The emergence of IoT has introduced new security concerns, particularly the detection of large-scale network attacks initiated by compromised IoT devices. The diverse nature of IoT devices adds complexity to attack detection, necessitating the classification of devices based on their unique characteristics and behavior patterns. This paper presents a novel device classification method grounded in traffic differentials before and after IoT devices succumb to compromise. The study defines the concept of attack sensitivity and designs a method for calculating the value. The K-means algorithm is used to classify devices into predefined categories based on their attack sensitivity values. The effectiveness of this method is demonstrated through experiments on a public dataset. Additionally, a multi-class classification model is developed to identify newly added devices to the IoT environment, with good results in accuracy, precision, recall, F1 score, and FPR (0.999, 0.997–1,0.997–1,0.998–1,0–0.001). Overall, The device classification method proposed in this paper, based on attack sensitivity, not only enables a rational definition of device categories but also ensures precise classification for devices newly integrated into the IoT environment. This lays the foundation for achieving more precise attack detection and protection, advancing the field towards enhanced cybersecurity measures.
Read full abstract