Exploiting Heterogeneous Information for IoT Device Identification Using Graph Convolutional Network

Abstract

IoT devices are widely present in production and life. To provide unique resource requirements and Quality of Service for different device types, we are prompted to implement IoT device identification. Existing IoT device identification methods either need to extract features manually or suffer from low effectiveness. In addition, these methods mainly focus on plaintext traffic, and their effectiveness will not work in the encryption era. It remains a challenging task to conduct IoT device identification via TLS encrypted traffic analysis accurately. This work fills the gap by presenting THG-IoT, a novel device identification method using graph convolutional network (GCN). We propose a graph structure named traffic heterogeneous graph (THG), an information-rich representation of encrypted IoT network traffic. The key novelty of THG is two-fold: i) it is a traffic heterogeneous graph containing two kinds of nodes and two kinds of edges. Compared with the sequence model, THG can better model the relationship between the flows and the packets. ii) it implicitly reserves multiple heterogeneous information, including packet length, packet message type, packet context, and flow composition, in the bidirectional packet sequence. Moreover, we utilize THG to convert IoT device identification into a graph node classification problem and design a powerful GCN-based classifier. The experimental results show that THG-IoT achieves excellent performance. The TPR exceeds 95% and the FPR is less than 0.4%, superior to the state-of-the-art methods.