Inferring Networked Device Categories from Low-Level Activity Indicators
- Chandrashekar J.
- Christophedes V.
- Sheykh Esmaili K.
We study the problem of inferring the category of a networked device based on observed, low level indicators of its activity (traffic counters and wireless signal strengths). Such a capability has a wide variety of uses including ISP home troubleshooting, traffic management, etc. In this paper, we analyze a dataset of detailed device network activity obtained from 240 subscriber homes of a large European ISP. By analyzing various distributions, we extract a number of traffic and spatial activity fingerprints for each device. Subsequently, we apply a number of distinct classification methods on a large subset of data for which we are able to extract ground-truth labels. We define a two level taxonomy of device categories that describe devices at a coarse grain (compute device, mobile device) and a finer level (tablet, OTT box, etc) and perform the classification independently for each granularity. Our results show an accuracy level up to 92% for the coarse grained categories up to 85% for the finer grained classes. By incorporating information from other sources (e.g., MAC prefix), we are able to further improve accuracy to above 97% and 92%, respectively. Finally, we also extract a set of simple and human-readable rules that concisely capture the behavior of these distinct device categories.