Poster: Understanding and Managing Changes in IoT Device Behaviors for Reliable Network Traffic Inference
Authors: 
Shayan Azizi, Norihiro Okui, Masataka Nakahara, Ayumu Kubota, Gustavo Batista, Hassan Habibi GharakheiliAuthors Info & Claims
Shayan Azizi, Norihiro Okui, Masataka Nakahara, Ayumu Kubota, Gustavo Batista, Hassan Habibi GharakheiliAuthors Info & ClaimsAbstract
Data-driven inference from network traffic is increasingly becoming a practical, cost-effective, and scalable method for various use cases, among them managing the cyber health of Internet-of-Things (IoT) networks. However, inference models trained on IoT device traffic patterns from constrained environments for limited periods may not accurately predict outcomes when new contexts are introduced or variations emerge in device behaviors. In our research, we begin by quantifying the changes in network behavior patterns across various IoT device types. This will help to explain whether, when, and how changes in the learned patterns can degrade predictions. Our preliminary experiments show that the effect of these changes on the performance highly depends on the way the model establishes its decision boundaries. We aim to develop techniques that facilitate the adaptation of trained models, enabling them to effectively address the evolution of behaviors in both temporal and spatial domains. Provided by a major Internet Service Provider (ISP) we have access to a dataset comprising nearly 400M IPFIX records from about 400 IoT devices, and collected from an IoT lab testbed, as well as 25 real smart homes from Feb'19 to Dec'23.
References
[1]
What is YAF? https://tools.netsa.cert.org/yaf/. Accessed: 2024-05.
[2]
Gregory Ditzler and Robi Polikar. Hellinger Distance Based Drift Detection for Nonstationary Environments. In Proc. IEEE CIDUE, Paris, France, Apr 2011.
[3]
João Gama, Indré Žliobaité, Albert Bifet, Mykola Pechenizkiy, and Abdelhamid Bouchachia. A Survey on Concept Drift Adaptation. ACM CSUR, 46(4), 2014.
[4]
Igor Goldenberg and Geoffrey I. Webb. Survey of Distance Measures for Quantifying Concept Drift and Shift in Numeric Data. KIS, 60:591 -- 615, 2018.
[5]
Jorge Luis Guerra, Carlos Catania, and Eduardo Veas. Datasets Are Not Enough: Challenges in Labeling Network Traffic. Elsevier COSE, 120(C), 2022.
[6]
Ayyoob Hamza, Hassan Habibi Gharakheili, Theophilus A. Benson, and Vijay Sivaraman. Detecting Volumetric Attacks on loT Devices via SDN-Based Monitoring of MUD Activity. In Proc. ACM SOSR, San Jose, CA, USA, Apr 2019.
[7]
Christopher M. Inacio and Brian Trammell. YAF: Yet Another Flowmeter. In Proc. USENIX LISA, San Jose, CA, USA, Nov 2010.
[8]
Roman Kolcun, Diana Andreea Popescu, Vadim Safronov, Poonam Yadav, Anna Maria Mandalari, Richard Mortier, and Hamed Haddadi. Revisiting IoT Device Identification. In Proc. TMA, (virtual event), 2021.
[9]
Shinan Liu, Francesco Bronzino, Paul Schmitt, Arjun Nitin Bhagoji, Nick Feamster, Hector Garcia Crespo, Timothy Coyle, and Brian Ward. LEAF: Navigating Concept Drift in Cellular Networks. Proc. ACM Networking, 1(CoNEXT2), 2023.
[10]
Jie Lu, Anjin Liu, Fan Dong, Feng Gu, João Gama, and Guangquan Zhang. Learning under Concept Drift: A Review. IEEE TKDE, 31(12):2346--2363, 2019.
[11]
Navid Malekghaini, Elham Akbari, Mohammad A. Salahuddin, Noura Limam, Raouf Boutaba, Bertrand Mathieu, Stephanie Moteau, and Stéphane Tuffin. Deep Learning for Encrypted Traffic Classification in the Face of Data Drift: An Empirical Study. Elsevier Computer Networks, 225:109648, 2023.
[12]
Samuel Marchal, Markus Miettinen, Thien Duc Nguyen, Ahmad-Reza Sadeghi, and N. Asokan. AuDI: Toward Autonomous IoT Device-Type Identification Using Periodic Communication. IEEE JSAC, 37(6):1402--1412, 2019.
[13]
Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N. Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT. In IEEE Proc. ICDCS, Atlanta, GA, USA, Jun 2017.
[14]
Thien Duc Nguyen, Samuel Marchal, Markus Miettinen, Hossein Fereidooni, N. Asokan, and Ahmad-Reza Sadeghi. DÏoT: A Federated Self-learning Anomaly Detection System for IoT. In IEEE Proc. ICDCS, Dallas, TX, USA, Jul 2019.
[15]
Arman Pashamokhtari, Norihiro Okui, Yutaka Miyake, Masataka Nakahara, and Hassan Habibi Gharakheili. Inferring Connected IoT Devices from IPFIX Records in Residential ISP Networks. In Proc. IEEE LCN, Edmonton, AB, Canada (virtual event), Oct 2021.
[16]
Arman Pashamokhtari, Norihiro Okui, Yutaka Miyake, Masataka Nakahara, and Hassan Habibi Gharakheili. Combining Stochastic and Deterministic Modeling of IPFIX Records to Infer Connected IoT Devices in Residential ISP Networks. IEEE IoTJ, 10(6):5128--5145, 2023.
[17]
Arman Pashamokhtari, Norihiro Okui, Masataka Nakahara, Ayumu Kubota, Gustavo Batista, and Hassan Habibi Gharakheili. Dynamic Inference From IoT Traffic Flows Under Concept Drifts in Residential ISP Networks. IEEE IoTJ, 10 (17):15761--15773, 2023.
[18]
David W Scott. Multivariate Density Estimation and Visualization. Handbook of Computational Statistics, 2012.
[19]
Arunan Sivanathan, Hassan Habibi Gharakheili, Franco Loi, Adam Radford, Chamith Wijenayake, Arun Vishwanath, and Vijay Sivaraman. Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics. IEEE TMC, 18(8):1745--1759, 2019.
[20]
Arunan Sivanathan, Hassan Habibi Gharakheili, and Vijay Sivaraman. Detecting Behavioral Change of IoT Devices Using Clustering-Based Network Traffic Modeling. IEEE IoTJ, 7(8):7295--7309, 2020.
[21]
Arunan Sivanathan, Hassan Habibi Gharakheili, and Vijay Sivaraman. Managing IoT Cyber-Security Using Programmable Telemetry and Machine Learning. IEEE TNSM, 17(1):60--74, 2020.
[22]
Vijayanand Thangavelu, Dinil Mon Divakaran, Rishi Sairam, Suman Sankar Bhunia, and Mohan Gurusamy. DEFT: A Distributed IoT Fingerprinting Technique. IEEE IoTJ, 6(1):940--952, 2019.
[23]
Geoffrey I. Webb, Roy Hyde, Hong Cao, Hai-Long Nguyen, and François Petitjean. Characterizing Concept Drift. DMDK, 30:964 -- 994, 2015.
[24]
Li Yang, Dimitrios Michael Manias, and Abdallah Shami. PWPAE: An Ensemble Framework for Concept Drift Adaptation in IoT Data Streams. In Proc. IEEE GLOBECOM, Madrid, Spain, Dec 2021.
[25]
Indré Žliobaité. Change with Delayed Labeling: When is it Detectable? In Proc. IEEE ICDMW, Los Alamitos, CA, USA, Dec 2010.
Index Terms
- Poster: Understanding and Managing Changes in IoT Device Behaviors for Reliable Network Traffic Inference
Recommendations
Network Traffic Analysis based IoT Device Identification
BDIOT '20: Proceedings of the 2020 4th International Conference on Big Data and Internet of ThingsDevice identification is the process of identifying a device on Internet without using its assigned network or other credentials. The sharp rise of usage in Internet of Things (IoT) devices has imposed new challenges in device identification due to a ...
IoTAthena: Unveiling IoT Device Activities From Network Traffic
The recent spate of cyber attacks towards Internet of Things (IoT) devices in smart homes calls for effective techniques to understand, characterize, and unveil IoT device activities. In this paper, we present a new system, named IoTAthena, to unveil IoT ...
The Abnormal Detection for Network Traffic of Power IoT Based on Device Portrait
The construction of power Internet of things is an important development direction for power grid enterprises. Although power Internet of things is a kind of network, it is denser than the ordinary Internet of things points and more complex equipment ...
Comments
Information & Contributors
Information
Published In
August 2024
140 pages
ISBN:9798400707179
DOI:10.1145/3672202
- Co-chairs:
- Aruna Seneviratne,
- Darryl Veitch,
- Program Co-chairs:
- Vyas Sekar,
- Minlan Yu
Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 August 2024
Check for updates
Author Tags
Qualifiers
- Short-paper
Funding Sources
- KDDI Research Inc.
Conference
ACM SIGCOMM Posters and Demos '24
Sponsor:
ACM SIGCOMM Posters and Demos '24: ACM SIGCOMM 2024 Conference: Posters and Demos
August 4 - 8, 2024
NSW, Sydney, Australia
Acceptance Rates
Overall Acceptance Rate 92 of 158 submissions, 58%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 108Total Downloads
- Downloads (Last 12 months)108
- Downloads (Last 6 weeks)10
Reflects downloads up to 13 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in