Efficient IoT Device Identification via Network Behavior Analysis Based on Time Series Dictionary

Due to hardware limitations, Internet of Things (IoT) devices without integrated security become easy targets for network attacks. IoT device identification is significant for network security management. Despite many efforts, previous studies either require excessive features raising concerns about efficiency and privacy, or underutilize the data resources to fulfill the potential of simple features. Moreover, the severe data imbalance problem is unaddressed. In this article, we present IoTProfile, an efficient IoT device identification framework via time series dictionary. It only considers simple packet-level attributes and maps them into different time windows. On this basis, it further follows a shuffle&split organization scheme to structure the imbalanced data as multichannel time series. By performing random convolutional kernel transformations in two ways and aggregations, IoTProfile captures discriminative patterns and forms the frequency count of recurring patterns to profile the network behaviors of IoT devices over a period of time. The experimental results show that IoTProfile is superior to the other state-of-the-art methods in terms of both identification effectiveness and time overhead, achieving 99.81% and 97.65% Macro-F1 scores on the University of New South Wales and University of New Brunswick data sets in under 4 min.