Context-Aware Behavioral Fingerprinting of IoT Devices via Network Traffic Analysis

The large scale proliferation of IoT devices has necessitated the requirement of securing these devices from a massive spectrum of cyber security threats. IoT device fingerprinting is a defense strategy that can help to detect unauthorized device subversion and the consequent anomalous activities by identifying device behavior and characteristics. Device fingerprinting can be done by analyzing the network traffic features of the IoT devices present in a network, thereby creating a blueprint of normal device behavior and clearly distinguishing it from any kind of abnormal behavior. Since IoT devices operate under varying dynamic conditions, it is implicit that a single device exhibits different behavioral patterns under different contexts and operating modes. In this paper, we propose a context-aware behavioral fingerprinting of IoT devices that takes into account the circumstances or contexts under which the devices are operating. Each context results in a fingerprint and the complete behavioral fingerprint of an IoT device is the combination of all such fingerprints. We perform packet level feature engineering for finding the best possible set of features for performing device fingerprinting. Our fingerprinting strategy uses supervised learning for classifying the IoT devices. We have created an IoT test bed setup consisting of a gateway and several IoT devices. We have collected network traffic data of these IoT devices and have tested the efficacy of our proposed approach on these real data. Experimental results show that our fingerprinting technique is quite effective and is capable of identifying IoT devices with more than 94% accuracy.