Toward Home Area Network Hygiene: Device Classification and Intrusion Detection for Encrypted Communications

With the abundance of Internet of Things (IoT) devices on the market, proper home area network (HAN) hygiene is not only desirable for easy management and maintenance but also a requirement at the foundation of any security measures. To ensure HAN hygiene, a method is proposed for automatic device detection and classification. Given the popularity of dynamic IP address allocation, and the increasing popularity of end-to-end encrypted communications, this method relies solely on communication metadata that can be extracted from network traffic. But rather than extracting explicit statistical features of traffic over sliding or hopping windows, this method instead uses entire sequences of packets, where each packet is represented by a tuple describing its length and the duration of the associated subsequent interpacket pause. The proposed classifier is implemented as a recurrent neural network and achieves encouraging accuracy, demonstrating that even the simplest form of communication metadata (and thus the least privacy invasive) is a valuable resource for keeping track of the devices on our networks.