research-article

Public Access

IP-Based IoT Device Detection

Authors:

Hang Guo,

John HeidemannAuthors Info & Claims

IoT S&P '18: Proceedings of the 2018 Workshop on IoT Security and Privacy

Pages 36 - 42

https://doi.org/10.1145/3229565.3229572

Published: 07 August 2018 Publication History

PDF eReader

Abstract

Recent IoT-based DDoS attacks have exposed how vulnerable the Internet can be to millions of insufficiently secured IoT devices. To understand the risks of these attacks requires learning about these IoT devices---where are they, how many are there, how are they changing? In this paper, we propose a new method to find IoT devices in Internet to begin to assess this threat. Our approach requires observations of flow-level network traffic and knowledge of servers run by the manufacturers of the IoT devices. We have developed our approach with 10 device models by 7 vendors and controlled experiments. We apply our algorithm to observations from 6 days of Internet traffic at a college campus and partial traffic from an IXP to detect IoT devices.

References

[1]

Anna-Senpai. Mirai Malware Source Code. https://github.com/jgamblin/Mirai-Source-Code.

Google Scholar

[2]

Dyn. Dyn analysis summary of Friday October 21 attack. http://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/.

Google Scholar

[3]

Gartner. The Internet of Things units installed base from 2014 to 2020. https://www.statista.com/statistics/370350/internet-of-things-installed-base-by-category/.

Google Scholar

[4]

Guo, H., and Heidemann, J. IoT traces from 10 device we purchased. https://ant.isi.edu/datasets/iot/.

Google Scholar

[5]

Krebs, B. KrebsOnSecurity hit with record DDoS. https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/.

Google Scholar

[6]

Kurkowski, J. Python domain extraction library tldextract. https://pypi.python.org/pypi/tldextract.

Google Scholar

[7]

Loshin, P. Details emerging on Dyn DNS DDoS attack, Mirai IoT botnet. blog http://searchsecurity.techtarget.com/news/450401962/Details-emerging-on-Dyn-DNS-DDoS-attack-Mirai-IoT-botnet, Oct. 2016.

Google Scholar

[8]

Mozilla. Public suffix list from Mozilla foundation. https://www.publicsuffix.org/.

Google Scholar

[9]

OVH. OVH news - the DDoS that didn't break the camel's VAC. https://www.ovh.com/us/news/articles/a2367.the-ddos-that-didnt-break-the-camels-vac.

Google Scholar

[10]

SCIP. Belkin Wemo switch communications analysis. https://www.scip.ch/en/?labs.20160218.

Google Scholar

[11]

Security, F. Passive DNS historical Internet database: Farsight DNSDB. https://www.farsightsecurity.com/solutions/dnsdb/.

Google Scholar

[12]

Siby, S., Maiti, R. R., and Tippenhauer, N. O. IoTscanner: Detecting privacy threats in IoT neighborhoods. In Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security (New York, NY, USA, 2017), IoTPTS '17, ACM, pp. 23--30.

Digital Library

Google Scholar

[13]

Sivanathan, A., Sherratt, D., Gharakheili, H. H., Radford, A., Wijenayake, C., Vishwanath, A., and Sivaraman, V. Characterizing and classifying IoT traffic in smart cities and campuses. In Proceedings of the IEEE Infocom Workshop on Smart Cities and Urban Computing (May 2017), pp. 559--564.

Crossref

Google Scholar

[14]

USC/LANDER. FRGP (www.frgp.net) Continuous Flow Dataset, traces taken 2015--05--10 to 2015--05--19. provided by the USC/LANDER project (http://www.isi.edu/ant/lander).

Google Scholar

Cited By

View all

TAKASAKI CKORIKAWA THATTORI KOHWADA H(2024)Device Type Classification Based on Two-Stage Traffic Behavior AnalysisIEICE Transactions on Communications10.1587/transcom.2023WWP0004E107.B:1(117-125)Online publication date: 1-Jan-2024
https://doi.org/10.1587/transcom.2023WWP0004
Pashamokhtari ABatista GGharakheili H(2023)Efficient IoT Traffic Inference: From Multi-view Classification to Progressive MonitoringACM Transactions on Internet of Things10.1145/36253065:1(1-30)Online publication date: 16-Dec-2023
https://dl.acm.org/doi/10.1145/3625306
Garg NShahid IAvllazagaj EHill JHan JRoy N(2023)ThermWareProceedings of the 24th International Workshop on Mobile Computing Systems and Applications10.1145/3572864.3580339(81-88)Online publication date: 22-Feb-2023
https://dl.acm.org/doi/10.1145/3572864.3580339
Show More Cited By

Recommendations

Network Traffic Analysis based IoT Device Identification
BDIOT '20: Proceedings of the 2020 4th International Conference on Big Data and Internet of Things

Device identification is the process of identifying a device on Internet without using its assigned network or other credentials. The sharp rise of usage in Internet of Things (IoT) devices has imposed new challenges in device identification due to a ...
Blockchain-based Intrusion Detection System of IoT urban data with device authentication against DDoS attacks
Highlights
- To model the arbiter PUF that secures the keys pairs using lightweight technology.
- Authenticate the IoT devices using blockchain system.
- Propose a collaborative anomaly detection system against DDOS Attacks on IoT devices with ...
Abstract
The Internet of Things (IoT) is a technology enabler for enhancing the urban physical infrastructure and providing public services. However, public access to collected heterogeneous IoT urban data is more vulnerable to hackers invading ...
Graphical abstract

Display Omitted
Secure mobile device structure for trust IoT

In the IoT environment, all devices are connected to each other, and mobile device is considered as key device. But hacking into mobile devices is increasing rapidly with the increase in mobile device users. As the market share of Android OS increases, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

IoT S&P '18: Proceedings of the 2018 Workshop on IoT Security and Privacy

August 2018

61 pages

ISBN:9781450359054

DOI:10.1145/3229565

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 August 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Conference

SIGCOMM '18

Sponsor:

SIGCOMM

SIGCOMM '18: ACM SIGCOMM 2018 Conference

August 20, 2018

Budapest, Hungary

Acceptance Rates

Overall Acceptance Rate 12 of 30 submissions, 40%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

49
Total Citations
View Citations
2,258
Total Downloads

Downloads (Last 12 months)277
Downloads (Last 6 weeks)24

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

TAKASAKI CKORIKAWA THATTORI KOHWADA H(2024)Device Type Classification Based on Two-Stage Traffic Behavior AnalysisIEICE Transactions on Communications10.1587/transcom.2023WWP0004E107.B:1(117-125)Online publication date: 1-Jan-2024
https://doi.org/10.1587/transcom.2023WWP0004
Pashamokhtari ABatista GGharakheili H(2023)Efficient IoT Traffic Inference: From Multi-view Classification to Progressive MonitoringACM Transactions on Internet of Things10.1145/36253065:1(1-30)Online publication date: 16-Dec-2023
https://dl.acm.org/doi/10.1145/3625306
Garg NShahid IAvllazagaj EHill JHan JRoy N(2023)ThermWareProceedings of the 24th International Workshop on Mobile Computing Systems and Applications10.1145/3572864.3580339(81-88)Online publication date: 22-Feb-2023
https://dl.acm.org/doi/10.1145/3572864.3580339
Adler ABass LElovici YPuzis R(2023)How Polynomial Regression Improves DeNATingIEEE Transactions on Network and Service Management10.1109/TNSM.2023.326639020:4(5000-5011)Online publication date: Dec-2023
https://doi.org/10.1109/TNSM.2023.3266390
Pashamokhtari AOkui NNakahara MKubota ABatista GHabibi Gharakheili H(2023)Dynamic Inference From IoT Traffic Flows Under Concept Drifts in Residential ISP NetworksIEEE Internet of Things Journal10.1109/JIOT.2023.326501210:17(15761-15773)Online publication date: 1-Sep-2023
https://doi.org/10.1109/JIOT.2023.3265012
Meidan YAvraham DLibhaber HShabtai A(2023)CADeSH: Collaborative Anomaly Detection for Smart HomesIEEE Internet of Things Journal10.1109/JIOT.2022.319481310:10(8514-8532)Online publication date: 15-May-2023
https://doi.org/10.1109/JIOT.2022.3194813
Takasaki CKorikawa THattori KOhwada H(2023)Traffic Behavior-based Device Type Classification2023 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC57223.2023.10074041(353-357)Online publication date: 20-Feb-2023
https://doi.org/10.1109/ICNC57223.2023.10074041
Wang WWang N(2023)A load balancing scheme of concurrent Internet of Things terminal equipment based on p-probability delay2023 4th International Conference on Computer Engineering and Intelligent Control (ICCEIC)10.1109/ICCEIC60201.2023.10426695(240-243)Online publication date: 20-Oct-2023
https://doi.org/10.1109/ICCEIC60201.2023.10426695
Cazares MAndrade R(2023)Research Methods Applied to Software Security2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE)10.1109/CSCE60160.2023.00426(2668-2677)Online publication date: 24-Jul-2023
https://doi.org/10.1109/CSCE60160.2023.00426
Amin AKiwanuka FAbdelmajid NAlKaabi SKhalid Abdulqader Rashed Ahli S(2022)Composite Identity of Things (CIDoT) on Permissioned Blockchain Network for Identity Management of IoT DevicesResearch Anthology on Convergence of Blockchain, Internet of Things, and Security10.4018/978-1-6684-7132-6.ch023(382-401)Online publication date: 8-Jul-2022
https://doi.org/10.4018/978-1-6684-7132-6.ch023
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Network Traffic Analysis based IoT Device Identification

Blockchain-based Intrusion Detection System of IoT urban data with device authentication against DDoS attacks

Secure mobile device structure for trust IoT