Fortinet, Inc.
INTERNET OF THINGS (IOT) DEVICE IDENTIFICATION ON CORPORATE NETWORKS VIA ADAPTIVE FEATURE SET TO BALANCE COMPUTATIONAL COMPLEXITY AND MODEL BIAS

Abstract:

Systems and methods for efficient kernel space packet processing and IoT device classification are provided. According to one embodiment, a computer system performs IoT device detection processing. Packet header information is received for multiple packets. Based on the packet header information, multiple Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) flows between a given source device of multiple devices and a given destination device of the multiple devices are identified. For each TCP or UDP flow: a variable-length feature set is created having a size limited by a predetermined or configurable aggregate number of packets sent and received for the TCP or UDP flow; and it is inferred whether the TCP or UDP flow represents an IoT device communication or a non-IoT device communication by applying a machine-learning model to the variable length feature set. The devices are then each classified as either an IoT device or a non-IoT device by aggregating one or more results of the inference processing for each device of the multiple devices with a voting classifier.