Automated IoT device identification based on full packet information using real-time network traffic

Narges Yousefnezhad, Avleen Malhi, Kary Främling*

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

19 Citations (Scopus)
73 Downloads (Pure)


In an Internet of Things (IoT) environment, a large volume of potentially confidential data might be leaked from sensors installed everywhere. To ensure the authenticity of such sensitive data, it is important to initially verify the source of data and its identity. Practically, IoT device identification is the primary step toward a secure IoT system. An appropriate device identification approach can counteract malicious activities such as sending false data that trigger irreparable security issues in vital or emergency situations. Recent research indicates that primary identity metrics such as Internet Protocol (IP) or Media Access Control (MAC) addresses are insufficient due to their instability or easy accessibility. Thus, to identify an IoT device, analysis of the header information of packets by the sensors is of imperative consideration. This paper proposes a combination of sensor measurement and statistical feature sets in addition to a header feature set using a classification-based device identification framework. Various machine Learning algorithms have been adopted to identify different combinations of these feature sets to provide enhanced security in IoT devices. The proposed method has been evaluated through normal and under-attack circumstances by collecting real-time data from IoT devices connected in a lab setting to show the system robustness.

Original languageEnglish
Article number2660
Number of pages17
Issue number8
Publication statusPublished - 2 Apr 2021
MoE publication typeA1 Journal article-refereed


  • Device identification
  • Device profiling
  • IoT Security
  • Machine learning
  • Real-time traffic


Dive into the research topics of 'Automated IoT device identification based on full packet information using real-time network traffic'. Together they form a unique fingerprint.

Cite this