IoT Device Recognition Framework Based on Network Protocol Keyword Query

Xu, Zi-Xiao; Dai, Qinyun; Xu, Gang; Huang, Haihong; Chen, Xiu-Bo; Yang, Yixian

doi:10.1007/978-3-030-57884-8_20

Cited by 4 publications

(3 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previous studies into keyword extraction can give an indication to the protocols and fields that are likely to be unencrypted, and how they can be used. The main traffic used in these studies includes broadcast traffic such as mDNS and SSDP [12], [22 -24], DHCP [12], [22][23][24], HTTP (User Agents & URI) [14], [24 -26], DNS [24,26] and packet content [27]. These protocols are all shown to give unencrypted information that is useful for analysis.…”

Section: B Specific To Keyword Extractionmentioning

confidence: 99%

“…These protocols are all shown to give unencrypted information that is useful for analysis. When extracted, keywords should be filtered to make them both more useful and unique [12], [24], [25]. Another technique is to combine two protocols to identify a device between manufacturers.…”

Section: B Specific To Keyword Extractionmentioning

confidence: 99%

“…The technique introduced by Xu et al [24] uses keywords extracted from protocols which are then manually input as searches to e-commerce sites. The results are hard to reproduce, and the granularity in best cases is a model.…”

Section: B Specific To Keyword Extractionmentioning

confidence: 99%

See 2 more Smart Citations

Keyword Extraction for Fine-Grained IoT Device Identification

Andrews

Oikonomou

Armour

et al. 2022

2022 Seventh International Conference on Fog and Mobile Edge Computing (FMEC)

View full text Add to dashboard Cite

Internet of Things (IoT) devices are becoming more widespread in networks and are shown to have security considerations as an afterthought. Identifying IoT devices can help users locate security vulnerabilities in their networks.Previous studies have used machine learning and rule-based methods to try and identify unknown devices from passive network traffic. The first issue with these approaches however is that the device must have been seen on a training dataset beforehand; otherwise it cannot be identified. The second issue is that trying to achieve granularity on device identification down to firmware level from passive network traffic has not been researched before, and is a key factor in identifying vulnerable devices. This paper contains a novel technique to solve those two problems. The technique automatically identifies unknown devices from passive network traffic without using a machine learning approach that finds and weights keywords found in each packet per device. These keywords then allow device identification down to a specific firmware version. The approach in this paper achieved 71% accuracy for identifying firmware versions and 74% and 78% for models and makes respectively, across a test dataset of 44 devices.

show abstract