Iot Network Behavioral Fingerprint Inference With Limited Network Traces For Cyber Investigation

Abstract

The development and adoption of Internet of Things (IoT) devices will grow significantly in the coming years to enable Industry 4.0. Many forms of IoT devices will be developed and used across industry verticals. However, the euphoria of this technology adoption is shadowed by the solemn presence of cyber threats that will follow its growth trajectory. Cyber threats would either embed their malicious code or attack vulnerabilities in IoT that could induce significant consequences in cyber and physical realms. In order to manage such destructive effects, incident responders and cyber investigators require the capabilities to find these rogue IoT, contain them quickly and protect other legitimate IoTs from attacks. Such online devices may only leave network activity traces. A collection of relevant traces could be used to infer the IoT’s network behavioral fingerprints and in turn could facilitate investigative find of these IoT. However, the challenge is how to infer these fingerprints when there are limited network activity traces. This research proposes a novel model construct that learns to infer the network behavioral fingerprint of specific IoT based on limited network activity traces using a One-Class Time Series Meta-learner called DeepNetPrint. Our research demonstrated our model to perform comparative well to supervised machine learning model trained with lots of network activity traces to identify IoT devices.