Identical IoT device identification via hardware performance fingerprinting and Machine Learning

Abstract

In the evolving landscape of cybersecurity, the identification and protection of Internet of Things (IoT) devices have become paramount, particularly in the context of the ever-expanding network of interconnected devices. This is where the field of device behavior fingerprinting emerges as a critical area of study, aiming to bolster the security and reliability of such devices. The focus on single-board computers and systems with limited resources is particularly pertinent, given their widespread use in various high-stakes environments like Smart Cities, Industry 4.0, and the Internet of Battlefield Things (IoBT). Addressing the pressing cybersecurity threats that these scenarios present, the research delves into the current state of device behavior fingerprinting solutions, exploring methodologies for unique IoT device identification and the effective integration of these techniques with behavior-based cybersecurity solutions. Central to this investigation are several key research questions, which probe into the efficacy of Machine Learning (ML) and Deep Learning (DL) techniques in device identification, the resilience of these systems against adversarial attacks, and the potential of advanced ML/DL techniques like transformers for individual device identification. The methodology employed in this research is comprehensive, beginning with a detailed review of the existing landscape in device behavior fingerprinting. This foundational work helps in pinpointing the gaps in current research and setting the stage for further explorations. A pivotal part of the methodology is the collection of extensive hardware behavior data from various Raspberry Pi models, forming the basis for the development of accurate identification algorithms. This process is augmented by the creation of LwHBench, a benchmarking tool designed specifically for low-level hardware component benchmarking in single-board computers (SBCs). LwHBench focuses on measuring the performance of essential components like CPU, GPU, Memory, and Storage, thereby generating an expansive dataset for AI applications in device management scenarios. The research extends into integrating device identification with behavior-based cybersecurity solutions, particularly in the IoBT context. This involves the development of a comprehensive framework that incorporates hardware-based identification with higher-level behavior monitoring for detecting malware and SSDF attacks. Additionally, the thesis explores strategies to mitigate adversarial attacks, focusing on context-aware and ML/DL-centric threats to enhance the resilience of hardware behavior-based identification models. The results of this research are multi-dimensional and impactful across various aspects of cybersecurity. The state-of-the-art analysis uncovers a diverse range of data sources, techniques, and application scenarios for device fingerprinting, underlining the need for more standardized and comprehensive datasets. The developed methodology for identifying IoT devices based on hardware behavior is highly effective, highlighting the criticality of selecting appropriate hardware attributes and utilizing advanced ML/DL techniques. The LwHBench tool sets a new benchmark for data quality in the field, essential for effective ML/DL applications in device identification. In terms of cybersecurity, the SpecForce framework successfully integrates hardware-based identification with broader cybersecurity strategies, showing promising results in IoBT scenarios. The research also demonstrates improvements in identification results using time series approaches combined with DL models and presents effective strategies for protecting IoT devices from adversarial threats. Moreover, the development of an authentication framework using transformer-based autoencoder models showcases its effectiveness in authenticating devices, significantly enhancing authentication security in crowdsensing applications. In conclusion, the research highlights that device behavior fingerprinting is an essential tool in enhancing cybersecurity, especially for IoT and single-board devices. The detailed analysis and methodologies developed provide a comprehensive understanding and robust application of device behavior fingerprinting in cybersecurity. This research not only addresses several identified gaps and challenges but also contributes novel insights and practical solutions to the field. The integration of advanced ML/DL techniques with hardware behavior data for device identification and authentication represents a significant advancement, offering more reliable and secure methods for managing the rapidly growing number of interconnected devices. The resilience of these methods against adversarial attacks further enhances their applicability in real-world scenarios, ensuring the security and reliability of IoT ecosystems. The contributions of this research extend beyond academic insights, offering practical frameworks and tools for industry application, particularly in high-stakes environments like the IoBT, and setting a new precedent for future studies and practical implementations in device behavior fingerprinting