Table of Contents
Fetching ...

IoT Device Identification with Machine Learning: Common Pitfalls and Best Practices

Kahraman Kostas, Rabia Yasa Kostas

TL;DR

The paper tackles the challenge of IoT device identification using machine learning by dissecting the pipeline into method selection, data handling, feature extraction, and evaluation to reveal systemic pitfalls. It analyzes scope definitions, labeling integrity, data leakage risks, and the impact of feature choices on overfitting and generalizability. It advocates practical guidelines, such as aligning identification granularity with suitable features, avoiding proxy labels, enforcing clean train-test splits before augmentation, sanitizing inputs, and preferring modular One-vs-Rest architectures with diverse algorithm benchmarking. The result is a set of actionable recommendations to improve reproducibility, scalability, and robustness of IoT security models in real-world heterogeneous networks.

Abstract

This paper critically examines the device identification process using machine learning, addressing common pitfalls in existing literature. We analyze the trade-offs between identification methods (unique vs. class based), data heterogeneity, feature extraction challenges, and evaluation metrics. By highlighting specific errors, such as improper data augmentation and misleading session identifiers, we provide a robust guideline for researchers to enhance the reproducibility and generalizability of IoT security models.

IoT Device Identification with Machine Learning: Common Pitfalls and Best Practices

TL;DR

The paper tackles the challenge of IoT device identification using machine learning by dissecting the pipeline into method selection, data handling, feature extraction, and evaluation to reveal systemic pitfalls. It analyzes scope definitions, labeling integrity, data leakage risks, and the impact of feature choices on overfitting and generalizability. It advocates practical guidelines, such as aligning identification granularity with suitable features, avoiding proxy labels, enforcing clean train-test splits before augmentation, sanitizing inputs, and preferring modular One-vs-Rest architectures with diverse algorithm benchmarking. The result is a set of actionable recommendations to improve reproducibility, scalability, and robustness of IoT security models in real-world heterogeneous networks.

Abstract

This paper critically examines the device identification process using machine learning, addressing common pitfalls in existing literature. We analyze the trade-offs between identification methods (unique vs. class based), data heterogeneity, feature extraction challenges, and evaluation metrics. By highlighting specific errors, such as improper data augmentation and misleading session identifiers, we provide a robust guideline for researchers to enhance the reproducibility and generalizability of IoT security models.
Paper Structure (20 sections, 5 figures)

This paper contains 20 sections, 5 figures.

Figures (5)

  • Figure 1: Steps of device identification process.
  • Figure 2: Labelling the Aalto dataset according to 3 identification approacheskostas2024behaviour.
  • Figure 3: The number of packets produced by the devices in the Aalto dataset, illustrating severe class imbalance.
  • Figure 4: The fields contained in a network packet and their byte equivalents.
  • Figure 5: Interpretability levels of common machine learning methods.