IP-Based IoT Device Detection
Hang Guo and John Heidemann
Citation
Hang Guo and John Heidemann. IP-Based IoT Device Detection. Proceedings of the ACM SIGCOMM Workshop on IoT Security and Privacy (Budapest, Hungary, Aug. 2018), 36–42. [DOI] [PDF] [alt PDF] [Dataset]
Abstract
Recent IoT-based DDoS attacks have exposed how vulnerable the Internet can be to millions of insufficiently secured IoT devices. To understand the risks of these attacks requires learning about these IoT devices—where are they, how many are there, how are they changing? In this paper, we propose a new method to find IoT devices in Internet to begin to assess this threat. Our approach requires observations of flow-level network traffic and knowledge of servers run by the manufacturers of the IoT devices. We have developed our approach with 10 device models by 7 vendors and controlled experiments. We apply our algorithm to observations from 6 days of Internet traffic at a college campus and partial traffic from an IXP to detect IoT devices.Bibtex Citation
@inproceedings{Guo18b,
author = {Guo, Hang and Heidemann, John},
title = {IP-Based IoT Device Detection},
booktitle = {Proceedings of the {ACM} SIGCOMM Workshop on {IoT} Security and Privacy },
year = {2018},
sortdate = {2018-08-20},
project = {ant, retrofuturebridge, lacanic},
jsubject = {topology_modeling},
month = aug,
pages = {36--42},
address = {Budapest, Hungary},
publisher = {ACM},
jlocation = {johnh: pafile},
keywords = {iot, detection, scanning},
doi = {https://doi.org/10.1145/3229565.3229572},
url = {https://ant.isi.edu/%7ejohnh/PAPERS/Guo18b.html},
pdfurl = {https://ant.isi.edu/%7ejohnh/PAPERS/Guo18b.pdf},
dataseturl = {https://ant.isi.edu/datasets/iot/},
blogurl = {https://ant.isi.edu/blog/?p=1197}
}