Device identification is one way to secure a network of IoT devices, whereby devices identified as suspicious can subsequently be isolated from a network. In this study, we present a machine learning-based method, IoTDevID, that recognizes devices through characteristics of their network packets. As a result of using a rigorous feature analysis and selection process, our study offers a generalizable and realistic approach to modelling device behavior, achieving high predictive accuracy across two public datasets. The model's underlying feature set is shown to be more predictive than existing feature sets used for device identification, and is shown to generalize to data unseen during the feature selection process. Unlike most existing approaches to IoT device identification, IoTDevID is able to detect devices using non-IP and low-energy protocols.
翻译:设备识别是保证IoT装置网络安全的一种方法,根据这个方法,被确定为可疑的装置可以随后从网络中分离出来。在本研究中,我们提出了一个基于机器学习的方法,即IoTDevID,该方法通过其网络包的特性承认装置。由于采用了严格的特征分析和选择程序,我们的研究为模拟装置行为提供了一种普遍和现实的方法,在两个公共数据集中实现了高预测性准确性。模型的基本特征集比用于设备识别的现有特征集更具有预测性,并显示它能够概括到特征选择过程中看不见的数据。与大多数现有的IoT装置识别方法不同的是,IoTDevID能够使用非IP和低能量协议探测装置。