Abstract

IoT Device fingerprinting of network traffic is valuable for many management and security solutions as it provides insights into the devices active on a network. Unfortunately, existing techniques focus on the public (de facto) standard protocol and suffer from low efficiency and high data packet dependence at flow-level granularity. Hence, accurately identifying the types of proprietary-protocol-oriented IoT devices is still a challenge that cannot be ignored. As a solution, we propose DeepFinger, a full-automated, byte-level payload fingerprint generation approach to fill this gap. DeepFinger aims to eliminate the manual intervention required to extract available payload-driven fingerprints, in the absence of priori protocol specification information. The key sight of DeepFinger is that it utilizes deep clustering to automatically cluster similar payloads and infer key-blocks as fingerprints. Through extensive evaluation, we demonstrate that DeepFinger achieves the average TPR with 98.81%, the average FTF with 98.74%, and the average FPR with 0.07% on the dataset containing multiple proprietary protocols. In addition, on three datasets containing public protocols such as MQTT, Modbus, HTTP, and XMPP, DeepFinger also achieved excellent performance by virtue of its extensibility. These results suggest that DeepFinger can be a promising tool for automatizing the payload fingerprint extraction process, based on proprietary protocol assumption.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.