| Popis: |
The Internet of Things (IoT) is rapidly transforming our lives and work, enabling a wide range of emerging services and applications. However, as the scale of the IoT expands, its security issues are becoming increasingly prominent. Malicious actors can exploit vulnerabilities in IoT devices to launch attacks. Protecting the IoT begins with device identification. Identified devices can have corresponding protective measures selected based on the information, thereby enhancing network security. In this study, we propose a dual-machine-learning-based IoT device identification algorithm, Dual-IoTID, which identifies devices based on the payload of IoT device sessions. In contrast to existing methods that rely on extracting header fields or network layer features, our approach attempts to obtain identification information from session payloads. Dual-IoTID first extracts frequent items from sessions and uses a first-layer classifier to obtain a confidence matrix for initial classification. Then, the confidence matrix, along with extracted session communication features, is fed into a second-layer classifier for IoT device identification. Our proposed method is applicable to any IoT device, and it is also suitable for networks with NAT enabled. Experimental results demonstrate that Dual-IoTID has higher accuracy than existing methods, achieving 99.48% accuracy in the UNSW dataset and accurately identifying IoT devices even in environments containing non-IoT devices. |
