Today, connected systems are widely used with the recent developments in technology. The internet-connected devices create data traffic when communicating with each other. These data may contain extremely confidential information. Observers can obtain confidential information from the traffic when the security of this traffic cannot be adequately ensured. This confidential information can be personal information as well as information about the type of device used by the person. Attackers could use machine learning to analyze encrypted data traffic patterns from IoT devices to infer sensitive information, even without decrypting the actual content. For example, if someone uses IoT devices for health monitoring or smoke detection, attackers could leverage machine learning to discern victims' habits or identify health conditions. An increase in the number of IoT devices may decrease the accuracy of classification when using machine learning. This paper presents the importance of the effect of device type number on the classification of IoT devices. Therefore, inference attacks on privacy with machine learning algorithms, attacks on machine learning models, and the padding method that is commonly used against such attacks are presented. Moreover, experiments are carried out by using the dataset of the traffic generated by the Internet of Things (IoT) devices. For this purpose, Random Forest, Decision Tree, and k-Nearest Neighbors (k-NN) classification algorithms are compared, and the accuracy rate changes according to the number of devices are presented. According to the results, the Random Forest and Decision Tree algorithms are found to be more effective than the k-NN algorithm. When considering a scenario with two device types, the Random Forest and Decision Tree algorithms achieved an accuracy rate of 98%, outperforming the k-NN algorithm, which had an accuracy rate of 95%.
FM-HZP-2023-29550
Today, connected systems are widely used with the recent developments in technology. The internet-connected devices create data traffic when communicating with each other. These data may contain extremely confidential information. Observers can obtain confidential information from the traffic when the security of this traffic cannot be adequately ensured. This confidential information can be personal information as well as information about the type of device used by the person. Attackers could use machine learning to analyze encrypted data traffic patterns from IoT devices to infer sensitive information, even without decrypting the actual content. For example, if someone uses IoT devices for health monitoring or smoke detection, attackers could leverage machine learning to discern victims' habits or identify health conditions. An increase in the number of IoT devices may decrease the accuracy of classification when using machine learning. This paper presents the importance of the effect of device type number on the classification of IoT devices. Therefore, inference attacks on privacy with machine learning algorithms, attacks on machine learning models, and the padding method that is commonly used against such attacks are presented. Moreover, experiments are carried out by using the dataset of the traffic generated by the Internet of Things (IoT) devices. For this purpose, Random Forest, Decision Tree, and k-Nearest Neighbors (k-NN) classification algorithms are compared, and the accuracy rate changes according to the number of devices are presented. According to the results, the Random Forest and Decision Tree algorithms are found to be more effective than the k-NN algorithm. When considering a scenario with two device types, the Random Forest and Decision Tree algorithms achieved an accuracy rate of 98%, outperforming the k-NN algorithm, which had an accuracy rate of 95%.
Ege University Scientific Research Projects Committee
FM-HZP-2023-29550
Primary Language | English |
---|---|
Subjects | Information Security Management, Information Systems (Other) |
Journal Section | Research Articles |
Authors | |
Project Number | FM-HZP-2023-29550 |
Publication Date | May 15, 2024 |
Submission Date | September 1, 2023 |
Acceptance Date | April 26, 2024 |
Published in Issue | Year 2024 |