Early Generation and Detection of Efficient IoT Device Fingerprints Using Machine Learning

Abstract

The proliferation of Internet of Things (IoT) markets in the last decade introduces new challenges for network traffic analysis, and processing packet flows to identify IoT devices. This type of device suffers from scarcity, making them vulnerable to spoofing operations. In such circumstances, the device can be recognized by identifying its fingerprint. In this paper, a novel idea to elicit Device FingerPrint (DFP) is presented by extracting 30 features from the collected traffic packets of 19 IoT devices during setup and startup operations. Raspberry Pi 3 Model B+ is configured as an access point to collect and analyze the traffic of seven networked IoT devices using Wireshark Network Protocol Analyzer. Moreover, the rest of IoT devices traffic is taken from the publicly available network traffic dataset. Each IoT device's feature extraction process starts from getting Extensible Authentication Protocol over LAN (EAPOL) protocol, continuing with the other flowed protocols until the first session of Transmission Control Protocol (TCP) related to that device is closed. Depending on some produced variation of device traffic features, 20 fingerprints for each device are created. The probability theorem of Gaussian Naive Bayes (GNB) supervised machine learning is utilized to identify fingerprints of individual known devices and isolate the unknown ones. The performance evaluation for the proposed technique was calculated based on two measures, F1-score and identification accuracy. The average F1 score was around 0.99, while the overall identification accuracy rate was 98.35%.