Classifying IoT Device’s Traffic Traces Using Network Traffic Characteristics

The escalating proliferation of devices, including both Internet of Things (IoT) and non-IoT devices, has triggered a suite of emergent security challenges in cyberspace, such as accurate device identification and authentication. The wide array of device types, protocols, and usability exacerbates these challenges. While conventional addressing schemes such as the logical Internet Protocol addressing and physical Media Access Control addressing schemes are integral for communication, they are susceptible to spoofing attacks. Device fingerprinting can be used to address the issue of identifying devices and traffic types using only implicit identifiers such as network traffic characteristics. In this paper, supervised machine learning based a device fingerprinting model has been proposed for the classification of both IoT and non-IoT devices on three levels based on their communication traffic characteristics. A meticulous feature selection process, employing two attribute evaluators, identified a subset of twenty features crucial for generating unique fingerprints from a large set of features pool. Three publicly available datasets and two supervised classifiers were utilized for evaluation purposes. Experimental results illustrated that the proposed model attained a classification accuracy exceeding 99% in discerning between known and unknown traffic traces (Level-1) on both the UNSW IoT and D-Link IoT datasets using the Random Forest (RF) classifier, and 99.74% accuracy in classifying network traffic types (Level-2) on the UNSW dataset. Individual device identification (Level-3) proves equally robust, with the RF and J48 classifiers achieving 99.03% and 98.14% accuracies on the UNSW non-IoT and IoT datasets, respectively. These findings underscore the potential of the device fingerprinting model in enhancing network security. The model’s robust classification capabilities across various datasets and identification levels make it a valuable asset in tackling modern security challenges in networked environments.