Cross-Layer Protocol Fingerprint for Large-Scale Fine-Grain Devices Identification

Internet-connected Internet of Things (IoT) devices are exploding, which pose a significant threat for their management and security protection. IoT device identification is a prerequisite for discovering, monitoring, and protecting these devices. Although the existing proactive identification methods based on protocol fingerprint can discover and identify large-scale IoT devices, the fingerprint granularity is difficult to meet the requirements of security risk assessment for large-scale IoT devices. Since IoT devices usually support multiple network protocols for specific collection and control tasks, we propose a cross-layer protocol fingerprint to achieve large-scale fine-grained devices identification instead of traditional single protocol fingerprint. We first design a probing scheme for gathering HTTP and TCP cross-layer packets. Then we select the specific field of the HTTP and TCP protocols based on the diversity and consistence of field value. Finally, we utilize convolutional neural network (CNN) and long-term memory network (LSTM) to extract and construct feature fingerprint of these specific fields, and achieve a fine-grain IoT devices identification with high accuracy. The experimental results show that our identification accuracy of devices model reaches 96.6%, the recall rate reaches 97.4%.

[1]  Qiang Li,et al.  Towards automatic fingerprinting of IoT devices in the cyberspace , 2019, Comput. Networks.

[2]  Indrajit Ray,et al.  Behavioral Fingerprinting of IoT Devices , 2018, ASHES@CCS.

[3]  Amir R. Khakpour,et al.  An Information-Theoretical Approach to High-Speed Flow Nature Identification , 2013, IEEE/ACM Transactions on Networking.

[4]  Mehmet Hadi Gunes,et al.  Operating System Classification Performance of TCP/IP Protocol Headers , 2016, 2016 IEEE 41st Conference on Local Computer Networks Workshops (LCN Workshops).

[5]  Michael A. Temple,et al.  Improving ZigBee Device Network Authentication Using Ensemble Decision Tree Classifiers With Radio Frequency Distinct Native Attribute Fingerprinting , 2015, IEEE Transactions on Reliability.

[6]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[7]  Raheem Beyah,et al.  GTID: A Technique for Physical Device and Device Type Fingerprinting , 2015, IEEE Transactions on Dependable and Secure Computing.

[8]  Ke Gao,et al.  A passive approach to wireless device fingerprinting , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[9]  Zhifei Zhang,et al.  Analyzing User-Level Privacy Attack Against Federated Learning , 2020, IEEE Journal on Selected Areas in Communications.

[10]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[11]  Antônio J. Pinheiro,et al.  Identifying IoT devices and events based on packet length from encrypted traffic , 2019, Comput. Commun..

[12]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[13]  Yuval Elovici,et al.  ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis , 2017, SAC.

[14]  Qian Wang,et al.  Task-Bundling-Based Incentive for Location-Dependent Mobile Crowdsourcing , 2019, IEEE Communications Magazine.

[15]  Dawn Xiaodong Song,et al.  Fig: Automatic Fingerprint Generation , 2007, NDSS.