Automatic IoT Device Classification using Traffic Behavioral Characteristics

To protect the increasing presence of Internet of Things (IoT) devices in enterprise networks, it is necessary to detect and categorize new and existing IoT devices without relying on unencrypted data. We propose using machine learning to generalize network behavioral characteristics using data derived from the IP packet header. We capture traffic from 20 different IoT devices representing 4 distinct categories alongside a fifth category to recognize patterns from traditional computing devices. The traffic behavior of each category is then generalized and deployed to identify unknown devices that have never before entered the network. We then employ our techniques in a simulated production network and against the University of South Wales (UNSW) dataset. The results indicate that some IoT categories are easier to generalize than others, but better techniques in data generation and processing are needed in order to increase the classification confidence.