Device Detection and Classification
in Home-Area Networks
There is technology all around us in today's world to the point where people really have a hard time functioning without it. As time has moved forward, so has technology. We are no longer restricted to computers that take up entire rooms. Now we have the problem of we have so many different devices that you don't even realize some of them are computers.
One of the main technology advancements that increases this concern are Internet of Things (IoT) devices. These devices are made to be small and easy to use because they were made to be used by a much larger audience than the traditional desktops and laptops. Many people don't even realize how wide spread these devices are in our society today. They are used for everything from allowing wall TVs to have a computer right behind them to sensing traffic patterns to being the guidance systems for missiles. People don't realize how much they use these devices or how much trust they are putting in these devices.
We are approaching the problem of identifying unknown devices on network using IP traffic by processing it witht he k-Nearest Neighbor (kNN) machine learning algorithm. To accomplish this task, we created a suite of Python scripts that will automatically identify all the devices on a network and then use kNN to provide each device with a label of the type of device. For example, a security camera would be labeled as a camera. If the Device Detector cannot determine the type of a device it will label it as unknown.
To break down the goal into the smaller tasks, we created the below set of tasks to accomplish:
Classify a device when some of the packets for that device have already been classified
Classify a device when a device of the same type has already been classified
Classify a device with no devices of the same type have been classified
In plain English, task 1 will approach labeling devices that you already knew were your network. Task two is approaching labeling devices that you did not know were on your network but are of the same type. For example, if an attacker put a security camera from company X on your premises that you were not aware of while you have your own security camera from company Y in another part of the house. Finally, task 3 is approaching identifying unknown IoT devices on your network. As IoT devices get even smaller, attackers are starting to make their own IoT devices rather than using commercial products. These devices are harder to spot because they do not match the patterns of commercial devices, but the overall goal of this project is to find them and report that they are on the network.
We are working on this project with a research team at the Johns Hopkins University Applied Physics Laboratory. The team at Johns Hopkins created a similar program that classifies devices with a neural network and then attempts to generate profiles for them. When we first started working with them, they challenged us with creating a program that can classify devices more accurately than their program. Additionally, the program that their team created could not classify devices when no devices of the same type had already been classified. So that task was an added challenge that they had not previously accomplished.
Joy Hauser is a Master's student at Kansas State University in Computer Science. She is doing research in malware detection specifically focusing on malware for mobile devices. However, she has done research in other topics that involve cyber security and artificial intelligence. Also she is a CyberCorps: Scholarship for Service recipient and has been very involved with student organizations including the Cyber Defense Club.