Automatic Device Classification from Network Traffic Streams of Internet of Things

Abstract: With the widespread adoption of Internet of Things (IoT), billions of everyday objects are being connected to the Internet. Effective management of these devices to support reliable, secure and high quality applications becomes challenging due to the scale. As one of the key cornerstones of IoT device management, automatic cross-device classification aims to identify the semantic type of a device by analyzing its network traffic. It has the potential to underpin a broad range of novel features such as enhanced security (by imposing the appropriate rules for constraining the communications of certain types of devices) or context-awareness (by the utilization and interoperability of IoT devices and their high-level semantics) of IoT applications. We propose an automatic IoT device classification method to identify new and unseen devices. The method uses the rich information carried by the traffic flows of IoT networks to characterize the attributes of various devices. We first specify a set of discriminating features from raw network traffic flows, and then propose a LSTM-CNN cascade model to automatically identify the semantic type of a device. Our experimental results using a real-world IoT dataset demonstrate that our proposed method is capable of delivering satisfactory performance. We also present interesting insights and discuss the potential extensions and applications.

• The paper introduces a novel LSTM-CNN model that classifies IoT devices by leveraging both temporal sequences and spatial features from network traffic data.
• The methodology uses robust segmentation and feature extraction techniques, achieving up to 99.7% accuracy in binary classification scenarios with deep learning.
• The approach outperforms traditional classifiers like SVM and Random Forest, highlighting the importance of diverse datasets for reliable device identification in IoT networks.

Automatic Device Classification from Network Traffic Streams of Internet of Things

Abstract

The paper presents a method for automatically classifying Internet of Things (IoT) devices using network traffic data, leveraging both temporal and structural data derived from IoT network flows. The authors introduce a novel Long Short-Term Memory (LSTM) - Convolutional Neural Network (CNN) cascade model aimed at classifying new and previously unseen IoT devices. The research addresses the challenge of distinguishing devices with similar functional roles but made by different manufacturers, offering an automated approach that could enhance both security and quality of service (QoS) in IoT networks.

Introduction

As the proliferation of IoT devices continues unabated, effective management and classification become critically important. Traditional methods for identifying devices are often restricted by assuming control over homogeneous device environments. This paper challenges existing paradigms by proposing a methodology capable of classifying unknown devices within a broader IoT infrastructure, enhancing device identification processes in real-world applications. Unlike prior approaches, which depend heavily on prior knowledge of the devices, this method extracts features from raw network data and processes them through a hybrid neural network model to identify device types with improved accuracy.

Figure 1: Daily Network traffic volume from three IoT devices.

Methodology

The research utilizes a robust segmentation and feature extraction process to characterize device-specific network traffic into meaningful features. These are processed by a deep learning model composed of LSTM layers to capture temporal dependencies, followed by CNN layers for spatial feature extraction.

Network Traffic Acquisition and Preprocessing

The process commences with packet capture using tools like Wireshark and tcpdump to gather essential traffic data. Packets are filtered through MAC addresses to isolate device-specific flows.

Figure 2: Proposed Approach for Automatic Cross-Device identification.

Segmentation and Feature Extraction

Traffic is segmented into intervals to ensure efficiency and manageability. Features are extracted concerning traffic volume, packet characteristics, and network protocols. These segmented flows form the foundation for the data fed into the LSTM-CNN architecture.

Figure 3: Maximum and average packets number produced by six common IoT devices in one minute.

LSTM-CNN Cascade Model

The LSTM layers are employed to leverage time dependencies from the traffic data, focusing on sequence prediction. The CNN component subsequently extracts spatial features, improving classification accuracy through layered processing and feature hierarchies.

Figure 4: Proposed LSTM-CNN cascade device classification model.

Experimental Evaluation

The model's efficacy was tested on real-world IoT datasets, demonstrating an accuracy of 74.8% in mixed-device environments, significantly outperforming traditional classifiers like SVM and Random Forest. Notably, the model achieved up to 99.7% accuracy in binary classification tasks when provided sufficient training data, highlighting its adaptability and performance in varied contexts.

Figure 5: The confusion matrix of device classification.

Comparative Analysis

Comparative analyses against established classification techniques revealed substantial improvements in accuracy and reliability of device identification through this hybrid neural approach. The paper underscores the importance of rich dataset diversity over sheer size, advocating for broader data collection across multiple device types to better inform model training.

Conclusion

The proposed method extends the capabilities of IoT device classification by employing deep learning tools that capture and interpret both temporal and structural data aspects from network streams. Future work is anticipated to enhance dataset richness and evaluate model robustness across diverse IoT scenarios, ensuring greater scalability and deployment potential.

In conclusion, this research provides a meaningful advancement in IoT network management and security, offering a scalable, efficient solution for automatic device classification leveraging advanced neural architectures. Future endeavors will aim to refine the model's accuracy further and extend its applicability to larger, more varied datasets to accommodate the expanding landscape of IoT applications.