Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Obfuscating IoT Device Scanning Activity via Adversarial Example Generation

Haocong Li, Yaxin Zhang, Long Cheng, Wenjia Niu, Haining Wang, Qiang Li

TL;DR

IoT banners reveal device profiles that threaten user privacy through widespread fingerprinting. BanAdvCrafts adversarial IoT banners using two perturbation spaces—an IoT semantic space and a visual similarity space—to mislead both learning-based and matching-based scanners in a black-box setting, while preserving banner usability. The work advances offline perturbation-space construction, region-aware online evasion, and comprehensive evaluation showing substantial spoofing success (e.g., up to ~80% SR) and insights into scanner weaknesses. This approach provides a lightweight, deployable privacy-preserving defense that disrupts unsolicited device profiling without blocking traffic or impairing normal device operation.

Abstract

Nowadays, attackers target Internet of Things (IoT) devices for security exploitation, and search engines for devices and services compromise user privacy, including IP addresses, open ports, device types, vendors, and products.Typically, application banners are used to recognize IoT device profiles during network measurement and reconnaissance. In this paper, we propose a novel approach to obfuscating IoT device banners (BANADV) based on adversarial examples. The key idea is to explore the susceptibility of fingerprinting techniques to a slight perturbation of an IoT device banner. By modifying device banners, BANADV disrupts the collection of IoT device profiles. To validate the efficacy of BANADV, we conduct a set of experiments. Our evaluation results show that adversarial examples can spoof state-of-the-art fingerprinting techniques, including learning- and matching-based approaches. We further provide a detailed analysis of the weakness of learning-based/matching-based fingerprints to carefully crafted samples. Overall, the innovations of BANADV lie in three aspects: (1) it utilizes an IoT-related semantic space and a visual similarity space to locate available manipulating perturbations of IoT banners; (2) it achieves at least 80\% success rate for spoofing IoT scanning techniques; and (3) it is the first to utilize adversarial examples of IoT banners in network measurement and reconnaissance.

Obfuscating IoT Device Scanning Activity via Adversarial Example Generation

TL;DR

IoT banners reveal device profiles that threaten user privacy through widespread fingerprinting. BanAdvCrafts adversarial IoT banners using two perturbation spaces—an IoT semantic space and a visual similarity space—to mislead both learning-based and matching-based scanners in a black-box setting, while preserving banner usability. The work advances offline perturbation-space construction, region-aware online evasion, and comprehensive evaluation showing substantial spoofing success (e.g., up to ~80% SR) and insights into scanner weaknesses. This approach provides a lightweight, deployable privacy-preserving defense that disrupts unsolicited device profiling without blocking traffic or impairing normal device operation.

Abstract

Nowadays, attackers target Internet of Things (IoT) devices for security exploitation, and search engines for devices and services compromise user privacy, including IP addresses, open ports, device types, vendors, and products.Typically, application banners are used to recognize IoT device profiles during network measurement and reconnaissance. In this paper, we propose a novel approach to obfuscating IoT device banners (BANADV) based on adversarial examples. The key idea is to explore the susceptibility of fingerprinting techniques to a slight perturbation of an IoT device banner. By modifying device banners, BANADV disrupts the collection of IoT device profiles. To validate the efficacy of BANADV, we conduct a set of experiments. Our evaluation results show that adversarial examples can spoof state-of-the-art fingerprinting techniques, including learning- and matching-based approaches. We further provide a detailed analysis of the weakness of learning-based/matching-based fingerprints to carefully crafted samples. Overall, the innovations of BANADV lie in three aspects: (1) it utilizes an IoT-related semantic space and a visual similarity space to locate available manipulating perturbations of IoT banners; (2) it achieves at least 80\% success rate for spoofing IoT scanning techniques; and (3) it is the first to utilize adversarial examples of IoT banners in network measurement and reconnaissance.
Paper Structure (21 sections, 7 equations, 12 figures, 14 tables, 3 algorithms)

This paper contains 21 sections, 7 equations, 12 figures, 14 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Background of IoT Device Scanning
  3. BanAdv: Design
  4. Finding Important Position
  5. Evasion against Learning-based Scanner
  6. Evasion against Matching-based Scanner
  7. Perturbation Space Generation
  8. IoT Semantic Space
  9. Visual Similarity Space
  10. Evaluation
  11. Implementation
  12. Experimental Settings
  13. Performance against Learning-based Scanner
  14. Performance against Matching-based Scanner
  15. Analysis of IoT Scanner's Weakness
  16. ...and 6 more sections

Figures (12)

  • Figure 1: Network measurement and reconnaissance: attacker’s and search engine's scanning activities.
  • Figure 2: Adversarial examples of IoT device banners in the IoT device scanning activity.
  • Figure 3: The architecture of Our BanAdv
  • Figure 4: Visual consistency based on Unicode for adversarial IoT banners.
  • Figure 5: A learning-based IoT scanner.
  • ...and 7 more figures