Professional Documents
Culture Documents
Problems
Bruhadeshwar Bezawada
Mahindra Ecole Centrale, Hyderabad
Bru@mechyd.ac.in
Outline
Internet-of-Things
Phishing Detection
Behavioral Fingerprinting
of IoT Devices
Bruhadeshwar Bezawada, Maalvika Bachani, Jordan Peterson, Hossein Shirazi,
Indrakshi Ray and Indrajit Ray
Device Type:
A-19 A-21
Light Bulb |Monochrome |TCP Light | A-21
Multitude of protocols:
Communication standards: 802.15.4 based Zigbee,
ISA100.11a, WirelessHART, MiWi, SNAP, Bluetooth,
WiFi, Ethernet, LPWAN, LoRaWAN, RFID, 3GPP
Data protocols: REST, HTTP/2, SOAP, MQTT, MQTT-
SN, CoAP, SMCP, STOMP, XMPP, XMPP-IoT, Mihini,
AMQP, DDS, LLAP, LWM2M…
Network protocols: 6LowPAN, 6TiSCH, RPL,
IPv4/v6…
Discovery protocols: Physical Web, mDNS, DNS-
SD…
Our Work
Payload Dependent –(Dynamic) Payload length, Payload Entropy and TCP window size
Identifying Other Packet
Features
Behavioral Model
A device behavior is a set of distinct command-
response sequences
A command-response sequence is a “session”
Device behavior is a collection of sessions
Any given session data corresponds to a
“fingerprint” of the device
Behavioral Fingerprinting
Approach - Issues
Internet
Switching Network
Domain name
Domain name
Frequency
Mismatch
Title Match
Mismatch
Copyright Match
Time Analysis
Conclusion(s)
The first approach towards the design of
only domain name based features for
detection of phishing websites using
machine learning
Elimination of the possible bias in
classification due to differently chosen
datasets of phishing and legitimate pages
Difficult to bypass for attacker as our
features explore the content found in the
visible space of the web page
Demonstrated the shortcoming of using
features such as URL length
Low feature extraction and classification
time suitable for real-world deployment
Summary