Abstract
Telecommunication service providers (telcos) are exposed to cyber-attacks executed by compromised IoT devices connected to their customers’ networks. Such attacks might have severe effects on the attack target, as well as the telcos themselves. To mitigate those risks, we propose a machine learning-based method that can detect specific vulnerable IoT device models connected behind a domestic NAT, thereby identifying home networks that pose a risk to the telcos infrastructure and service availability. To evaluate our method, we collected a large quantity of network traffic data from various commercial IoT devices in our lab and compared several classification algorithms. We found that (a) the LGBM algorithm produces excellent detection results, and (b) our flow-based method is robust and can handle situations for which existing methods used to identify devices behind a NAT are unable to fully address, e.g., encrypted, non-TCP or non-DNS traffic. To promote future research in this domain we share our novel labeled benchmark dataset.
| Original language | American English |
|---|---|
| Article number | 101968 |
| Journal | Computers and Security |
| Volume | 97 |
| DOIs | |
| State | Published - 1 Oct 2020 |
Keywords
- DeNAT
- Device identification
- Internet of things (IoT)
- Machine learning
- Network address translation (NAT)
All Science Journal Classification (ASJC) codes
- General Computer Science
- Law