Research Article

A Lightweight Flow Feature-Based IoT Device Identification Scheme

Table 2

Features used in this research.

NameExplanationSelection status
Before selectionAfter selectionBaseline selection

VOL_MEDFlow volume’s median
VOL_MODFlow volume’s mode
VOL_MAXFlow volume’s maximum
VOL_MINFlow volume’s minimum
VOL_IEFlow volume’s information entropy
VOL_AVGFlow volume’s average
VOL_VARFlow volume’s variance
RATE_MEDFlow rate’s median
RATE_MODFlow rate’s mode
RATE_MAXFlow rate’s maximum
RATE_MINFlow rate’s minimum
RATE_IEFlow rate’s information entropy
RATE_AVGFlow rate’s average
RATE_VARFlow rate’s variance
PORT1Whether the flow access port between 0 and 1023 appeared
PORT2Whether the flow access port between 1024 and 49591 appeared
PORT3Whether the flow access port between 49592 and 65535 appeared
PORT1_CNTThe count of remote IP port between 0 and 1023
PORT2_CNTThe count of remote IP port between 1024 and 49591
PORT3_CNTThe count of remote IP port between 49592 and 65535
UDP_CNTThe count of flows use UDP
TCP_CNTThe count of flows use TCP
DUR_MODFlow duration’s mode
SLP_TIMETime intervals’ mode between flows
DNS_INTDNS intervals’ mode
BAG_PORT_NUMWord bag model of port which flow accessed
BAG_DOMAINWord bag model of DNS domain names
BAG_CSWord bag model of cipher suit