R+R: IoT Device Identification Under Realistic Conditions

Chakshu Gupta; Andreas Peter; Andrea Continella

doi:10.1109/ACSAC67867.2025.00071

R+R: IoT Device Identification Under Realistic Conditions

Research output: Contribution to conference › Paper › peer-review

18 Downloads (Pure)

Abstract

Internet of Things (IoT) devices are ubiquitous, yet they often present security issues. The research community has invested substantial effort in designing automated methods for identifying these devices through passive network analysis—an essential step in security applications such as anomaly detection, traffic monitoring, and vulnerability scanning. However, despite the promising results reported in laboratory settings, the effectiveness of these methods under realistic conditions remains unclear. In this work, we systematically review the
existing literature on IoT device identification by studying the approaches, features, and evaluation environments. We then design and implement a framework to reproduce and evaluate selected identification methods. We re-implement the selected methods and assess their performance, using our framework, under realistic environmental factors, such as non-IoT traffic, dynamic user activity, and unknown devices. Our study reveals several important insights. We demonstrate that the performances of current identification methods significantly decline under realistic conditions. Furthermore, we highlight these methods’ inability to differentiate between known and
unknown devices, raising concerns about their effectiveness in security applications such as anomaly detection. We conclude by providing actionable recommendations for future research.

Original language	English
Pages	828-844
Number of pages	17
DOIs	https://doi.org/10.1109/ACSAC67867.2025.00071
Publication status	Published - 24 Feb 2026
Event	Annual Computer Security Applications Conference, ACSAC 2025 - Alohilani Resort in Waikiki, Honolulu, United States Duration: 8 Dec 2025 → 12 Dec 2025 https://www.acsac.org/

Conference

Conference	Annual Computer Security Applications Conference, ACSAC 2025
Abbreviated title	ACSAC 2025
Country/Territory	United States
City	Honolulu
Period	8/12/25 → 12/12/25
Internet address	https://www.acsac.org/

Keywords

Cybersecurity

Access to Document

10.1109/ACSAC67867.2025.00071

Conference paperAccepted author version, 349 KB

Cite this

@conference{e5b9567b8e67466eaa67f937c78fdbf7,

title = "R+R: IoT Device Identification Under Realistic Conditions",

abstract = "Internet of Things (IoT) devices are ubiquitous, yet they often present security issues. The research community has invested substantial effort in designing automated methods for identifying these devices through passive network analysis—an essential step in security applications such as anomaly detection, traffic monitoring, and vulnerability scanning. However, despite the promising results reported in laboratory settings, the effectiveness of these methods under realistic conditions remains unclear. In this work, we systematically review the existing literature on IoT device identification by studying the approaches, features, and evaluation environments. We then design and implement a framework to reproduce and evaluate selected identification methods. We re-implement the selected methods and assess their performance, using our framework, under realistic environmental factors, such as non-IoT traffic, dynamic user activity, and unknown devices. Our study reveals several important insights. We demonstrate that the performances of current identification methods significantly decline under realistic conditions. Furthermore, we highlight these methods{\textquoteright} inability to differentiate between known and unknown devices, raising concerns about their effectiveness in security applications such as anomaly detection. We conclude by providing actionable recommendations for future research.",

keywords = "Cybersecurity",

author = "Chakshu Gupta and Andreas Peter and Andrea Continella",

note = "{\textcopyright}2025 IEEE.; Annual Computer Security Applications Conference, ACSAC 2025, ACSAC 2025 ; Conference date: 08-12-2025 Through 12-12-2025",

year = "2026",

month = feb,

day = "24",

doi = "10.1109/ACSAC67867.2025.00071",

language = "English",

pages = "828--844",

url = "https://www.acsac.org/",

}

TY - CONF

T1 - R+R

T2 - Annual Computer Security Applications Conference, ACSAC 2025

AU - Gupta, Chakshu

AU - Peter, Andreas

AU - Continella, Andrea

PY - 2026/2/24

Y1 - 2026/2/24

N2 - Internet of Things (IoT) devices are ubiquitous, yet they often present security issues. The research community has invested substantial effort in designing automated methods for identifying these devices through passive network analysis—an essential step in security applications such as anomaly detection, traffic monitoring, and vulnerability scanning. However, despite the promising results reported in laboratory settings, the effectiveness of these methods under realistic conditions remains unclear. In this work, we systematically review the existing literature on IoT device identification by studying the approaches, features, and evaluation environments. We then design and implement a framework to reproduce and evaluate selected identification methods. We re-implement the selected methods and assess their performance, using our framework, under realistic environmental factors, such as non-IoT traffic, dynamic user activity, and unknown devices. Our study reveals several important insights. We demonstrate that the performances of current identification methods significantly decline under realistic conditions. Furthermore, we highlight these methods’ inability to differentiate between known and unknown devices, raising concerns about their effectiveness in security applications such as anomaly detection. We conclude by providing actionable recommendations for future research.

AB - Internet of Things (IoT) devices are ubiquitous, yet they often present security issues. The research community has invested substantial effort in designing automated methods for identifying these devices through passive network analysis—an essential step in security applications such as anomaly detection, traffic monitoring, and vulnerability scanning. However, despite the promising results reported in laboratory settings, the effectiveness of these methods under realistic conditions remains unclear. In this work, we systematically review the existing literature on IoT device identification by studying the approaches, features, and evaluation environments. We then design and implement a framework to reproduce and evaluate selected identification methods. We re-implement the selected methods and assess their performance, using our framework, under realistic environmental factors, such as non-IoT traffic, dynamic user activity, and unknown devices. Our study reveals several important insights. We demonstrate that the performances of current identification methods significantly decline under realistic conditions. Furthermore, we highlight these methods’ inability to differentiate between known and unknown devices, raising concerns about their effectiveness in security applications such as anomaly detection. We conclude by providing actionable recommendations for future research.

KW - Cybersecurity

UR - https://www.scopus.com/pages/publications/105035206765

U2 - 10.1109/ACSAC67867.2025.00071

DO - 10.1109/ACSAC67867.2025.00071

M3 - Paper

SP - 828

EP - 844

Y2 - 8 December 2025 through 12 December 2025

ER -

R+R: IoT Device Identification Under Realistic Conditions

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this