AI Enabled IoT Network Traffic Fingerprinting With Locality Sensitive Hashing
Loading...
Authors
Thom, Jay
Issue Date
2024
Type
Dissertation
Language
Keywords
Botnets , Cybersecurity , Fingerprinting , IoT
Alternative Title
Abstract
The ubiquity of IoT devices in both public and private networks has increased dramatically in the last few years with billions of network-connected devices appearing in every sector. In many cases these devices provide low-power and low-cost solutions to multiple problems, but this convenience comes with a price. Low- powered devices often lack the computational capacity to support encryption or other means of protection. In addition, devices are often optimized for easy connection out-of-the-box, potentially leaving them vulnerable due to unchanged default configurations. It has been shown that device IP and MAC addresses can be easily spoofed, making accounting for IoT devices within a network problematic. These vulnerabilities have led to devices being compromised by malware such as the Mirai botnet, allowing for their unintentional use as access points to protected networks, as well as participants in large scale distributed denial of service (DDoS) attacks. With their increasing popularity leading to rapid growth, the development of new methods for identification and monitoring is critical. Much work has been done in recent times to address the problem of identification by fingerprinting network traffic using various techniques, allowing network administrators to track device membership and detect anomalous behavior. While a high degree of accuracy has been achieved, effective feature extraction and acceptable computational overhead continue to be an issue. In addition, machine learning models often require frequent modification and retraining to remain effective. We apply a combination of locality sensitive hashing and machine learning techniques to identify specific devices based on their network traffic, eliminating the need for complex feature engineering and model retraining. This approach achieves an accuracy identifying known devices as high as 98% using only a single packet sniffed from the network allowing for real-time device identification, providing a significant improvement over previous approaches. We aim to leverage this method to assist in the real-time identification of IoT devices based on their network traffic fingerprint. This will allow for the tracking of specific devices, detection of normal vs. anomalous behavior, and monitoring to alert administrative personnel when new or unauthorized devices appear on the network, providing improved security and network device accounting.