Nowadays, various Internet of Things (IoT) devices, such as routers, webcams, and network printers, have been deployed across the Internet. For security and management purposes, it is important to accurately fingerprint IoT devices. In this work, we build a first benchmark called DevTag (IoT Device Tagging) for fingerprinting IoT devices. Specifically, DevTag supports retrieving packet-level features from IoT devices through two different data collections, passive monitoring, and active probing. For detecting IoT devices, DevTag integrates model-based and rule-based fingerprinting methods. For the model-based detection, we reimplemented five typical deep algorithms to infer IoT device classification models. For the rule-based detection, we generated nearly 41 117 rules in a unified format by analyzing several open-source tools. Furthermore, we conducted a systematic analysis to explore the advantages and limitations of those two methods for detecting IoT devices. Our analysis results reveal that the model-based detection has a significant advantage in distinguishing coarse-grained IoT devices (e.g., device type and vendor), while it is not suitable to detect product information as the label amount is massive. The rule-based detection is capable of extracting fine-grained device information with high precision in a short time. However, rules also suffer several inherent problems, such as multiple matching, conflicting, and overlapping issues. Finally, we implemented and distributed a prototype of DevTag working as the first benchmark for detecting IoT devices in the network community.
Read full abstract