Traffic Fingerprints for Homogeneous IoT Traffic Based on Packet Payload Transition Patterns
Round 1
Reviewer 1 Report
Comments and Suggestions for AuthorsThe authors propose a new method to fingerprint IoT traffic based on packets' payloads size differences, and a more efficient solution to handle the overlapping phenomenon.
The contribution is interesting and the paper is well-written enough, but for a pair of things that should be addressed before publication:
* there should be a more detailed primer on IoT traffic characteristics such to help the reader understand why many classic features are not suitable for fingerprinting;
* the way to populate the traffic feature matrix should be explained in more detail and clearer examples.
Also: the sentence "The application of new technologies represented by 5G has deepened the homogeneity of IoT Traffic" at lines 28-29 should have a citation.
Comments on the Quality of English LanguageThe paper is generally understandable, but it has some hard-to-read or parts and small typos.
Some examples of parts that should be rephrased are:
* lines 21-23 of the introduction;
* lines 159-163 (section "Proposed Methods").
Some example of typos:
* Figure 2: cloud should read "Hard to classificate";
* line 236: "Supple" should be "Supply";
* line 348: "Forrest" should be "Forest";
* line 412: "researchers" I assume it should be "researches".
Author Response
Please see the attachment
Author Response File: Author Response.pdf
Reviewer 2 Report
Comments and Suggestions for AuthorsThe research investigates the effectiveness of traditional traffic fingerprints as a security protection mechanism in 5G IoT scenarios. Replication experiments reveal that classic traffic fingerprints, based on simple network traffic attribute features, exhibit significantly lower device identification ability in real 5G IoT scenarios compared to traditional IoT scenarios.
The study attributes this decline to the growing homogenization of IoT traffic caused by the implementation of 5G. The research identifies the need for an enhanced traffic fingerprint to address the homogeneity in IoT traffic.
Moreover, the study recognizes that the solution to the overlap issue is crucial in restricting the recognition ability of one-vs-all multi-classifiers, with existing methods having room for optimization. To address these concerns, the research proposes an enhanced IoT terminal traffic fingerprint based on packet payload transition patterns and an improved overlap solution based on density centers.
Experimental results demonstrate that the proposed traffic fingerprint achieves a Macro-Average Precision of close to 90% for network traffic from real 5G IoT terminals, while the overlap solution reduces decision-making time from hundreds to tens of seconds, maintaining accuracy.
Author Response
Please see the attachment
Author Response File: Author Response.pdf