IoTFinder: Efficient Large-Scale Identification of IoT Devices via Passive DNS Traffic Analysis

Perdisci, Roberto; Papastergiou, Thomas; Alrawi, Omar; Antonakakis, Manos

doi:10.1109/eurosp48549.2020.00037

Cited by 63 publications

(40 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most of these techniques are based on domain names that are contacted by devices since these can be easily obtained from captures, as they are not encrypted in DNS queries. Authors in [19] propose a model to fingerprint IoT devices behind a NAT (Network address translation) and identify them in an accurate and explainable way. Their idea is to profile each device with a list of domains associated with their query frequency.…”

Section: Related Workmentioning

confidence: 99%

NURSE: eNd-UseR IoT malware detection tool for Smart homEs

d'Estalenx

Gañán

2021

Proceedings of the 11th International Conference on the Internet of Things

View full text Add to dashboard Cite

IoT devices keep entering our homes with the promise of delivering more services and enhancing user experience; however, these new devices also carry along an alarming number of vulnerabilities and security issues. In most cases, the users of these devices are completely unaware of the security risks that connecting these devices entail. Current tools do not provide users with essential security information such as whether a device is infected with malware. Traditional techniques to detect malware infections were not meant to be used by the end-user and current malware removal tools and security software cannot handle the heterogeneity of IoT devices. In this paper, we design, develop, and evaluate a tool, called NURSE, to fill this information gap, i.e., enabling end-users to detect IoT-malware infections in their home networks. NURSE follows a modular approach to analyze IoT traffic as captured by means of an ARP spoofing technique which does not require any network modification or specific hardware. Thus, NURSE provides zeroconfiguration IoT traffic analysis within everybody's reach. After testing NURSE in 83 different IoT network scenarios with a wide variety of IoT device types, results show that NURSE identifies malware-infected IoT devices with high-accuracy (86.7%) using device network behaviour and contacted destinations. CCS CONCEPTS• Security and privacy → Intrusion/anomaly detection and malware mitigation; Usability in security and privacy.

show abstract

Section: Related Workmentioning

confidence: 99%

NURSE: eNd-UseR IoT malware detection tool for Smart homEs

d'Estalenx

Gañán

2021

Proceedings of the 11th International Conference on the Internet of Things

View full text Add to dashboard Cite

show abstract

“…Proposed solutions, either rely on DNS data [6] that raise privacy concerns, or on in-situ scans by anti-virus software that are not scalable [7]. In this paper we describe a methodology for detecting the presence of IoT devices at subscriber lines at scale, using sparsely sampled flow captures (i.e., Net-Flow [8]).…”

Section: Our Approachmentioning

confidence: 99%

Detecting consumer IoT devices through the lens of an ISP

Saidi

Mandalari

Haddadi

et al. 2021

Proceedings of the Applied Networking Research Workshop

View full text Add to dashboard Cite

Internet of Things (IoT) devices are becoming increasingly popular and offer a wide range of services and functionality to their users. However, there are significant privacy and security risks associated with these devices. IoT devices can infringe users' privacy by ex-filtrating their private information to third parties, often without their knowledge.In this work we investigate the possibility to identify IoT devices and their location in an Internet Service Provider's network. By analyzing data from a large Internet Service Provider (ISP), we show that it is possible to recognize specific IoT devices, their vendors, and sometimes even their specific model, and to infer their location in the network. This is possible even with sparsely sampled flow data that are often the only datasets readily available at an ISP. We evaluate our proposed methodology [1] to infer IoT devices at subscriber lines of a large ISP. Given ground truth information on IoT devices location and models, we were able to detect more than 77% of the studied IoT devices from sampled flow data in the wild.

show abstract

“…The approach from Perdisci et al [20] however, resembles our method of feature extraction as it uses the query URLs of a device's DNS requests. This approach uses the whole URL rather than the SLD and uses a naive document retrieval algorithm to match URLS to devices.…”

Section: Related Workmentioning

confidence: 99%

Rapid IoT device identification at the edge

Thompson

Mandalari

Haddadi

2021

Proceedings of the 2nd ACM International Workshop on Distributed Machine Learning

View full text Add to dashboard Cite

Consumer Internet of Things (IoT) devices are increasingly common in everyday homes, from smart speakers to security cameras. Along with their benefits come potential privacy and security threats. To limit these threats we must implement solutions to filter IoT traffic at the edge. To this end the identification of the IoT device is the first natural step.In this paper we demonstrate a novel method of rapid IoT device identification that uses neural networks trained on device DNS traffic that can be captured from a DNS server on the local network. The method identifies devices by fitting a model to the first seconds of DNS second-level-domain traffic following their first connection. Since security and privacy threat detection often operate at a device specific level, rapid identification allows these strategies to be implemented immediately. Through a total of 51,000 rigorous automated experiments, we classify 30 consumer IoT devices from 27 different manufacturers with 82% and 93% accuracy for product type and device manufacturers respectively.

show abstract

IoTFinder: Efficient Large-Scale Identification of IoT Devices via Passive DNS Traffic Analysis

Cited by 63 publications

References 23 publications

NURSE: eNd-UseR IoT malware detection tool for Smart homEs

NURSE: eNd-UseR IoT malware detection tool for Smart homEs

Detecting consumer IoT devices through the lens of an ISP

Rapid IoT device identification at the edge

Contact Info

Product

Resources

About