A Multi-Modal Traffic Classification-Based Device Identification Method

Authors

  • Yuanyuan Ma China Electric Power Research Institute – State Grid Laboratory of Power Cyber-Security Protection and Monitoring Technology – Nanjing – China. https://orcid.org/0009-0004-2890-747X
  • Yunfan Wang China Electric Power Research Institute – State Grid Laboratory of Power Cyber-Security Protection and Monitoring Technology – Nanjing – China | Southeast University – School of Cyber Science and Engineering – Nanjing – China. https://orcid.org/0009-0008-2260-5170
  • Zesheng Xi China Electric Power Research Institute – State Grid Laboratory of Power Cyber-Security Protection and Monitoring Technology – Nanjing – China | Nanjing University of Science and Technology – School of Computer Science and Engineering – Nanjing – China. https://orcid.org/0009-0008-9870-284X
  • Chuan He China Electric Power Research Institute – State Grid Laboratory of Power Cyber-Security Protection and Monitoring Technology – Nanjing – China | Southeast University – School of Cyber Science and Engineering – Nanjing – China. https://orcid.org/0009-0006-0214-224X

Keywords:

Multi-modal traffic classification, Device fingerprinting, Feature Identification, Network security

Abstract

Internet of things (IoT) devices are widely used in various fields, with their growing diversity and complexity posing challenges for traditional security measures. Device fingerprint identification can enhance network security and reliability by verifying device features. However, traditional device fingerprint identification methods usually rely on a single mode of traffic characteristics. In the face of changing network environments and diversified device types, it is often difficult to ensure efficient identification performance and robustness. To address the above challenges, this paper proposes a multi-modal traffic classification method for device identification in IoT networks to address the challenges in accuracy and robustness posed by traditional single-modal traffic feature approaches. The method combines various traffic features, such as packet size, transmission interval, flow duration, packet rate, byte rate, and protocol number. It includes four modules: data collection, preprocessing, model training, and fingerprint identification. Network traffic data are collected using deep packet inspection and capture tools, and features are standardized. The bidirectional encoder representations from transformers (BERT) model is applied for sensitive text feature extraction, while the convolutional neural network (CNN) model aids in device identification. Experimental results demonstrate high accuracy and robustness across different network environments and device types.


Downloads

Published

2025-06-13

Issue

Vol. 17 (2025)

Section

Original Papers

License

Copyright (c) 2025 Yuanyuan Ma, Yunfan Wang, Zesheng Xi, Chuan He

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

This work is licensed under a Creative Commons — Attribution 4.0 International — CC BY 4.0. Authors are free to Share (copy and redistribute the material in any medium or format) and Adapt (remix, transform, and build upon the material for any purpose, even commercially). JATM allow the authors to retain publishing rights without restrictions.