Keyword Extraction for Fine-Grained IoT Device Identification

Abstract

Internet of Things (IoT) devices are becoming more widespread in networks and are shown to have security considerations as an afterthought. Identifying IoT devices can help users locate security vulnerabilities in their networks. Previous studies have used machine learning and rule-based methods to try and identify unknown devices from passive network traffic. The first issue with these approaches however is that the device must have been seen on a training dataset beforehand; otherwise it cannot be identified. The second issue is that trying to achieve granularity on device identification down to firmware level from passive network traffic has not been researched before, and is a key factor in identifying vulnerable devices. This paper contains a novel technique to solve those two problems. The technique automatically identifies unknown devices from passive network traffic without using a machine learning approach that finds and weights keywords found in each packet per device. These keywords then allow device identification down to a specific firmware version. The approach in this paper achieved 71% accuracy for identifying firmware versions and 74% and 78% for models and makes respectively, across a test dataset of 44 devices.