Link-layer device type classification on encrypted wireless traffic with COTS radios

Rajib Ranjan Maiti, Sandra Siby, Ragav Sridharan, Nils Ole Tippenhauer

Research output: Chapter in Book/Report/Conference proceedingConference contribution


In this work, we design and implement a framework, PrEDeC, which enables an attacker to violate user privacy by using the encrypted link-layer radio traffic to detect device types in a targeted environment. We focus on 802.11 traffic using WPA2 as security protocol. Data is collected by passive eavesdropping using COTS radios. PrEDeC (a) extracts features using temporal properties, size of encrypted payload, type and direction of wireless traffic (b) filters features to improve overall performance (c) builds a classification model to detect different device types. While designing PrEDeC, we experimentally record the traffic of 22 IoT devices and manually classify that data into 10 classes to train three machine learning classifiers: Random Forest, Decision Tree and SVM. We analyze the performance of the classifiers on different block sizes (set of frames) and find that a block size of 30k frames with Random Forest classifier shows above 90% accuracy. Additionally, we observe that a reduced set of 49 features gives similar accuracy but better efficiency as compared to taking an entire set of extracted features. We investigate the significance of these features for classification. We further investigated the number of frames and the amount time required to eavesdrop them in different traffic scenarios.

Original languageEnglish (US)
Title of host publicationComputer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings
EditorsSimon N. Foley, Dieter Gollmann, Einar Snekkenes
PublisherSpringer Verlag
Number of pages18
ISBN (Print)9783319663982
StatePublished - 2017
Event22nd European Symposium on Research in Computer Security, ESORICS 2017 - Oslo, Norway
Duration: Sep 11 2017Sep 15 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10493 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference22nd European Symposium on Research in Computer Security, ESORICS 2017


  • Classification
  • Encrypted network traffic
  • Machine learning

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Link-layer device type classification on encrypted wireless traffic with COTS radios'. Together they form a unique fingerprint.

Cite this