About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
Digital Forensics and Cyber Crime. 12th EAI International Conference, ICDF2C 2021, Virtual Event, Singapore, December 6-9, 2021, Proceedings

Research Article

Find My IoT Device – An Efficient and Effective Approximate Matching Algorithm to Identify IoT Traffic Flows

Download(Requires a free EAI acccount)
2 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-031-06365-7_5,
        author={Thomas G\o{}bel and Frieder Uhlig and Harald Baier},
        title={Find My IoT Device -- An Efficient and Effective Approximate Matching Algorithm to Identify IoT Traffic Flows},
        proceedings={Digital Forensics and Cyber Crime. 12th EAI International Conference, ICDF2C 2021, Virtual Event, Singapore, December 6-9, 2021, Proceedings},
        proceedings_a={ICDF2C},
        year={2022},
        month={6},
        keywords={Internet of Things (IoT) IoT device Device classification Device identification Network forensics Network traffic fingerprinting Approximate matching Multi Resolution Hashing (MRSH) Cuckoo filter},
        doi={10.1007/978-3-031-06365-7_5}
    }
    
  • Thomas Göbel
    Frieder Uhlig
    Harald Baier
    Year: 2022
    Find My IoT Device – An Efficient and Effective Approximate Matching Algorithm to Identify IoT Traffic Flows
    ICDF2C
    Springer
    DOI: 10.1007/978-3-031-06365-7_5
Thomas Göbel1,*, Frieder Uhlig, Harald Baier1
  • 1: Research Institute CODE
*Contact email: thomas.goebel@unibw.de

Abstract

Internet of Things (IoT) devices has become more and more popular as they are limited in terms of resources, designed to serve only one specific purpose, and hence cheap. However, their profitability comes with the difficulty to patch them. Moreover, the IoT topology is often not well documented, too. Thus IoT devices form a popular attack vector in networks. Due to the widespread missing documentation vulnerable IoT network components must be quickly identified and located during an incident and a network forensic response. In this paper, we present a novel approach to efficiently and effectively identify a specific IoT device by using approximate matching applied to network traffic captures. Our algorithm is calledCu-IoTand is publicly available.Cu-IoTis superior to previous machine-learning approaches because it does not require feature extraction and a learning phase. Furthermore, in the case of 2 out of 3 datasets,Cu-IoToutperforms a hash-based competitor, too. We present an in-depth evaluation ofCu-IoTon different IoT datasets and achieve a classification performance of almost 100% in terms of accuracy, recall, and precision, respectively, for the first dataset (Active Data), and almost 99% accuracy and 84% precision and recall, respectively, for the second dataset (Setup Data), and almost 100% accuracy and 90% precision and recall, respectively, for the third dataset (Idle Data).

Keywords
Internet of Things (IoT) IoT device Device classification Device identification Network forensics Network traffic fingerprinting Approximate matching Multi Resolution Hashing (MRSH) Cuckoo filter
Published
2022-06-04
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-031-06365-7_5
Copyright © 2021–2025 ICST
EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL