IoT device identification method based on transformer and clustering

Abstract

With the rapid proliferation of Internet of Things (IoT) technologies, mitigating unauthorized device intrusions and impersonation attacks has become a critical security challenge. Device identification plays a crucial role in detecting anomalous behaviors, thereby enhancing security during device operation. However, existing identification methods predominantly rely on manually crafted feature engineering, which necessitates extensive domain knowledge and involves a time-consuming feature selection process. This not only increases computational overhead but also risks omitting essential information, thereby limiting identification performance. To address these challenges, this paper proposes a sample construction method that converts network traffic into multibyte token sequences, utilizes the Transformer architecture to model both the temporal and contextual relationships of raw traffic packets. This approach eliminates the need for complex feature engineering and enables efficient sample generation from just one minute of network traffic, facilitating accurate and efficient IoT device identification. To tackle the open-set identification problem and enhance security management during device access, this study extends the end-to-end identification framework by integrating metric learning with HDBSCAN clustering to generate distinctive device fingerprints. This method not only effectively classifies known devices but also reliably detects previously unseen devices. Experimental results on two public datasets, UNSW and Yourthings, demonstrate that the proposed method achieves superior performance, attaining accuracy rates of 99.89 % and 99.68 %, respectively. Furthermore, it outperforms existing approaches in terms of recognition accuracy, generalization capability, and scalability.