Skip to main content

Advertisement

SpringerLink
Log in

A holistic IoT device classification approach through spatial & temporal behaviors modelling

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Traffic management is becoming increasingly complex due to the increasing diversity of IoT platforms and protocols supported by heterogeneous devices. Recently, device fingerprinting techniques for automatic device recognition leveraging on domain knowledge in TCP/IP and AI techniques are becoming more prevalent. However, existing machine-learning (ML) models have trained HTTP and TCP flows that are not correctly weighted. Besides, these models are trained with algorithms that can extrapolate temporal information; thus, they are not temporal aware. This paper presents a two-level machine learning pipeline (IoT Sense) for IoT device recognition, using (1) SVM and Decision Tree to model the spatial behaviors and (2) RNN to model the device-to-device temporal actions. The ground truth of the work is that the communication behaviors of IoT sensors, actuators, and devices are more deterministic using control plane traffic instead of data plane traffic. IoT devices commonly rely on SSDPIoTivityAllJoyn to discover neighbors and exchange devices' information. These device-to-device hello(s) are more predictable than traffic patterns induced by random usage behaviors. Deep learning (DL) models trained on raw traffic; without adding custom weightage to control packets; can be biased towards user-induced behaviors that eventually over-fit the resulting model. IoT Sense classify based on the connectivity pattern among IoT nodes using control plane traffic that includes discovery, handshake, and session establishment flows. IoT Sense is platform-agnostic since it operates on connection properties (TCPIP/layer 3) instead of protocols (like CoAP, MQTT). The experimental results show that the proposed context-aware model achieved accuracy up to 0.956 precision score with a 0.0957 recall rate in IoT devices classification.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Aquino-Santos, R., Gonzalez-Potes, A., Edwards-Block, A., & Garcia-Ruiz, M. A. (2012). Ubiquitous computing and ambient intelligence for smart homes applications. In Proceedings of world automation congress (WAC), Puerto Vallarta, Mexico.

  2. Ghanem, W. A. H. M., & Belaton, B. (2013). Improving accuracy of applications fingerprinting on local networks using NMAP-AMAP-ETTERCAP as a hybrid framework. In 2013 IEEE international conference on control system, computing and engineering, Penang, Malaysia, November 2013.

  3. Bartlett, G., Heidemann, J., & Papadopoulos (2007). Understanding passive and active service discovery. In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement

  4. Rana, A. (2014). What is AMap and how does it fingerprint applications.

  5. Mitsugi, J., Sato, Y., Ozawa, M., & Suzuki, S. (2014). An integrated device and service discovery with UPnP and ONS to facilitate the composition of smart home applications. In Paper presented at IEEE world forum on internet of things (WF-IoT), Fujisawa, Japan.

  6. Blanc, L. (2021). Developing information systems managment applications with LoriotPro. LUTEUS SARL, Moissy-Cramayel, France. Accessed 31 May 2021.

  7. Mouro, D. K. S. (2001). Essential SNMP, California: O' Reilly.

  8. Kiziloren, T., & Germen, E. (2007). Network traffic classification with self-organized maps. In Computer and information sciences.

  9. Norton, D. (2021). An Ettercap primer. SANS Institute.

  10. Ko, K., Kang, P., & Sim, W. (2007). Design of hybrid network discovery module for detecting client applications and ActiveX controls. In O. Gervasi & M. L. Gavrilova (Eds.), Computational science and its applications—ICCSA, Berlin, Heidelberg.

  11. Shen, J., Li, Y., Li, B., Chen, H., & Li, J. (2017). IoT Eye an efficient system for dynamic IoT devices auto-discovery on organization level. In cyber security and cloud computing (CSCloud). In IEEE 4th International conference on.

  12. Metongnon, L., Ezin, C. E., & Sadre, R. (2017). Efficient probing of heterogeneous IoT networks. In 2017 IFIP/IEEE Symposium on integrated network and service management (IM).

  13. Chen, C.-C., & Wang. S.-D. (2013). An efficient multicharacter transition stringmatching engine based on the Aho–Corasick algorithm. ACM Transactions on Architecture and Code Optimization, 1–22.

  14. Lee, T. (2007). Generalized Aho–Corasick algorithm for signature based anti-virus applications. In 2007 16th International conference on computer communications and networks, Honolulu, HI, USA.

  15. Kim, J. H., Yoon, S. H., & Kim, M. S. (2012). Study on traffic classification taxonomy for multiliteral and hierarchical traffic classification. In Proc. APNOMS, Seoul, Korea.

  16. Liampotis, N., Kalatzis, N., Roussaki, I., Kosmides, P., Papaioannou, I., Sykas, E., Anagnostou, M., & Xynogalas, S. (2012). Addressing the context-awareness requirements in personal smart spaces. In IEEE Asia-pacific services computing conference, Guilin, China.

  17. Donohoo, B., Ohlsen, C., Pasricha, S., Xiang, Y., & Anderson, C. (2014). Context-aware energy enhancements for smart mobile devices. IEEE Transactions on Mobile Computing.

  18. Ramnath, V., Lim, J., & Zhang, D. (2006). A service-oriented framework for context-aware semantic media applications. In 4th IEEE International conference on industrial informatics, Singapore.

  19. Kulkarni, D., & Tripathi, A. (2008). Application-level recovery mechanisms for context-aware pervasive computing. In Proceedings of the 2008 symposium on reliable distributed systems.

  20. Sanchez-Picot, A., Martin, D., De Rivera, D. S., Bordel, B., & Robles, T. (2016). Modeling and simulation of interactions among people and devices in Ambient Intelligence environments. In 10th International conference on advanced information networking and applications workshops (WAINA).

  21. Maly, I., Curin, J., Kleindienst, J., & Slavik, P. (2008). Creation and visualization of user behavior in ambient intelligent environment. In Proc. of 12th international conference on information visualisation, London.

  22. Elbert, D., Storf, H., Eisenbarth, M., Ünalan, Ö., & Schmitt, M. (2011). An approach for detecting deviations in daily routine for long-term behavior analysis. In 5th International conference on pervasive computing technologies for healthcare (pervasivehealth) and workshops, Dublin, Ireland.

  23. Wan, J., Yang, J., Wang, Z., & Hua, Q. (2018). Context-aware computing, learning, and big data in internet of things: A survey. IEEE Internet of Things Journal, 5(1), 1–27.

    Article  Google Scholar 

  24. Stipkovic, S., Bruns, R., & Dunkel, J. (2013). Pervasive computing by mobile complex event processing. In 2013 IEEE 10th International conference on e-Business engineering (ICEBE).

  25. Rodriguez, N. (2011). A framework for context-aware applications for smart spaces. In Proceedings of the 2011 IEEE/IPSJ international symposium on applications and the internet.

  26. Ivanov, P., Nagoev, Z., Pshenokova, I., & Tokmakova, D. (2015). Forming the multi-modal situation context in ambient intelligence systems on the basis of self-organizing cognitive architectures. In 5th Morld congress on information and communication technologies, Morocco.

  27. Moseley, R. (2017). Creating an ambient intelligence network using insight and merged reality technologies. In Computing conference 2017, London.

  28. Sivanathan, A., Gharakheili, H. H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., & Sivaraman, V. (2018). Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing.

  29. Domenico, S. D., Sanctis, M. D., Cianca, E., Silvestri, L., Curcuru, V., & Betti, A. (2018). Classification of heterogenous M2M/IoT traffic based on C-plane and U-plane data. In IEEE 29th Annual international symposium on personal, indoor, and mobile radio communications (PIMRC).

  30. Desai, B. A., Divakaran, D. M., Nevat, I., Peters, G. W., & Gurusamy, M. (2019). A feature-ranking framework for IoT device classification. In 2019 11th International conference on communication systems & networks (COMSNETS), Bengaluru, India.

  31. Ammar, N., Noirie, L., & Tixeuil, S. (2019). Autonomous IoT device identification prototype. In Network traffic measurement and analysis conference (TMA).

  32. Sivanathan, A., Gharakheili, H. H., & Sivaraman, V. (2018). Can we classify an IoT device using TCP port scan? In IEEE.

  33. Hsu, A., Tront, J., Raymond, D., Wang, G., & Butt, A. (2019). Automatic IoT device classification using traffic behavioral characteristics. In South east Con, Huntsville, AL, USA.

  34. Kumar, R., Venkanna, U., & Tiwari, V. (2020). A binary classification approach for time granular traffic in SDWMN based IoT network. In 12th International conference on communication systems & networks (COMSNETS).

  35. Jain, A., Prakash, O., Talukdar, A., Samal, S. P., Nanjundappa, R., & Mahesha, N. (2019). Screen intelligence engine: ML based method for predicting IoT devices using screen contents. In IEEE 16th India council international conference (INDICON), Rajkot, India.

Download references

Acknowledgements

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Author information

Authors and Affiliations

  1. Faculty of Information and Communication Technology, Universiti Tunku Abdul Rahman, Jalan Universiti, Bandar Barat, 31900, Kampar, Negeri Perak, Malaysia

    Yichiet Aun, Yen-Min Khaw & Ming-Lee Gan

Authors
  1. Yichiet Aun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yen-Min Khaw
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ming-Lee Gan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yichiet Aun.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Aun, Y., Khaw, YM. & Gan, ML. A holistic IoT device classification approach through spatial & temporal behaviors modelling. Telecommun Syst 79, 515–528 (2022). https://doi.org/10.1007/s11235-021-00867-x

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-021-00867-x

Keywords

Search

Navigation