Consumer Internet of Things (IoT) devices are increasingly common in everyday homes, from smart speakers to security cameras. Along with their benefits come potential privacy and security threats. To limit these threats we must implement solutions to filter IoT traffic at the edge. To this end the identification of the IoT device is the first natural step. In this paper we demonstrate a novel method of rapid IoT device identification that uses neural networks trained on device DNS traffic that can be captured from a DNS server on the local network. The method identifies devices by fitting a model to the first seconds of DNS second-level-domain traffic following their first connection. Since security and privacy threat detection often operate at a device specific level, rapid identification allows these strategies to be implemented immediately. Through a total of 51,000 rigorous automated experiments, we classify 30 consumer IoT devices from 27 different manufacturers with 82% and 93% accuracy for product type and device manufacturers respectively.
翻译:日常家中,从智能扬声器到安全摄像头的消费者互联网(IoT)装置越来越常见,从智能扬声器到安全摄像头。除了这些装置的好处外,还会带来潜在的隐私和安全威胁。为了限制这些威胁,我们必须在边缘执行过滤IoT交通的解决方案。为此,确定IoT装置是第一个自然步骤。在本文中,我们展示了一种新型的快速IoT装置识别方法,即使用通过当地网络的DNS服务器获取的DNS装置传输经过培训的神经网络。该方法通过将一个模型安装到DNS二层通信的最初几秒钟来识别装置。由于安全和隐私威胁探测通常在设备特定水平上运作,因此能够立即实施这些战略。通过总共51,000个严格的自动实验,我们从27个不同制造商分类了30台消费IoT装置,产品类型和装置的精确度分别为82%和93%。