  Flow whitelisting in SCADA networks , 2013, Int. J. Crit. Infrastructure Prot..

[11]  Abdul Boztas,et al.  Smart TV forensics: Digital traces on televisions , 2015, Digit. Investig..

[12]  Lior Rokach,et al.  Unknown malware detection using network traffic classification , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[13]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[14]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[15]  Martín Casado,et al.  The Effectiveness of Whitelisting: a User-Study , 2008, CEAS.

[16]  栄 久米原,et al.  Wiresharkパケット解析リファレンス : Network Protocol Analyzer , 2009 .

[17]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[18]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[19]  Mohd Taufik Abdullah,et al.  A Review of Bring Your Own Device on Security Issues , 2015 .

[20]  Katia Moskvitch Securing IoT: In your smart home and your connected enterprise , 2017 .

[21]  Riccardo Bonetto,et al.  Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[22]  Vijay Sivaraman,et al.  Low-cost flow-based security solutions for smart-home IoT devices , 2016, International Workshop on Ant Colony Optimization and Swarm Intelligence.

[23]  George C. Hadjichristofi,et al.  Internet of Things: Security vulnerabilities and challenges , 2015, 2015 IEEE Symposium on Computers and Communication (ISCC).

[24]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[25]  Ramjee Prasad,et al.  Object Classification based Context Management for Identity Management in Internet of Things , 2013 .

[26]  Wenke Lee,et al.  Botnet Detection: Countering the Largest Security Threat , 2010, Botnet Detection.

[27]  Kai Zhao,et al.  A Survey on the Internet of Things Security , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[28]  Steffen Fries,et al.  Managed Certificate Whitelisting – A Basis for Internet of Things Security in Industrial Automation Applications , 2014 .

[29]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[30]  W. Timothy Strayer,et al.  Botnet Detection Based on Network Behavior , 2008, Botnet Detection.

[31]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[32]  Yuval Elovici,et al.  ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis , 2017, SAC.