A finite automata-based framework for IoT embedded device identification via traffic analysis
摘要
The massive proliferation of Internet of Things (IoT) devices presents severe security and management challenges. A foundational step to securing these networks is the proper identification of every connected device, a task complicated by ubiquitous encryption which renders traditional Deep Packet Inspection (DPI) ineffective. While classical machine learning offers an alternative, its reliance on manual feature engineering limits scalability. To overcome these limitations, this paper proposes a novel framework for embedded IoT device detection using finite automata-based traffic modeling. Our approach constructs a high-fidelity behavioral baseline for each device type based on encryption-resistant features (packet length and direction). The framework operates by modeling short, repetitive flows as “flow trees” and complex, long-duration flows as “graph structures,” which are then unified into a set of Deterministic Finite Automata (DFA). These DFAs represent the complete, “known-good” communication patterns for a device. Our framework was thoroughly tested on a physical testbed of 25 real-world IoT devices, demonstrating near-perfect detection accuracy and an extremely low false-positive rate, significantly outperforming existing baselines. The key advantage of our approach is its interpretability; unlike “black-box” models, our automata-based signatures are transparent, and can be refined over time by administrators via a human-in-the-loop process, making it a practical and sustainable solution for large-scale IoT device identification.