Distributive continuous profiling for IoT devices
University of New Brunswick
The proliferation of heterogeneous IoT devices connected to the internet creates security and operational challenges for the network administrators and industries to detect, identify and monitor millions of interconnected IoT devices. Network administrators and industries need to understand what sort of IoT devices are joined or trying to connect to their network, which devices are functional, which devices need security updates, and which devices are vulnerable to specific attacks. Furthermore, limited storage and computing power, small cryptographic keys for a cryptographic operation, and common vulnerabilities in specific devices create a point of intrusion to the hackers. The industries need to identify and monitor the connected devices' specific behavior and isolate the suspected and vulnerable devices within the network for further monitoring. In this thesis, we propose a distributive continuous profiling model for identifying the local node of IoT devices, mapping them to their common vulnerability, and continuously updating the profile. We also provide a comprehensive review of various IoT device profiling methods and provide a clear taxonomy for IoT profiling techniques based on different security perspectives. We investigated and analyzed numerous current IoT device vulnerabilities, multiple features and provided detailed information useful for implementing the risk assessment/mitigation of the organizational network. We used a hybrid set of features and extracted 58 features from the network traffic generated by IoT devices. We introduced 23 new features for the profiling approach to identify IoT devices with improved accuracy and shorter training time than existing methods. We experimented with 18 machine learning classifiers on three publicly available datasets, including 81 IoT and six non-IoT devices. In the proposed method, random forest and the decision tree classifier outperform the other classifiers; both have an average accuracy, precision, recall, and f1-score of above 90% with a short training time. Decision Tree requires less time to train the model, which helps continuously update the devices' profile.