On the passive fingerprinting attack for IoT device classification

The rapid growth of the Internet of Things (IoT), expected to exceed 29 billion devices by 2027, presents a significant security challenge. Device fingerprinting, which identifies devices through unique network traffic patterns, is a valuable security tool but can be exploited by attackers for undetectable reconnaissance. This paper explores the feasibility of passive traffic fingerprinting attacks from an attacker's perspective, focusing on a small-scale testbed with four devices from an undisclosed single vendor. Using minimal resources and open-source tools, traffic patterns were analyzed, confirming unique device behaviors. A Random Forest (RF) classifier was developed, demonstrating high precision with instances where 100% classification accuracy can be achieved in a specific experimental scenario using just two features: Source Port and Destination Port. Key aspects of the model included feature selection, hyperparameter tuning, and a tree depth optimization of 20. Notably, forward feature selection proved more effective than Principal Component Analysis (PCA). These preliminary results underscore the vulnerabilities of single-vendor IoT ecosystems and highlight the simplicity and replicability of this low-cost attack methodology. The ease with which attackers can implement this approach underscores the urgent need for robust defenses as IoT devices proliferate across various sectors.

Text 121553.pdf - Published Version Restricted to Repository staff only Download (803kB) Official URL or Download Paper: https://ieeexplore.ieee.org/document/10750595

Actions (login required)

View Item