IoT Device Classification Using Link-Level Features for Traditional Machine Learning and Large Language Models

Gabriel Morales; Farhan Romit; Adam Bienek-Parrish; Patrick Jenkins; Rocky Slavin

doi:10.5220/0012365700003648

IoT Device Classification Using Link-Level Features for Traditional Machine Learning and Large Language Models

Gabriel Morales, Farhan Romit, Adam Bienek-Parrish, Patrick Jenkins, Rocky Slavin

2024

Abstract

Technological advancement has made strides due in part to added convenience in our daily lives. This addition of automation and quick access to information has given rise to the Internet-of-Things (IoT), where otherwise normal items such as kitchen appliances, smartphones, and even electrical meters are interconnected and can access the Internet. Since IoT devices can be accessed anywhere and have user-set behaviors, they transmit data frequently over various networking standards which can be obtained by a malicious actor. While network data is often encrypted, the patterns they construct can be used by such an adversary to infer user behavior, device behavior, or the device itself. In this work, we evaluate various traditional machine learning models for device classification using network traffic features generated from link-level flows to overcome both encryption and differences in protocols/standards. We also demonstrate the viability of the GPT 3.5 large language model (LLM) to perform the same task. Our experiments show the viability of flow-based classification across 802.11 Wi-Fi, Zigbee, and Bluetooth Low Energy devices. Furthermore, with a considerably smaller dataset, the LLM was able to identify devices with an overall accuracy of 79% through the use of prompt-tuning, and an overall accuracy of 63.73% for a larger more common dataset using fine-tuning. Compared to traditional models, the LLM closely matches the performance of the lowest-performing models and even achieves higher accuracy than the best-performing models.

Download

Paper Citation

in Harvard Style

Morales G., Romit F., Bienek-Parrish A., Jenkins P. and Slavin R. (2024). IoT Device Classification Using Link-Level Features for Traditional Machine Learning and Large Language Models. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 297-308. DOI: 10.5220/0012365700003648

in Bibtex Style

@conference{icissp24,
author={Gabriel Morales and Farhan Romit and Adam Bienek-Parrish and Patrick Jenkins and Rocky Slavin},
title={IoT Device Classification Using Link-Level Features for Traditional Machine Learning and Large Language Models},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={297-308},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012365700003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - IoT Device Classification Using Link-Level Features for Traditional Machine Learning and Large Language Models
SN - 978-989-758-683-5
AU - Morales G.
AU - Romit F.
AU - Bienek-Parrish A.
AU - Jenkins P.
AU - Slavin R.
PY - 2024
SP - 297
EP - 308
DO - 10.5220/0012365700003648
PB - SciTePress