IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO.

5, MAY 2020 1

Machine Learning for the Detection and

Identification of Internet of Things (IoT) Devices: A
Survey
Yongxin Liu, Graduate Student Member, IEEE, Jian Wang, Jianqiang Li, Shuteng Niu, and Houbing Song, Senior
Member, IEEE

Abstract—The Internet of Things (IoT) is becoming an indis- to provide automated services that would otherwise not be
pensable part of everyday life, enabling a variety of emerging possible [1]. Trillions of network-connected IoT devices are
services and applications. However, the presence of rogue IoT expected to emerge in the global network around 2020 [2]. The
devices has exposed the IoT to untold risks with severe conse-
quences. The first step in securing the IoT is detecting rogue IoT IoT is becoming an indispensable part of smart cities, enabling
devices and identifying legitimate ones. Conventional approaches a variety of emerging services and applications in cities and
use cryptographic mechanisms to authenticate and verify le- communities [3], including in health [4], transportation [5]–
gitimate devices’ identities. However, cryptographic protocols [8], energy/utilities, and other areas. Furthermore, big data
are not available in many systems. Meanwhile, these methods analytics enables the move from the IoT to real-time control
are less effective when legitimate devices can be exploited or
encryption keys are disclosed. Therefore, non-cryptographic IoT [9]–[11].
device identification and rogue device detection become efficient However, the IoT is subject to threats stemming from
solutions to secure existing systems and will provide addi- increased connectivity [12], [13]. For example, rogue IoT
tional protection to systems with cryptographic protocols. Non- devices, defined as devices claiming a falsified identity or
cryptographic approaches require more effort and are not yet ad- compromised legitimate devices, can exposed the IoT to untold
equately investigated. In this paper, we provide a comprehensive
survey on machine learning technologies for the identification risks with severe consequences. Rogue IoT devices could
of IoT devices along with the detection of compromised or conduct various attacks: forging the identity of trusted entities
falsified ones from the viewpoint of passive surveillance agents or to access sensitive resources, hijacking legitimate devices to
network operators. We classify the IoT device identification and participate in distributed denial of service (DDoS) attacks
detection into four categories: device-specific pattern recognition, [13], and etc. The problem of rogue devices becomes even
Deep Learning enabled device identification, unsupervised device
identification, and abnormal device detection. Meanwhile, we more hazardous in wirelessly connected IoT, as the network
discuss various ML-related enabling technologies for this pur- traffic is easier to be intercepted and falsified. Hence, from the
pose. These enabling technologies include learning algorithms, perspective of network operators, the first step in securing the
feature engineering on network traffic traces and wireless signals, IoT against rogue devices is identifying known (or unknown)
incremental learning, and abnormality detection. devices and detecting compromised ones. This survey defines
Index Terms—Internet of Things, Security, Physical-layer Se- the term Device Detection and Identification to contain two
curity, Malicious Transmitter Identification, Radiometric signa- perspectives: a) Identity verification of known devices. b)
ture, Non-cryptographic identification, Physical-layer identifica-
Detection of falsified or compromised devices.
tion.
Conventional cryptographic mechanisms use message au-
thentication code, digital signatures, challenge-response ses-
I. I NTRODUCTION sions, and etc. to authenticate legitimate peers or verify the
S a rapidly evolving field, the Internet of Things (IoT),
A involves the interconnection and interaction of smart
objects, i.e., IoT devices with embedded sensors, onboard
identities of message senders [14]. These methods make it
mathematically impossible for the malicious to forge the
legitimates’ identities. Even though cryptographic mechanisms
data processing capabilities, and means of communication, are effective as long as secret keys are securely protected,
security requirements may not be fully satisfied in pervasively
Yongxin Liu was with the Security and Optimization for Networked Globe
Laboratory (SONG Lab), Embry-Riddle Aeronautical University, Daytona distributed IoT. Reports have shown that it is possible to
Beach, FL 32114 USA, and is with the Department of Computer Science, use reverse engineering to access encryption keys or conduct
Auburn University at Montgomery, Montgomery, AL 36117 USA. further exploitations [15]–[19]. Moreover, it is impossible
Jian Wang and Houbing Song are with the Security and Optimization
for Networked Globe Laboratory (SONG Lab), Embry-Riddle Aeronautical to install cryptographic protocols into the huge amount of
University, Daytona Beach, FL 32114 USA. insecure systems or devices in a short time. Some of those
Shuteng Niu was with the Security and Optimization for Networked Globe insecure systems have already become part of critical infras-
Laboratory (SONG Lab), Embry-Riddle Aeronautical University, Daytona
Beach, FL 32114 USA, and is with the Department of Computer Science, tructures [20]–[25]. Finally, cryptographic approaches become
Bowling Green State University, Bowling Green, Ohio 43403 USA. less effective in dealing with hijacked devices. Therefore,
Jianqiang Li is with the College of Computer Science and Software as a supplementary to existing cryptography mechanisms,
Engineering, Shenzhen University, Shenzhen, Guangdong 518060 China.
Corresponding authors: Jianqiang Li, Houbing Song non-cryptographic Device Identification with Rogue Device
Manuscript received October 18, 2020; revised XXX. Detection are needed to secure the IoT ecosystem especially
Digital Object Identifier: 10.1109/JIOT.2021.3099028

2327-4662 c 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications standards/publications/rights/index.html for more information.
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 2

TABLE I II presents a general threat model and attack chain of rogue

A COMPARISON WITH EXISTING SURVEYS devices in IoT. In Section III, we review device type identifica-
tion (Section III-A) and statistical learning on device-specific
Surveys Year FD DL DT UD RD
[34] 2020 • • • feature identification (Section III-B), including conventional
[35] 2019 • • • radiometric signature and statistical learning. In Section III-C
[36] 2017 • • • we review state-of-the-art Deep Learning (DL) based methods
[37] 2016 • • •
[38] 2012 • •
for device identification with a focus on emerging issues such
[39] 2010 • • • as incremental learning, abnormality detection, hyperparam-
This paper 2021 • • • • • eter, and architecture search. A novel emerging approach,
FD: Feature-based specific device identification; DL: Deep unsupervised device detection, is reviewed in Section III-D. In
Learning enabled specific deivice identification; DT: De- Section IV, we present methodologies to detect compromised
vice type identification; UD: Unsupervised device identi-
fication; RD: Rogue device detection. wireless devices using anomaly detection algorithms, which
is complementary to device-specific identification. Section V
pinpoints the challenges and future research directions with
from the perspective of network operators and cybersecurity discussions on enabling technologies. Section VI concludes
surveillance agents. this paper.
Non-cryptographic device identification and rogue device
detection have emerged as essential requirements in safety- II. T HREAT MODE OF ROGUE DEVICES IN I OT
critical IoT [26]–[28] or physical layer authentication [29]. This section briefly reviews the threat modes of rogue
Compared with cryptographic approaches, non-cryptographic devices along with countermeasures in IoT. We analyze the
approaches aim to identify known devices and detect rogue attack chain and identify the requirements of IoT device
devices by exploiting device-specific signal patterns or behav- detection and identification: verifying legitimate devices’ iden-
ior characteristics [30]. More importantly, non-cryptographic tity, detecting unknown or falsified devices, and detecting
approaches do not require modifications to the existing sys- compromised (hijacked) devices with abnormal behaviors.
tems that can not be upgraded easily, e.g., ADS-B (Automatic The cyberinfrastructure of IoT allows sharing information
Dependent Surveillance Broadcasting [31]), AIS (Automatic and collaborating among devices with different capacities and
Identification System [32]) and etc. vulnerabilities. On the one hand, this scheme cultivates a
Non-cryptographic device identification and detection are large open system with low entry restrictions. On the other
still challenging. Firstly, the flexible deployment scenarios hand, adversaries can conduct rogue activities with great
and diverse specifications of devices make it challenging to convenience [40]. Generally, the attack modes of adversaries
provide a general solution to derive distinctive features from in IoT are in two folds: passive attack and proactive attacks.
signals or network traffic. Moreover, even though machine In a passive attack, adversaries do not cause damage or perfor-
learning (ML) and Deep Learning (DL) have the potential to mance degradation for a long time. Still, they passively analyze
automatically discover distinctive latent features for accurate devices’ communication and activity patterns, providing plans
device identification, state-of-art algorithms require intensive for attacks in the future. If we regard passive attackers as spies
modifications to be utilized in IoT [33]. Therefore, these gaps secretly and peacefully gathering intelligence, the proactive at-
motivate us to conduct a comprehensive survey as a summary tackers do whatever possible to conduct malicious activities. In
of existing works and anticipate the future directions from the practical attacks, proactive and passive attacks are combined.
perspective of machine learning. A typical attack chain in IoT is shown in Figure 3 with a
The scope of this paper and related surveys are compared more specific demonstration of spoofing attacks depicted in
in Table I. In general, existing surveys focus on presenting Figure 4. We divided the whole attack chain into five stages
broad overviews of threats and countermeasures in IoT. In this as follows:
paper, we focus on a more specific perspective by providing 1) Penetration: In this stage, the rogue devices try to
a comprehensive survey of machine learning for the detection eavesdrop on communication channels or attain the
and identification of devices in IoT using passively collected control privileges of vulnerable devices for further ac-
traffic traces and wireless signals, which are easily accessible tions. Research in [41] shows that using ARP (Address
to network operators and surveillance agents. Figure 1 presents Resolution Protocol) spoofing, the malicious can easily
an overview of ML for the detection and identification of IoT observe ongoing traffic generated by connected IoT
devices with relations between concepts in Figure 2. We divide devices from more than 20 manufacturers. Nowadays,
the IoT device identification and detection into four categories: it is still challenging to develop software stacks with
device-specific pattern recognition, Deep Learning enabled assured security [42].
device identification, unsupervised device identification, and 2) Spying: In this stage, the malicious will observe the
abnormal device detection. We identify various ML-related ongoing activities by exploiting penetrated devices as
enabling technologies and tools for this purpose, including sta- its agents. As in [41], more than 50% of tested popular
tistical learning, feature engineering, digital signal processing, smart home IoT devices contain at least one vulnerable
and deep learning. These tools include incremental learning, ports.
unsupervised learning, and anomaly detection. 3) Data analytics: The malicious attackers analyse the
The remainder of this paper is structured as follows. Section behaviors and evaluate the vulnerabilities of the IoT
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 3

Enabling technologies Device identification Supplementary tools

Device-specific pattern
recognition

Device type identification

Statistical leanring Feature engineering Deep Learning enabled Continual leanring Explainable AI
device identification

Unsupervised device
identification

Abnormal device
Digital signal processing Deep learning identification Unsupervised learning Anomaly detection

Fig. 1. Overview of ML for the Detection and Identification of Rogue IoT Devices

TABLE II
C OMPARE OF CRYPTOGRAPHIC AND NON - CRYPTOGRAPHIC COUNTERMEASURES

Methods Principles Advantages Challenges

Use shared secrecy to mathematically • Disclosure of secret keys.
• Device independent
make the decryption of sensitive • Re-distribution of secret keys.
Cryptographic • Protects both confidentiality
information and forge of identity • Needs special adapation to
and can verify identity
computationally expensive. existing systems.
Extract and verify device-specific • Device-specific.
features from received messages to • Can identify Hijacked • Computationally expensive.
Non-cryptographic
assure that messages are from known devices with abnormal behaviors. • Identity disclosure.
sources. • compatible with existing IoT

Device identification
Identity verification of known deploy cryptographic protocols to existing systems without
devices
cryptographic protocols such as ADS-B, AIS, and etc. Non-
Continual
Open set recognition
Detection of unknown or cryptographic methods require higher computational capacity
Unsupervised device falsified devices
learning
detection & Identification
to derive device-specific fingerprints, but they are transparently
Abnormal device Detection of compromised
compatible with existing systems.
detection devices

III. L EARNING -E NABLED D EVICE I DENTIFICATION IN I OT

Fig. 2. Key concepts in this survey.
This section reviews methods to recognize devices’ iden-
tities and types in IoT. Most of them are based on network
from multiple perspectives. An example in [43] reveals traffic and wireless signal pattern recognition. We first review
that even if encryption mechanisms are employed, an device type identification methods, which are widely used
attacker can still extract sensitive information, such as in identifying commercial IoT devices. We then discuss and
manufacture, device functionality, and etc. compare the corresponding signal feature based device recog-
4) Planning: In this stage, the adversaries perform strategic nition approaches. Especially, we discuss Deep Learning in
planning and wait for the best time to minimize their risk device identification with emerging issues extensively. Finally,
and maximize the rewards. we review the unsupervised device identification and its open
5) Attack: In this stage, prevalent attacks are in action. issues. A brief summary of open datasets for wireless device
identification is provided in section V-A4.
From the perspective of network operators or cybersecurity
surveillance agents, if we can prevent the adversaries from
successfully impersonating legitimate devices in the first stage A. Device type identification
(penetration) or can identify hijacked devices in the second Even though device types are not directly related to devices’
stage (spying). Network operators and surveillance agents can identities, they still provide essential information for network
destroy the whole attack chain easily. management and risk control. A brief diagram of typical
Various countermeasures can be applied in IoT device IoT devices considering their protocols is in Figure 5, and
identification and detection. Both cryptographic and non- comparisons of their Physical Layer, Data Link Layer as well
cryptographic methods can be applied. A brief comparison as aggregated data transmission characteristics are presented in
of them is presented in Table II. Cryptographic methods [44], [45] and [46]. As in Figure 5, WiFi is pervasively utilized
are widely used in computer networks and telecommunica- in smart home devices while smart city facilities prefer reliable
tion systems. However, special modifications are needed to cellular networks. Device type identifications are frequently
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 4

Penetration Spying

Device hijacking Eavesdropping Data collection Data analytics

Actions Planing Analytics

Privacy disclosed Deny of service Device function

attacks identification
VS
Critical nodes
mining

Identity spoofing Man-in-the-middle Network topology

attacks attacks Rewards analysis

Fig. 3. Attack chain in the IoT.

Unkonwn This is device A Active / sleep cycles

device with message b Activity
Activity volume
Client
Legitimate This is device A Network role
device A with message a Access point
Service request interval
Message consumer
Hijacked This is device C Service Volume
device C with message x
NTP
Remote service
Device features Service types DNS
Fig. 4. Identity spoofing attacks. Storage
Service domain names
Local / remote port & address
Local / Internet traffic
Algorithms
Network flow Encryption
Entropy
Packet size / Interval
Protocols

Fig. 6. Features for device type identification.

encrypted, some unique strings in their Web requests can still

be exploited to infer device types. Authors in [51] present
Fig. 5. Typical IoT devices and protocols. that using only port numbers, domain names, and cipher
suite information, a Naive Bayesian classifier can reach high
accuracy in classifying 28 commercial IoT devices.
performed on network, transportation, and application layers However, remote service information may not work if
and have been implemented in Software Defined Network devices interact with anonymous service providers. For alle-
(SDN) controllers or Software Routers [47]–[49]. Device viation, device activity and data flow patterns can be utilized.
types reveal functionality and activity profiles. A taxonomy of Authors in [52] propose that their Random Forest classifier
features for device type identification is presented in Figure 6. reaches a high accuracy of 95% in identifying 20 IoT devices
As in Figure 6, remote service is a popular attack surface when the features of activities, network data flows, and remote
to disclose the device type or even identity. The reason is that service requests are utilized simultaneously. In [53], devices’
the IoT devices communicate with remote service providers types are identified based on the periodicity of activities.
through the REST API [50]. Even though sensitive data are The authors first used the Discrete Fourier Transform (DFT)
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 5

Lowpass Physical-layer device

filter ADC
identification
I (in-phase) Channel state
sin stream
Local
Real-time estimation
AGC digital signal
cos oscillator
processing Dynamic spectrum
Q (quadrature)
access
stream
Lowpass
ADC Intrusion detection
filter

Fig. 7. General pipeline of Software-Defined wireless signal identification.

and discrete autocorrelation to find the dominant periods B. Feature-based statistical learning for specific device iden-
in protocol-specific activities. They then used statistical and tification
stability metrics to model the devices’ behavioral patterns. IoT device identification can be formalized as a classifica-
Finally, the Bayesian-optimized k-Nearest Neighbor algorithm tion problem. In this section, we first introduce the generic
was employed for classification. In [54] and [55], the authors pipeline for signal reception and then focus on feature-based
extracted the protocols and network flow properties within a statistical learning approaches for specific device identification
sliding window to generate fingerprints of devices. They used from raw signals and their open issues.
one-versus-rest classifiers to identify commercial devices. In
[56], The authors first provided a Random Forest classifier 1) Generic wireless signal reception pipeline for device
using TCP/IP stream features. They incorporated confidence identification: Software-Defined Radios (SDR) are multipur-
thresholds and averaged decisions within a sliding window to pose front-ends to deal with various modulation and baseband
identify known or unknown device types. Similar research is encoding schemes in wireless device identification. Funda-
presented in [56] and [57]. In [58], the authors also present mental technologies in SDR are quadrature modulation and
that network traffic, device types, and their operation states demodulation [65].
(boot, active, and idle) can be inferred simultaneously. Generally, the wireless signals of IoT devices can be repre-
An extra benefit of modeling device activity patterns is in- sented as: S(t) = I(t)·cos[2π(fc +f ′ )t]+Q(t)·sin[2π(fc +
creasing the chances of identifying behavioral variations. Such f ′ )t], where I(t) and Q(t) are denoted as in-phase and
benefit directly contributes to the detection of compromised quadrature components, respectively. The key idea is use I(t)
devices or network attacks, which will be discussed in section and Q(t) to represent different modulation schemes.
IV. A brief quadrature demodulation pipeline is given in Fig-
Deriving devices’ benign flow characteristics is nontrivial, ure 7. We denote the reconstructed version of I(t) and
Q(t) as I(t)ˆ and Q̂(t), respectively. We can derive the
therefore, the IETF standard Manufacturer Usage Description
(MUD) profile [59] is proposed as an initial static profile to signals instantaneous
q amplitude, phase, and frequency by
describe IoT device network behavior and support the making m̂(t) = ˆ 2 ˆ
I (t) + Q̂ (t), φ̂(t) = tan−1 (Q̂(t)/I(t))
2 and
of security policies. A collection of MUD profiles from 30 ˆ
f (t) = ∂ φ̂(t)/∂t. Manufacturing imperfections and channel
commercial devices in [60]. The MUD profiles can be used characteristics can cause m̂(t), φ̂(t) and fˆ(t) to deviate from
to either verify device types or detect devices under attack its original form, providing side channels to identify wireless
or being compromised [61]. However, one issue of using the devices. A brief overview of features for IoT device identity
static profiles is that long observation time is needed to make verification using wireless signals in Physical Layer is given
decisions. in Figure 8. The features for wireless device identification are
Device identifiers based on network flow and activity also named Radiometric Fingerprints.
patterns may encounter emerging issues. First, IoT devices 2) Hardware imperfections: Heterogeneous imperfections
are becoming smart devices where new extensions can be exist in IoT devices’ wireless frontends. These imperfections
installed, and firmware upgrades can happen periodically, do not necessarily degrade the communication performance
thereby changing activity patterns or network flow statistics, but influence signal waveforms, thereby providing a side
as suggested in [62], [63] and [51]. Second, deriving relevant channel to identify different devices. Such features enclosed
and distinctive features is not always easy and straightforward. in transmitted signals are named Physical Unclonable Features
To automate the processes of deriving useful features, in [57], (PUF) [66], [67]) since regular users can not clone or forge
the authors proposed a Genetic Algorithm (GA) enabled fea- the characteristics of these manufacturing imperfections.
ture selector. Furthermore, a Deep Neural Network approach, a) Error / noise patterns: The errors between expected
which does not require complicated feature engineering, is rational signals and actual received signals can disclose useful
presented in [64]. Third, device types do not necessarily device-specific information. In [68] and [69], the authors used
correlate with their identities. Therefore, behavior-independent the phase errors of Phase Lock Loop (PLL) in transmitters
specific device identification is of great significance.. as a distinctive feature. Their simulations indicate promising
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 6

Instantaneous freq. error Turn-on transient Turn-off transient

period period
Instantaneous phase error
Error / noise
Instantaneous amp. error Persistent
period
Statistics of extracted noise
Signal strength
Channel / location Frequency responses Time

Channel state information

Physical Layer Fig. 10. Transient periods during wireless communication.
features Phase offset
Hardware I/Q imbalance
imperfections
Carrier freq. offset
distribution. The parameters of such distribution represent
Turn on / off transient signals the unique fingerprints of a wireless transmitter. With this
RF-DNA idea, the authors in [81] used the Central Limit Theorem and
Persistent features
Multivariate distribution proposed a repetitive stacking symbol-based algorithm. They
modeled that the preamble of each packet as a sample from a
specific multivariate distribution. They extracted statistics from
Fig. 8. Physical Layer device-specific features.
the preambles of ZigBee devices and employed Mahalanobis
Distance and nearest neighbor algorithm to identify 50 Zigbee
Feature extraction Device fingerprints
devices.
Instantaneous Standard deviation Regional statistic vectors from complete messages can un-
amplitude
intentionally embed protocol-dependent features and result in
Variance
Sub-regions of Instantaneous unreliable device identification models. Therefore, if we only
baseband signals phase
Skewness extract persistent features from the protocol-agnostic part of
Instantaneous the signals (e.g., preambles), the resulting device identification
frequency Kurtosis
model will focus on signal features rather than communication
protocols.
Fig. 9. A brief dataflow of RF-DNA. c) Transient patterns: Compared with persistent statistics
of signals’ subregions, transient patterns are more difficult to
forge in terms of wireless channels [82]. An example of tran-
results even with low SNR (Signal-to-Noise Ratio). In [70], the sient periods in wireless communication is given in Figure 10.

Amplitude
authors used the instantaneous differences between received Transient periods are commonly seen at the beginning and end
I/Q signals and theoretically expected templates to construct of wireless packet transmission. In [83], the authors employed
error vectors. They combined error vectors’ statistics and time- the nonlinear in-band distortion and spectral regrowth of the
frequency domain statistics to synthesize the fingerprints of RF received signals (potentially caused by power amplifiers of
transmitters. transmitters) to distinguish the masquerading device. In [84],
In [71]–[73], the authors used the differential constellation the authors derived the energy spectrum from transmitters’
trace figure (DCTF), carrier frequency offset, phase offset, turn-on transient amplitude envelopes to classify eight different
and I/Q offset to identify different Zigbee devices. They devices. The results show that frequency-domain features are
developed a low-overhead classifier, which learns how to more reliable than time-domain features. In [85] and [86],
adjust feature weights under different SNRs. The behaviors of the time-domain statistical metrics and wavelet features of
their classifiers are similar to k-NN algorithms. Authors in [74] transmitters’ turn-on transient signals were transformed into
used the odd harmonics of center frequencies as fingerprints devices’ RF fingerprints. Finally, it is notable that the authors
for RFID transmitters. in [87] captured the turn-on transient signal of Bluetooth
b) Persistent patterns: Persistent pattern recognition as- devices and extracted 13 time-frequency domain features (via
sumes that the statistics of consecutive subregions in received Hibert-Huang spectrum) to construct the devices’ fingerprints.
signals can disclose identity-related information. A typical Their experiments have shown that well-designed fingerprints
method is named as RF-DNA (Distinctive Native Attributive provide promising results even without using complicated
[75], [76]. The basic idea is to use the statistical metrics of machine learning models.
signals’ consecutive subregions to form device fingerprints. The merit of transient features is that an adversary could
A brief dataflow of RF-DNA is given in Figure 9. In [77]– not forge such nonlinear features unless they can accurately
[79], the authors captured the preamble of WPAN (Wireless forge the coupled characteristics of pair-wise wireless channels
Personal Area Network) signals and extract the variance, skew- and RF front-ends between victims and surveillance agents.
ness, and kurtosis of signals’ subregions (bins) as signatures. In other words, the transient features can be influenced by the
Research in [80] showed that RF-DNA can even be applied to locations of devices, as different locations can result in vari-
model the Fourier spectrum of devices. ation of RF channel characteristics, e.g., transient responses,
From the perspective of Stochastic Process, a sequence of machine learning algorithms can produce accurate but unre-
signal symbols can be regarded as a sample from a multivariate liable device identification results by exploiting RF channel
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 7

characteristics rather than learning device-specific features. Indirect recognition Direct recognition
3) Channel state features: : From the perspective of signal
propagation, the nonlinear characteristics of radio channels Channel specific Transient pattern
recognition recognition
can cause recognizable distortions to the received signals.
Those distortions can become unique profiles of transmitters. Channel state Transmitter
Therefore, the channel state recognition approach’s basic idea information specific features
is to: a) mathematically or statistically describe the nonlinear
characteristics of the propagation channel within receivers and Time/phase of Location based Persistent pattern
transmitters. b) Estimate whether a wireless device’s signals’ arrivals recognition recognition

distortions comply with specific channel characteristics. A

typical solution was provided in [94], the authors used a kernel
Fig. 11. A brief overview of channel state recognition and related approaches.
regression method to model the nonlinear pattern of signals’
propagation channels. Their basic idea is that the combination
of frequency offsets and special channel characteristics may
was that the constant CFOs can cause a linearly vary-
not be forged easily, and therefore, can be used as a profile
ing trend in instantaneous phases in received signals.
for wireless devices.
Specifically, the authors first used phase measurements
Channel state features are commonly seen in Orthogonal
on specifically selected subcarriers to eliminate phase
Frequency-Division-Multiplexing OFDM modulated commu-
shifts at the receiver of the device identification oracle.
nication systems. In the OFDM and MIMO schemes of wire-
They then used the differentiated phases from adjacent
less communication, the channel state information (CSI) [95],
packets to eliminate the phase shifts introduced by the
[96] can provide rich information on the time-varying char-
relative positions of transmitters. Finally, they derived
acteristics of radio channels. IEEE 802.11 receivers estimate
the carriers’ frequency offsets by the slope (relative to
CSI during the reception of each packet’s preamble. For each
the time intervals of adjacent packets) of the purified
packet, its CSI is expressed as a complex-valued Tn by Rm by
instantaneous phase.
K matrix H along with a noise component n ∼ CN (0, S),
• Phase errors: Authors in [101] used the summation of
where Tn denotes the number of transmitter’ antennas, Rn
selected subcarriers’ instant phases to extract the rationale
denotes the number of receivers’ antennas, K denotes the
arrival phases of subcarriers. They then estimated and
number of sub-carriers and n denotes the complex-valued
subtracted the rationale arrival phases and receivers’
Gaussian random variable with mean zero and covariance
insertion phase lag to derive the phase error caused by the
matrix S. Each complex-valued element in H provides the
transmitters’ internal imperfections. A drawback of their
instantaneous phase and amplitude response of antenna-wise
approach is they need to estimate the Time of Flight (ToF)
channels at specific subcarriers.
of received packets.
Channel state information directly reveals the phase, fre-
quency, and amplitude responses of radio channels and has A summary of device identification based on channel state
been utilized to identify fixed-position wireless transmitters. features is in Figure 11. The drawbacks of channel state
Specifically, CSI is affected by propagation obstacles, signal features are apparent. For one thing, researches show that
reflections, and even baseband data patterns [96]. In [97], a channel state features can even be influenced by the motions
CSI based device identification scheme was proposed. The of obstacles in subcarriers’ propagation path [102]–[104]. On
authors used averaged CSI to construct an SVM based profile the other hand, the channel characteristics are environment-
for each legitimate device to prevent and identify spoofing oriented. Consequently, using channel state features based
attacks. They compared CSI and RSS based approaches and device identifier in indoor or mobile environments with human
demonstrated the superiority of CSI. Another merit of their activities is still challenging [105], [106].
solution is utilizing the two-cluster k-means algorithm to de- It should be noted that a great majority of CSI enabled
tect the presence of rogue IoT transmitters when constructing researches depend on limited categories of Network Interface
legitimate devices’ profiles. Similar research was presented Cards (NICs) for data collection, owing to the limitation of
in [98], legitimate devices’ CSI from multiple locations are CSI Tools [95]. However, the authors in [107] provided a
collected to train a more robust device identification model. new way. They used generic SDR transceivers to extract the
Comparably, in [99], the authors used the information from Long Training Sequences (LTS) in the preambles of IEEE
CSI to model the radiometric signatures of obstacles within 802.11n pilot carriers and successfully identified more than
the signals’ propagation path. They provided an iterative 50 Network Interface Cards. They showed that by exploiting
differentiation approach to derive the weights and factor out the frequency offsets and comparing LTS frequency responses
the multipath components in the received signals. of adjacent pilot carriers, they even derived a location-agnostic
Except for wireless channel characteristics, CSI can disclose device identification model.
RF transmitter-specific information for persistent feature-based 4) Cross domain features: Many researchers convert sig-
device identification. Related researches are as follows: nals to other domains that are more distinguishable. A straight-
• Carrier Frequency Offsets (CFOs): In [100], the authors forward way is to remap signals into the time-frequency
propose to derive Carrier Frequency Offsets (CFOs) from domain [108]. In [109], the authors used the STFT (Short-Time
CSI as devices’ fingerprints. Their primitive hypothesis Fourier Transform) with the SVM algorithm to identify four
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 8

TABLE III
I NFLUENTIAL FACTORS FOR FEATURE - BASED SPECIFIC DEVICE IDENTIFICATION

Persistent feature Transient feature Channel status Cross-domain Hybrid

Influential factors1 Countermeasures Reference
recognition recognition recogniton recognition approaches

Median • Denoise filtering.

Stationary noise Median Low Median Low • Data argumentation [81], [88]
(Exc. noise pattern)
• Adaptive filtering.
Rx imperfections Median Median Median Median Median • Calibrations [89], [90]
• MIMO receivers.
Co-channel devices High High Low High High • Blind signal separation [91], [92]
Channel features Median Median High Low Low • Adaptive filtering [89]
Median • Message-independent
Baseband patterns Low Median Low Low [93]
(Exc. noise pattern) features
1High: solutions include hardware modifications; Median: solutions are software-based but require high capacity processors; Low: Software-based optimal
solutions are available and compatible with regular processors;

different transceivers. This research is comparable to [110], TABLE IV

where Discrete Gabor Transform (Gaussian windowed STFT) A BRIEF COMPARE OF CLASSIFIERS IN DEPLOYABLE WIRELESS
TRANSMITTER IDENTIFICATION SYSTEMS
was employed.
Other signal transformation methods can be utilized. In Application Continual Abnormality
Approach
[111], [112], the authors utilized the wavelet transform as overhead learning detection
well as classifiers (SVM and Probabilistic Neural Network) Depends on the size of Natively Clustering or
k-NN
to construct a device identifier, compared with [109], they fingerprint library. supported statistical models
also used the PCA algorithm to reduce the redundancy of SVM
Depends on the number Knowledge One-class
the extracted data. In [113], the authors provided a nor- of feature dimensions replay SVM
mal frequency-based method along with PCA and SVM to Random Depends on the number Knowledge Isolation
forest of decision trees. replay forest
distinguish devices in the GSM band. They compared their
method with Hibert-Huang Transform based method in [114]. Neural Depends on structural Section Section
network complexity III-C2d III-C2c
Similar work presented in [115], showed that Variation Mode
Decomposition theoretically provides even better performance
than the conventional EMD method for relaying scenarios.
Please note that Bispectrum is also widely utilized. In [116], mance.
the energy entropy and color moments of the Bispectrum com- Although integrating signals’ features from multiple do-
bined with Support Vector Machine (SVM) were employed to mains can provide promising device identification results, the
simulate the possibility of device identification. Their results redundant information within the integrated features requires
indicated that higher-order statistics can theoretically improve complicated models and considerable processing capacity.
the performance of identification under low SNR. However, Therefore, automatic feature selection is introduced and be-
other authors [117] claimed that compared to Bispectrum, the comes an indispensable part. Research in [77] demonstrated
squared integral bispectra (SIB) is more robust to noise while that properly selected features, particularly from the F-test
providing the same amount of information as the Bispectrum. and MLF methods, enable a significant (80%) reduction of
In [118], the authors employed singular values of the Axial redundancy. In [123], the authors captured the pilot tones of
Integrated Wigner bispectrum (AIWB) feature to identify the OFDM signals and extract a series of features relative
spoofing signals from genuine signals in navigation satellite to the rational signal. They used an information-theoretic
systems (GNSS). approach to select useful features for device identification. In
5) Hybrid methods: A large number of device-specific [124], four types of features, scramble seed similarity, carrier
features have been discovered along with different signal trans- frequency offset, sampling clock offset, and transient pattern,
form techniques. Hybrid methods aim to find the optimized were used for the physical layer fingerprints of WiFi devices.
combinations of features from different domains to derive A comparison of device-specific feature-based approaches
robust identification models. In [119], the authors extracted in Table III, hybrid approaches have superior performance
the signals’ energy distribution from wavelet coefficients [120] under various influential factors, since the automatic feature
and used k-NN and SVM to identify eight devices. Their selection methods can remove irrelevant information and pro-
test showed that this k-NN requires higher SNR than SVM. vide an optimal combination of features. However, hybrid fea-
In [121], the authors applied Intrinsic Time-Scale Decompo- tures could bring side effects, especially in statistical learning
sition (ITD) [122] to input signals. They extracted factual, algorithms: a) The complicated combination of a large number
bispectrum, and energy features from all subchannels of ITD of features can result in a highly accurate identifier with
decomposition subsignals, their test on SVM shows that more its internal mechanism not interpretable. b) High dimension
features can significantly improve device identifiers’ perfor- features can potentially result in complicated models that are
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 9

computationally expensive to retrain for operational variations. Input Convolution Convolution Fully-connected
layer layer layer
We can make better use of hybrid features in Deep Neural
Networks, which will be discussed in Section III-C.
Results
6) Open issues: In general, the following issues need to Input Filters Filters

be investigated in feature-based statistical learning for specific

device identification:
Fig. 12. Typical architecture of deep neural network classifiers
1) These methods require efforts to manually extract fea-
tures or high-order statistics, the quality of handcraft
features dominates device identification performances. 1) Case studies and comparisons: A typical Deep Neural
E.g., authors in [129] showed that the combination of Network enabled classifier is depicted in Figure 12. Generally,
permutation entropy [130] and K-NN even surpasses it employs convolutional layers to extract latent features and
combination of bispectrum [131] and SVM in [116]. uses fully connected dense layers to produce final results. Deep
2) Experiments are conducted in rational environments Neural Networks with convolutional layers are also referred as
with a limited number (less than 30) of IoT devices. Covolutional Neural Networks (CNN).
Therefore, publicly available datasets containing sig-
Deep neural networks can be seamlessly integrated with
nals from a larger number of IoT devices are needed
existing feature engineering methods. In [127], the authors
to provide a reliable benchmark. Currently, publicly
used the differential error between the reconstructed rational
available datasets for IoT device identification from
signals and received signals to train Deep Neural Networks to
wireless signals are still limited. Some small datasets are
distinguish Zigbee transceivers. In [136], the authors compared
available in [132], [133] and [134] while a larger dataset
the effects of short-time Fourier features and wavelet features
but with only ADS-B signals is available in [135].
for device identification, and their results show that wavelet
3) There’s no guarantee whether a specific type of feature
features can outperform Fourier features. In [126], the authors
is time-invariant. Therefore, this type of system should
extracted the 1-D Regions of Interest (ROIs) from 54 Zigbee
incorporate wireless channel estimation approaches to
devices’ preambles under different SNRs and then resampled
identify real device-specific patterns.
the signals within ROIs into various substreams with different
4) A brief comparison of the device-specific feature-based
sample rates. Finally, the substreams were fed into a convo-
wireless device identification with influential factor is
lutional neural network for identification. Similar ideas are in
given in Table III, co-channel devices have the most
in [125], [137] and [138].
significant impacts among all solutions. Unfortunately,
Compared with the conventional fully connected neural
there’s limited research in dealing with it.
network, convolutional layers apply filters (a.k.a. kernels)
5) A deployable wireless device identification system
with much fewer parameters to obtain distinctive informa-
should have the capacity to report unknown abnormali-
tion. In [88], the authors proposed a combined solution to
ties and continually evolve and adapt to operational vari-
denoise signals and identify devices simultaneously using an
ations. A comparison of frequently employed statistical
autoencoder and a CNN network. The authors used their
learning algorithms on incremental learning and abnor-
encoder to automatically extract relevant features from the
mality detection is in Table IV. Among these algorithms,
received signals and use the derived features to train another
only k-NN provides intuitive and native supports for in-
deep neural network for device identification. Similar methods
cremental learning and abnormality detection. However,
are presented in [139]. In [128], the authors provided an
k-NN is insufficient in handling complicated features.
optimized Deep Convolutional Neural Network approach to
Though SVM or Random Forest could handle more
classify wireless devices in 2.4 GHz channels and compare
complicated features, they lack the incremental learning
the performance with SVM and Logistic Regression. Their
and abnormality detection abilities and explainability.
results showed that, even by using raw I/Q digital baseband
signals, CNN can achieve high accuracy and surpass the best
performance of SVM and Logistic Regression. In [132], neural
C. Deep Learning enabled specific device identification
networks were trained on raw IQ samples using the open
The feature-based statistical learning approaches require dataset1 from CorteXlab. Their results also showed that CNN
manual selection of useful transforms or features. In contrast, can achieve promising results even on raw I/Q signals, but the
deep neural networks (DNN) can incorporate existing features movement of devices and the varying amplitudes can degrade
or directly deal with raw inputs and derive latent distinctive CNN’s performance.
features. Therefore, Deep Learning enabled device identi- An extensively discussed topic for Deep Learning based de-
fication mechanisms are increasingly investigated. A brief vice identification is preventing the network from learning only
comparison of device-specific feature-based statistical learning trivial features, such as protocol identifiers, unique identifiers,
and deep learning based approaches are presented in Table etc. Generally, three types of countermeasures are applied, and
VII. In this section, we discuss typical deep learning enabled their comparisons are provided as in Table V.
wireless device identification solutions and then focus on open Compared with feature-based device identification ap-
issues that impede the application of deep learning in IoT
device identification. 1 https://wiki.cortexlab.fr/doku.php?id=tx-id
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 10

TABLE V
C OUNTERMEASURES TO PREVENT LEARNING FROM TRIVIAL FEATURES

Reference Methodology Description Challenges

The raw I/Q signals are split into
Long range dependent features
[125] Fragmenting small signal fragments
will be destroyed after fragmenting
or only use the preambles of packets..
The position and length of the
One can directly mask or remove the
[126] Masking masking bits or discontinuity can
trivial parts in raw signals.
leak protocol information
One has to gain the access of
One has to force transmitters to send random
[127], [128] Randomization large number of transmitters to
contents
train a reliable classifier.

proaches, Deep Learning methods usually require a much Obtaining optimized hyperparameters is computationally
larger dataset to initialize the network. To know how large expensive. Several strategies are proposed for efficient hy-
the training data is needed. In [140], CNN models were used perparameter searching, such as grid search, random search,
to classify different devices’ signals with controlled difficulty prediction-based approaches, and evolutionary algorithms.
levels. The classification accuracy of a fixed CNN network Their characteristics are as follows:
with different dataset sizes was predicted using a power-law • Grid search: Grid search divides the whole parameter
model and the Levenberg-Marquardt algorithm. Their results space into identical intervals and performs brute-force
show that the dataset size should be at least 10,000 to 30,000 trials to find optimal parameter combinations. However,
times the number of devices to be identified. However, this this strategy is inefficient since useless combinations of
conclusion is only a rough estimation. parameters can not be pruned rapidly.
New architectures in Deep Learning are emerging and can • Random search: In random search, sample points are
significantly influence the performance of device identifica- distributed uniformly in the search space. This strategy
tion systems. In [125], the authors used Convolutional Deep increases the variation and outperforms the grid search
Complex-valued Neural Network (CDCN) and Recurrent Deep when only a small number of parameters can impact the
Complex-valued Neural Network [141] to address the device network performance.
identification problem. Their networks utilized fragments of • Prediction-based: In prediction-based approaches, the
raw I/Q symbols as input, and their test was conducted on algorithms first perform random trials at the beginning
both WiFi and ADS-B datasets. Their experiments show that to model the relation between the network performances
the Complex-valued neural networks surpass regular real- with hyperparameters. Then the algorithms perform new
valued deep neural networks. In [142], [143], a zero-bias trials based on parameters that are more probable to
dense layer was proposed. The authors have shown that their yield better results. Such trial-model-predict paradigm is
solution enables deep neural networks’ final decision stage to conducted repeatedly [152]. A typical prediction strategy
be transparent. Their zero-bias deep neural network maintains is the Bayesian optimization process [153], in which the
equivalent identification accuracy and outperforms regular algorithms model the target outcome space as Gaussian
DNN and one-class SVM in detecting unknown devices. processes.
2) Open issues in Deep Learning for IoT device identifica- • Evolution based: In evolutionary algorithm based ap-
tion: Deep Learning is becoming a promising technology in proaches, the heuristic searches are performed as in other
this domain. However, as in other domains, Deep Learning nonlinear optimization problems. In [154], the authors
encounters several challenges. Although researches in IoT used the Genetic Algorithm to find the optimal hyperpa-
device identification rarely cover the issues, we briefly discuss rameters of a neural network. Compared with prediction-
their current states and solutions. based approaches, evolutionary algorithms provide the
a) Hyperparameter searching: One critical problem for best guess with bio-inspired strategies. However, there
using deep neural networks is hyperparameter tuning. Hyper- is no guarantee for the performance of evolutionary
parameters such as learning rate, mini-batch size, dropout rate, algorithms.
etc. are used to initialize the training process. Hyperparame- b) Neural network Architecture search: Network Archi-
ters can significantly impact the performance of deep neural tecture Search (NAS) is another challenging task in designing
networks. For instance, in [151], the authors compared the neural networks. Network architecture defines the flow of
performance of Deep Neural Networks, Convolutional Neural tensors and could significantly affect the complexity and
Network, and the LSTM (Long Short Term Memory) in device performance of neural networks [155], [156]. At the current
identification using the raw I/Q signals directly. Their results stage, most network architectures are specified manually or
showed that CNN has the best performance, followed by DNN with trial-and-error.
and LSTM. They have pointed out that the hyper-parameters Architecture searching algorithms are provided by several
of Deep Learning, especially for network architectural param- Automatic Machine Learning (AutoML) platforms. A brief
eters, significantly influence the upper bound of performance. comparison of their functionality and performance on different
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 11

TABLE VI
M ETHODS FOR UNKNOWN DEVICE RECOGNITION

Methods Description Complexity Memory Pros & Cons Reference

Use the discriminator from GAN model as Depends on final • Can catch deep latent features.
GAN High1 [137], [144]
an outlier detector. network • Hard to design and train.
Train a deep Autoencoder on known signals • Can catch deep latent features.
Depends on final
Autoencoder and use its reconstruction error to judge High1 • Easier than GAN to design [145], [146]
network
outliers. and train
Measure the confidence of whether a signal • Provide explainable results.
Statistic metrics or its fingerprint is generated by a given Low Low • Accuracy depends on the [143], [147]–[149]
category. fingerprinting methods.
Perform clustering analysis on known signals’ Depends on the • Provide explainable results
Clustering fingerprints to judge whether it is in an identical Median2 number of existing • Accuracy depends on the [147], [150]
cluster where the known ones are in. fingerprints. fingerprinting methods.
1 Needs to specify both network architecture and hyperparameters. 2 Needs to specify the clustering algorithms to use.

datasets is in [157]. A collection of recent literature and open- and discover a novel architecture. Intuitively, evolution
source tools are given in [158] and [159] respectively. These algorithms use a fixed strategy to discover the optimal
efforts can be classified into three categories: (i) network architecture while RL agents learn their own strategies
pruning [160], (ii) progressively growing [161], and (iii) and have better capabilities in avoiding bad solutions.
heuristic network architecture search [162]. Their features are • Differentiable space search: Aforementioned, NAS
as follows: strategies use discrete space to encode the architecture of
neural networks, which is not differentiable and lacks ef-
• Network pruning: Network pruning algorithms use ficiency. Therefore, differentiable spaces to represent the
group sparsity regularizers [163] to remove unimportant Neural Networks’ architectures are proposed, in which ef-
connections from a regularly trained network. Then the ficient off-the-shelf optimization algorithms can be used.
pruned network will be retrained to fine-tune the weights Typical solutions are given in [177], [178]. The algorithm,
of the remaining connections [164], [165]. A key benefit DART (Differentiable Architecture search), is presented.
of network pruning is that it can greatly compress neural The authors used the Softmax function to represent the
networks and make them suitable to deploy in low discrete selections in a numerically continuous domain.
capacity IoT devices. They then used a gradient descent algorithm to explore
• Progressively growing: This strategy grows a neural the search space. Similar work with an enhanced stochas-
network architecture during training. It is effective in tic adaptive searching strategy is in [179]. Block-wise
simple networks with only one hidden layer [166], [167]. representations of the neural network and differentiable
More recent advances employ growing strategies to pro- searching space together are bringing NAS to practice.
gressively add nodes and layers to increase the network’s
approximation ability [168], [169]. Network architecture search has become an emerging topic
• Heuristic network search: In heuristic network search, for deep neural network research with publicly available
the architecture of the Deep Neural Network (which can benchmarking tools in [180] and [181], respectively.
either be block-wise [170] or element-wise [171]) can c) Openset recognition: A critical problem for learning
first be represented in a high dimension space with bil- based device identification is that classifiers only recognize
lions of parameters. Next, heuristic searching algorithms pretrained devices’ signals but can not deal with novel ones
are applied to transverse this search space to find the that are not in the training dataset. In [150], the authors
optimal solutions. Examples are given in [162], [172] formulated it as a semi-supervised learning problem. They
and [173]. The authors used the Genetic Algorithm to first trained a CNN model with the last layer as a Softmax
find the possible structure of neural networks. Notably, output on a collection of known devices. They then removed
the Genetic Algorithm fits perfectly in NAS problems the Softmax function and turn the neural network into a
since it allows using length-varying variables (genes) to nonlinear feature extractor. Finally, they used the DBSCAN
encode the candidate solutions. An empirical example is algorithm to perform cluster analysis on the remapped features
the NeuroEvolution of Augmenting Topologies (NEAT) of raw I/Q signals. Their results showed that such a semi-
algorithm [172]. supervised learning method has the potential of detecting a
• Reinforcement Learning: Reinforcement learning (RL) limited number of untrained devices. Comparably, in [182],
has become a popular strategy in NAS [174]–[176]. the authors used an incremental learning approach to train
The basic idea is to let a deep learning-enabled agent neural networks to classify newly registered devices.
explore network architectures’ representative space and From the perspective of Artificial Intelligence, this issue
use validation accuracy or other metrics as rewards to is categorized to the Open Set Recognition [183], [184] and
adjust the agents’ solutions. Ideally, as an RL process the Abnormality Detection problem. The taxonomy of existing
moves on, an agent can find an optimal searching strategy approaches is given in table VI. In [137], the authors used
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 12

Idealistic model Model in regularization is employed to prevent model parameters

from lab deployment site
from changing dramatically. In this way, the knowledge
(represented by weights) learned from the old tasks will
Transfer learning
be less likely to vanish when an old network is trained
Practical data on new tasks. There are two types of regularization
strategies: global regularization and local regularization.
Before deployment Continual learning Global regularization penalizes the whole network’s pa-
After deployment rameters from rapid change but impedes the network
from learning new tasks. In local regularization strategies,
Fig. 13. Transfer learning and incremental learning. such as Elastic Weight Consolidation (EWC) [191], the
algorithms identify important connections and protect
them from changing dramatically, in which the non-
the Generative Adversarial Network (GAN) to generate highly
critical connections are used to learn new tasks.
realistic fake signals. Then they extracted the discriminator
• Dynamic network expansion: Network expansion strate-
network to distinguish whether an input is from an abnormal
gies lock the weights of existing connections and sup-
source. In [147], the authors provided two methods to deal
plement additional structures for new tasks. For instance,
with unknown devices: i) Reuse trained convolutional layers to
the Dynamic Expanding Network (DEN) [192] algorithm
transform signals to feature vectors, and then use Mahalanobis
first trains an existing network on a new dataset with
distance to judge the outliers. ii) Reuse pretrained convolu-
regularization. The algorithm compares the weights of
tional layers to transform signals to feature vectors, and then
each neuron to identify task-relevant units. Finally, criti-
perform k-means (k = 2) clustering to group outliers.
cal neurons are duplicated and to allow network capacity
d) incremental learning: In practical scenarios, deep expansion adaptively.
neural networks would have to evolve to adapt to operational • Orthogonal memory organization: Some recent re-
variations continuously. Intuitively, a deep learning enabled searches have shown that real biology brains organize
IoT device identifier has to learn to distinguish new devices’ memory representation vectors within a mutually orthog-
characteristics during its life cycle. Therefore, such func- onal manner to minimize the interference and avoid catas-
tionalities are defined as lifelong learning. Generally, there trophic forgetting during incremental learning. Authors in
are two ways to achieve this goal: Transfer Learning (TL) [193], [194] discovered and proved that this phenomenon
and Incremental Learning (IL). In Transfer Learning, neural also exists in DNNs. Consequently, they invented a Chan-
networks are pre-trained in the lab and then fine-tuned for nel Separation Incremental Learning framework based on
deployment using practical data [186], [187]. In incremental orthogonal memory organization as in [195].
learning, neural networks are trained incrementally as new data
Incremental learning algorithms, as well as abnormality
come in progressively [188]. Incremental learning does not
detection, together provide great potential for deploying neural
allow neural networks to forget what they have learned in the
networks in complex, uncertain scenarios.
early stages compared with transfer learning. The phenomenon
e) Summary: A brief comparison of Deep Learning
in which a neural network forgets what it has previously
and other statistical learning methods is given in Table IV.
learned after training on new data is named Catastrophic For-
Compared with statistical learning, Although Deep Learning is
getting. Therefore, transfer learning is useful when deploying
not yet an idealistic solution, its unified development pipeline,
new signal identification systems, and incremental learning is
and the capability of dealing with complex features are making
useful in regular maintenance, as depicted in Figure 13. The
it easy to use. Furthermore, for practical issues such as
strategies to implement incremental learning for deep neural
incremental learning and abnormality detection, deep learning
networks are as follows:
provides better performance than the majority of statistical
• Knowledge replay: An intuitive solution for incremental learning algorithms. In one word, although deep learning is
learning is to replay data from old tasks while training not theoretically novel, it gains its place by providing the most
neural networks for new tasks. However, such a solu- balanced merits.
tion requires longer training time and larger memory
consumption. Besides, one can not judge how many
old samples are enough to catch sufficient variations. D. Unsupervised device detection and identification
Therefore, some studies employ data generator networks Feature-based statistical learning and deep learning are
to replay data from old tasks. For instance, in [189], supervised learning schemes, where classifiers must learn the
Generative Adversarial Network (GAN) based scholar features of legitimate devices in advance. Unsupervised device
networks were proposed to generate old samples and detection and identification are required in scenarios where the
mixed with the current task. In this way, the deep neural identities of devices are not directly available [196]. Generally,
network can be trained on various data without using the methods in this topic can be divided into two folds, device
substantial memories to retain old training data. behavior modeling and signal propagation pattern modeling.
• Regularization: Initially, regularization is employed to the essence of unsupervised device detection is to map devices’
prevent models from overfitting by penalizing the mag- signals or activity profiles into latent representative spaces,
nitude of parameters [190]. In incremental learning, where different devices are represented by separated clusters
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 13

TABLE VII
B RIEF COMPARE OF I OT DEVICE IDENTIFICATION AND DETECTION METHODS

Device identification Technology Feature Model Continuous

Anomaly detection Challenges
approaches branch requirement explanability learning
Feature based Supervised Strong (k-NN) / Easy (k-NN) / Low (k-NN) Can not discover
High1
device identification learning median (SVM) median (PCA-SVM) Median (k-Means) latent feature.
Deep learning enabled Supervised High (Autoencoder) / Learning from
Low Weak2 Hard (EWC)3
device identification learning Median (clustering) trivial features
Unsupervised device Unsupervised Can not be applied to
High1 Strong N/A Low
detection and identification learning complex environment
1 Requires an extra feature engineering process. 2 Please refer to Explainable AI (XAI) in [185] 3 Please refer to section III-C2d

Feature engineering Modeling Decision

Feature extraction Clustering Identifying known devices

Feature mapping State transition Detecting abnormalities

Fig. 14. Unsupervised device detection and identification

or probabilistic distributions. If behavior or signal propagation to associate different types of devices to corresponding cluster
patterns are strictly correlated with specific devices, extracted centers in the representative space. A similar approach using
behavior or signal features can be used to verify the identity Deep Learning is presented in [199]. The authors used TCP
of devices. Comparisons of the supervised and unsupervised data traffics for each device to train an LSTM-enabled au-
learning based device identification are (also in Table VII)): toencoder to map inputs into a representative feature space.
• The training data does not directly indicate device specific They then used a clustering algorithm to divide the training
information (device identifier, device type, and etc.). samples into their natural clusters. Finally, they used proba-
• The number of devices may not be known in advance. bilistic modeling to associate new data with known clusters
for device identification. Unfortunately, their results show that
As depicted in Figure 14, the work flow of unsupervised
unsupervised behavior identification may not work once there
learning enabled device detection and identification is made up
are devices with an identical model.
of three steps: a) Feature engineering on IoT devices’ signals
or behavior profiles, including feature selection and mapping. 2) Signal propagation pattern modeling: In the Physical
b) Modeling the latent spaces, this step finds out cluster Layer, signal propagation patterns provide information for
centers, probabilistic distributions, related decision boundaries, device identification. On the one hand, if devices positions are
or state transition models. c) Matching input signal or behavior unique and known in advance, we may directly use wireless
profiles to the most likely clusters or reporting abnormalities. localization algorithms to specify whether a received data
1) Device behavior modeling: Device behavior modeling packet is from its claimed identity. Corresponding surveys
extracts distinctive features from the input data and finds out on wireless device localization are available in [204]–[206],
the number of different devices using unsupervised learning and we provide a brief comparison of the widely employed
algorithms. However, the physical layer does not provide methods in Table VIII.
much information for device behavior modeling. Therefore, On the other hand, signal propagation modeling derives the
the methods are more frequently employed in the upper layers path loss or attenuation patterns of received signals to detect
with related techniques employed are unsupervised feature en- different devices using unsupervised learning algorithms [39].
gineering, clustering, and Software-Defined Networking [49]. In [207], the authors used the signals’ propagation path effect,
and they discovered that the received signal strength from
In [197] and [198], the data traffic attributes were obtained transmitters in the same location would have very similar
from flow-level network telemetry to recognize different IoT varying trends. They converted the signal strength metrics into
devices. The authors utilized Principle Component Analysis time series and incorporated the Dynamic Time Warping algo-
along with an adaptive one-class clustering algorithm to find rithm to align and find differences between received signals.
the optimal representative components and cluster centers for Finally, they applied a clustering algorithm to identify signals
each device. They provided a conflict resolution mechanism from active transmitters. In [208], the authors assumed that
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 14

TABLE VIII
C OMPARISON OF DEVICE LOCALIZATION METHODS IN I OT

Methods Requirements Unit cost1 Precision Weakness References

• Depends highly on signal
Depends on environmental
Signal propagation Multiple collaborative transmitters propagation models of certain area.
Low features and refresh rate of [200]
modeling to construct signal strength map. • Results do not directly indicate
respondent data.
certain device types or identities.
At least 4 coherent receivers and 5 Depends on the estimation
• Receivers needs to be strictly
Coherent TDoA receivers are recommended to Median of signals’ Time of Arrival [201]
synchronized.
linearize the computational process. (ToA).
At least 4 receivers and receivers • Needs specific hardware
Sync-free TDoA Median Same as coherent TDoA [202], [203]
are able to communicate mutually. with known response latency.
1 Low: Does not require extra RF receivers; Median: Requiring commercially available RF receivers; High: Requiring dedicated hardware and specific
processing stacks. 2 Requiring multiple distributed receivers.

the received signals’ Power Spectrum Density coefficients of further investigation.

each device, in a specific time window, form a mixture model Therefore, we believe learning-based unsupervised device de-
of Gaussian distributions and propagation path related Relay tection is promising with great novelty, but the topic needs
distributions. In this way, they used the Expectation-Maximum substantial investigation.
algorithm to estimate the composition (different transmitters)
of the received signals.
IV. L EARNING -E NABLED A BNORMAL D EVICE DETECTION
Signal propagation pattern modeling only provides an indi-
rect evaluation on whether specific signals come from devices Previous sections have discussed methods to identify spe-
in close locations or with similar propagation paths. Although cific IoT devices. However, detection of compromised devices
related methods are not widely utilized in commercial IoT with abnormal behaviors is needed to alert ongoing attacks
devices owing to their complicated deployment environments, and discover system vulnerabilities.
the methods provide a useful solution in preventing identity In general, abnormal device detection algorithms are de-
spoofing attacks in ADS-B systems [209], [210]. ployed in network and application layers. The detection al-
3) Open issues: Unsupervised device identification pro- gorithms first collect a certain amount of normal operation
vides a novel solution when the identities of devices are data from devices to create reference models (or signatures).
not directly available. In essence, the unsupervised device Then IoT devices’ operational data are collected and compared
identification and detection are similar to automatic knowledge with reference models to judge whether significant deviations
discovery with the following issues to be addressed: appear. Compared with device-specific identification schemes,
the key methods are: abnormality detection, unsupervised
1) Feature engineering: Unsupervised device identifica- learning [214], and supervised learning [215].
tion relies on feature engineering since representative
vectors of devices are supposed to form distinctive
clusters. Feature selection is still conducted manually, A. Statistical Modeling
and there is no guarantee on whether the outputs of the Statistical modeling aims to judge whether devices are in
mapped feature can form distinctive clusters. abnormal situations. In [216], Markov models are utilized
2) Clustering: Clustering in the latent space can be chal- to judge whether IEEE 802.11 devices are compromised by
lenging if the number of devices is unknown. Although calculating the probabilities of its sequential transitions of
one may use adaptive algorithm such as DBSCAN the protocol state machines. In [217], the authors modeled
[211], Optics [212] or X-Means [213], the proper con- the Electronic Magnetic (EM) harmonics peaks of medical
figurations of these algorithms is still difficult, similar IoT devices as probabilistic distributions to assess whether
obstacles are seen in setting hyperparameters in Deep a specific device is under attack. They assumed that when
Neural Networks (section III-C2a). devices are operated under an abnormal scenario (with rogue
3) Decision boundaries Even if we know the number of shellcodes executing), its EM radiometric signals can deviate
devices, we can still get clusters with uncertain shapes or from known scenarios. However, statistical modeling requires
density, in which decision boundaries between different manual selection of potentially informative features.
devices are difficult to define, as indicated in [197]. To reduce the cost of modeling IoT devices’ normal be-
4) Direct identity verification: Researches on unsuper- havior, Manufacturer Usage Description (MUD) profile [59]
vised device identification using behavior-independent is proposed. A collection of MUD profiles for 30 commercial
and location-agnostic device specific features are still devices is provided in [60]. The MUD profiles enable operators
limited. Although unsupervised behavioral modeling has to know devices’ network flow patterns and dynamically
shown promising results in identifying different types monitor their behavioral changes. Several open-source tools
of devices, whether these methods are still effective are provided to dynamically generate, validate, and compare
in distinguishing devices from the same model needs IoT devices’ MUD profiles in [61]. Besides, the authors
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 15

presented that by comparing the deviation of devices’ run- Deep Predictive Coding Neural Network [230] was used to
time MUD profiles with static ones, they can identify their predict consecutive frames of time-frequency video streams
behavioral deviations or even identify device types. In [218], of wireless devices. They can even specify the type of attacks
the authors translated MUD profiles of devices into flowtable using the spatial distribution of error pixels in the reconstructed
rules. The authors then used PCA to map each device’s data frames.
traffic from side windows into its own representative one-
class space, where X-Means [213] and Markov chains were D. Open issue
used to partition the space and model the state transition in Methods in this topic overlap with the methods of open
cluster centers. Finally, an exception will be triggered by a set recognition in Deep Learning. We briefly list several open
specific detector on either the mapped traffic pattern is out issues in this topic:
of boundaries or the state transitions do not comply with the • Selection of behavioral features: Manual feature selec-
reference model. Their results showed the accurate detection tion along with dimension reduction are applied exten-
of several types of volumetric attacks. sively. A concern is that we can not guarantee the selected
features are sensitive to unknown intrusions in the future.
B. Reconstruction Approaches • Processing of abnormality metrics: Generally, intrusion
detection approaches provide metrics corresponding to
Reconstruction approaches aim to learn and reconstruct
the degree of deviation. However, the output error metrics
domain-specific patterns from devices’ normal operation
require a posterior process, e.g., selecting appropriate
records. In other words, we need to develop a model to ”mem-
decision thresholds or aggregation window length, which
orize” the normal schemes of IoT devices by producing low
balances between the true positive, false negative, and
reconstruction errors. Simultaneously, the model is supposed
response latency. One solution is to regard the corre-
to produce high reconstruction errors for unknown scenarios
sponding parameters as hyperparameters and use cross-
or encounters behavioral deviations. This goal is generally
validation to tune them. The processing of error metrics
achieved using deep autoencoders. Since an encoder removes
remains a case-specific open issue.
a great amount of information, the corresponding decoder
needs to reconstruct the lost information according to domain- V. C HALLENGES AND F UTURE R ESEARCH D IRECTIONS
specific memories. Consequently, once abnormal inputs are Our literature review has shown that device detection and
given to a well-trained autoencoder, its decoder would not be identification provide another layer of security features to IoT.
able to reconstruct such unknown inputs and yields a high However, the existing solutions are still far from perfect. This
abnormal score (reconstruction error). In [219]–[221], the au- section summarizes the existing challenges of IoT device iden-
thors utilized a deep autoencoder to detect abnormal activities tification and detection as well as future research directions.
by modeling the data traffic and content of IoT devices once
abnormal activities are detected. In [222], the authors have A. Challenges in machine learning models
shown that compared with other anomaly detection methods 1) Unknown device recognition: Existing works focus on
(one-class SVM [223], Isolation Forest [224] and Local Outlier the accuracy they can obtain using a fixed dataset with all
Factor [225]), deep autoencoder yields the best result in terms devices labeled, in which Black-Box models (e.g., Deep Learn-
of reliability and accuracy. ing and SVM) are commonly employed. In practical scenarios,
these models can produce wrong answers when encountering
C. Prediction Approaches novel devices. Additional mechanisms are needed to identify
Prediction approaches utilize temporal information in de- unknown signals. Although we can use the one-versus-rest
vices’ operation records. Corresponding methods model each technique to train a group of classifiers and avoid producing
IoT device’s operational data as multi-dimension time series. results on unknown devices. However, once we have new
Then, device-specific prediction models are trained using time devices to register, all classifiers in the group are supposed
series from normal schemes. When devices are hijacked for to be retrained from scratch. Therefore, we need to provide a
rogue activities, they are not supposed to behave as predicted, solution to verify the known devices. Meanwhile, we need to
causing the corresponding time series predictors to output high identify:
prediction errors. • Devices that are exactly not in the scope of the identifi-
In [226], the authors employed a CNN based predictor to cation system.
analyze the abnormal behaviors in devices’ network traffics. • Unknown devices that are from identical manufacturers.
The results showed that predictors trained without abnormal Devices of the same model from an identical manufac-
data are sensitive (yield high prediction error) to anomalies. turer can share similar behavior patterns, e.g., network
Similar work is shown in [227], and the authors used an flow characteristics. Such similarities can impede identity
autoregression model to capture the normal varying trend of verification in the network, transportation, or application
devices’ traffic volumes. However, modeling a single variable layers.
can not be sufficient in dealing with complicated scenarios. The latter is more challenging and requires extracting
Recent studies combine deep Autoencoder with Long Short behavior-independent characteristics. We believe that without
Term Memory (LSTM) to derive abstracted representations of the capability of unknown device recognition, these types of
complex scenarios and make predictions. In [228] and [229], systems are still far from practice.
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 16

TABLE IX
E XISTING DATASET FOR P HYSICAL L AYER I OT DEVICE IDENTIFICATION

Number of Sample Protocol / Fingerprint

Dataset Frequency
transmitters rate device injection
[231] 6 50 MS/s Multiple GNSS N
[232] 100+ 10 MSa/s 1090 MHz ADS-B N
[135] 100+ 8 MSa/s 1090 MHz ADS-B N
[133] 4 40 MSa/s 2.4 GHz Drones N
[233] 17 20 GSa/s 2.4 GHz Drone remote controllers N
[234] 27 5 to 20 GSa/s 2.4 GHz Bluetooth N
[235] 16 5 Msa/s 2.4 GHz USRP X310 Y
[236] 4 5 Msa/s 900 MHz USRP B200mini Y
[237] 4 5 MSa/s to 7.69 MS/s 2.685 GHz USRP X310 Y
[238] 7 10 MSa/s 2.4 GHz DJI M100 drones N

2) Incremental learning with new devices: Incremental only contain a limited number of devices, while a larger dataset
learning [188] in this domain emphasizes that an identification containing only ADS-B raw signals from more than 100
or detection model should be able to learn newly registered airborne transponders are provided in [135]. Another dataset
devices without retraining on a large dataset containing new containing more than 30 IoT devices’ traffic traces under vol-
and old devices. Because retaining the old dataset or deriving umetric attack and benign scenarios are in [60]. These dataset
generators for knowledge replay is computationally expensive. are important because they provide fair comparisons between
This topic faces several challenges: algorithms. Additionally, models trained on large datasets can
• Knowing the maximum number of devices a model can be efficiently transferred to more specific applications [241],
memorize, especially for the Deep Neural Networks. [242].
• Expanding models dynamically as new devices are being
added. Incremental learning is natively supported in Near- B. Challenges in feature engineering
est Neighbor algorithms but is challenging to implement
1) The robustness of features: Although many existing
in Deep Neural Networks.
works claim the effectiveness of their discovered features,
3) Deployment of device identification models: The deploy- only very few evaluate the features’ robustness under various
ment sites and model providers’ lab can differ dramatically, in scenarios in terms of device mobility pattern, temperature,
which identification accuracy can be impaired. This issue is obstacles, etc. Feature robustness has a limited influence on
more severe in device identification models using wireless sig- device type identification in the network or higher layers.
nals due to the difference of wireless channel characteristics. However, in the Physical Layer identification of wireless
For alleviation, extra works are needed: devices, the robustness of features would severely impair
• Deriving features that are independent of wireless chan- the final model. Currently, a popular way to enforce robust
nels or deployment sites. Authors in [235], [239] sug- feature discovery is through data augmentation to simulate
gested that neural networks can only learn about channel- various scenarios. Besides, in neural networks, regularization
specific features rather than device-specific features. and dropout methods can encourage models to make full use
• Occasional finetunes are needed with the help of incre- of input data and discover robust latent features, but their
mental or transfer learning to adapt to variations. effectiveness needs further study.
• Model providers need to use data augmentation methods 2) Making use of time-varying features: Some device de-
to simulate operational variations during lab training, as tection and identification models use protocol-agnostic and
suggested in [240]. behavior-independent features from physical layer wireless
• Model providers can use multi-domain training to derive signals. However, in mobile environments, devices’ move-
multi-purpose feature extractors, which will be utilized as ments can result in time-varying channel conditions, in which
building blocks for domain-specific device identification device identification methods based on static channel char-
models. Diverse training from different domains could acteristics can be impaired. On the other hand, varying pat-
provide more robust feature extractors. terns of channels, signal strength, etc. also encode valuable
4) Reliable benchmark datasets: The IoT device identifi- features, e.g., location, distance, noise pattern, and etc., to
cation is a pattern recognition problem on signals or commu- help distinguish IoT devices [243], [244]. Therefore, both
nication patterns. A common benchmark dataset is critical for discovering time-invariant features and making use of time-
comparing various methods in device identification and rogue varying features are still an open issue in device identification
device detection reliably. However, by the end of this survey, and detection.
we only find a limited number of datasets providing devices’ 3) Challenges from deep generative attackers: : The uti-
raw signals or network traffic traces in diverse scenarios. Some lization of GAN brings challenges to device identification,
datasets are available in [132], [133] and [134], respectively. especially in the Physical Layer. Using GAN models, an
For physical layer device identification, some popular datasets attacker can train highly realistic signal or data packet gen-
are summarized in Table IX. As summarized, many of them erators to mimic its victims’ signal characteristics. Research
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 17

in [245] showed that GAN can increase the success rate of passively collected network traffic traces and wireless signal
spoofing attacks from less than 10% to approximately 80%. patterns. We discuss existing non-cryptographic IoT device
Fortunately, a simple remedy is to use MIMO receivers and identification mechanisms from the perspective of machine
wireless localization methods to estimate whether a transmitter learning and pinpoint several key developing trends such as
is at an expected position. Additionally, controlled imperfec- incremental learning, abnormality detection, and deep unsu-
tions can be dynamically imprinted into the devices’ signals pervised learning with explainability. We found that a multi-
or data flows in a Pseudorandom Noise Code driven time- perspective IoT wireless device detection and identification
varying manner [239], which is cryptographically impossible framework is needed. Future research for rogue IoT device
to predict. identification and detection needs to cope with challenges
beyond signal processing and borrow ideas from advanced
C. Future research trends topics in Artificial Intelligence and Knowledge Discovery.
1) Deep identification models with explainable behaviors
ACKNOWLEDGMENT
and assured performances: The conveniences of Deep Neural
Network make it a versatile tool to implement IoT device This research was partially supported through Embry-Riddle
identification and rogue device detection systems, but more ef- Aeronautical University’s Faculty Innovative Research in Sci-
forts have to be made, especially for model explainability and ence and Technology (FIRST) Program and the National
performance assurability. On the one hand, we have limited Science Foundation under Grant No. 1956193.
knowledge of the decision process, especially on how a deep
neural network makes its final decisions and corresponding de- R EFERENCES
cision boundaries. Without knowing the decision process and [1] S. Jeschke, C. Brecher, H. Song, and D. Rawat, Industrial Internet of
Things: Cybermanufacturing Systems. Cham, Switzerland: Springer,
decision boundaries, there is no way to assure its performance. 2017.
On the other hand, researches on the explainability of Deep [2] Y. Sun, H. Song, A. J. Jara, and R. Bie, “Internet of things and big data
Neural Networks focus on explaining models’ behaviors but analytics for smart and connected communities,” IEEE Access, vol. 4,
pp. 766–773, 2016.
do not provide guidelines on deriving assurable performance. [3] H. Song, R. Srinivasan, T. Sookoor, and S. Jeschke, Smart Cities:
Without explainability, we can not assure the performance of Foundations, Principles and Applications. Hoboken, NJ: Wiley, 2017.
models. [4] Y. Zhang, L. Sun, H. Song, and X. Cao, “Ubiquitous wsn for health-
care: Recent advances and future prospects,” IEEE Internet of Things
2) Unsupervised and incremental deep learning for device Journal, vol. 1, no. 4, pp. 311–318, Aug 2014.
identification: With a large number of devices being connected [5] Y. Sun and H. Song, Secure and Trustworthy Transportation Cyber-
to IoT, device identification and detection models need to Physical Systems. Singapore: Springer, 2017.
[6] K. Zhang, Y. Jiang, D. Liu, and H. Song, “Spatio-temporal data
incrementally adapt to operational variations in real-time. mining for aviation delay prediction,” in 2020 IEEE 39th International
A solution can be the seamless integration of the feature Performance Computing and Communications Conference (IPCCC).
abstraction capability of deep neural networks, incremental IEEE, 2020, pp. 1–7.
[7] Y. Liu, J. Li, Z. Ming, H. Song, X. Weng, and J. Wang, “Domain-
learning, and unsupervised learning. The knowledge of using specific data mining for residents’ transit pattern retrieval from incom-
deep neural networks to perform unsupervised learning for plete information,” Journal of Network and Computer Applications,
IoT device identification and detection is currently limited. vol. 134, pp. 62–71, 2019.
[8] Y. Jiang, S. Niu, K. Zhang, B. Chen, C. Xu, D. Liu, and H. Song,
Meanwhile, incremental learning in deep models for device “Spatial-temporal graph data mining for iot-enabled air mobility pre-
identification and detection is also rarely investigated. diction,” IEEE Internet of Things Journal, pp. 1–1, 2021.
3) Controlled imprinting of verifiable patterns: Compared [9] G. Dartmann, H. Song, and A. Schmeink, Big Data Analytics for
Cyber-Physical Systems: Machine Learning for the Internet of Things.
with passive non-cryptographic device identification and de- Elsevier, 2019.
tection methods in this survey, a proactive way is imprinting [10] Y. Jiang, Y. Liu, D. Liu, and H. Song, “Applying machine learning
verifiable patterns into devices’ transmitted signals or activity to aviation big data for flight delay prediction,” in 2020 IEEE Intl
Conf on Dependable, Autonomic and Secure Computing, Intl Conf on
patterns. As suggested in [236], controlled imperfections are Pervasive Intelligence and Computing, Intl Conf on Cloud and Big
utilized as verifiable patterns. Embedded these patterns in Data Computing, Intl Conf on Cyber Science and Technology Congress
signals could significantly enhance the performance of device (DASC/PiCom/CBDCom/CyberSciTech). IEEE, 2020, pp. 665–672.
[11] K. Zhang, Y. Liu, J. Wang, H. Song, and D. Liu, “Tree-based airspace
identification. However, a critical concern is how to prevent the capacity estimation,” in 2020 Integrated Communications Navigation
adversaries from collecting and learning about the imprinted and Surveillance Conference (ICNS). IEEE, 2020, pp. 5C1–1.
identity verification information. As suggested in [235], a pos- [12] H. Song, G. A. Fink, and S. Jeschke, Security and Privacy in Cyber-
Physical Systems: Foundations, Principles and Applications. Chich-
sible solution is to dynamically change the identity verification ester, UK: Wiley-IEEE Press, 2017.
patterns according to a pair of synchronized pseudorandom [13] I. Butun, P. sterberg, and H. Song, “Security of the internet of things:
code generators, where the initialization keys are only shared Vulnerabilities, attacks and countermeasures,” IEEE Communications
Surveys Tutorials, pp. 1–1, 2019.
among the device and corresponding device identifiers. Meth- [14] J. Wang, Y. Liu, S. Niu, H. Song, W. Jing, and J. Yuan, “Blockchain
ods are still limited in imprinting verifiable patterns that are enabled verification for cellular-connected unmanned aircraft system
difficult to learn. networking,” Future Generation Computer Systems, vol. 123, pp.
233–244, 2021. [Online]. Available: https://www.sciencedirect.com/
science/article/pii/S0167739X21001461
VI. C ONCLUSION [15] J. Wurm, K. Hoang, O. Arias, A.-R. Sadeghi, and Y. Jin, “Security
analysis on consumer and industrial iot devices,” in 2016 21st Asia
This survey aims to provide a comprehensive on the existing and South Pacific Design Automation Conference (ASP-DAC). IEEE,
technologies on IoT device detection and identification from 2016, pp. 519–524.
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 18

[16] O. Shwartz, Y. Mathov, M. Bohadana, Y. Elovici, and Y. Oren, “Reverse [39] K. Zeng, K. Govindan, and P. Mohapatra, “Non-cryptographic authenti-
engineering iot devices: Effective techniques and methods,” IEEE cation and identification in wireless networks,” network security, vol. 1,
Internet of Things Journal, vol. 5, no. 6, pp. 4965–4976, 2018. p. 3, 2010.
[17] A. Gupta, The IoT Hacker’s Handbook. Springer, 2019. [40] K.-H. Wang, C.-M. Chen, W. Fang, and T.-Y. Wu, “On the security of
[18] K. Liu, M. Yang, Z. Ling, H. Yan, Y. Zhang, X. Fu, and W. Zhao, “On a new ultra-lightweight authentication protocol in iot environment for
manually reverse engineering communication protocols of linux based rfid tags,” The Journal of Supercomputing, vol. 74, no. 1, pp. 65–70,
iot systems,” arXiv preprint arXiv:2007.11981, 2020. 2018.
[19] L. Costa, J. P. Barros, and M. Tavares, “Vulnerabilities in iot devices [41] F. Loi, A. Sivanathan, H. H. Gharakheili, A. Radford, and V. Sivara-
for smart home environment,” in Proceedings of the 5th International man, “Systematically evaluating security and privacy for consumer iot
Conference on Information Systems Security e Privacy, ICISSP 2019., devices,” in Proceedings of the 2017 Workshop on Internet of Things
vol. 1. SCITEPRESS, 2019, pp. 615–622. Security and Privacy, 2017, pp. 1–6.
[20] J. Pollack and P. Ranganathan, “Aviation navigation systems security: [42] D. S. Guamán, J. M. Del Alamo, and J. C. Caiza, “A systematic
Ads-b, gps, iff,” in Proceedings of the International Conference on mapping study on software quality control techniques for assessing
Security and Management (SAM). The Steering Committee of The privacy in information systems,” IEEE Access, vol. 8, pp. 74 808–
World Congress in Computer Science, Computer , 2018, pp. 129–135. 74 833, 2020.
[21] M. R. Manesh and N. Kaabouch, “Analysis of vulnerabilities, at- [43] J. Ren, D. J. Dubois, D. Choffnes, A. M. Mandalari, R. Kolcun,
tacks, countermeasures and overall risk of the automatic dependent and H. Haddadi, “Information exposure from consumer iot devices:
surveillance-broadcast (ads-b) system,” International Journal of Criti- A multidimensional, network-informed measurement approach,” in
cal Infrastructure Protection, vol. 19, pp. 16–31, 2017. Proceedings of the Internet Measurement Conference, 2019, pp. 267–
[22] D. Dimitrios, M. Baldauf, and M. Kitada, “Vulnerabilities of the 279.
automatic identification system in the era of maritime autonomous [44] S. Al-Sarawi, M. Anbar, K. Alieyan, and M. Alzubaidi, “Internet
surface ships,” 06 2018. of things (iot) communication protocols,” in 2017 8th International
[23] C. Ray, R. Gallen, C. Iphar, A. Napoli, and A. Bouju, “Deais project: conference on information technology (ICIT). IEEE, 2017, pp. 685–
detection of ais spoofing and resulting risks,” in OCEANS 2015- 690.
Genova. IEEE, 2015, pp. 1–6. [45] I. Jawhar, N. Mohamed, and J. Al-Jaroodi, “Networking architectures
[24] F. L. Yihunie, A. K. Singh, and S. Bhatia, “Assessing and exploiting and protocols for smart city systems,” Journal of Internet Services and
security vulnerabilities of unmanned aerial vehicles,” in Smart Systems Applications, vol. 9, no. 1, p. 26, 2018.
and IoT: Innovations in Computing. Springer, 2020, pp. 701–710. [46] F. Metzger, T. Hoßfeld, A. Bauer, S. Kounev, and P. E. Heegaard,
[25] A. Koubaa, A. Allouch, M. Alajlan, Y. Javed, A. Belghith, and “Modeling of aggregated iot traffic and its application to an iot cloud,”
M. Khalgui, “Micro air vehicle link (mavlink) in a nutshell: A survey,” Proceedings of the IEEE, vol. 107, no. 4, pp. 679–694, 2019.
IEEE Access, vol. 7, pp. 87 658–87 680, 2019. [47] S. Han, K. Jang, K. Park, and S. Moon, “Packetshader: a gpu-
accelerated software router,” ACM SIGCOMM Computer Communi-
[26] L. Y. Paul, J. S. Baras, and B. M. Sadler, “Physical-layer authentica-
cation Review, vol. 40, no. 4, pp. 195–206, 2010.
tion,” IEEE Transactions on Information Forensics and Security, vol. 3,
[48] F. Hu, Q. Hao, and K. Bao, “A survey on software-defined network and
no. 1, pp. 38–51, 2008.
openflow: From concept to implementation,” IEEE Communications
[27] W. Wang, Z. Sun, S. Piao, B. Zhu, and K. Ren, “Wireless physical-
Surveys & Tutorials, vol. 16, no. 4, pp. 2181–2206, 2014.
layer identification: Modeling and validation,” IEEE Transactions on
[49] W. Rafique, L. Qi, I. Yaqoob, M. Imran, R. ur Rasool, and W. Dou,
Information Forensics and Security, vol. 11, no. 9, pp. 2091–2106,
“Complementing iot services through software defined networking and
2016.
edge computing: A comprehensive survey,” IEEE Communications
[28] H. A. Khattak, M. A. Shah, S. Khan, I. Ali, and M. Imran, “Perception
Surveys & Tutorials, 2020.
layer security in internet of things,” Future Generation Computer
[50] L. Gao, C. Zhang, and L. Sun, “Restful web of things api in sharing
Systems, vol. 100, pp. 144–164, 2019.
sensor data,” in 2011 International Conference on Internet Technology
[29] L. Bai, L. Zhu, J. Liu, J. Choi, and W. Zhang, “Physical layer and Applications. IEEE, 2011, pp. 1–4.
authentication in wireless communication networks: A survey,” Journal [51] A. Sivanathan, “Iot behavioral monitoring via network traffic analysis,”
of Communications and Information Networks, vol. 5, no. 3, pp. 237– arXiv preprint arXiv:2001.10632, 2020.
264, 2020. [52] A. Sivanathan, D. Sherratt, H. H. Gharakheili, A. Radford, C. Wi-
[30] V. Brik, S. Banerjee, M. Gruteser, and S. Oh, “Wireless device jenayake, A. Vishwanath, and V. Sivaraman, “Characterizing and
identification with radiometric signatures,” in Proceedings of the 14th classifying iot traffic in smart cities and campuses,” in 2017 IEEE
ACM international conference on Mobile computing and networking. Conference on Computer Communications Workshops (INFOCOM
ACM, 2008, pp. 116–127. WKSHPS). IEEE, 2017, pp. 559–564.
[31] J. Sun, “An open-access book about decoding mode-s and ads-b data,” [53] S. Marchal, M. Miettinen, T. D. Nguyen, A.-R. Sadeghi, and
https://mode-s.org/, May 2017. N. Asokan, “Audi: Toward autonomous iot device-type identification
[32] B. J. Tetreault, “Use of the automatic identification system (ais) for using periodic communication,” IEEE Journal on Selected Areas in
maritime domain awareness (mda),” in Proceedings of Oceans 2005 Communications, vol. 37, no. 6, pp. 1402–1412, 2019.
Mts/Ieee. IEEE, 2005, pp. 1590–1594. [54] M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi,
[33] M. A. Amanullah, R. A. A. Habeeb, F. H. Nasaruddin, A. Gani, and S. Tarkoma, “Iot sentinel: Automated device-type identification
E. Ahmed, A. S. M. Nainar, N. M. Akim, and M. Imran, “Deep learning for security enforcement in iot,” in 2017 IEEE 37th International
and big data technologies for iot security,” Computer Communications, Conference on Distributed Computing Systems (ICDCS). IEEE, 2017,
vol. 151, pp. 495–517, 2020. pp. 2177–2184.
[34] M. A. Al-Garadi, A. Mohamed, A. Al-Ali, X. Du, I. Ali, and [55] Y. Meidan, M. Bohadana, A. Shabtai, J. D. Guarnizo, M. Ochoa, N. O.
M. Guizani, “A survey of machine and deep learning methods for Tippenhauer, and Y. Elovici, “Profiliot: a machine learning approach
internet of things (iot) security,” IEEE Communications Surveys & for iot device identification based on network traffic analysis,” in
Tutorials, 2020. Proceedings of the symposium on applied computing, 2017, pp. 506–
[35] N. Wang, P. Wang, A. Alipour-Fanid, L. Jiao, and K. Zeng, “Physical- 509.
layer security of 5g wireless networks for iot: Challenges and opportu- [56] Y. Meidan, M. Bohadana, A. Shabtai, M. Ochoa, N. O. Tippenhauer,
nities,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8169–8181, J. D. Guarnizo, and Y. Elovici, “Detection of unauthorized iot devices
2019. using machine learning techniques,” arXiv preprint arXiv:1709.04647,
[36] G. Baldini and G. Steri, “A survey of techniques for the identification 2017.
of mobile phones using the physical fingerprints of the built-in com- [57] A. Aksoy and M. H. Gunes, “Automated iot device identification using
ponents,” IEEE Communications Surveys & Tutorials, vol. 19, no. 3, network traffic,” in ICC 2019-2019 IEEE International Conference on
pp. 1761–1789, 2017. Communications (ICC). IEEE, 2019, pp. 1–7.
[37] Q. Xu, R. Zheng, W. Saad, and Z. Han, “Device fingerprinting in wire- [58] A. Sivanathan, H. H. Gharakheili, and V. Sivaraman, “Managing iot
less networks: Challenges and opportunities,” IEEE Communications cyber-security using programmable telemetry and machine learning,”
Surveys Tutorials, vol. 18, no. 1, pp. 94–104, 2016. IEEE Transactions on Network and Service Management, vol. 17, no. 1,
[38] B. Danev and S. Capkun, “Physical-layer identification of wireless pp. 60–74, 2020.
sensor nodes,” Technical report/ETH Zürich, Department of Computer [59] E. Lear, R. Droms, and D. Romascanu, “Rfc 8520: Manufacturer usage
Science, vol. 604, 2012. description specification,” Internet Engineering Task Force, 2019.
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 19

[60] H. Hassan, S. Vijay, H. Ayyoob, S. Arunan, and P. Arman, “IoT device [82] B. Danev, H. Luecken, S. Capkun, and K. El Defrawy, “Attacks
profiles, attack traces and traffic traces,” https://iotanalytics.unsw.edu. on physical-layer identification,” in Proceedings of the third ACM
au/index, Accessed on Oct. 2020. conference on Wireless network security. ACM, 2010, pp. 89–98.
[61] A. Hamza, D. Ranathunga, H. H. Gharakheili, T. A. Benson, [83] A. C. Polak and D. L. Goeckel, “Identification of wireless devices
M. Roughan, and V. Sivaraman, “Verifying and monitoring iots network of users who actively fake their rf fingerprints with artificial data
behavior using mud profiles,” IEEE Transactions on Dependable and distortion,” IEEE Transactions on Wireless Communications, vol. 14,
Secure Computing, 2020. no. 11, pp. 5889–5899, 2015.
[62] Y. Ashibani and Q. H. Mahmoud, “A user authentication model for [84] M. Köse, S. Taşcioğlu, and Z. Telatar, “Rf fingerprinting of iot devices
iot networks based on app traffic patterns,” in 2018 IEEE 9th Annual based on transient energy spectrum,” IEEE Access, vol. 7, pp. 18 715–
Information Technology, Electronics and Mobile Communication Con- 18 726, 2019.
ference (IEMCON). IEEE, 2018, pp. 632–638. [85] Z. Zhang, Y. Li, C. Wang, M. Wang, Y. Tu, and J. Wang, “An ensemble
[63] ——, “Design and evaluation of a user authentication model for iot learning method for wireless multimedia device identification,” Security
networks based on app event patterns,” Cluster Computing, pp. 1–14, and Communication Networks, vol. 2018, 2018.
2020. [86] Y. Tu, Z. Zhang, Y. Li, C. Wang, and Y. Xiao, “Research on the internet
[64] J. Kotak and Y. Elovici, “Iot device identification using deep learning,” of things device recognition based on rf-fingerprinting,” IEEE Access,
arXiv preprint arXiv:2002.11686, 2020. vol. 7, pp. 37 426–37 431, 2019.
[65] Z. Zvonar and J. Mitola, Software radio technologies: selected read- [87] A. M. Ali, E. Uzundurukan, and A. Kara, “Assessment of features
ings. Wiley-IEEE Press, 2001. and classifiers for bluetooth rf fingerprinting,” IEEE Access, vol. 7, pp.
[66] B. Chatterjee, D. Das, S. Maity, and S. Sen, “Rf-puf: Enhancing iot 50 524–50 535, 2019.
security through authentication of wireless nodes using in-situ machine [88] J. Yu, A. Hu, F. Zhou, Y. Xing, Y. Yu, G. Li, and L. Peng, “Radio
learning,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 388–398, frequency fingerprint identification based on denoising autoencoders,”
2018. arXiv preprint arXiv:1907.08809, 2019.
[67] C. Herder, M.-D. Yu, F. Koushanfar, and S. Devadas, “Physical [89] J. M. T. Romano, R. Attux, C. C. Cavalcante, and R. Suyama, Unsuper-
unclonable functions and applications: A tutorial,” Proceedings of the vised signal processing: channel equalization and source separation.
IEEE, vol. 102, no. 8, pp. 1126–1141, 2014. CRC Press, 2018.
[68] A. C. Polak and D. L. Goeckel, “Wireless device identification based [90] F. Restuccia, S. D’Oro, A. Al-Shawabka, M. Belgiovine, L. Angioloni,
on rf oscillator imperfections,” IEEE Transactions on Information S. Ioannidis, K. Chowdhury, and T. Melodia, “Deepradioid: Real-time
Forensics and Security, vol. 10, no. 12, pp. 2492–2501, 2015. channel-resilient optimization of deep learning-based radio fingerprint-
[69] M. Azarmehr, A. Mehta, and R. Rashidzadeh, “Wireless device identifi- ing algorithms,” arXiv preprint arXiv:1904.07623, 2019.
cation using oscillator control voltage as rf fingerprint,” in 2017 IEEE [91] C. Xu, G. Huang, and X. Hou, “Research on communication fm signal
30th Canadian Conference on Electrical and Computer Engineering blind separation under jamming environments,” in 2nd International
(CCECE). IEEE, 2017, pp. 1–4. Forum on Management, Education and Information Technology Appli-
[70] Z. Zhuang, X. Ji, T. Zhang, J. Zhang, W. Xu, Z. Li, and Y. Liu, cation (IFMEITA 2017). Atlantis Press, 2018.
“Fbsleuth: Fake base station forensics via radio frequency fingerprint- [92] S. N. Baliarsingh, A. Senapati, A. Deb, and J. S. Roy, “Adaptive
ing,” in Proceedings of the 2018 on Asia Conference on Computer and beam formation for smart antenna for mobile communication network
Communications Security. ACM, 2018, pp. 261–272. using new hybrid algorithms,” in 2016 International Conference on
[71] L. Peng, A. Hu, Y. Jiang, Y. Yan, and C. Zhu, “A differential constella- Communication and Signal Processing (ICCSP). IEEE, 2016, pp.
tion trace figure based device identification method for zigbee nodes,” 2146–2151.
in 2016 8th International Conference on Wireless Communications & [93] S. S. Hanna and D. Cabric, “Deep learning based transmitter iden-
Signal Processing (WCSP). IEEE, 2016, pp. 1–6. tification using power amplifier nonlinearity,” in 2019 International
[72] L. Peng, A. Hu, J. Zhang, Y. Jiang, J. Yu, and Y. Yan, “Design of a Conference on Computing, Networking and Communications (ICNC).
hybrid rf fingerprint extraction and device classification scheme,” IEEE IEEE, 2019, pp. 674–680.
Internet of Things Journal, vol. 6, no. 1, pp. 349–360, 2018. [94] T. Zheng, Z. Sun, and K. Ren, “Fid: Function modeling-based data-
[73] L. Peng, J. Zhang, M. Liu, and A. Hu, “Deep learning based rf independent and channel-robust physical-layer identification,” in IEEE
fingerprint identification using differential constellation trace figure,” INFOCOM 2019-IEEE Conference on Computer Communications.
IEEE Transactions on Vehicular Technology, 2019. IEEE, 2019, pp. 199–207.
[74] G. Zhang, L. Xia, S. Jia, and Y. Ji, “Identification of cloned hf [95] D. Halperin, W. Hu, A. Sheth, and D. Wetherall, “Tool release: Gather-
rfid proximity cards based on rf fingerprinting,” in 2016 IEEE Trust- ing 802.11 n traces with channel state information,” ACM SIGCOMM
com/BigDataSE/ISPA. IEEE, 2016, pp. 292–300. Computer Communication Review, vol. 41, no. 1, pp. 53–53, 2011.
[75] W. E. Cobb, E. W. Garcia, M. A. Temple, R. O. Baldwin, and Y. C. [96] Y. Ma, G. Zhou, and S. Wang, “Wifi sensing with channel state
Kim, “Physical layer identification of embedded devices using rf- information: A survey,” ACM Computing Surveys (CSUR), vol. 52,
dna fingerprinting,” in 2010-Milcom 2010 Military Communications no. 3, p. 46, 2019.
Conference. IEEE, 2010, pp. 2168–2173. [97] H. Liu, Y. Wang, J. Liu, J. Yang, and Y. Chen, “Practical user authenti-
[76] C. Wang, Y. Lin, and Z. Zhang, “Research on physical layer security of cation leveraging channel state information (csi),” in Proceedings of the
cognitive radio network based on rf-dna,” in 2017 IEEE International 9th ACM symposium on Information, computer and communications
Conference on Software Quality, Reliability and Security Companion security. ACM, 2014, pp. 389–400.
(QRS-C). IEEE, 2017, pp. 252–255. [98] S. Zaman, C. Chakraborty, N. Mehajabin, M. Mamun-Or-Rashid, and
[77] T. J. Bihl, K. W. Bauer, and M. A. Temple, “Feature selection for M. A. Razzaque, “A deep learning based device authentication scheme
rf fingerprinting with multiple discriminant analysis and using zigbee using channel state information,” in 2018 International Conference on
device emissions,” IEEE Transactions on Information Forensics and Innovation in Engineering and Technology (ICIET). IEEE, 2018, pp.
Security, vol. 11, no. 8, pp. 1862–1874, 2016. 1–5.
[78] B. W. Ramsey, T. D. Stubbs, B. E. Mullins, M. A. Temple, and [99] Y. Zou, Y. Wang, S. Ye, K. Wu, and L. M. Ni, “Tagfree: Passive
M. A. Buckner, “Wireless infrastructure protection using low-cost radio object differentiation via physical layer radiometric signatures,” in
frequency fingerprinting receivers,” international journal of critical 2017 IEEE International Conference on Pervasive Computing and
infrastructure protection, vol. 8, pp. 27–39, 2015. Communications (PerCom). IEEE, 2017, pp. 237–246.
[79] C. K. Dubendorfer, B. W. Ramsey, and M. A. Temple, “An rf-dna [100] J. Hua, H. Sun, Z. Shen, Z. Qian, and S. Zhong, “Accurate and efficient
verification process for zigbee networks,” in MILCOM 2012-2012 IEEE wireless device fingerprinting using channel state information,” in IEEE
Military Communications Conference. IEEE, 2012, pp. 1–6. INFOCOM 2018-IEEE Conference on Computer Communications.
[80] P. K. Harmer, M. A. Temple, M. A. Buckner, and E. Farquahar, “Using IEEE, 2018, pp. 1700–1708.
differential evolution to optimize’learning from signals’ and enhance [101] P. Liu, P. Yang, W.-Z. Song, Y. Yan, and X.-Y. Li, “Real-time identifica-
network security,” in Proceedings of the 13th annual conference on tion of rogue wifi connections using environment-independent physical
Genetic and evolutionary computation. ACM, 2011, pp. 1811–1818. features,” in IEEE INFOCOM 2019-IEEE Conference on Computer
[81] X. Zhou, A. Hu, G. Li, L. Peng, Y. Xing, and J. Yu, “Design of a Communications. IEEE, 2019, pp. 190–198.
robust rf fingerprint generation and classification scheme for practical [102] Z. Wang, B. Guo, Z. Yu, and X. Zhou, “Wi-fi csi-based behavior recog-
device identification,” in 2019 IEEE Conference on Communications nition: From signals and actions to activities,” IEEE Communications
and Network Security (CNS). IEEE, 2019, pp. 196–204. Magazine, vol. 56, no. 5, pp. 109–115, 2018.
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 20

[103] F. Hong, X. Wang, Y. Yang, Y. Zong, Y. Zhang, and Z. Guo, “Wfid: signals,” Proceedings of the Royal Society A: Mathematical, Physical
Passive device-free human identification using wifi signal,” in Proceed- and Engineering Sciences, vol. 463, no. 2078, pp. 321–342, 2006.
ings of the 13th International Conference on Mobile and Ubiquitous [123] Y. Shi and M. A. Jensen, “Improved radiometric identification of
Systems: Computing, Networking and Services. ACM, 2016, pp. 47– wireless devices using mimo transmission,” IEEE Transactions on
56. Information Forensics and Security, vol. 6, no. 4, pp. 1346–1354, 2011.
[104] Y. Zeng, P. H. Pathak, C. Xu, and P. Mohapatra, “Your ap knows [124] T. D. Vo-Huu, T. D. Vo-Huu, and G. Noubir, “Fingerprinting wi-fi
how you move: fine-grained device motion recognition through wifi,” devices using software defined radios,” in Proceedings of the 9th ACM
in Proceedings of the 1st ACM workshop on Hot topics in wireless. Conference on Security & Privacy in Wireless and Mobile Networks.
ACM, 2014, pp. 49–54. ACM, 2016, pp. 3–14.
[105] Y. Wang, J. Liu, Y. Chen, M. Gruteser, J. Yang, and H. Liu, “E-eyes: [125] I. Agadakos, N. Agadakos, J. Polakis, and M. R. Amer, “Deep complex
device-free location-oriented activity identification using fine-grained networks for protocol-agnostic radio frequency device fingerprinting in
wifi signatures,” in Proceedings of the 20th annual international the wild,” arXiv preprint arXiv:1909.08703, 2019.
conference on Mobile computing and networking. ACM, 2014, pp. [126] J. Yu, A. Hu, G. Li, and L. Peng, “A robust rf fingerprinting approach
617–628. using multi-sampling convolutional neural network,” IEEE Internet of
[106] Y. Wang, K. Wu, and L. M. Ni, “Wifall: Device-free fall detection by Things Journal, 2019.
wireless networks,” IEEE Transactions on Mobile Computing, vol. 16,
[127] K. Merchant, S. Revay, G. Stantchev, and B. Nousain, “Deep learning
no. 2, pp. 581–594, 2016.
for rf device fingerprinting in cognitive communication networks,”
[107] G. Li, J. Yu, Y. Xing, and A. Hu, “Location-invariant physical layer
IEEE Journal of Selected Topics in Signal Processing, vol. 12, no. 1,
identification approach for wifi devices,” IEEE Access, vol. 7, pp.
pp. 160–167, 2018.
106 974–106 986, 2019.
[128] S. Riyaz, K. Sankhe, S. Ioannidis, and K. Chowdhury, “Deep learning
[108] C. Xu, B. Chen, Y. Liu, F. He, and H. Song, “Rf fingerprint mea-
convolutional neural networks for radio identification,” IEEE Commu-
surement for detecting multiple amateur drones based on stft and
nications Magazine, vol. 56, no. 9, pp. 146–152, 2018.
feature reduction,” in 2020 Integrated Communications Navigation and
Surveillance Conference (ICNS). IEEE, 2020, pp. 4G1–1. [129] G. Huang, Y. Yuan, X. Wang, and Z. Huang, “Specific emitter iden-
[109] S. Chen, F. Xie, Y. Chen, H. Song, and H. Wen, “Identification of tification for communications transmitter using multi-measurements,”
wireless transceiver devices using radio frequency (rf) fingerprinting Wireless Personal Communications, vol. 94, no. 3, pp. 1523–1542,
based on stft analysis to enhance authentication security,” in 2017 IEEE 2017.
5th International Symposium on Electromagnetic Compatibility (EMC- [130] C. Bandt and B. Pompe, “Permutation entropy: a natural complexity
Beijing). IEEE, 2017, pp. 1–5. measure for time series,” Physical review letters, vol. 88, no. 17, p.
[110] D. R. Reising, M. A. Temple, and J. A. Jackson, “Authorized and rogue 174102, 2002.
device discrimination using dimensionally reduced rf-dna fingerprints,” [131] C. L. Nikias and M. R. Raghuveer, “Bispectrum estimation: A digital
IEEE Transactions on Information Forensics and Security, vol. 10, signal processing framework,” Proceedings of the IEEE, vol. 75, no. 7,
no. 6, pp. 1180–1192, 2015. pp. 869–891, 1987.
[111] Y. Li, L. Chen, J. Chen, F. Xie, S. Chen, and H. Wen, “A low [132] C. Morin, L. Cardoso, J. Hoydis, J.-M. Gorce, and T. Vial, “Trans-
complexity feature extraction for the rf fingerprinting process,” in 2018 mitter classification with supervised deep learning,” arXiv preprint
IEEE Conference on Communications and Network Security (CNS). arXiv:1905.07923, 2019.
IEEE, 2018, pp. 1–2. [133] M. S. Allahham, M. F. Al-Sa’d, A. Al-Ali, A. Mohamed, T. Khattab,
[112] X. Wu, Y. Shi, W. Meng, X. Ma, and N. Fang, “Specific emitter and A. Erbad, “Dronerf dataset: A dataset of drones for rf-based
identification for satellite communication using probabilistic neural detection, classification and identification,” Data in brief, vol. 26, p.
networks,” International Journal of Satellite Communications and 104313, 2019.
Networking, vol. 37, no. 3, pp. 283–291, 2019. [134] C. Kaushik, “Genesys lab mldatasets,” http://genesys-lab.org/
[113] D. Sun, Y. Li, and Y. Xu, “Specific emitter identification based on mldatasets.au/index, Accessed on Oct. 2020.
normalized frequency spectrum,” in 2016 2nd IEEE International [135] Y. Liu, J. Wang, H. Song, S. Niu, and Y. Thomas, “A 24-hour
Conference on Computer and Communications (ICCC). IEEE, 2016, signal recording dataset with labels for cybersecurity and IoT,” 2020.
pp. 1875–1879. [Online]. Available: http://dx.doi.org/10.21227/gt9v-kz32
[114] Y. Yuan, Z. Huang, H. Wu, and X. Wang, “Specific emitter identifi- [136] G. Baldini, C. Gentile, R. Giuliani, and G. Steri, “Comparison of
cation based on hilbert–huang transform-based time–frequency–energy techniques for radiometric identification based on deep convolutional
distribution features,” IET Communications, vol. 8, no. 13, pp. 2404– neural networks,” Electronics Letters, vol. 55, no. 2, pp. 90–92, 2018.
2412, 2014. [137] D. Roy, T. Mukherjee, M. Chatterjee, E. Blasch, and E. Pasiliao, “Rfal:
[115] U. Satija, N. Trivedi, G. Biswal, and B. Ramkumar, “Specific emitter Adversarial learning for rf transmitter identification and classification,”
identification based on variational mode decomposition and spectral IEEE Transactions on Cognitive Communications and Networking,
features in single hop and relaying scenarios,” IEEE Transactions on 2019.
Information Forensics and Security, vol. 14, no. 3, pp. 581–591, 2018.
[138] S. Gopalakrishnan, M. Cekic, and U. Madhow, “Robust wireless
[116] X. Wang, J. Duan, C. Wang, G. Cui, and W. Wang, “A radio frequency
fingerprinting via complex-valued neural networks,” arXiv preprint
fingerprinting identification method based on energy entropy and color
arXiv:1905.09388, 2019.
moments of the bispectrum,” in 2017 9th International Conference on
[139] J. Huang, Y. Lei, and X. Liao, “Communication transmitter individual
Advanced Infocomm Technology (ICAIT). IEEE, 2017, pp. 150–154.
feature extraction method based on stacked denoising autoencoders
[117] Y.-K. Lei, “Individual communication transmitter identification using
under small sample prerequisite,” in 2017 7th IEEE International
correntropy-based collaborative representation,” in 2016 9th Interna-
Conference on Electronics Information and Emergency Communication
tional Congress on Image and Signal Processing, BioMedical Engi-
(ICEIEC). IEEE, 2017, pp. 132–135.
neering and Informatics (CISP-BMEI). IEEE, 2016, pp. 1194–1200.
[118] M. Sun, L. Zhang, J. Bao, and Y. Yan, “Rf fingerprint extraction for [140] T. Oyedare and J.-M. J. Park, “Estimating the required training dataset
gnss anti-spoofing using axial integrated wigner bispectrum,” Journal size for transmitter classification using deep learning.”
of Information Security and Applications, vol. 35, pp. 51–54, 2017. [141] J. S. Dramsch, M. Lüthje, and A. N. Christensen, “Complex-
[119] Z. Zhang, Y. Li, and C. Wang, “Research on individual identification of valued neural networks for machine learning on non-stationary
wireless devices based on signal’s energy distribution,” in 2018 IEEE physical data,” CoRR, vol. abs/1905.12321, 2019. [Online]. Available:
23rd International Conference on Digital Signal Processing (DSP). http://arxiv.org/abs/1905.12321
IEEE, 2018, pp. 1–5. [142] Y. Liu, J. Wang, J. Li, H. Song, T. Yang, S. Niu, and Z. Ming, “Zero-
[120] N. E. Huang, Hilbert-Huang transform and its applications. World bias deep learning for accurate identification of internet of things (iot)
Scientific, 2014, vol. 16. devices,” IEEE Internet of Things Journal, 2020.
[121] W. Wang, H. Liu, J. Yang, and H. Yin, “Specific emitter identification [143] Y. Liu, J. Wang, S. Niu, and H. Song, “Deep learning enabled reliable
using decomposed hierarchical feature extraction methods,” in 2017 identity verification and spoofing detection,” in International Confer-
13th International Conference on Natural Computation, Fuzzy Systems ence on Wireless Algorithms, Systems, and Applications. Springer,
and Knowledge Discovery (ICNC-FSKD). IEEE, 2017, pp. 1639– 2020, pp. 333–345.
1643. [144] M. Li, O. Li, G. Liu, and C. Zhang, “Generative adversarial networks-
[122] M. G. Frei and I. Osorio, “Intrinsic time-scale decomposition: time– based semi-supervised automatic modulation recognition for cognitive
frequency–energy analysis and real-time filtering of non-stationary radio networks,” Sensors, vol. 18, no. 11, p. 3913, 2018.
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 21

[145] E. Marchi, F. Vesperini, F. Eyben, S. Squartini, and B. Schuller, [167] P. L. Narasimha, W. H. Delashmit, M. T. Manry, J. Li, and F. Maldon-
“A novel approach for automatic acoustic novelty detection using a ado, “An integrated growing-pruning method for feedforward network
denoising autoencoder with bidirectional lstm neural networks,” in training,” Neurocomputing, vol. 71, no. 13-15, pp. 2831–2847, 2008.
2015 IEEE International Conference on Acoustics, Speech and Signal [168] L. Ma and K. Khorasani, “A new strategy for adaptively constructing
Processing (ICASSP). IEEE, 2015, pp. 1996–2000. multilayer feedforward neural networks,” Neurocomputing, vol. 51, pp.
[146] S. S. Khan and B. Taati, “Detecting unseen falls from wearable devices 361–385, 2003.
using channel-wise ensemble of autoencoders,” Expert Systems with [169] C. Cortes, X. Gonzalvo, V. Kuznetsov, M. Mohri, and S. Yang, “Adanet:
Applications, vol. 87, pp. 280–290, 2017. Adaptive structural learning of artificial neural networks,” in Proceed-
[147] Y. Shi, K. Davaslioglu, Y. E. Sagduyu, W. C. Headley, M. Fowler, ings of the 34th International Conference on Machine Learning-Volume
and G. Green, “Deep learning for rf signal classification in unknown 70. JMLR. org, 2017, pp. 874–883.
and dynamic spectrum environments,” in 2019 IEEE International [170] C. Liu, B. Zoph, M. Neumann, J. Shlens, W. Hua, L.-J. Li, L. Fei-Fei,
Symposium on Dynamic Spectrum Access Networks (DySPAN). IEEE, A. Yuille, J. Huang, and K. Murphy, “Progressive neural architecture
2019, pp. 1–10. search,” in Proceedings of the European Conference on Computer
[148] A. Gritsenko, Z. Wang, T. Jian, J. Dy, K. Chowdhury, and S. Ioannidis, Vision (ECCV), 2018, pp. 19–34.
“Finding a newneedle in the haystack: Unseen radio detection in [171] K. O. Stanley and R. Miikkulainen, “Efficient evolution of neural net-
large populations using deep learning,” in 2019 IEEE International work topologies,” in Proceedings of the 2002 Congress on Evolutionary
Symposium on Dynamic Spectrum Access Networks (DySPAN). IEEE, Computation. CEC’02 (Cat. No. 02TH8600), vol. 2. IEEE, 2002, pp.
2019, pp. 1–10. 1757–1762.
[149] Y. Kim, S. An, and J. So, “Identifying signal source using channel [172] ——, “Evolving neural networks through augmenting topologies,”
state information in wireless lans,” in 2018 International Conference Evolutionary computation, vol. 10, no. 2, pp. 99–127, 2002.
on Information Networking (ICOIN). IEEE, 2018, pp. 616–621. [173] J. Liang, E. Meyerson, B. Hodjat, D. Fink, K. Mutch, and R. Miikku-
[150] L. J. Wong, W. C. Headley, S. Andrews, R. M. Gerdes, and A. J. lainen, “Evolutionary neural automl for deep learning,” in Proceedings
Michaels, “Clustering learned cnn features from raw i/q data for emitter of the Genetic and Evolutionary Computation Conference, 2019, pp.
identification,” in MILCOM 2018-2018 IEEE Military Communications 401–409.
Conference (MILCOM). IEEE, 2018, pp. 26–33. [174] B. Baker, O. Gupta, N. Naik, and R. Raskar, “Designing neural
[151] H. Jafari, O. Omotere, D. Adesina, H.-H. Wu, and L. Qian, “Iot network architectures using reinforcement learning,” arXiv preprint
devices fingerprinting using deep learning,” in MILCOM 2018-2018 arXiv:1611.02167, 2016.
IEEE Military Communications Conference (MILCOM). IEEE, 2018, [175] M. Tan, B. Chen, R. Pang, V. Vasudevan, M. Sandler, A. Howard,
pp. 1–9. and Q. V. Le, “Mnasnet: Platform-aware neural architecture search for
[152] J. S. Bergstra, R. Bardenet, Y. Bengio, and B. Kégl, “Algorithms mobile,” in Proceedings of the IEEE Conference on Computer Vision
for hyper-parameter optimization,” in Advances in neural information and Pattern Recognition, 2019, pp. 2820–2828.
processing systems, 2011, pp. 2546–2554. [176] C.-H. Hsu, S.-H. Chang, J.-H. Liang, H.-P. Chou, C.-H. Liu, S.-C.
[153] M. Pelikan, D. E. Goldberg, E. Cantú-Paz et al., “Boa: The bayesian Chang, J.-Y. Pan, Y.-T. Chen, W. Wei, and D.-C. Juan, “Monas: Multi-
optimization algorithm,” in Proceedings of the genetic and evolutionary objective neural architecture search using reinforcement learning,”
computation conference GECCO-99, vol. 1, 1999, pp. 525–532. arXiv preprint arXiv:1806.10332, 2018.
[154] S. R. Young, D. C. Rose, T. P. Karnowski, S.-H. Lim, and R. M. Patton, [177] H. Liu, K. Simonyan, and Y. Yang, “Darts: Differentiable architecture
“Optimizing deep learning hyper-parameters through an evolutionary search,” arXiv preprint arXiv:1806.09055, 2018.
algorithm,” in Proceedings of the Workshop on Machine Learning in [178] X. Chen, L. Xie, J. Wu, and Q. Tian, “Progressive differentiable archi-
High-Performance Computing Environments, 2015, pp. 1–5. tecture search: Bridging the depth gap between search and evaluation,”
in Proceedings of the IEEE International Conference on Computer
[155] T. Elsken, J. H. Metzen, and F. Hutter, “Neural architecture search: A
Vision, 2019, pp. 1294–1303.
survey,” arXiv preprint arXiv:1808.05377, 2018.
[179] X. Dong and Y. Yang, “Searching for a robust neural architecture in
[156] W. Liu, Z. Wang, X. Liu, N. Zeng, Y. Liu, and F. E. Alsaadi, “A
four gpu hours,” in Proceedings of the IEEE Conference on Computer
survey of deep neural network architectures and their applications,”
Vision and Pattern Recognition, 2019, pp. 1761–1770.
Neurocomputing, vol. 234, pp. 11–26, 2017.
[180] C. Ying, A. Klein, E. Real, E. Christiansen, K. Murphy, and F. Hutter,
[157] A. Truong, A. Walters, J. Goodsitt, K. Hines, B. Bruss, and R. Farivar, “Nas-bench-101: Towards reproducible neural architecture search,”
“Towards automated machine learning: Evaluation and comparison of arXiv preprint arXiv:1902.09635, 2019.
automl approaches and tools,” arXiv preprint arXiv:1908.05557, 2019. [181] X. Dong and Y. Yang, “Nas-bench-102: Extending the scope of repro-
[158] M. Lindauer, “Literature on neural architecture search,” https://www. ducible neural architecture search,” arXiv preprint arXiv:2001.00326,
automl.org/automl/literature-on-neural-architecture-search/, Feb. 2020. 2020.
[159] X. Dong, “Awesome-nas: A curated list of neural architecture search [182] K. Youssef, L. Bouchard, K. Haigh, J. Silovsky, B. Thapa, and C. Van-
(nas) resources.” https://github.com/D-X-Y/Awesome-NAS, Jan. 2020. der Valk, “Machine learning approach to rf transmitter identification,”
[160] C. Zanchettin and T. B. Ludermir, “A methodology to train and improve IEEE Journal of Radio Frequency Identification, vol. 2, no. 4, pp. 197–
artificial neural networks’ weights and connections,” in The 2006 IEEE 205, 2018.
International Joint Conference on Neural Network Proceedings. IEEE, [183] W. J. Scheirer, A. de Rezende Rocha, A. Sapkota, and T. E. Boult,
2006, pp. 5267–5274. “Toward open set recognition,” IEEE transactions on pattern analysis
[161] M. M. Islam, M. A. Sattar, M. F. Amin, X. Yao, and K. Murase, “A new and machine intelligence, vol. 35, no. 7, pp. 1757–1772, 2012.
adaptive merging and growing algorithm for designing artificial neural [184] A. Bendale and T. E. Boult, “Towards open set deep networks,” in
networks,” IEEE Transactions on Systems, Man, and Cybernetics, Part Proceedings of the IEEE conference on computer vision and pattern
B (Cybernetics), vol. 39, no. 3, pp. 705–722, 2009. recognition, 2016, pp. 1563–1572.
[162] H. Lam, S. Ling, F. H. Leung, and P. K.-S. Tam, “Tuning of the [185] D. Gunning, “Explainable artificial intelligence (xai),” Defense Ad-
structure and parameters of neural network using an improved genetic vanced Research Projects Agency (DARPA), nd Web, vol. 2, 2017.
algorithm,” in IECON’01. 27th Annual Conference of the IEEE Indus- [186] C. Tan, F. Sun, T. Kong, W. Zhang, C. Yang, and C. Liu, “A survey on
trial Electronics Society (Cat. No. 37243), vol. 1. IEEE, 2001, pp. deep transfer learning,” in International conference on artificial neural
25–30. networks. Springer, 2018, pp. 270–279.
[163] J. M. Alvarez and M. Salzmann, “Learning the number of neurons [187] S. Niu, Y. Liu, J. Wang, and H. Song, “A decade survey of transfer
in deep networks,” in Advances in Neural Information Processing learning (20102020),” IEEE Transactions on Artificial Intelligence,
Systems, 2016, pp. 2270–2278. vol. 1, no. 2, pp. 151–166, 2020.
[164] Y. Guo, A. Yao, and Y. Chen, “Dynamic network surgery for efficient [188] G. I. Parisi, R. Kemker, J. L. Part, C. Kanan, and S. Wermter,
dnns,” in Advances in neural information processing systems, 2016, pp. “Continual lifelong learning with neural networks: A review,” Neural
1379–1387. Networks, 2019.
[165] S. Han, J. Pool, J. Tran, and W. Dally, “Learning both weights [189] H. Shin, J. K. Lee, J. Kim, and J. Kim, “Continual learning with
and connections for efficient neural network,” in Advances in neural deep generative replay,” in Advances in Neural Information Processing
information processing systems, 2015, pp. 1135–1143. Systems, 2017, pp. 2990–2999.
[166] M. M. Islam, X. Yao, and K. Murase, “A constructive algorithm for [190] F. Girosi, M. Jones, and T. Poggio, “Regularization theory and neural
training cooperative neural network ensembles,” IEEE Transactions on networks architectures,” Neural computation, vol. 7, no. 2, pp. 219–
neural networks, vol. 14, no. 4, pp. 820–834, 2003. 269, 1995.
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 22

[191] J. Kirkpatrick, R. Pascanu, N. Rabinowitz, J. Veness, G. Desjardins, Transactions on Database Systems (TODS), vol. 42, no. 3, pp. 1–21,
A. A. Rusu, K. Milan, J. Quan, T. Ramalho, A. Grabska-Barwinska 2017.
et al., “Overcoming catastrophic forgetting in neural networks,” Pro- [212] M. Ankerst, M. M. Breunig, H.-P. Kriegel, and J. Sander, “Optics:
ceedings of the national academy of sciences, vol. 114, no. 13, pp. ordering points to identify the clustering structure,” ACM Sigmod
3521–3526, 2017. record, vol. 28, no. 2, pp. 49–60, 1999.
[192] J. Yoon, E. Yang, J. Lee, and S. J. Hwang, “Lifelong learning with [213] D. Pelleg, A. W. Moore et al., “X-means: Extending k-means with
dynamically expandable networks,” arXiv preprint arXiv:1708.01547, efficient estimation of the number of clusters.” in Icml, vol. 1, 2000,
2017. pp. 727–734.
[193] Y. Liu, J. Wang, J. Li, S. Niu, and H. Song, “Formal [214] R.-H. Hwang, M.-C. Peng, C.-W. Huang, P.-C. Lin, and V.-L. Nguyen,
Proofs of Orthogonality for Class-Incremental Learning for “An unsupervised deep learning model for early network traffic
Wireless Device Identification in IoT,” 5 2021. [Online]. anomaly detection,” IEEE Access, vol. 8, pp. 30 387–30 399, 2020.
Available: https://www.techrxiv.org/articles/preprint/Formal Proofs [215] R.-H. Hwang, M.-C. Peng, and C.-W. Huang, “Detecting iot malicious
of Orthogonality for Class-Incremental Learning for Wireless traffic based on autoencoder and convolutional neural network,” in 2019
Device Identification in IoT/14559765 IEEE Globecom Workshops (GC Wkshps). IEEE, 2019, pp. 1–6.
[194] ——, “Formal Proofs of Orthogonality for Class-Incremental [216] H. Alipour, Y. B. Al-Nashif, P. Satam, and S. Hariri, “Wireless anomaly
Learning for Wireless Device Identification in IoT,” 5 2021. [Online]. detection based on ieee 802.11 behavior analysis,” IEEE transactions
Available: https://www.techrxiv.org/articles/preprint/Formal Proofs on information forensics and security, vol. 10, no. 10, pp. 2158–2170,
of Orthogonality for Class-Incremental Learning for Wireless 2015.
Device Identification in IoT/14559765 [217] N. Sehatbakhsh, M. Alam, A. Nazari, A. Zajic, and M. Prvulovic,
[195] ——, “Class-incremental learning for wireless device identification in “Syndrome: Spectral analysis for anomaly detection on medical iot
iot,” IEEE Internet of Things Journal, pp. 1–1, 2021. and embedded devices,” in 2018 IEEE international symposium on
[196] E. Axell, G. Leus, E. G. Larsson, and H. V. Poor, “Spectrum sensing hardware oriented security and trust (HOST). IEEE, 2018, pp. 1–8.
for cognitive radio: State-of-the-art and recent advances,” IEEE signal [218] A. Hamza, H. H. Gharakheili, T. A. Benson, and V. Sivaraman,
processing magazine, vol. 29, no. 3, pp. 101–116, 2012. “Detecting volumetric attacks on lot devices via sdn-based monitoring
[197] A. Sivanathan, H. H. Gharakheili, and V. Sivaraman, “Detecting of mud activity,” in Proceedings of the 2019 ACM Symposium on SDN
behavioral change of iot devices using clustering-based network traffic Research, 2019, pp. 36–48.
modeling,” IEEE Internet of Things Journal, 2020. [219] V. L. Thing, “Ieee 802.11 network anomaly detection and attack
[198] ——, “Inferring iot device types from network behavior using unsuper- classification: A deep learning approach,” in 2017 IEEE Wireless
vised clustering,” in 2019 IEEE 44th Conference on Local Computer Communications and Networking Conference (WCNC). IEEE, 2017,
Networks (LCN). IEEE, 2019, pp. 230–233. pp. 1–6.
[199] J. Ortiz, C. Crawford, and F. Le, “Devicemien: network device behavior [220] R. Sridharan, R. R. Maiti, and N. O. Tippenhauer, “Wadac: Privacy-
modeling for identifying unknown iot devices,” in Proceedings of the preserving anomaly detection and attack classification on wireless
International Conference on Internet of Things Design and Implemen- traffic,” in Proceedings of the 11th ACM Conference on Security &
tation, 2019, pp. 106–117. Privacy in Wireless and Mobile Networks, 2018, pp. 51–62.
[200] G. Liu, R. Zhang, C. Wang, and L. Liu, “Synchronization-free gps [221] T. Luo and S. G. Nagarajan, “Distributed anomaly detection using au-
spoofing detection with crowdsourced air traffic control data,” in 2019 toencoder neural networks in wsn for iot,” in 2018 IEEE International
20th IEEE International Conference on Mobile Data Management Conference on Communications (ICC). IEEE, 2018, pp. 1–6.
(MDM). IEEE, 2019, pp. 260–268. [222] Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, A. Shabtai, D. Breit-
[201] M. Monteiro, A. Barreto, T. Kacem, D. Wijesekera, and P. Costa, enbacher, and Y. Elovici, “N-baiotnetwork-based detection of iot botnet
“Detecting malicious ads-b transmitters using a low-bandwidth sensor attacks using deep autoencoders,” IEEE Pervasive Computing, vol. 17,
network,” in 2015 18th International Conference on Information Fusion no. 3, pp. 12–22, 2018.
(Fusion). IEEE, 2015, pp. 1696–1701. [223] Y. Chen, X. S. Zhou, and T. S. Huang, “One-class svm for learning
[202] B. Xu, G. Sun, R. Yu, and Z. Yang, “High-accuracy tdoa-based local- in image retrieval,” in Proceedings 2001 International Conference on
ization without time synchronization,” IEEE Transactions on Parallel Image Processing (Cat. No. 01CH37205), vol. 1. IEEE, 2001, pp.
and Distributed Systems, vol. 24, no. 8, pp. 1567–1576, 2012. 34–37.
[203] M. Schäfer, M. Strohmeier, V. Lenders, I. Martinovic, and M. Wil- [224] Z. Ding and M. Fei, “An anomaly detection approach based on
helm, “Bringing up opensky: A large-scale ads-b sensor network for isolation forest algorithm for streaming data using sliding window,”
research,” in Proceedings of the 13th international symposium on IFAC Proceedings Volumes, vol. 46, no. 20, pp. 12–17, 2013.
Information processing in sensor networks. IEEE Press, 2014, pp. [225] H.-P. Kriegel, P. Kröger, E. Schubert, and A. Zimek, “Loop: local
83–94. outlier probabilities,” in Proceedings of the 18th ACM conference on
[204] H. Liu, H. Darabi, P. Banerjee, and J. Liu, “Survey of wireless indoor Information and knowledge management, 2009, pp. 1649–1652.
positioning techniques and systems,” IEEE Transactions on Systems, [226] M. S. Parwez, D. B. Rawat, and M. Garuba, “Big data analytics for
Man, and Cybernetics, Part C (Applications and Reviews), vol. 37, user-activity analysis and user-anomaly detection in mobile wireless
no. 6, pp. 1067–1080, 2007. network,” IEEE Transactions on Industrial Informatics, vol. 13, no. 4,
[205] I. Guvenc and C.-C. Chong, “A survey on toa based wireless localiza- pp. 2058–2065, 2017.
tion and nlos mitigation techniques,” IEEE Communications Surveys [227] M. Wei and K. Kim, “Intrusion detection scheme using traffic predic-
& Tutorials, vol. 11, no. 3, pp. 107–124, 2009. tion for wireless industrial networks,” journal of communications and
[206] G. Han, H. Xu, T. Q. Duong, J. Jiang, and T. Hara, “Localization networks, vol. 14, no. 3, pp. 310–318, 2012.
algorithms of wireless sensor networks: a survey,” Telecommunication [228] N. Tandiya, A. Jauhar, V. Marojevic, and J. H. Reed, “Deep predictive
Systems, vol. 52, no. 4, pp. 2419–2436, 2013. coding neural network for rf anomaly detection in wireless networks,”
[207] Q. Li, H. Fan, W. Sun, J. Li, L. Chen, and Z. Liu, “Fingerprints in the in 2018 IEEE International Conference on Communications Workshops
air: unique identification of wireless devices using rf rss fingerprints,” (ICC Workshops). IEEE, 2018, pp. 1–6.
IEEE Sensors Journal, vol. 17, no. 11, pp. 3568–3579, 2017. [229] S. Rajendran, W. Meert, V. Lenders, and S. Pollin, “Saife: Unsupervised
[208] M. Zheleva, R. Chandra, A. Chowdhery, A. Kapoor, and P. Garnett, wireless spectrum anomaly detection with interpretable features,” in
“Txminer: Identifying transmitters in real-world spectrum measure- 2018 IEEE International Symposium on Dynamic Spectrum Access
ments,” in 2015 IEEE International Symposium on Dynamic Spectrum Networks (DySPAN). IEEE, 2018, pp. 1–9.
Access Networks (DySPAN). IEEE, 2015, pp. 94–105. [230] W. Lotter, G. Kreiman, and D. Cox, “Deep predictive coding net-
[209] Y. A. Nijsure, G. Kaddoum, G. Gagnon, F. Gagnon, C. Yuen, and works for video prediction and unsupervised learning,” arXiv preprint
R. Mahapatra, “Adaptive air-to-ground secure communication system arXiv:1605.08104, 2016.
based on ads-b and wide-area multilateration,” IEEE Transactions on [231] R. Morales-Ferre, W. Wang, A. Sanz-Abia, and E.-S. Lohan,
Vehicular Technology, vol. 65, no. 5, pp. 3150–3165, 2015. “Identifying gnss signals based on their radio frequency (rf)
[210] M. Monteiro, A. Barreto, T. Kacem, J. Carvalho, D. Wijesekera, features?a dataset with gnss raw signals based on roof antennas and
and P. Costa, “Detecting malicious ads-b broadcasts using wide area spectracom generator,” Data, vol. 5, no. 1, 2020. [Online]. Available:
multilateration,” in 2015 IEEE/AIAA 34th Digital Avionics Systems https://www.mdpi.com/2306-5729/5/1/18
Conference (DASC). IEEE, 2015, pp. 4A3–1. [232] Y. Liu, J. Wang, S. Niu, and H. Song, “Ads-b signals records
[211] E. Schubert, J. Sander, M. Ester, H. P. Kriegel, and X. Xu, “Dbscan for non-cryptographic identification and incremental learning.” 2021.
revisited, revisited: why and how you should (still) use dbscan,” ACM [Online]. Available: https://dx.doi.org/10.21227/1bxc-ke87
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 23

[233] M. Ezuma, F. Erden, C. K. Anjinappa, O. Ozdemir, and I. Guvenc, Jian Wang ([email protected]) is a Ph.D. stu-
“Drone remote controller rf signal dataset,” 2020. [Online]. Available: dent in the Department of Electrical Engineering and
https://dx.doi.org/10.21227/ss99-8d56 Computer Science (EECS), Embry-Riddle Aeronau-
[234] E. Uzundurukan, Y. Dalveren, and A. Kara, “A database for the radio tical University (ERAU), Daytona Beach, Florida,
frequency fingerprinting of bluetooth devices,” Data, vol. 5, no. 2, and a graduate research assistant in the Security
p. 55, 2020. and Optimization for Networked Globe Labora-
[235] K. Sankhe, M. Belgiovine, F. Zhou, S. Riyaz, S. Ioannidis, and tory (SONG Lab, www.SONGLab.us). He received
K. Chowdhury, “Oracle: Optimized radio classification through convo- his M.S. from South China Agricultural University
lutional neural networks,” in IEEE INFOCOM 2019-IEEE Conference (SCAU) in 2017 and B.S. from Nanyang Normal
on Computer Communications. IEEE, 2019, pp. 370–378. University in 2014. His major research interests
[236] S. Mohanti, N. Soltani, K. Sankhe, D. Jaisinghani, M. Di Felice, and include wireless networks, unmanned aerial systems,
K. Chowdhury, “Airid: Injecting a custom rf fingerprint for enhanced and machine learning.
uav identification using deep learning,” in IEEE GLOBECOM 2020-
IEEE Global Communications Conference. IEEE, 2020, pp. 370–378.
[237] G. Reus-Muns, D. Jaisinghani, K. Sankhe, and K. Chowdhury, “Trust
in 5g open rans through machine learning: Rf fingerprinting on the
powder pawr platform,” in IEEE Globecom 2020-IEEE Global Com-
munications Conference. IEEE, 2020.
[238] N. Soltani, G. Reus-Muns, B. Salehi, J. Dy, S. Ioannidis, and
K. Chowdhury, “RF Fingerprinting Unmanned Aerial Vehicles With
Non-Standard Transmitter Waveforms,” IEEE Transactions on Vehicu-
lar Technology, vol. 69, no. 12, pp. 15 518–15 531, 2020.
[239] K. Sankhe, M. Belgiovine, F. Zhou, L. Angioloni, F. Restuccia,
S. DOro, T. Melodia, S. Ioannidis, and K. Chowdhury, “No radio left
behind: Radio fingerprinting through deep learning of physical-layer
hardware impairments,” IEEE Transactions on Cognitive Communica-
tions and Networking, vol. 6, no. 1, pp. 165–178, 2019.
[240] N. Soltani, K. Sankhe, J. Dy, S. Ioannidis, and K. Chowdhury, “More is
Better: Data Augmentation for Channel-Resilient RF Fingerprinting,”
IEEE Communications Magazine, vol. 58, no. 10, pp. 66–72, 2020.
[241] S. J. Pan and Q. Yang, “A survey on transfer learning,” IEEE Transac-
tions on knowledge and data engineering, vol. 22, no. 10, pp. 1345–
1359, 2009. Jianqiang Li ([email protected]) received his B.S.
[242] S. Niu, J. Wang, Y. Liu, and H. Song, “Transfer learning based data- and Ph.D. degrees from the South China University
efficient machine learning enabled classification,” in 2020 IEEE Intl of Technology in 2003 and 2008, respectively. He is
Conf on Dependable, Autonomic and Secure Computing, Intl Conf on a Professor with the College of Computer and Soft-
Pervasive Intelligence and Computing, Intl Conf on Cloud and Big ware Engineering, Shenzhen University, Shenzhen,
Data Computing, Intl Conf on Cyber Science and Technology Congress China. He is leading two projects funded by the Na-
(DASC/PiCom/CBDCom/CyberSciTech). IEEE, 2020, pp. 620–626. tional Natural Science Foundation of China and two
[243] P. Nguyen, H. Truong, M. Ravindranathan, A. Nguyen, R. Han, and projects funded by the Natural Science Foundation
T. Vu, “Matthan: Drone presence detection by identifying physical of Guangdong, China. His major research interests
signatures in the drone’s rf communication,” in Proceedings of the 15th include Internet of Things, robotic, hybrid systems,
Annual International Conference on Mobile Systems, Applications, and and embedded systems.
Services. ACM, 2017, pp. 211–224.
[244] J. Wang, Y. Liu, and H. Song, “Counter-unmanned aircraft system(s)
(c-uas): State of the art, challenges, and future trends,” IEEE Aerospace
and Electronic Systems Magazine, vol. 36, no. 3, pp. 4–29, 2021.
[245] Y. Shi, K. Davaslioglu, and Y. E. Sagduyu, “Generative adversarial
network for wireless signal spoofing,” in Proceedings of the ACM
Workshop on Wireless Security and Machine Learning. ACM, 2019,
pp. 55–60.

YongXin Liu ([email protected]) is currently

an assistant professor at department of Computer
Science, Auburn University at Montgomery. He re-
ceived his Ph.D. degree in Electrical Engineering
and Computer Science from Embry-Riddle Aeronau- Shuteng Niu ([email protected]) is an Assistant Pro-
tical University (ERAU), Daytona Beach, Florida, in fessor in the Department of Computer Science,
August 2021. He was a graduate research assistant in Bowling Green State University. He received his
the Security and Optimization for Networked Globe Ph.D. degree in Electrical Engineering and Com-
Laboratory (SONG Lab, www.SONGLab.us) from puter Science from Embry-Riddle Aeronautical Uni-
August 2018 to August 2021. He received the first versity (ERAU), Daytona Beach, Florida, in May
Ph.D. from South China University of Technology, 2021. He was a graduate research assistant in the Se-
2018. His major research interests include machine learning, data mining, curity and Optimization for Networked Globe Lab-
wireless networks, the Internet of Things, and Unmanned Systems. oratory (SONG Lab, www.SONGLab.us) from Jan-
uary 2018 to May 2021. He received his M.S. from
Embry-Riddle Aeronautical University (ERAU) in
2018 and B.S. from Civil Aviation University of China (CAUC) in 2015. His
major research interests include machine learning, data mining, and signal
processing.
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 5, MAY 2020 24

Houbing Song (M’12-SM’14) received the Ph.D.

degree in electrical engineering from the University
of Virginia, Charlottesville, VA, in August 2012.
In August 2017, he joined the Department of Elec-
trical Engineering and Computer Science, Embry-
Riddle Aeronautical University, Daytona Beach,
FL, where he is currently an Assistant Professor
and the Director of the Security and Optimiza-
tion for Networked Globe Laboratory (SONG Lab,
www.SONGLab.us). He has served as an Asso-
ciate Technical Editor for IEEE Communications
Magazine (2017-present), an Associate Editor for IEEE Internet of Things
Journal (2020-present) and IEEE Journal on Miniaturization for Air and
Space Systems (J-MASS) (2020-present), and a Guest Editor for IEEE
Journal on Selected Areas in Communications (J-SAC), IEEE Internet of
Things Journal, IEEE Transactions on Industrial Informatics, IEEE Sensors
Journal, IEEE Transactions on Intelligent Transportation Systems, and IEEE
Network. He is the editor of eight books, including Aviation Cybersecurity:
Foundations, principles, and applications, Scitech Publishing, 2022, Smart
Transportation: AI Enabled Mobility and Autonomous Driving, CRC Press,
2021, Big Data Analytics for Cyber-Physical Systems: Machine Learning for
the Internet of Things, Elsevier, 2019, Smart Cities: Foundations, Principles
and Applications, Hoboken, NJ: Wiley, 2017, Security and Privacy in Cyber-
Physical Systems: Foundations, Principles and Applications, Chichester, UK:
Wiley-IEEE Press, 2017, Cyber-Physical Systems: Foundations, Principles and
Applications, Boston, MA: Academic Press, 2016, and Industrial Internet of
Things: Cybermanufacturing Systems, Cham, Switzerland: Springer, 2016.
He is the author of more than 100 articles and the inventor of 2 patents (US
& WO). His research interests include cyber-physical systems, cybersecurity
and privacy, internet of things, edge computing, AI/machine learning, big data
analytics, unmanned aircraft systems, connected vehicle, smart and connected
health, and wireless communications and networking. His research has been
featured by popular news media outlets, including IEEE GlobalSpec’s Engi-
neering360, USA Today, U.S. News & World Report, Fox News, Association
for Unmanned Vehicle Systems International (AUVSI), Forbes, WFTV, New
Atlas, The Washington Times, Battle Space and Defense Daily.
Dr. Song is a senior member of ACM and an ACM Distinguished Speaker.
Dr. Song was a recipient of the Best Paper Award from the 12th IEEE
International Conference on Cyber, Physical and Social Computing (CPSCom-
2019), the Best Paper Award from the 2nd IEEE International Conference
on Industrial Internet (ICII 2019), the Best Paper Award from the 19th
Integrated Communication, Navigation and Surveillance technologies (ICNS
2019) Conference, the Best Paper Award from the 6th IEEE International
Conference on Cloud and Big Data Computing (CBDCom 2020), and the Best
Paper Award from the 15th International Conference on Wireless Algorithms,
Systems, and Applications (WASA 2020).