Journal of Network and Systems Management (2023) 31:26

https://doi.org/10.1007/s10922-022-09716-x

A Deep Learning Approach for Classifying Network

Connected IoT Devices Using Communication Traffic
Characteristics

Rajarshi Roy Chowdhury1,2 · Azam Che Idris1 · Pg Emeroylariffion Abas1

Received: 19 June 2022 / Revised: 25 November 2022 / Accepted: 26 December 2022

© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature
2023

Abstract
The Internet of Things can be considered a technological revolution and has suc-
cessfully merged the physical world with the digital world. However, heterogene-
ous IoT devices with different functionalities impose new security challenges in
cyberspace, including node forgery, unauthorized access to data and cyberattacks.
It is essential to identify network-connected devices accurately and robustly, as well
as their communication behaviours, to improve network security. Whilst necessary
for communication, traditional identifiers using internet protocol /medium access
control addresses have some constraints as device identifiers due to vulnerabilities
against different attacks. To mitigate these issues, a deep learning-based device fin-
gerprinting model has been proposed using these two features for the classification
task, with 100 consecutive packets’ information utilized to generate fingerprints as
graphs. The proposed device fingerprinting model demonstrates over 99% and 95%
precisions in distinguishing between known and unknown traffic traces and in iden-
tifying IoT and non-IoT traffic traces, respectively. 98.49% precision has also been
demonstrated on an individual device classification task. These results are signifi-
cant as the model can be utilized to effectively secure a resource-constrained IoT
network, which despite its rapid growth of usage, is more prone to attack, partly due
to its dependence on traditional explicit identification methods.

Keywords Internet of Things · Network traffic traces · Deep learning ·

Convolutional neural network · Non-IoT device · Device fingerprinting

* Rajarshi Roy Chowdhury

[email protected]
1
Faculty of Integrated Technologies, Universiti Brunei Darussalam, Jalan Tungku Link,
Gadong BE1410, Brunei Darussalam
2
Department of Computer Science and Engineering, Sylhet International University,
Shamimabad Road, Sylhet 3100, Bangladesh

13
Vol.:(0123456789)
 26 Page 2 of 21 Journal of Network and Systems Management (2023) 31:26

1 Introduction

The rapid proliferation of heterogeneous Internet of Things (IoT) devices with dis-
tinct functionalities have imposed new security and privacy challenges in cyber-
space, such as device management [1–3], anomaly/attack detection [4–15], authen-
tication [1, 16], device identification [17–20] and location tracking [21–24]. IoT
device identification plays a key role in mitigating all these issues. Conventionally,
individual devices are assigned unique identifiers, such as internet protocol (IP)/
medium access control (MAC) addresses, for identifying network-connected devices
in the networks during communication. Despite the importance of these identifiers
for communication over the network, unfortunately, they have been shown to be eas-
ily mutable using software and knowledge of networking [25]. On the other hand, a
device fingerprinting (DFP) approach has been shown to be more robust for device
identification purposes. DFP uses implicit identifiers, including network packet
[17–19], MAC frame [26, 27] and radio signal [28, 29], for generating unique finger-
prints to identify devices as well as classify traffic types. Effective DFP approaches
must fulfil three important properties: (a) generated features must be hard or impos-
sible to forge, (b) generated features should remain stable even when devices move
from one network to another network or the environment changes, and (c) finger-
prints should be reproducible in the context of time and space. DFP has emerged as
a significant solution for improving network security due to its resistance to vulner-
abilities, including node forge or masquerading attacks.
In this paper, a deep learning (DL) based DFP model has been proposed and
used to analyze device-originated network traffic traces for generating unique fin-
gerprints, with individual fingerprints represented as graphs. Each graph has been
represented as a 150 × 150 (width × height) dimensions image with 72 dots per inch
(DPI) and 24-bit depth. Consecutive 100 packet header information, including tcp.
window_size and ip.len values, have been utilized to generate unique signatures (or
fingerprints) as inputs to a convolutional neural network (CNN) architecture in order
to classify network traffic traces into three levels, including known and unknown
traffic types (Level 1), IoT and non-IoT traffic types (Level 2) and individual device
classification (Level 3), as presented in Fig. 1. Known traffic type is defined as traf-
fic traces from authenticated devices’ (a user’s device connects to a selected or own
network), whilst unknown traffic type is traffic traces from unwanted devices (unau-
thenticated device, such as a new device or a device, which is not allowed to connect

Fig. 1  Network traffic types on three levels

13
Journal of Network and Systems Management (2023) 31:26 Page 3 of 21 26

to a specific network). DL architectures have significant advantages over traditional

ML algorithms [30]: (a) deep learning architectures allow the learning of useful fea-
tures or patterns automatically from the raw input data, (b) they can identify com-
plex non-linear relationships between features (or attributes), and (c) these architec-
tures are more suitable for big-data analysis. The proposed DL-based DFP model
has demonstrated over 99% precision in distinguishing between known (University
of New South Wales (UNSW) IoT) and unknown (D-Link IoT) traffic traces (Level
1), over 95% precision in identifying IoT and non-IoT devices traffic traces on the
UNSW dataset (Level 2), and individual device classification (Level 3) performance
of up to 98.49% precision on the UNSW IoT dataset. 99.71% precision is also dem-
onstrated with four different device categories on the D-Link IoT dataset.
IoT devices are commonly designed for specific tasks; therefore, their communi-
cation behaviour tends to remain stable even when devices move from one network
to another, except when the devices are under attack or tempered by intruders. The
proposed DL-based DFP model is robust; it performs three-level classification tasks,
but it is required to retrain the model again with a new dataset if a new device is
connected to the same network. However, this experiment does not consider anom-
aly detection or malicious traffic classification task. The key contributions of this
work are:

• Generating fingerprints (as graphs) using the two selected device-specific fea-
tures: tcp.window_size and ip.len, values of 100 consecutive device-originated
packets.
• A DL-based DFP model (CNN architecture) has been proposed, not only capable
of distinguishing between known and unknown traffic types (Level 1) but also
classifying IoT and non-IoT traffic types (Level 2) and individual device (Level
3) traffic traces.
• Evaluation of the performances of the proposed DFP model using the two pub-
licly available datasets: UNSW (IoT and non-IoT) and D-Link IoT datasets.

The rest of the paper is organized as follows. Section 2 describes related works
along with existing DFP approaches. The proposed DL-based device fingerprinting
model, datasets, and fingerprinting (as graph) generation process are presented in
Sect. 3. Experimental results with different datasets, including IoT and non-IoT data-
sets, are discussed in Sect. 4; additionally, a comparison of the proposed DFP model
with existing works is presented in this section. Finally, the conclusion and future
direction of work are given in Sect. 5.

2 Related Work

Researchers have proposed different DFP approaches either using traditional

machine learning (ML) [17, 18, 31–33] and deep learning [13, 15, 19, 34–37] algo-
rithms for the classification task by utilizing fingerprints generated from network
traffic characteristics. Network traffic traces can be easily captured using commodity
hardware and software. This is in contrast to a radio signal, which requires relatively

13
 26 Page 4 of 21 Journal of Network and Systems Management (2023) 31:26

expensive hardware and software [26, 38] to capture, and hence, many researchers
have proposed DFP models utilizing only network traffic traces.
Pinheiro et al. [39] described a DFP model capable of distinguishing traffic types
(IoT and non-IoT traffic traces), as well as identifying individual IoT devices using
only three features: mean, standard deviation, and a total number of bytes transmit-
ted over a specific time frame, from packet lengths of n transmission control pro-
tocol (TCP) sessions in a one-second window. The model utilizes a Random For-
est (RF) classifier, with 96% accuracy demonstrated in identifying 21 IoT devices
and 99% accuracy in categorizing IoT (21 devices) and non-IoT (7 non-IoT devices)
devices’ traffic types on the UNSW dataset. In reference [40], the authors proposed
an ML-based DFP model for distinguishing between 12,107 IoT and 12,693 non-IoT
devices, as well as identifying five categories of IoT devices based on the analysis
of network traffic features from three levels: packet-level (packet number and packet
size), traffic-level (flow volume) and mobility-level (location and mobility entropy)
features. 22 statistical features, including traffic volume, uplink-downlink ratio, and
mobility entropy, were calculated from hourly-based communication traffic traces to
generate fingerprints. These features were then utilized for training seven different
classifiers, with the RF classifier demonstrating over 95% accuracy in classifying
devices.
Sivanathan et al. [32] proposed a DFP model by analyzing passively observed
network traffic traces to generate statistical fingerprints for the classification task. 11
statistical features were computed from network packet flows over a one-day period
for training an ML-based model. It has been shown that the proposed DFP model
achieves over 95% accuracy in identifying individual IoT devices (21 IoT devices).
In reference [17], the same researchers presented another DFP model using only
eight statistical features as fingerprints for characterizing individual IoT devices,
with a reported accuracy of over 99% on the UNSW dataset with 28 IoT devices.
On the other hand, the researchers in reference [18] selected 86 features from a sin-
gle TCP/IP packet header information using character level three metric operations
to generate device-specific fingerprints. The proposed DFP model demonstrates
97% accuracy on the UNSW dataset with 19 devices. In reference [41], the same
researchers achieved 97.2% precision and 93.7% recall using the RF classifier on
the UNSW IoT dataset with 22 devices, using nine features (a single TCP/IP packet)
which were selected based on an attribute evaluator (GainRatioAttributeEval) and a
search algorithm (Ranker).
Kumar et al. [42] presented an ML-based DFP model for classifying IoT
devices. n number of packets’ information, including IP addresses, port numbers,
and average packet size, were utilized for generating unique fingerprints (vectors)
with 12 statistical features. These features were then used to train different ML
algorithms, including RF, K-Nearest Neighbors (KNN), Decision Tree (DT) and
Logistic Regression (LR) algorithms (or classifiers), for the classification task,
with the DT classifier giving a maximum accuracy of about 99.99% on the UNSW
dataset with 22 IoT devices. Kotak et al. [36] presented a DL-based DFP model
for classifying network-connected devices. TCP payload information was con-
verted into 28 × 28 pixel grey-scale images (a packet capture (PCAP) file (with-
out header) → a binary file (hexadecimal values) → an image) to be presented

13
Journal of Network and Systems Management (2023) 31:26 Page 5 of 21 26

as unique fingerprints, with the authors utilizing only a single TCP session data
for constructing these fingerprints. Their proposed CNN-based DFP model was
evaluated using network traffic traces of ten devices, including both IoT and non-
IoT devices, to assess its classification performances. The model achieved 99.86%
accuracy in identifying individual devices and over 99% accuracy in classifying
unauthorized IoT devices on the UNSW dataset.
In reference [34], the authors proposed a semi-supervised DFP model for
device classification, whereby 219-dimensional features vectors were calculated
from four attributes: time interval, traffic volume, protocols (TCP, user data-
gram protocol (UDP), internet control message protocol (ICMP), domain name
system (DNS) and dynamic host configuration protocol (DHCP)) and transport
layer security (TLS) related features, of the communication traffic traces from a
30 min time window, and presented as unique fingerprints. The proposed CNN-
based DFP model reported over 99% accuracy in identifying individual devices
on the UNSW dataset with 24 devices, including both IoT and non-IoT devices.
On the other hand, the authors in reference [35] segmented network traffic flows
into 5 min intervals for calculating six statistical features from four network traf-
fic attributes: traffic volume, packet length, network protocols and network traffic
directions, to classify the semantic category of IoT devices. A long short-term
memory (LSTM)-CNN cascade model has been designed for classifying four cat-
egories of devices (15 devices). On average, 74.8% accuracy has been reported
using the UNSW dataset with 15 IoT devices.
Aneja et al. [19] utilized a statistical assessment of inter-arrival time (IAT) val-
ues for generating fingerprints (graphs) to identify network-connected devices from
wire-side observations of network traffic traces. IAT values from consecutive 1000
packets were used to generate device fingerprints as graphs for the identification of
devices. The scheme achieves over 97.7% accuracy in identifying individual devices
using the Residual Networks (ResNet)-50 CNN model on the Georgia Tech ID
(GTID) dataset.
From the existing works, it has been observed that different DFP models, either
using traditional ML (RF, DT and J48) or DL (CNN and LSTM) algorithms, have
been adopted for classifying individual devices and identifying traffic types (IoT and
non-IoT traffic traces), which are presented in Table 1. Unique fingerprints (vectors
or graphs) are generated utilizing a large set of features [18, 34, 40] or a large num-
ber of packets’ information [17, 19, 32, 34, 43], which require a long time to cap-
ture, necessitate empirical analysis and different mathematical operations to select a
suitable subset of features [41, 44]. Additionally, to improve classification accuracy,
some researchers [36] have also utilized network traffic payload data for generating
fingerprints. Naturally, this has raised privacy issues in data handling. It is important
for a DFP model to consider not only a suitable classifier but also suitable features
which are easy to capture and, at the same time, preserve users’ or data privacy.
Therefore, a deep analysis may be required to select a suitable subset of features
from a minimum number of packets’ information (network traffic attributes) for gen-
erating unique fingerprints (vectors or graphs) to improve classification accuracy
and reduce computational complexity; with a DFP model expected to not only able
to identify network-connected devices uniquely but also able to classify network

13
 Table 1  Some of the key existing device fingerprint works
26

Source Task Method DFP Learning algorithm

(Fingerprint)

13
[18] Individual device cls Three character-level metric operations have been used to generate fingerprints (86 features from a single TCP/ Vector ML algorithm
IP packet) (J48)
[17] Individual device cls 8 statistical features have been computed from n number of packets’ information in an hour for generating Vector ML algorithm
Page 6 of 21

fingerprints (RF)
[19] Individual device cls 1000 packets’ IAT values have been utilized for generating fingerprints (graphs) Graph DL algorithm
(CNN)
[32] Individual device cls 11 statistical features have been computed from n number of packets’ information in a day for generating Vector ML algorithm
fingerprints (RF)
[34] Individual device cls 219-dimensional features vector have been utilized for generating fingerprints from four attributes, including Vector DL algorithm
time interval, traffic volume, protocols, and transport layer security, in 30 min time window (CNN)
[35] Device category 6 statistical features have been utilized for generating fingerprints from four network traffic attributes in 5 min Vector DL algorithm
window (LSTM-CNN)
[36] Individual device cls Fingerprints (images) are generated using TCP payload information from a single TCP session (n number of Graph DL algorithm
packets) (CNN)
[39] IoT vs non-IoT Fingerprints are generated using 3 statistical features from n number of packets in a 1-s window Vector ML algorithm
Individual device cls (RF)
[40] IoT vs non-IoT Fingerprints are generated from packet, traffic, and mobility levels information, whilst 22 statistical features Vector ML algorithms
have been computed from n number of traffic traces in 1 h (RF, XGboost, GBDT,
k-NN, LR, SVM)
DL algorithm
(MLP)
[41] Individual device cls 9 features have been selected from a single TCP/IP packet using an attribute evaluator and a search algorithm Vector ML algorithms
for generating fingerprints (J48, RF, RT, BG, ST)
Journal of Network and Systems Management

[42] Individual device cls Fingerprints are generated using 12 features from n number of packets’ information Vector ML algorithms
(RF, KNN, DT, LR)
a
Known vs Unknown Fingerprints are generated using 2 features from 100 packets’ information Graph DL algorithm
IoT vs non-IoT (CNN)
Individual device cls
(2023) 31:26

Note: cls classification, GBDT Gradient Boosted Decision Tree, k-NN k-Nearest Neighbors, LR Logistic Regression, SVM Support Vector Machine, MLP Multilayer Per-
ceptron, BG Bagging, ST Stacking, h hour, s second
a
The proposed DFP model
Journal of Network and Systems Management (2023) 31:26 Page 7 of 21 26

traffic types: IoT and non-IoT traffic types and known and unknown traffic types.
The proposed DL-based DFP model is designed to achieve these goals.

3 Proposed Methodology

3.1 Network Traffic Traces

The proposed DL-based DFP model has been evaluated using two publicly available
datasets: UNSW and D-Link IoT datasets. The UNSW dataset [17] consists of both
IoT (U-IoT) and non-IoT (U-non-IoT) devices’ traffic traces, whilst the D-Link IoT
[45] dataset contains only IoT devices’ network traffic traces. In this paper, feature
values are converted to a graph as fingerprints. Two attributes (or features), includ-
ing tcp.window_size and ip.len, are extracted from the network traffic traces for gen-
erating fingerprints, with these fingerprints represented as graphs or instances with
100 numerical values from each attribute. Table 2 presents a brief description of the
datasets. An instance (graph) consists of exactly 200 numerical values. The finger-
print generation process in the proposed DFP model splits the received traffic traces
(samples) into groups of 100 packets; if the received samples are less than 100 pack-
ets, then either these samples are discarded or more time is given in order to receive
sufficient packets to generate fingerprints.
Network-connected devices transfer packets (traffic traces) for communication
at different frequencies according to their capability and network activity. Figure 2
represents the communication patterns of selected IoT and non-IoT devices; for
instance, on average, the AmazonEcho device sends 100 packets within 240 s, whilst
a MacBook requires around 3 s only to communicate the same number of packets.

3.2 Fingerprint Generation Process

The proposed DL-based DFP scheme utilizes device-originated traffic traces for
generating image (or graph) based fingerprints. An abstract design of the finger-
printing generation process is depicted in Fig. 3, where a total of 100 consecu-
tive packets’ information (two attribute values) has been utilized to generate a
graph as a unique fingerprint. Each graph consists of 200 numerical values (100
tcp.window_size and 100 ip.len values), and these values have been normalized
column-wise in the range between 0 and 1. Matplotlib (open-source data visuali-
zation and graphical plotting library) has been used to generate graphs in Python.
Figure 4 represents some samples of both IoT and non-IoT devices’ fingerprints.
It can be clearly observed that individual devices have different communication
patterns.

13
 26 Page 8 of 21 Journal of Network and Systems Management (2023) 31:26

Table 2  List of IoT and non-IoT datasets

Dataset Devices Attributes DFP Packets Instances (Graphs) Source

UNSW (U-IoT) 21 2 Graph 3,513,700 3,513,700/100 = 35,137 [17]

UNSW (U-non-IoT) 7 1,254,800 1,254,800/100 = 12,548
D-Link IoT (D-IoT) 12 3,148,300 3,148,300/100 = 31,483 [45]

Fig. 2  The average time requires to capture device-originated 100 packets from the UNSW dataset

3.3 Device Fingerprinting Model

The proposed DFP scheme architecture is depicted in Fig. 5. Two selected attrib-
utes (tcp.window_size and ip.len) have been utilized for generating unique fin-
gerprints (graphs), and then these fingerprints are fed into a CNN architecture
as input for training the DL-based DFP model for classifying devices as well as
traffic types. From the literature studies [19, 46–50], it has been observed that
CNN architecture is more widely used as compared to other DL-based archi-
tectures, including artificial neural network (ANN), long short-term memory
(LSTM), and multilayer perceptron (MLP), for the classification tasks. This is
because the architecture allows learning unique features set automatically from
the input data, particularly from an image or graph data, to improve classifica-
tion performances. The CNN architecture consists of different layers, including
convolutional, pooling, flatten, fully connected, and output layers, for the clas-
sification tasks [51]. The proposed DFP model has been designed with a CNN
architecture (2D-CNN - bi-dimensional convolution architecture [52, 53]), con-
sisting of the three convolutional layers with a kernel size 3, stride and padding
1 (conv1—(3, 12, kernel size = 3, stride = 1, padding = 1), conv2—(1, 20, kernel
size = 3, stride = 1, padding = 1) and conv3—(20, 32, kernel size = 3, stride = 1,
padding = 1)), 1 pooling layer (Max polling) with a kernel size = 2, stride = 2 and
padding = 0, and a fully connected layer (in features = 180,000 and out features
(output layers) according to experimental datasets, for instance, output features
are IoT and non-IoT while distinguishing between IoT and non-IoT traffic types).
The rectified linear unit (ReLU) [54, 55] has been utilized as an activation func-
tion with batch size = 256.

13
Journal of Network and Systems Management (2023) 31:26 Page 9 of 21 26

Fig. 3  An abstract view of the fingerprint generation process

Fig. 4  Samples of IoT and non-IoT devices’ fingerprints

4 Results and Discussion

Classification performances of the proposed DL-based DFP model have been

evaluated on a Windows system (Dell Inspiron 15 5000 Series with processor—
Intel® CoreTM i5-5200U ­(5th Gen) CPU @ 2.20 GHz, RAM—16 GB, and SSD
512 GB storage) with the PyTorch library. The UNSW and D-Link IoT data-
sets have been utilized for generating fingerprints (graphs) and evaluating clas-
sification performances. For each experiment, including identifying known and
unknown traffic traces (Level 1), distinguishing between IoT and non-IoT devices’
traffic traces (Level 2) and classifying individual devices (Level 3), the dataset
has been randomly divided into three groups: training, testing, and validation
datasets to avoid bias (overfitting problem) and to generalize the model, with a
different number of instances. Training and validation datasets have been utilized

13
 26 Page 10 of 21 Journal of Network and Systems Management (2023) 31:26

Fig. 5  A DFP model using a CNN architecture

for training a DFP model, with 50 epochs utilized to learn significant features, as
presented in Fig. 6. It has been observed that training accuracies almost remain
stable after 40 epochs, though validation accuracy changes randomly, as can be
seen in both Fig. 6a and b. Subsequently, the best model has been utilized for test-
ing the proposed DFP model classification performances using the dataset. Natu-
rally, not all models (for instance, 50 epochs = 50 models) can provide high clas-
sification performance. A model learns significant features from the input data
in each iteration (epoch); hence, performance may differ between models. It is
challenging to choose a DFP model suitable for the classification task manually;
therefore, in this paper, the best DFP model has been selected based on the high-
est obtained training accuracy.
Classification performances of the proposed DFP model have been assessed using
different evaluation metrics, including precision, recall and f-measure. These metrics
quantify the effectiveness of the proposed DFP model for the classification tasks.
TP
Precision = (1)
(TP + FP)

TP
Recall = (2)
(TP + FN)

2 ∗ (Precision ∗ Recall)
F − measure = (3)
(Precision + Recall)
where true-positive (TP) presents the total number of positive instances correctly
classified. False-positive (FP) and false-negative (FN) represent the total number of
positive and negative instances classified incorrectly, respectively.

13
Journal of Network and Systems Management (2023) 31:26 Page 11 of 21 26

Figure 7 illustrates the confusion matrix of the proposed DFP model classifica-
tion performances in distinguishing between known and unknown traffic traces.
It can be observed that a total of 1,788 out of 1,799 instances (99%) from the
known traffic traces have been classified correctly, whilst only 9 out of 1,385
unknown instances have been classified incorrectly as known instances. In this
experiment, known and unknown instances have been utilized from the U-IoT and
D-IoT datasets, respectively. These datasets have been divided into two datasets:
8,435 (known) and 4,666 (unknown) instances for training, and 1,799 (known)
and 1,385 (unknown) instances for testing datasets. Overall, classification perfor-
mance achieves 99.35% precision in distinguishing between known and unknown
traffic types (Level 1).
Figure 8 presents the classification performances of the proposed DFP model on
different datasets, including the UNSW IoT, UNSW non-IoT, and UNSW IoT and
non-IoT datasets for classifying individual devices as well as distinguishing between
IoT and non-IoT devices’ traffic traces. The DFP model demonstrates over 98.49%
precision, recall, and f-measure in identifying individual IoT devices. A total of
5,977 instances (or graphs) in the testing dataset and 25,435 graphs for training have
been utilized. However, the proposed DFP model demonstrates only 72.2% precision
and 71.15% recall on the UNSW non-IoT devices. This is due to the limited number
of instances available; for instance, only 9, 55, and 95 instances are available from
the iPhone, AndroidPhone, and MacBook-iPhone non-IoT devices, respectively, for
analysis. On the other hand, classification performances of over 95.02%, including
precision, recall, and f-measure, have been obtained in distinguishing between IoT
and non-IoT devices’ traffic traces from a testing dataset of 3,126 graphs and a train-
ing dataset consisting of 7,840 graphs.
Figures 9 and 10 illustrate the confusion matrix of the proposed DL-based DFP
model classification performances in distinguishing traffic traces and identifying
individual IoT devices, respectively. From Fig. 9, it can be observed that a total of
2,902 (97%) out of 3,000 instances from the different IoT devices have been classi-
fied correctly, whilst only 207 (7%) out of 3,126 non-IoT instances have been clas-
sified incorrectly as IoT instances. The UNSW IoT and non-IoT datasets have been

Fig. 6  UNSW dataset: (a) Training and validation accuracy in identifying individual IoT devices in each
epoch and (b) Training and validation accuracy in distinguishing between IoT and non-IoT devices’ traf-
fic traces in each epoch

13
 26 Page 12 of 21 Journal of Network and Systems Management (2023) 31:26

Fig. 7  Confusion matrix of the proposed DFP model to distinguish between known and unknown
devices’ traffic traces

Fig. 8  Classification performances of the proposed DL-based DFP model on the UNSW dataset

divided into two datasets, including 7,840 (non-IoT) and 12,785 (IoT) instances for
training, and 3,126 (non-IoT) and 3,000 (IoT) instances for testing datasets.
From Fig. 10a, it can be seen that a total of 88 instances have been incorrectly
classified out of 5,977 instances from the testing dataset, with 25,435 instances
utilized for training to train a DL-based DFP model. Figure 10b represents a nor-
malized version of this result. Some IoT devices, including NESTalarm (training
10 and testing 5 instances), PIX-STARPhotoframe (training 160 and testing 94
instances), and WithingsSmartscale (training 15 and testing 6 instances) devices,
have been identified with high accuracy of about 100%, despite the limited num-
ber of instances of the devices available on the UNSW IoT dataset. On the other
hand, the proposed DFP model has incorrectly identified the maximum number of
instances from the IoT devices: AmazonEcho (incorrectly classified 12 out of 500
instances—accuracy of 97.6%), NestDropCam (incorrectly classified 20 out of 169

13
Journal of Network and Systems Management (2023) 31:26 Page 13 of 21 26

instances—accuracy of 88.2%), NetatmoWelcome (incorrectly classified 15 out of

500 instances—accuracy of 97%) and iHome (incorrectly classified 19 out of 50
instances—accuracy of 63.3%) devices. These cause an overall slight reduction in
classification performances.
Figure 11 presents the confusion matrix of the proposed DFP model classification
performances in identifying individual non-IoT devices from the UNSW non-IoT
dataset. It has been observed that the proposed DFP model obtains high classifica-
tion accuracy for identifying individual computing devices, including Laptop—86%,
MacBook—61% and SamsungTab—72%, compared to smartphone devices, includ-
ing AndroidPhone—0%, AndroidPhone_2—20% and IPhone—0%. For instance,
864 out of 1,000 instances are correctly identified as Laptop, whilst only 18 out of
89 instances and no correct instances are correctly classified as AndroidPhone_2
and AndroidPhone, respectively, from the test dataset.
The proposed DL-based DFP model gives only 46.92% accuracy in identify-
ing individual D-Link IoT devices from the D-Link IoT dataset. This is because
the D-Link IoT dataset contains network traffic traces from the same manufac-
turer and of similar types. However, the same DFP model achieves 99.71% preci-
sion and 99.70% recall on the D-Link IoT dataset with four different device cate-
gories: D-LinkCam and D-LinkDayCam, D-LinkHomeHub and D-LinkSmartPlug
IoT devices. Figure 12 presents the confusion matrix of the proposed DFP model
classification performances in identifying the four different device categories. The
D-Link IoT dataset (4 device categories) has been divided into two datasets: 24,818
instances for training and 4,135 instances for testing datasets. From Fig. 12, it can be
observed that a total of 4,123 out of 4,135 instances have been classified correctly,
whilst only 12 instances have been classified incorrectly on the testing dataset.
Some IoT device categories, including D-LinkHomeHub (training 652 and testing
100 instances), and D-LinkSmartPlug (training 166 and testing 35 instances) device
categories, have been identified with high accuracies, despite the limited number
of instances of the device categories available on the D-Link IoT dataset. On the

Fig. 9  Confusion matrix of the proposed DFP model to distinguish between IoT and nonIoT devices’ traf-
fic traces

13
 26 Page 14 of 21 Journal of Network and Systems Management (2023) 31:26

Fig. 10  UNSW IoT dataset: (a) Confusion matrix of the proposed DFP model to identify individual IoT
devices (represent the actual number of instances used in this experiment) and (b) Represent a normal-
ized (range 0 to 1) version of the above confusion matrix

other hand, the proposed DFP model has incorrectly identified the maximum num-
ber of instances from the D-LinkCam device category (incorrectly classified 10 out
of 1,000 instances).
Table 3 provides a comparative summary of some of the existing DFP approaches
along with the proposed DL-based DFP model. It is noted that prior DFP approaches
commonly utilize either a large set of features or a larger number of packets’ infor-
mation for generating fingerprints as graphs or vectors. In contrast, the proposed

13
Journal of Network and Systems Management (2023) 31:26 Page 15 of 21 26

Fig. 11  Confusion matrix of the proposed DFP model to identify individual non-IoT devices on the
UNSW dataset

DFP model utilizes only two network traffic attributes (or features) from consec-
utive 100 packets’ header information for generating fingerprints to provide three
levels of classification. Overall, the proposed DFP model provides high classifica-
tion performances on the three levels using only the two attributes. The proposed
DL-based DFP model gives over 99% and 95% accuracies in distinguishing between
known and unknown traffic traces and in distinguishing between IoT and non-IoT
traffic traces, respectively. The same model also provides 98.49% accuracy in clas-
sifying individual IoT devices on the UNSW IoT dataset. However, classification
performances decrease significantly in identifying 12 D-Link IoT devices (46.92%
accuracy) due to devices coming from the same manufacturer and of similar types.
Comparison of existing works on the UNSW IoT dataset, references [17] and
[32] give 99% and 95% accuracies in identifying individual IoT devices using sta-
tistical features from the captured traffic traces hourly, and daily basis, respectively,
whilst researchers in reference [18] provides over 97% accuracy with a set of 86
features from a single TCP/IP packets’ information. In reference [39], the proposed
model gives 96% accuracy in classifying UNSW IoT devices, whilst 99% accuracy
is obtained in distinguishing between IoT and non-IoT traffic traces on the UNSW
dataset. Similarly, references [34] and [35] demonstrate 99% and 74.8% accura-
cies in classifying individual devices using 219 and 6 features, respectively, which
require 30 and 5 min of traffic traces, respectively. The authors in reference [42] have
demonstrated over 99% accuracy in classifying IoT devices, but the method requires
IP address information for generating fingerprints, which is not a suitable candi-
date to represent as fingerprints due to IP spoofing attacks and network dependency.
Reference [36] demonstrates maximum accuracy of 99.86% with only ten devices;
however, it requires payload data for generating its fingerprints, which raises a pri-
vacy issue. This is compared to the proposed DL-based DFP model, which uses only
packets’ header information to give over 98% accuracy on the UNSW dataset with
21 IoT devices.

13
 26 Page 16 of 21 Journal of Network and Systems Management (2023) 31:26

Fig. 12  Confusion matrix of the proposed DFP model to identify individual device categories (D-Link
IoT devices)

Table 3  Comparison of the proposed DFP model with the existing approaches
Source Task Dataset Devices Packet DFP Performance

[18] Individual device cls U-IoT 19 1 Vector 97%J48

(86 Features)
[17] Individual device cls U-IoT 28 n Vector 99%RF
(h/Flows) (8 Features)
[19] Individual device cls GTID 58 1000 Graph 97.7%CNN
(1 Feature)
[32] Individual device cls U-IoT 21 n Vector 95%RF
(Day/Flows) (11 Features)
[34] Individual device cls U-IoT 24 n Vector 99%CNN
U- non-IoT (30 min) (219 Features)
[35] Device category U-IoT 415 IoT n Vector 74.8%L−CNN
(5 min) (6 Features)
[36] Individual device cls U-IoT 10 n Graph 99.86%CNN
U- non-IoT (1 TCP Ses.) (Payload)
a a,b a
[39] IoT vs non-IoT U-IoT 21 n Vector 99%RF
b a b
Individual device cls U- non-IoT 7 (1 s) (3 Features) 96%RF
[40] IoT vs non-IoT Private 24,800 n Vector 95.86%RF
(1 h) (22 Features)
[41] Individual device cls U-IoT 22 1 Vector 97.2%RF
(9 Features)
[42] Individual device cls U-IoT 22 n Vector 99.99%DT
(flow) (12 Features)
a a,b,c a
* Known vs unknown U-IoT 21 100 Graph 99.35%CNN
b b b
IoT vs non-IoT U- non-IoT 7 (2 Features) 95.02%CNN
c a c
Individual device cls D-IoT 12 98.49%CNN

Note:cls Classification, RF Random Forest, h - hour, DT Decision Tree, Ses Session, L Long short-
term memory (LSTM), s Second, min Minutes
* The proposed DFP model
a,b,c
Related fields

13
Journal of Network and Systems Management (2023) 31:26 Page 17 of 21 26

5 Conclusion

Heterogeneous IoT devices have become an integral part of daily life activi-
ties. Large-scale deployments of resource-constrained devices with heterogene-
ous functionalities across networks have raised security and privacy concerns.
To improve network security, it is essential to recognize traffic types as well as
individual devices connected to a network. IP/MAC addresses-based device iden-
tification is unsuitable due to spoofing attacks, network-dependent IP addresses
and IP/MAC address randomization. In this study, a DL-based DFP model has
been proposed to distinguish between traffic types (known vs unknown, and IoT
vs non-IoT traffic types) and to identify individual devices from their communica-
tion traffic characteristics. The proposed DL-based DFP model utilizes only two
attributes from each packet for generating unique fingerprints (or graphs), requir-
ing 100 device-originated packet headers information. The CNN-based DFP
model demonstrates over 99% accuracy in distinguishing between known and
unknown traffic traces (Level 1) on a combined dataset of the UNSW (known) and
D-Link IoT (unknown) datasets. 95% accuracy is demonstrated in distinguishing
between IoT and non-IoT devices’ traffic traces (Level 2) and over 98% accuracy
in classifying individual IoT devices (Level 3) on the UNSW dataset. However,
the proposed DFP model achieves only 71.15% accuracy in identifying individ-
ual non-IoT devices. On the D-Link dataset, the proposed DFP model demon-
strates 99.71% accuracy in identifying the four different categories of D-Link IoT
devices within the dataset; however, the model’s performance declines drastically
to reach only 46.92% accuracy in classifying 12 individual D-Link IoT devices.
This is because the devices in the dataset come from the same manufacturer and
of similar types.
Overall, it has been observed that the proposed DL-based DFP model clas-
sification performances decrease significantly in classifying non-IoT devices’
instances as well as IoT devices from the same manufacturer and of similar types,
necessitating further investigation of network traffic traces in order to improve
classification performances. Despite these issues, it has been demonstrated that
the proposed DFP model demonstrates higher classification performance than
other DFP models whilst utilizing a smaller number of attributes. This is signifi-
cant as it demonstrates the applicability of the proposed DFP model in improv-
ing the security of the fast-expanding network. As a future direction, more net-
work traffic features analysis may be required to increase classification accuracy,
including individual devices and network traffic types classification performances.
Furthermore, different IoT and non-IoT datasets with multiple intruder devices
may be considered for investigating anomaly or malicious traffic detection.
Acknowledgements The authors are profoundly grateful to the Faculty of Integrated Technologies (FIT),
Universiti Brunei Darussalam (UBD), for supporting this research work, as well as to UBD for awarding
the UBD Graduate Scholarship (UGS) to the first author.

Author Contributions All authors contributed to the design and conception of this study. RRC wrote
the original manuscript and performed experiments. PEA and ACI supervised and commented on the
manuscript.

13
 26 Page 18 of 21 Journal of Network and Systems Management (2023) 31:26

Funding The authors received no financial support for this research.

Declarations
Conflict of interest The authors declare that they have no known competing financial interests or personal
relationships which have influenced the work reported in this manuscript.

References
1. Miettinen, M., Marchal, S., Asokan, N.: IoT Sentinel: automated device-type identification for secu-
rity enforcement in IoT. In: 2017 IEEE 37th International Conference on Distributed Computing
Systems (ICDCS), pp. 2177–2184 (2017). https://​doi.​org/​10.​1109/​ICDCS.​2017.​284.
2. Ammar, N., Noirie, L., Tixeuil, S.: Network-protocol-based IoT Device Identification. In: 2019
Fourth International Conference on Fog and Mobile Edge Computing (FMEC), no. Section V, pp.
204–209 (2019). https://​doi.​org/​10.​1109/​fmec.​2019.​87953​18.
3. Rahman, A., et al.: SmartBlock-SDN: an optimized blockchain-SDN framework for resource man-
agement in IoT. IEEE Access 9, 28361–28376 (2021). https://​doi.​org/​10.​1109/​ACCESS.​2021.​30582​
44
4. Hasan, M., Islam, M.M., Zarif, M.I.I., Hashem, M.M.A.: Attack and anomaly detection in IoT sen-
sors in IoT sites using machine learning approaches. Internet of Things 7, 100059 (2019). https://​
doi.​org/​10.​1016/j.​iot.​2019.​100059
5. Meidan, Y., et al.: N-baiot—network-based detection of IoT botnet attacks using deep autoencoders.
IEEE Pervasive Comput. 17(3), 12–22 (2018)
6. Charyyev, B., Gunes, M.H.: Detecting anomalous IoT traffic flow with locality sensitive hashes. In:
2020 IEEE Global Communications Conference, GLOBECOM 2020 - Proceedings (2020). https://​
doi.​org/​10.​1109/​GLOBE​COM42​002.​2020.​93225​59.
7. Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P., Al-Nemrat, A., Venkatraman, S.:
Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550
(2019). https://​doi.​org/​10.​1109/​ACCESS.​2019.​28953​34
8. Kozik, R., Pawlicki, M., Choraś, M.: A new method of hybrid time window embedding with trans-
former-based traffic data classification in IoT-networked environment. Pattern Anal. Appl. 24(4),
1441–1449 (2021). https://​doi.​org/​10.​1007/​s10044-​021-​00980-2
9. Nascita, A., Cerasuolo, F., di Monda, D., Garcia, J.T.A., Montieri, A., Pescape, A.: Machine and
Deep Learning Approaches for IoT Attack Classification, pp. 1–6 (2022). https://​doi.​org/​10.​1109/​
INFOC​OMWKS​HPS54​753.​2022.​97979​71.
10. He, H., Sun, X., He, H., Zhao, G., He, L., Ren, J.: A Novel multimodal-sequential approach based
on multi-view features for network intrusion detection. IEEE Access 7, 183207–183221 (2019).
https://​doi.​org/​10.​1109/​ACCESS.​2019.​29591​31
11. Alshboul, Y., Bsoul, A.A.R., al Zamil, M., Samarah, S.: Cybersecurity of smart home systems: sen-
sor identity protection. J. Netw. Syst. Manag. (2021). https://​doi.​org/​10.​1007/​s10922-​021-​09586-9
12. Otoum, Y., Nayak, A.: AS-IDS: anomaly and signature based IDS for the internet of things. J. Netw.
Syst. Manag. (2021). https://​doi.​org/​10.​1007/​s10922-​021-​09589-6
13. Afzal, S., Asim, M., Javed, A.R., Beg, M.O., Baker, T.: URLdeepDetect: a deep learning approach
for detecting malicious URLs using semantic vector models. J. Netw. Syst. Manag. (2021). https://​
doi.​org/​10.​1007/​s10922-​021-​09587-8
14. Yaseen, Q., Jararweh, Y.: Building an intelligent global IoT reputation and malicious devices detect-
ing system. J. Netw. Syst. Manag. (2021). https://​doi.​org/​10.​1007/​s10922-​021-​09611-x
15. Tsimenidis, S., Lagkas, T., Rantos, K.: Deep learning in IoT intrusion detection. J. Netw. Syst.
Manag. 30(1), 1–40 (2021). https://​doi.​org/​10.​1007/​S10922-​021-​09621-9
16. Song, Y., Huang, Q., Yang, J., Fan, M., Hu, A., Jiang, Y.: IoT device fingerprinting for relieving
pressure in the access control. In: ACM International Conference Proceeding Series (2019).https://​
doi.​org/​10.​1145/​33214​08.​33266​71
17. Sivanathan, A., et al.: Classifying IoT devices in smart environments using network traffic charac-
teristics. IEEE Trans. Mob. Comput. 18(8), 1745–1759 (2018). https://​doi.​org/​10.​1109/​TMC.​2018.​
28662​49

13
Journal of Network and Systems Management (2023) 31:26 Page 19 of 21 26

18. Chowdhury, R.R., Aneja, S., Aneja, N., Abas, E.: Network traffic analysis based IoT device identifi-
cation. In: ACM International Conference Proceeding Series, pp. 79–89 (2020). https://​doi.​org/​10.​
1145/​34215​37.​34215​45.
19. Aneja, S., Bhargava, B.K., Aneja, N., Chowdhury, R.R.: Device fingerprinting using deep convolu-
tional neural networks. IJCNDS 28(2), 171–198 (2022). https://​doi.​org/​10.​1504/​ijcnds.​2022.​10041​
894
20. Chowdhury, R.R., Abas, P.E.: A survey on device fingerprinting approach for resource-constraint
IoT devices: comparative study and research challenges. Internet of Things (Netherlands) (2022).
https://​doi.​org/​10.​1016/j.​iot.​2022.​100632
21. Jeong, Y.-S.: An efficient IoT Healthcare service management model of location tracking sensor. J.
Digit. Converg. 14(3), 261–267 (2016). https://​doi.​org/​10.​14400/​jdc.​2016.​14.3.​261
22. Sengan, S., Khalaf, O.I., Priyadarsini, S., Sharma, D.K., Amarendra, K., Hamad, A.A.: Smart
healthcare security device on medical IoT using raspberry PI. Int. J. Reliab. Qual. E-Healthc. 11(3),
1–11 (2022). https://​doi.​org/​10.​4018/​ijrqeh.​289177
23. Aume, C., Andrews, K., Pal, S., James, A., Seth, A., Mukhopadhyay, S.: TrackInk: an IoT-enabled
real-time object tracking system in space. Sensors 22(2), 1–15 (2022). https://​doi.​org/​10.​3390/​s2202​
0608
24. Ramnath, S., Javali, A., Narang, B., Mishra, P., Routray, S.K.: IoT based localization and tracking.
In: IEEE International Conference on IoT and its Applications, ICIOT 2017 (2017). https://​doi.​org/​
10.​1109/​ICIOTA.​2017.​80736​29.
25. Xu, Q., Zheng, R., Saad, W., Han, Z.: Device fingerprinting in wireless networks: challenges and
opportunities. IEEE Commun. Surv. Tutor. 18(1), 94–104 (2016). https://​doi.​org/​10.​1109/​COMST.​
2015.​24763​38
26. Robyns, P., Bonné, B., Quax, P., Lamotte, W.: Noncooperative 802.11 MAC layer fingerprinting and
tracking of mobile devices. Secur. Commun. Netw. (2017). https://​doi.​org/​10.​1155/​2017/​62354​84
27. Gu, X., Wu, W., Gu, X., Ling, Z., Yang, M., Song, A.: Probe request based device identification
attack and defense. Sensors (Switzerland) 20(16), 1–17 (2020). https://​doi.​org/​10.​3390/​s2016​4620
28. Wang, X., Zhang, Y., Zhang, H., Li, Y., Wei, X.: Radio frequency signal identification using transfer
learning based on LSTM. Circuits Syst. Signal Process. 39(11), 5514–5528 (2020). https://​doi.​org/​
10.​1007/​s00034-​020-​01417-7
29. Reising, D., Cancelleri, J., Loveless, T.D., Kandah, F., Skjellum, A.: Radio identity verification-
based IoT security using RF-DNA fingerprints and SVM. IEEE Internet Things J 8(10), 8356–8371
(2021). https://​doi.​org/​10.​1109/​JIOT.​2020.​30453​05
30. Yue, Y., Li, S., Legg, P., Li, F.: Deep learning-based security behaviour analysis in IoT environ-
ments: a survey. Secur. Commun. Netw. (2021). https://​doi.​org/​10.​1155/​2021/​88731​95
31. Aksoy, A., Gunes, M.H.: Automated iot device identification using network traffic. In: ICC 2019–
2019 IEEE International Conference on Communications (ICC) , pp. 1–7 (2019). https://​doi.​org/​10.​
1109/​ICC.​2019.​87615​59.
32. Sivanathan, A.: et al.: Characterizing and classifying IoT traffic in smart cities and campuses. In:
2017 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2017, pp.
559–564 (2017). https://​doi.​org/​10.​1109/​INFCO​MW.​2017.​81164​38.
33. Rashid, M.M., Kamruzzaman, J., Hassan, M.M., Imam, T., Gordon, S.: Cyberattacks detection
in IoT-based smart city applications using machine learning techniques. Int J Environ Res Public
Health 17(24), 1–21 (2020). https://​doi.​org/​10.​3390/​ijerp​h1724​9347
34. Fan, L., et al.: An IoT device identification method based on semi-supervised learning. In: 16th
International Conference on Network and Service Management (CNSM), pp. 1–7 (2020). https://​
doi.​org/​10.​23919/​CNSM5​0824.​2020.​92690​44.
35. Bia, L., Yao, L., Kanhere, S.S., Wang, X., Yang, Z.: Automatic device classification from network
traffic streams of internet of things. In: 2018 IEEE 43rd Conference on Local Computer Networks
(LCN), pp. 1–9 (2018)
36. Kotak, J., Elovici, Y.: Iot device identification using deep learning. In: Advances in Intel-
ligent Systems and Computing, AISC, vol. 1267, pp. 76–86 (2020). https://​doi.​org/​10.​1007/​
978-3-​030-​57805-3_8.
37. Wang, S., et al.: Radio frequency fingerprint identification based on deep complex residual network.
IEEE Access 8, 204417–204424 (2020). https://​doi.​org/​10.​1109/​ACCESS.​2020.​30372​06
38. Jafari, H., Omotere, O., Adesina, D., Wu, H.-H., Qian, L.: Iot devices fingerprinting using deep
learning. In: MILCOM 2018–2018 IEEE Military Communications Conference (MILCOM), pp.
1–9 (2018).

13
 26 Page 20 of 21 Journal of Network and Systems Management (2023) 31:26

39. Pinheiro, A.J., Bezerra, J.M., Burgardt, C.A.P., Campelo, D.R.: Identifying IoT devices and events
based on packet length from encrypted traffic. Comput. Commun. 144(May), 8–17 (2019). https://​
doi.​org/​10.​1016/j.​comcom.​2019.​05.​012
40. Hui, S., Wang, H., Xu, D., Wu, J., Li, Y., Jin, D.: Distinguishing between smartphones and IoT
devices via network traffic. IEEE Internet Things J. 4662(c), 1–16 (2021). https://​doi.​org/​10.​1109/​
JIOT.​2021.​30788​79
41. Chowdhury, R.R., Idris, A.C., Abas, P.E.: Internet of things device classification using transport and
network layers communication traffic traces. Int. J. Comput. Digit. Syst. 12(1), 2210–3142 (2022).
https://​doi.​org/​10.​12785/​ijcds/​120144
42. Kumar, K.R., Hemanth, C., Kumar, C.A., Sahith, K.M., Prasanth, G.A.: IoT device identification
through network traffic analysis. Int. Res. J. Modern. Eng. Technol. Sci. 02(06) (2020).
43. Sivanathan, A.: IoT Behavioral Monitoring via Network Traffic Analysis. no. September (2020)
[Online]. http://​arxiv.​org/​abs/​2001.​10632
44. Chowdhury, R.R.: Packet-level and IEEE 802.11 MAC frame-level analysis for IoT device identi-
fication device identification. Turk. J. Electr. Eng. Comput. Sci. 30, 1–1 (2022). https://​doi.​org/​10.​
3906/​elk-​1300-​0632.​3915
45. Chowdhury, R.R., Aneja, S., Aneja, N., Abas, P.E.: Packet-level and IEEE 802.11 MAC frame-level
network traffic traces data of the D-Link IoT devices. Data Brief 37, 107208 (2021). https://​doi.​org/​
10.​1016/j.​dib.​2021.​107208
46. Jo, W., Kim, S., Lee, C., Shon, T.: Packet preprocessing in CNN-based network intrusion detection
system. Electronics (Switzerland) 9(7), 1–15 (2020). https://​doi.​org/​10.​3390/​elect​ronic​s9071​151
47. Singh, K., Malik, N.: CNN based approach for traffic sign recognition system. Adv. J. Grad. Res.
11(1), 23–33 (2021). https://​doi.​org/​10.​21467/​ajgr.​11.1.​23-​33
48. Qing, G., Wang, H., Zhang, T.: Radio frequency fingerprinting identification for Zigbee via light-
weight CNN. Phys. Commun. 44, 101250 (2021). https://​doi.​org/​10.​1016/j.​phycom.​2020.​101250
49. Shen, G., Zhang, J., Marshall, A., Peng, L., Wang, X.: Radio frequency fingerprint identification for
LoRa using spectrogram and CNN. In: Proceedings - IEEE INFOCOM, May 2021, vol. 2021-May.
https://​doi.​org/​10.​1109/​INFOC​OM429​81.​2021.​94887​93.
50. Jafari, H., Omotere, O., Adesina, D., Wu, H.H., Qian, L.: IoT Devices Fingerprinting Using Deep
Learning. Proceedings - IEEE Military Communications Conference MILCOM, vol. 2019-Octob,
pp. 901–906 (2019). https://​doi.​org/​10.​1109/​MILCOM.​2018.​85998​26.
51. Albawi, S., Mohammed, T.A., Al-Zawi, S.: Understanding of a convolutional neural network. In:
Proceedings of 2017 International Conference on Engineering and Technology, ICET 2017, vol.
2018-January, pp. 1–6 (2018). https://​doi.​org/​10.​1109/​ICENG​TECHN​OL.​2017.​83081​86.
52. Snider, E.J., Hernandez-Torres, S.I., Boice, E.N.: An image classification deep-learning algo-
rithm for shrapnel detection from ultrasound images. Sci. Rep. (2022). https://​doi.​org/​10.​1038/​
s41598-​022-​12367-2
53. Chang, Y.L., et al.: Consolidated convolutional neural network for hyperspectral image classifica-
tion. Remote Sens. (Basel) (2022). https://​doi.​org/​10.​3390/​rs140​71571
54. Wang, J., Xu, J., Zhu, J.: CNNs with Compact Activation Function, pp. 319–327 (2022). https://​doi.​
org/​10.​1007/​978-3-​031-​08754-7_​40
55. Parisi, L., Neagu, D., Ma, R., Campean, F.: Quantum ReLU activation for convolutional neural
networks to improve diagnosis of Parkinson’s disease and COVID-19. Expert Syst. Appl. (2022).
https://​doi.​org/​10.​1016/j.​eswa.​2021.​115892

Publisher’s Note Springer Nature remains neutral with regard to jurisdictional claims in published maps
and institutional affiliations.

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under
a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted
manuscript version of this article is solely governed by the terms of such publishing agreement and
applicable law.

Rajarshi Roy Chowdhury is currently pursuing his PhD in Systems Engineering (Info Communication
Systems Engineering) under the Faculty of Integrated Technologies (FIT), Universiti Brunei Darussalam
(UBD). He obtained his Master′s degree in Computer Science from Universiti Sains Malaysia (USM),

13
Journal of Network and Systems Management (2023) 31:26 Page 21 of 21 26

Malaysia in 2012. Later, he joined Sylhet International University (SIU), Bangladesh, as a Lecturer in
2012. He is now working as an Assistant Professor in the same university. His research interests are net-
working, Internet of Things (IoT), and machine learning (ML).

Dr. Azam Che Idris is a chartered engineer with a wide interest in technology. Originally trained in high-
speed aerodynamics, he gained major exposure to IR4.0 technology during his tenure in a defence consul-
tancy group. His current interest is utilizing machine learning to understand hypersonic flow physics and
to control air-breathing engine in Mach 5. He holds a doctorate in Aerospace Engineering from Univer-
sity of Manchester, UK.

Pg Dr. Emeroylariffion Abas received his B.Eng. Information Systems Engineering from Imperial College,
London in 2001, before obtaining his PhD Communication Systems in 2005 from the same institution.
He is now working as an Assistant Professor in System Engineering, Faculty of Integrated Technologies,
Universiti Brunei Darussalam. His present research interest are data analysis, security of infocommunica-
tion systems, and design of photonic crystal fiber in fiber optics communication.

13