Kurt Jarvis

Date of Award

Spring 3-20-2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Operations (PhDCO)

First Advisor

Yong Wang

Second Advisor

Bhaskar Rimal

Third Advisor

Kristian Olivero

Abstract

ZigBee is the open-standard enabling smart devices to be adopted in new and innovative ways. In this research, the network layer of the ZigBee protocol is examined to further the understanding of security impacts it brings to the environment. The first research question is determining of the ZigBee beaconing patterns reveal the device type. This is the first layer that introduces encryption and the results indicate that beacon layer data with the lower layer information do not provide enough information to confidently identify the device prior to admittance to the network. This is important in the identification of rogue devices. The second research question is how applying machine learning to a set of features extracted from network traffic can reveal device types. The results are yes, training a model to identify traffic is possible leveraging network-layer traffic to identify device types within the network. The third research question is revealing if the traffic being captured at the network layer can be categorized as abnormal leading to potential malicious traffic identification. The results indicate a yes when the abnormal traffic is greater than one standard deviation from the average packet size. A reverse majority-vote classifier is created that classifies devices based on observed traffic. This research expands network identification, inventory, and potential detection for ZigBee smart devices that can be leveraged in the field environments today.

Download

Share

COinS