Deep learning for IoT fingerprinting

Abstract

The rapid growth of the Internet-of-Things (IoT) industry has introduced new attack surfaces in home and enterprise networks due to insufficient built-in security measures in many IoT devices. IoT network fingerprinting, the process of identifying IoT devices from their network communication patterns, can be used to select appropriate access controls for vulnerable IoT devices, offering a promising solution to this security problem. Typical state-of-the-art IoT fingerprinting approaches identify devices by applying deep learning models to samples of their network traffic. This work addresses 5 challenges of using deep learning for IoT fingerprinting: (1) traffic collected by a single observer may be insufficient for training an accurate fingerprinting model; (2) variations in communication rates among different IoT devices results in imbalanced datasets, which can lead to biased models; (3) it is difficult for a model to capture the relationships between packets when some packets belong to separate flows; (4) it is inefficient to adapt an existing IoT fingerprinting model to identify new devices; and (5) relying on fixed-length samples of traffic can result in arbitrarily long fingerprinting times. For the first challenge, we propose a federated learning approach for training a fingerprinting model using traffic collected by multiple separate observers. For the second challenge, we propose a hierarchical Mixture-of-Experts that balances training data by grouping devices based on their communication rates before identifying them. For the third challenge, we propose a relative encoding technique for packet endpoints that preserves relationships across flows. For the fourth challenge, we propose a bi-component fingerprinting architecture that efficiently adapts to new devices by reusing a portion of its parameters. Finally, for the fifth challenge, we propose a fixed-time traffic sampling approach. We evaluate our proposed approaches through a series of experiments and demonstrate how each one overcomes its associated challenge in an experimental setting.