Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

DeviceRadar: Online IoT Device Fingerprinting in ISPs using Programmable Switches (2404.12738v1)

Published 19 Apr 2024 in cs.NI and cs.CR

Abstract: Device fingerprinting can be used by Internet Service Providers (ISPs) to identify vulnerable IoT devices for early prevention of threats. However, due to the wide deployment of middleboxes in ISP networks, some important data, e.g., 5-tuples and flow statistics, are often obscured, rendering many existing approaches invalid. It is further challenged by the high-speed traffic of hundreds of terabytes per day in ISP networks. This paper proposes DeviceRadar, an online IoT device fingerprinting framework that achieves accurate, real-time processing in ISPs using programmable switches. We innovatively exploit "key packets" as a basis of fingerprints only using packet sizes and directions, which appear periodically while exhibiting differences across different IoT devices. To utilize them, we propose a packet size embedding model to discover the spatial relationships between packets. Meanwhile, we design an algorithm to extract the "key packets" of each device, and propose an approach that jointly considers the spatial relationships and the key packets to produce a neighboring key packet distribution, which can serve as a feature vector for machine learning models for inference. Last, we design a model transformation method and a feature extraction process to deploy the model on a programmable data plane within its constrained arithmetic operations and memory to achieve line-speed processing. Our experiments show that DeviceRadar can achieve state-of-the-art accuracy across 77 IoT devices with 40 Gbps throughput, and requires only 1.3% of the processing time compared to GPU-accelerated approaches.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (53)
  1. “Internet of Things Security and Privacy Recommendations (2016),” http://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf, Broadband Internet Technical Advisory Group, 2016.
  2. G. Bastos, W. M. Jr. et al., “Identifying and characterizing bashlite and mirai c&c servers,” in IEEE Symposium on Computers and Communications (ISCC), 2019.
  3. M. Antonakakis, T. April et al., “Understanding the mirai botnet,” in USENIX Security Symposium (USENIX Security), 2017.
  4. “Cve,” https://www.cve.org/, MITRE Corporation, 2022.
  5. X. Ma, J. Qu et al., “Pinpointing hidden iot devices via spatial-temporal traffic fingerprinting,” in IEEE Conference on Computer Communications (INFOCOM), 2020.
  6. L. Yu, B. Luo et al., “You are what you broadcast: Identification of mobile and iot devices from (public) wifi,” in USENIX Security Symposium (USENIX Security), 2020.
  7. M. Patel, J. Shangkuan et al., “What’s new with the internet of things?” https://www.mckinsey.com/industries/semiconductors/our-insights/whats-new-with-the-internet-of-things, 2017.
  8. H. Griffioen and C. Doerr, “Examining mirai’s battle over the internet of things,” in ACM SIGSAC Conference on Computer and Communications Security (CCS), 2020.
  9. M. Miettinen, S. Marchal et al., “Iot SENTINEL: automated device-type identification for security enforcement in iot,” in IEEE International Conference on Distributed Computing Systems (ICDCS), 2017.
  10. N. J. Apthorpe, D. Reisman et al., “Spying on the smart home: Privacy attacks and defenses on encrypted iot traffic,” CoRR, vol. abs/1708.05044, 2017.
  11. N. J. Apthorpe, D. Y. Huang et al., “Keeping the smart home private with smart(er) iot traffic shaping,” Proc. Priv. Enhancing Technol., no. 3, pp. 128–148, 2019.
  12. A. Acar, H. Fereidooni et al., “Peek-a-boo: i see your smart home activities, even encrypted!” in ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2020.
  13. K. Cho, K. Mitsuya et al., “Traffic data repository at the WIDE project,” in USENIX Annual Technical Conference (USENIX ATC), 2000.
  14. R. Trimananda, J. Varmarken et al., “Packet-level signatures for smart home devices,” in Annual Network and Distributed System Security Symposium (NDSS), 2020.
  15. P. Bosshart, D. Daly et al., “P4: programming protocol-independent packet processors,” Comput. Commun. Rev., vol. 44, no. 3, pp. 87–95, 2014.
  16. J. Franklin and D. McCoy, “Passive data link layer 802.11 wireless device driver fingerprinting,” in USENIX Security Symposium (USENIX Security), 2006.
  17. S. V. Radhakrishnan, A. S. Uluagac et al., “GTID: A technique for physical device and device type fingerprinting,” IEEE Trans. Dependable Secur. Comput., vol. 12, no. 5, pp. 519–532, 2015.
  18. T. J. OConnor, R. Mohamed et al., “Homesnitch: behavior transparency and control for smart home iot devices,” in Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2019.
  19. A. Singh, S. Murali et al., “HANZO: collaborative network defense for connected things,” in Principles, Systems and Applications of IP Telecommunications (IPTComm), 2018.
  20. N. J. Apthorpe, D. Reisman et al., “A smart home is no castle: Privacy vulnerabilities of encrypted iot traffic,” CoRR, vol. abs/1705.06805, 2017.
  21. S. J. Saidi, A. M. Mandalari et al., “A haystack full of needles: Scalable detection of iot devices in the wild,” in ACM Internet Measurement Conference (IMC), 2020.
  22. R. Perdisci, T. Papastergiou et al., “Iotfinder: Efficient large-scale identification of iot devices via passive DNS traffic analysis,” in IEEE European Symposium on Security and Privacy (EuroS&P), 2020.
  23. S. Huang, F. Cuadrado et al., “Middleboxes in the internet: A HTTP perspective,” in Network Traffic Measurement and Analysis Conference (TMA), 2017.
  24. “NGFW,” https://www.paloaltonetworks.com/network-security/next-generation-firewall/pa-5400-series, Palo Alto Networks, 2022.
  25. S. Dong, Z. Li et al., “Your smart home can’t keep a secret: Towards automated fingerprinting of iot traffic,” in ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2020.
  26. Y. Meidan, V. Sachidananda et al., “A novel approach for detecting vulnerable iot devices connected behind a home NAT,” Comput. & Secur., vol. 97, p. 101968, 2020.
  27. C. Duan, H. Gao et al., “Byteiot: A practical iot device identification system based on packet length distribution,” IEEE Trans. Netw. Serv. Manag., vol. 19, no. 2, pp. 1717–1728, 2022.
  28. V. Thangavelu, D. M. Divakaran et al., “DEFT: A distributed iot fingerprinting technique,” IEEE Internet Things J., vol. 6, no. 1, pp. 940–952, 2019.
  29. “Oui,” https://en.wikipedia.org/wiki/Organizationally_unique_identifier, Wikipedia, 2022.
  30. “Fingerbank,” https://www.fingerbank.org, Inverse Inc., 2022.
  31. S. J. Saidi, A. M. Mandalari et al., “Detecting consumer iot devices through the lens of an isp,” in Proceedings of the Applied Networking Research Workshop, 2021.
  32. R. A. Sharma, E. Soltanaghaei et al., “Lumos: Identifying and localizing diverse hidden IoT devices in an unfamiliar environment,” in USENIX Security Symposium (USENIX Security), 2022.
  33. A. M. Hussain, G. Oligeri et al., “The dark (and bright) side of iot: Attacks and countermeasures for identifying smart home devices and services,” in Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS), 2020.
  34. R. Miao, H. Zeng et al., “Silkroad: Making stateful layer-4 load balancing fast and cheap using switching asics,” in ACM SIGCOMM Conference (SIGCOMM), 2017.
  35. S. Sengupta, H. Kim et al., “Continuous in-network round-trip time monitoring,” in ACM SIGCOMM Conference (SIGCOMM), 2022.
  36. R. Datta, S. Choi et al., “P4guard: Designing P4 based firewall,” in IEEE Military Communications Conference (MILCOM), 2018.
  37. “Intel tofino 2,” https://www.intel.com/content/www/us/en/products/network-io/programmable-ethernet-switch/tofino-2-series.html, Intel Corporation, 2022.
  38. Z. Xiong and N. Zilberman, “Do switches dream of machine learning?: Toward in-network classification,” in ACM Workshop on Hot Topics in Networks (HotNets), 2019.
  39. B. M. Xavier, R. S. Guimaraes et al., “Programmable switches for in-networking classification,” in IEEE Conference on Computer Communications (INFOCOM), 2021.
  40. G. Xie, Q. Li et al., “Mousika: Enable general in-network intelligence in programmable switches by knowledge distillation,” in IEEE Conference on Computer Communications (INFOCOM), 2022.
  41. C. Busse-Grawitz, R. Meier et al., “pforest: In-network inference with random forests,” CoRR, vol. abs/1909.05680, 2019.
  42. Y. Gorishniy, I. Rubachev et al., “Revisiting deep learning models for tabular data,” CoRR, vol. abs/2106.11959, 2021.
  43. “Xiaomi iot,” https://iot.mi.com/, Xiaomi Inc., 2022.
  44. “Smartthings,” https://www.smartthings.com/, SmartThings Inc., 2022.
  45. “Trace statistics for caida,” https://www.caida.org/catalog/datasets/trace_stats/, CAIDA, 2019.
  46. J. Ren, D. J. Dubois et al., “Information exposure from consumer iot devices: A multidimensional, network-informed measurement approach,” in ACM Internet Measurement Conference (IMC), 2019.
  47. A. Sivanathan, H. H. Gharakheili et al., “Classifying iot devices in smart environments using network traffic characteristics,” IEEE Transactions on Mobile Computing, vol. 18, no. 8, pp. 1745–1759, 2019.
  48. S. Axelsson, “The base-rate fallacy and the difficulty of intrusion detection,” ACM Trans. Inf. Syst. Secur., vol. 3, no. 3, pp. 186–205, 2000.
  49. O. Alrawi, C. Lever et al., “Sok: Security evaluation of home-based iot deployments,” in IEEE Symposium on Security and Privacy (S&P), 2019.
  50. “Aws iot greengrass,” https://aws.amazon.com/greengrass/, Amazon Inc., 2022.
  51. Y. Mirsky, T. Doitshman et al., “Kitsune: An ensemble of autoencoders for online network intrusion detection,” in Annual Network and Distributed System Security Symposium (NDSS), 2018.
  52. S. Torabi, E. Bou-Harb et al., “Inferring, characterizing, and investigating internet-scale malicious iot device activities: A network telescope perspective,” in Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2018.
  53. M. Liberatore and B. N. Levine, “Inferring the source of encrypted HTTP connections,” in ACM Conference on Computer and Communications Security (CCS), 2006.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now