Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Set-Up and Dataset
Data and Analysis
Global Statistics
Statistics by Device
Conclusions and Ongoing Work
References
All Topics
Computer Science

An Analysis of Home IoT Network Traffic and Behaviour

Profile image of Yousef AmarYousef Amar

2018, ArXiv

Abstract

Internet-connected devices are increasingly present in our homes, and privacy breaches, data thefts, and security threats are becoming commonplace. In order to avoid these, we must first understand the behaviour of these devices. In this work, we analyse network traces from a testbed of common IoT devices, and describe general methods for fingerprinting their behavior. We then use the information and insights derived from this data to assess where privacy and security risks manifest themselves, as well as how device behavior affects bandwidth. We demonstrate simple measures that circumvent attempts at securing devices and protecting privacy.

Related papers

A Survey on IoT Profiling, Fingerprinting, and Identification
Hassan Mahdikhani

ACM Transactions on Internet of Things

The proliferation of heterogeneous Internet of things (IoT) devices connected to the Internet produces several operational and security challenges, such as monitoring, detecting, and recognizing millions of interconnected IoT devices. Network and system administrators must correctly identify which devices are functional, need security updates, or are vulnerable to specific attacks. IoT profiling is an emerging technique to identify and validate the connected devices’ specific behaviour and isolate the suspected and vulnerable devices within the network for further monitoring. This paper provides a comprehensive review of various IoT device profiling methods and provides a clear taxonomy for IoT profiling techniques based on different security perspectives. We first investigate several current IoT device profiling techniques and their applications. Next, we analyzed various IoT device vulnerabilities, outlined multiple features, and provided detailed information to implement profilin...

View PDFchevron_right
Position paper: A systematic framework for categorising IoT device fingerprinting mechanisms
Siamak F Shahandashti

Proceedings of the 2nd International Workshop on Challenges in Artificial Intelligence and Machine Learning for Internet of Things, 2020

The popularity of the Internet of Things (IoT) devices makes it increasingly important to be able to fingerprint them, for example in order to detect if there are misbehaving or even malicious IoT devices in one's network. However, there are many challenges faced in the task of fingerprinting IoT devices, mainly due to the huge variety of the devices involved. At the same time, the task can potentially be improved by applying machine learning techniques for better accuracy and efficiency. The aim of this paper is to provide a systematic categorisation of machine learning augmented techniques that can be used for fingerprinting IoT devices. This can serve as a baseline for comparing various IoT fingerprinting mechanisms, so that network administrators can choose one or more mechanisms that are appropriate for monitoring and maintaining their network. We carried out an extensive literature review of existing papers on fingerprinting IoT devices -- paying close attention to those w...

View PDFchevron_right
Detecting consumer IoT devices through the lens of an ISP
Georgios Smaragdakis

Proceedings of the Applied Networking Research Workshop, 2021

Internet of Things (IoT) devices are becoming increasingly popular and offer a wide range of services and functionality to their users. However, there are significant privacy and security risks associated with these devices. IoT devices can infringe users' privacy by ex-filtrating their private information to third parties, often without their knowledge. In this work we investigate the possibility to identify IoT devices and their location in an Internet Service Provider's network. By analyzing data from a large Internet Service Provider (ISP), we show that it is possible to recognize specific IoT devices, their vendors, and sometimes even their specific model, and to infer their location in the network. This is possible even with sparsely sampled flow data that are often the only datasets readily available at an ISP. We evaluate our proposed methodology [1] to infer IoT devices at subscriber lines of a large ISP. Given ground truth information on IoT devices location and models, we were able to detect more than 77% of the studied IoT devices from sampled flow data in the wild.

View PDFchevron_right
Attacking and Protecting Tunneled Traffic of Smart Home Devices
Ahmed Alshehri

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy, 2020

The number of smart home IoT (Internet of Things) devices has been growing fast in recent years. Along with the great benefits brought by smart home devices, new threats have appeared. One major threat to smart home users is the compromise of their privacy by traffic analysis (TA) attacks. Researchers have shown that TA attacks can be performed successfully on either plain or encrypted traffic to identify smart home devices and infer user activities. Tunneling traffic is a very strong countermeasure to existing TA attacks. However, in this work, we design a Signature based Tunneled Traffic Analysis (STTA) attack that can be effective even on tunneled traffic. Using a popular smart home traffic dataset, we demonstrate that our attack can achieve an 83% accuracy on identifying 14 smart home devices. We further design a simple defense mechanism based on adding uniform random noise to effectively protect against our TA attack without introducing too much overhead. We prove that our defense mechanism achieves approximate differential privacy.

View PDFchevron_right
Network-Level Security for the Internet of Things: Opportunities and Challenges
Ayyoob Hamza

Computer, 2019

View PDFchevron_right
Network Security for Home IoT Devices Must Involve the User: A Position Paper
Antonio Mignano

Foundations and Practice of Security

Many home IoT devices suffer from poor security design and confusing interfaces, lowering the bar for successful cyberattacks. A popular approach to identify compromised IoT devices is network-based detection, in which network traffic is analyzed to fingerprint and identify such devices. However, while several network-based techniques for identifying misbehaving devices have been proposed, the role of the user in remediating IoT security incidents has been conspicuously overlooked. In this paper, we argue that successful IoT security must involve the user, even if the user is not a technical expert, and that the form in which security findings are communicated is as important as the technique used to generate such warnings. Finally, we present the design of a research testbed designed to foster further research in IoT security warnings.

View PDFchevron_right
IRJET- IDENTIFICATION AND CLASSIFICATION OF IoT DEVICES IN VARIOUS APPLICATIONS USING TRAFFIC CHARACTERISTICS BY NETWORK LEVEL
IRJET Journal

IRJET, 2020

The Internet of Things (IoT) is being hailed as the next wave revolutionizing our society, and smart homes, enterprises, and cities are increasingly being equipped with a plethora of IoT devices. Yet, operators of such smart environments may not even be fully aware of their IoT assets, let alone whether each IoT device is functioning properly safe from cyber-attacks. First, I instrument a smart environment with 28 different IoT devices spanning cameras, lights, plugs, motion sensors, appliances and health-monitors. I collect and synthesize traffic traces from this infrastructure for a period of 6 months, a subset of which I release as open data for the community to use. Second, I present insights into the underlying network traffic characteristics using statistical attributes such as activity cycles, port numbers, signalling patterns and cipher suites. Third, I develop a multi-stage machine learning based classification algorithm and demonstrate its ability to identify specific IoT devices with over 99% accuracy based on their network activity. Finally, I discuss the trade-offs between cost, speed, and performance involved in deploying the classification framework in real-time. My study paves the way for operators of smart environments to monitor their IoT assets for presence, functionality, and cyber-security without requiring any specialized devices or protocols.

View PDFchevron_right
An Enactment on Privacy Vulnerabilities of Encrypted IOT Traffic
Dr.Padmaja Pulicherla

The growing marketplace for clever home IoTdevices guarantees new conveniences for customers at the same time as imparting new challenges for keeping privateness inside the home. Internet of Things (IoT) devices regularly performs unique features, which can lead them to prone to attackers looking for to research sensitive consumer facts. In precise, user pastime can be inferred simply by using looking for peaks in visitors dispatched via IoT devices. Because this kind of inference is based on the shape of the traffic in preference to the data being sent, encryption does not protect against it. Our aim is to arm the builders of IoT device software with a library that they can use to obfuscate the traffic that their devices ship to save you this sort of attack.

View PDFchevron_right
Revisiting IoT Device Identification
Poonam Yadav

2021

Internet-of-Things (IoT) devices are known to be the source of many security problems, and as such, they would greatly benefit from automated management. This requires robustly identifying devices so that appropriate network security policies can be applied. We address this challenge by exploring how to accurately identify IoT devices based on their network behavior, while leveraging approaches previously proposed by other researchers. We compare the accuracy of four different previously proposed machine learning models (tree-based and neural network-based) for identifying IoT devices. We use packet trace data collected over a period of six months from a large IoT test-bed. We show that, while all models achieve high accuracy when evaluated on the same dataset as they were trained on, their accuracy degrades over time, when evaluated on data collected outside the training set. We show that on average the models' accuracy degrades after a couple of weeks by up to 40 percentage po...

View PDFchevron_right
Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices
Dilawer Ahmed

Proceedings on Privacy Enhancing Technologies, 2022

View PDFchevron_right

References (10)

  1. M. Vanhoef and F. Piessens, "Key reinstallation attacks: Forcing nonce reuse in wpa2," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017, pp. 1313-1328.
  2. K. Paterson, "Industry Concerns about TLS 1.3," https://www.ietf.org/ mail-archive/web/tls/current/msg21278.html, 2016, [Online; accessed 24-February-2018].
  3. M. Nottingham, "Internet protocols are changing," https://blog.apnic.net/ 2017/12/12/internet-protocols-changing/, 2017, [Online; accessed 24- February-2018].
  4. H. Haddadi, A. Chaudhry, J. Crowcroft, H. Howard, D. McAuley, A. Madhavapeddy, and R. Mortier, "Personal data: Thinking inside the box," in Proc. 5th Decennial ACM Aarhus Conference: Critical Alternatives, Aarhus, Denmark, Aug. 17-21 2015.
  5. Y. Amar, "Trace Analysis Scripts," https://github.com/yousefamar/ trace-analysis-scripts, 2018, [Online; accessed 24-February-2018].
  6. T. B. Project, "The Bro Network Security Monitor," https://www.bro. org/, 2014, [Online; accessed 24-February-2018].
  7. A. Brown, R. Mortier, and T. Rodden, "Multinet: reducing interaction overhead in domestic wireless networks," in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2013, pp. 1569-1578.
  8. M. Vanhoef, C. Matte, M. Cunche, L. S. Cardoso, and F. Piessens, "Why mac address randomization is not enough: An analysis of wi-fi network discovery mechanisms," in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. ACM, 2016, pp. 413-424.
  9. A. Conway, "Android getting "DNS over TLS" support to stop ISPs from knowing what websites you visit," https://www.xda-developers. com/android-dns-over-tls-website-privacy/, 2017, [Online; accessed 24- February-2018].
  10. E. Fernandes, J. Jung, and A. Prakash, "Security analysis of emerging smart home applications," in Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 2016, pp. 636-654.

Related papers

Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic
Jiongyi CHEN

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

The IoT (Internet of Things) technology has been widely adopted in recent years and has profoundly changed the people's daily lives. However, in the meantime, such a fast-growing technology has also introduced new privacy issues, which need to be better understood and measured. In this work, we look into how private information can be leaked from network traffic generated in the smart home network. Although researchers have proposed techniques to infer IoT device types or user behaviors under clean experiment setup, the effectiveness of such approaches become questionable in the complex but realistic network environment, where common techniques like Network Address and Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic analysis using traditional methods (e.g., through classical machine-learning models) is much less effective under those settings, as the features picked manually are not distinctive any more. In this work, we propose a traffic analysis framework based on sequence-learning techniques like LSTM and leveraged the temporal relations between packets for the attack of device identification. We evaluated it under different environment settings (e.g., pure-IoT and noisy environment with multiple non-IoT devices). The results showed our framework was able to differentiate device types with a high accuracy. This result suggests IoT network communications pose prominent challenges to users' privacy, even when they are protected by encryption and morphed by the network gateway. As such, new privacy protection methods on IoT traffic need to be developed towards mitigating this new issue.

View PDFchevron_right
Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks
Jiongyi CHEN

arXiv: Cryptography and Security, 2019

The IoT (Internet of Things) technology has been widely adopted in recent years and has profoundly changed the people's daily lives. However, in the meantime, such a fast-growing technology has also introduced new privacy issues, which need to be better understood and measured. In this work, we look into how private information can be leaked from network traffic generated in the smart home network. Although researchers have proposed techniques to infer IoT device types or user behaviors under clean experiment setup, the effectiveness of such approaches become questionable in the complex but realistic network environment, where common techniques like Network Address and Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic analysis using traditional methods (e.g., through classical machine-learning models) is much less effective under those settings, as the features picked manually are not distinctive any more. In this work, we propose a traffic analysis framework based on sequence-learning techniques like LSTM and leveraged the temporal relations between packets for the attack of device identification. We evaluated it under different environment settings (e.g., pure-IoT and noisy environment with multiple non-IoT devices). The results showed our framework was able to differentiate device types with a high accuracy. This result suggests IoT network communications pose prominent challenges to users' privacy, even when they are protected by encryption and morphed by the network gateway. As such, new privacy protection methods on IoT traffic need to be developed towards mitigating this new issue.

View PDFchevron_right
Detection of Anomalous User Activity for Home IoT Devices
Lorenzo De Carli

Home IoT devices suffer from poor security, and are easy to commandeer for unskilled attackers. Since most IoTs cannot run hostbased detection, detecting compromise via analysis of network traffic is in many cases the only viable option. Unfortunately, traditional Deep Packet Inspection techniques are not applicable: many IoT devices encrypt their traffic and common attacks (e.g., credential stuffing) cannot be described via signatures. Anomaly detection on traffic features, while effective to identify egregious misbehavior (e.g., a DDoS) cannot identify privacy violations, where an attacker triggers legitimate functions (e.g., streaming video, unlocking a door), but without consent of the user. In this paper, we propose a novel anomaly detection technique based on the analysis of user activities. Our approach builds a model to identify user-performed activities on the device from packet sequences, and uses unsupervised learning to identify deviations from normal user behavior in activity sequences. Thus, it can flag situations where an attacker misuses an IoT device, even when such attacks do not involve protocol-level exploits and do not result in significant anomalies in traffic-level features. Preliminary results show that our approach can effectively map device traffic to activities, and suggest that such activities can be used to distinguish malicious and benign users.

View PDFchevron_right
IoTDevID: A Behaviour-Based Fingerprinting Method for Device Identification in the IoT
Kahraman Koştaş

arXiv (Cornell University), 2021

Device identification is one way to secure a network of IoT devices, whereby devices identified as suspicious can subsequently be isolated from a network. In this study, we present a machine learning-based method, IoTDevID, that recognizes devices through characteristics of their network packets. As a result of using a rigorous feature analysis and selection process, our study offers a generalizable and realistic approach to modelling device behavior, achieving high predictive accuracy across two public datasets. The model's underlying feature set is shown to be more predictive than existing feature sets used for device identification, and is shown to generalize to data unseen during the feature selection process. Unlike most existing approaches to IoT device identification, IoTDevID is able to detect devices using non-IP and low-energy protocols.

View PDFchevron_right
A Framework to Protect Iot Devices from Enslavement in a Home Environment
Ibrahim Rashed

Signal, Image Processing and Embedded Systems Trends

The Internet of Things (IoT) mainly consists of devices with limited processing capabilities and memory. Therefore, these devices could be easily infected with malicious code and can be used as botnets. In this regard, we propose a framework to detect and prevent botnet activities in an IoT network. We first describe the working mechanism of how an attacker infects an IoT device and then spreads the infection to the entire network. Secondly, we propose a set of mechanisms consisting of detection, identifying the abnormal traffic generated from IoT devices using filtering and screening mechanisms, and publishing the abnormal traffic patterns to the rest of the home routers on the network. Further, the proposed approach is lightweight and requires fewer computing capabilities for installation on home routers. In the future, we will test the proposed system on real hardware, and the results will be presented to identify the abnormal traffic generated by malicious IoT devices.

View PDFchevron_right

Related topics

  • Computer Science
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved