Transformer-Based Device-Type Identification in Heterogeneous IoT Traffic

Due to the heterogeneity of Internet of Things (IoT) devices and the diversity of IoT communication protocols, it is challenging to model the communication behaviors of IoT devices to facilitate attack defense. Considering the complex correlation between the IoT device types and the patterns of their communication behaviors, one possible solution is to cluster IoT devices into different types based on the characteristics of their communication behaviors and deal with each type, respectively. However, IoT traffic includes a significant proportion of abnormal traffic, such as attack traffic sourcing from compromised devices, which cannot reflect the behavioral characteristics of the source device. In this article, we propose a Transformer-based IoT device-type identification method to address the above challenges. Specifically, our approach consists of three main components. First, we classify the traffic data from IoT devices into normal and abnormal types by a Transformer-based traffic diagnosis model. Next, another Transformer-based model is adopted on the normal traffic to identify the IoT device type. Finally, considering the immutability of IoT device types, a results-ensemble algorithm is designed to improve the accuracy of IoT device-type identification. Experimental results verify the effectiveness of our method, which brings a noticeable improvement in terms of both accuracy and macro $F1$ -score compared to other methods. Moreover, by applying the results-ensemble algorithm in the test phase, we can achieve 100% accuracy under certain conditions.