A Comprehensive Study of Supervised Machine Learning Assisted Approaches for IoT Device Identification

Device identification is a fundamental issue in the Internet of Things. A few studies in modern literature indicate that machine learning approaches could be used for device identification. However, the hypothesis that device behavior could be characterized by machine learning techniques for device identification has not been thoroughly investigated. Therefore, we conduct a comprehensive study to examine this hypothesis. We create both a trusted and untrusted environment for experimental testing scenarios. That contains four testing cases, including intra-network, network perimeter, cryptojacking, and DOS. Six supervised machine learning classifiers are selected and evaluated. Among the six classifiers, the AdaBoost classifier with 200 features achieves testing accuracies of 88.23% and is chosen for the testing cases. Our evaluation results show that the AdaBoost classifier is promising for a trusted environment. However, the accuracies of the AdaBoost classifier drop dramatically to less than 20% in both cryptojacking and DOS cases. While the results do not support the hypothesis, the challenges faced by machine learning-assisted approaches in device identification could be complemented by other safeguards such as whitelists and intrusion detection and prevention systems. This paper further discusses future work, including using features from physical layers to examine the hypothesis.