Research Article
A Lightweight Flow Feature-Based IoT Device Identification Scheme
Table 2
Features used in this research.
| Name | Explanation | Selection status | Before selection | After selection | Baseline selection |
| VOL_MED | Flow volume’s median | ✓ | | | VOL_MOD | Flow volume’s mode | ✓ | ✓ | | VOL_MAX | Flow volume’s maximum | ✓ | | | VOL_MIN | Flow volume’s minimum | ✓ | | | VOL_IE | Flow volume’s information entropy | ✓ | | | VOL_AVG | Flow volume’s average | ✓ | | | VOL_VAR | Flow volume’s variance | ✓ | ✓ | ✓ | RATE_MED | Flow rate’s median | ✓ | | | RATE_MOD | Flow rate’s mode | ✓ | | | RATE_MAX | Flow rate’s maximum | ✓ | | | RATE_MIN | Flow rate’s minimum | ✓ | | | RATE_IE | Flow rate’s information entropy | ✓ | | | RATE_AVG | Flow rate’s average | ✓ | | | RATE_VAR | Flow rate’s variance | ✓ | | ✓ | PORT1 | Whether the flow access port between 0 and 1023 appeared | ✓ | | | PORT2 | Whether the flow access port between 1024 and 49591 appeared | ✓ | ✓ | | PORT3 | Whether the flow access port between 49592 and 65535 appeared | ✓ | | | PORT1_CNT | The count of remote IP port between 0 and 1023 | ✓ | ✓ | | PORT2_CNT | The count of remote IP port between 1024 and 49591 | ✓ | | | PORT3_CNT | The count of remote IP port between 49592 and 65535 | ✓ | | | UDP_CNT | The count of flows use UDP | ✓ | ✓ | | TCP_CNT | The count of flows use TCP | ✓ | ✓ | | DUR_MOD | Flow duration’s mode | | | ✓ | SLP_TIME | Time intervals’ mode between flows | | | ✓ | DNS_INT | DNS intervals’ mode | | | ✓ | BAG_PORT_NUM | Word bag model of port which flow accessed | | | ✓ | BAG_DOMAIN | Word bag model of DNS domain names | | | ✓ | BAG_CS | Word bag model of cipher suit | | | ✓ |
|
|