IDFE：面向物联网设备识别的指纹深度提取方法

doi:10.3778/j.issn.1002-8331.2306-0161

摘要/Abstract

摘要： 传统物联网设备指纹提取方法通常将流量中的隐私数据用于生成设备指纹并且采用手工设计特征的方式，在形成安全隐患的同时限制了模型的性能。针对上述问题，提出一种基于设备行为的物联网设备指纹深度提取方法（IoT device deep fingerprint extraction，IDFE）。IDFE将网络流量pcap文件划分为多个会话（sessions），并提取非隐私信息构建会话信息矩阵，设计了会话信息矩阵不同信息序列之间的依赖关系和会话数据包之间的时序依赖关系建模方法和融合方法，利用设计的全卷积Transformer提取融合后的会话特征矩阵中设备行为特征并生成设备指纹。在UNSW和YourThings两个公开数据集上进行了广泛的实验，验证了该方法的有效性。

关键词: 物联网设备, 安全隐患, 行为特征, 信息融合, 设备指纹

Abstract: Traditional IoT device fingerprint extraction methods usually use the private data in traffic to generate device fingerprints and adopt the method of manually designing features. It also limits the performance of the model while creating security risks. Aiming at the above problems, the IoT device deep fingerprint extraction (IDFE) method based on network traffic is proposed. IDFE first divides the network traffic pcap file into multiple sessions, and extracts the non-private information to build the session information matrix. Then it designs the modeling method and fusion method of the dependency between the different information sequences of the session information matrix and the temporal dependency between the session data packets. Finally, the designed full convolution transformer is used to extract the device behavior features in the fused session feature matrix and generate the device fingerprint.

Key words: IoT devices, security risks, behavior features, information fusion, device fingerprint

唐跃中, 卢士达, 钱李烽, 位雪银, 顾荣斌, 黄君, 李静. IDFE：面向物联网设备识别的指纹深度提取方法[J]. 计算机工程与应用, 2024, 60(17): 117-128.

TANG Yuezhong, LU Shida, QIAN Lifeng, WEI Xueyin, GU Rongbin, HUANG Jun, LI Jing. IDFE：Fingerprint Deep Extraction Method for IoT Device Identification[J]. Computer Engineering and Applications, 2024, 60(17): 117-128.

参考文献

[1] KOUICEM D, BOUABDALLAH A, LAKHLEF H. Internet of things security: a top-down survey[J]. Computer Networks, 2018, 141(1): 199-221.
[2] XIE N, LEUNG H. Internet of things (IoT) in Canadian smart cities: an overview[J]. IEEE Instrumentation & Measurement Magazine, 2021, 24(3): 68-77.
[3] KOLIAS C, KAMBOURAKIS G, STAVROU A, et al. DDos in the IoT: mirai and other botnets[J]. Computer, 2017, 50(7): 80-84.
[4] MIETTINEN M, MARCHAL S, HAFEEZ I, et al. IoT sentinel demo: automated device-type identification for security enforcement in IoT[C]//Proceedings of the IEEE International Conference on Distributed Computing Systems, 2017: 2511-2514.
[5] BEZAWADA B, BACHANI M. Behavioral fingerprinting of IoT devices[C]//Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, 2018: 41-50.
[6] HAMAD S, ZHANG W E, SHENG Q Z, et al. IoT device identification via network-flow based fingerprinting and learning[C]//Proceedings of the 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2019: 103-111.
[7] AHMED D, DAS A, ZAFFAR F. Analyzing the feasibility and generalizability of fingerprinting Internet of things devices[J]. Proceedings on Privacy Enhancing Technologies, 2022, 2022: 578-600.
[8] KOSTAS K, JUST M, LONES M. IoTDevID: a behaviour-based fingerprinting method for device identification in the IoT[J]. IEEE Internet of Things Journal, 2022, 9(23): 23741-23749.
[9] MAZHAR M, SHAFIQ Z. Characterizing smart home IoT traffic in the wild[C]//Proceedings of the 2020 IEEE/ACM 5th International Conference on Internet-of-Things Design and Implementation, 2020: 203-215.
[10] ANEJA S, ANEJA N, ISLAM M. IoT device fingerprint using deep learning[C]//Proceedings of the 2018 IEEE International Conference on Internet of Things and Intelligence System, 2018: 174-179.
[11] NOGUCHI H, DEMIZU T, HOSHIKAWA N, et al. Autonomous device identification architecture for internet of things[C]//Proceedings of the 2018 IEEE 4th World Forum on Internet of Things, 2018: 407-411.
[12] GUO H, HEIDEMANN J. Detecting IoT devices in the internet[J]. IEEE/ACM Transactions on Networking, 2020, 28(5): 2323-2336.
[13] MARCHAL S, MIETTINEN M, NGUYEN T, et al. AuDI: toward autonomous IoT device-type identification using periodic communication[J]. IEEE Journal on Selected Areas in Communications, 2019, 37(6): 1402-1412.
[14] SIVANATHAN A, GHARAKHEILI H, LOI F, et al. Classifying IoT devices in smart environments using network traffic characteristics[J]. IEEE Transactions on Mobile Computing, 2018, 18(8): 1745-1759.
[15] FAN L, HE L, WU Y, et al. AutoIoT: automatically updated IoT device identification with semi-supervised learning[J]. IEEE Transactions on Mobile Computing, 2022, 22(1): 1-20.
[16] FRANKLIN J, MCCOY D, TABRIZ P et al. Passive data link layer 802.11 wireless device driver fingerprinting[C]//Proceedings of the 15th Conference on USENIX Security Symposium, 2006: 16-89.
[17] CHARYYEV B, GUNES M. IoT traffic flow identification using locality sensitive hashes[C]//Proceedings of the 2020 IEEE International Conference on Communications, 2020: 1-6.
[18] AKSOY A, GUNES M. Automated IoT device identification using network traffic[C]//Proceedings of the 2019 IEEE International Conference on Communications, 2019: 1-7.
[19] YIN F, YANG L, WANG Y, et al. IoT ETEI: end-to-end IoT device identification method[C]//Proceedings of the 2021 IEEE Conference on Dependable and Secure Computing, 2021: 1-8.
[20] WANG W, ZHU M, ZENG X, et al. Malware traffic classification using convolutional neural network for representation learning[C]//Proceedings of the 2017 International Conference on Information Networking, 2017: 712-717.
[21] VELI?KOVI? P, CUCURULL G, CASANOVA A, et al. Graph attention networks[J]. arXiv:1710.10903, 2017.
[22] BAI S, KOLTER J Z, KOLTUN V. An empirical evaluation of generic convolutional and recurrent networks for sequence modeling[J]. arXiv:1803.01271, 2018.
[23] VASWANI A, SHAZEER N, PARMAR N, et al. Attention is all you need[C]//Proceedings of the Neural Information Processing Systems, 2017: 6000-6010.
[24] PERDISCI R, PAPASTERGIOU T, ALRAWI O, et al. IoTFinder: efficient large-scale identification of IoT devices via passive DNS traffic analysis[C]//Proceedings of the 2020 IEEE European Symposium on Security and Privacy, 2020: 474-489.
[25] ALRAWI O, LEVER C, ANTONAKAKIS M, et al. SoK: security evaluation of home-based IoT deployments[C]//Proceedings of the 40th IEEE Symposium on Security and Privacy, 2019: 1362-1380.
[26] BIKMUKHAMEDOV R F, NADEEV A F. Multi-class network traffic generators and classifiers based on neural networks[C]//Proceedings of the 2021 Systems of Signals Generating and Processing in the Field of on Board Communications, 2021: 1-7.
[27] YIN F, YANG L, MA J, et al. Identifying IoT devices based on spatial and temporal features from network traffic[J]. Security and Communication Networks, 2021, 2021: 1-16.
[28] CHOWDHURY R R, CHE I A, ABAS P E. Internet of things device classification using transport and network layers communication traffic traces[J]. International Journal of Computing and Digital Systems, 2022, 12(1): 545-555.
[29] LIU X, HAN Y, DU Y. IoT device identification using directional packet length sequences and 1D-CNN[J]. Sensors, 2022, 22(21): 8337.
[30] CHOWDHURY R R, IDRIS A C, ABAS P E. A deep learning approach for classifying network connected IoT devices using communication traffic characteristics[J]. Journal of Network and Systems Management, 2023, 31: 1-21.
[31] FAN L, ZHANG S, WU Y, et al. An IoT device identification method based on semi-supervised learning[C]//Proceedings of the 2020 16th International Conference on Network and Service Management, 2020: 1-7.
[32] KOTAK J, ELOVICI Y. IoT device identification using deep learning[C]//Proceedings of the Computational Intelligence in Security for Information Systems Conference, 2019: 76-86.
[33] VANDER M L, HINTON G. Visualizing data using t-SNE[J]. Journal of Machine Learning Research, 2008, 9(11): 2579-2605.