Fingerprinting IIoT Devices Through Machine Learning Techniques

From a security perspective, identifying Industrial Internet of Things (IIoT) devices connected to a network has multiple applications such as penetration testing, vulnerability assessment, etc. In this work, we propose a feature-based methodology to perform device-type fingerprinting. A device fingerprint consists of the TCP/IP header features and port-based features extracted from the network traffic of the device. These features are collected by a hybrid mechanism which has a negligible impact on device functionality and can avoid the problem of the long TCP connection. Once the fingerprint of a device is generated, it will be fed to the classifiers based on Gradient Boosting to predict its type details. Based on our proposed method, we implement a prototype application called IIoT Device Type Fingerprinting (IDTF) which capable of automatically identifying the types of devices being connected to an IIoT network. We collect a dataset consisting of 19,174 fingerprints from real-world Internet-facing IIoT devices indexed by Shodan to train and evaluate the classifiers using ten-fold cross-validation. And we conduct comparative experiments in an IIoT testbed to compare the effectiveness of IDTF with two famous fingerprinting tools. The experimental result shows that the ability of our approach is confirmed by a high mean F-Measure of 95.76%. It also demonstrates that IDTF achieves the highest identification rate in the testbed and is non-intrusive for IIoT devices. Compared with existing works, our approach is more generic as it does not rely on a specific protocol or deep packet inspection and can distinguish almost all IIoT device-types.