Due to the ever increasing supply of new Internet of Things (IoT) devices being added onto a network, it is vital secure the devices from incoming cyber threats. The manufacturing process of creating and developing a new IoT device allows many new companies to come out with their own device. These devices also increase the network risk because many IoT devices are created without proper security implementation. Utilizing traffic patterns as a method of device type detection will allow behavior identification using only Internet Protocol (IP) header information. The network traffic captured from 20 IoT devices belonging to 4 distinct types (IP camera, on/off switch, motion sensor, and temperature sensor) are generalized and used to identify new devices previously unseen on the network. Our results indicate some categories have patterns that are easier to generalize, while other categories are harder but we are still able recognize some unique characteristics. We also are able to deploy this in a test production network and adapted previous methods to handle streaming traffic and an additional noise categorization capable of identify non-IoT devices. The performance of our model is varied between classes, signifying that much future work has to be done to increase the classification score and overall usefulness. / Master of Science / IoT (Internet of Things) devices are an exploding field, with many devices being created, manufactured, and utilized per year. With the rise of so many internet capable devices, there is a risk that the devices may have vulnerabilities and exploits able to allow unauthorized users to access. While a problem for a consumer network, this is an increased problem in an enterprise network, since much of the information on the network is sensitive and should be kept confidential and private. While a ban of IoT devices on a network is able to solve this problem, with the rise of machine learning able to characterize and recognize patterns, a smarter approach can be created to distinguish when and which types of IoT devices enter the network. Previous attempts to identify IoT devices used signature schemes specific to a single device, but this paper aims to generalize traffic behaviors and identifying a device category rather than a specific IoT device to ensure future new devices can also be recognized. With device category identification in place on an internet network, smarter approaches can be implemented to ensure the devices remain secure while still able to be used.
Identifer | oai:union.ndltd.org:VTETD/oai:vtechworks.lib.vt.edu:10919/88421 |
Date | 12 March 2019 |
Creators | Hsu, Alexander Sirui |
Contributors | Computer Science, Tront, Joseph G., Butt, Ali R., Raymond, David Richard, Wang, Gang Alan |
Publisher | Virginia Tech |
Source Sets | Virginia Tech Theses and Dissertation |
Detected Language | English |
Type | Thesis |
Format | ETD, application/pdf |
Rights | In Copyright, http://rightsstatements.org/vocab/InC/1.0/ |
Page generated in 0.0024 seconds