Locality Sensitive Hashing for Network Traffic Fingerprinting

The Internet of Things (IoT) introduced new complexities and challenges to computer networks. Due to their simple nature, these devices are more vulnerable to cyber-attacks. Thus it becomes important to identify these devices in a network for network management and detect malicious activities. Network traffic fingerprinting is an essential tool for device identification and anomaly detection, and existing approaches mainly rely on machine learning (ML). However, ML-based approaches require feature selection, hyperparameter tuning, and model retraining to achieve optimum results and be robust to concept drifts observed in a network. To overcome these challenges, in this paper we propose locality-sensitive hashing (LSH) based network traffic fingerprinting. Specifically, we explore design alternatives for the LSH function Nilsimsa and use it to fingerprint network traffic for device identification. We also compared it with ML-based traffic fingerprinting and observed that our method increases the accuracy of state-of-the-art by 12% achieving around 94% accuracy in identifying devices in a network.