Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A first set of raw events associated with a first IoT device is identified, including a transmission made by the first IoT device. A communication manner of the first IoT device is determined, based at least in part on a communication manner of the first IoT device. The first set of raw events over the first time period is examined to generate one or more formatted events of the first IoT device. The formatted events are used to extract a set of features. Similar processing is performed with respect to a second IoT device. A context-based IoT device grouping model is generated based on at least one of: (1) the features extracted for the first IoT device or (2) the features extracted for the second IoT device. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A first set of raw events associated with a first IoT device is identified, including a transmission made by the first IoT device. A communication manner of the first IoT device is determined, based at least in part on a communication manner of the first IoT device. The first set of raw events over the first time period is examined to generate one or more formatted events of the first IoT device. The formatted events are used to extract a set of features. Similar processing is performed with respect to a second IoT device. A context-based IoT device grouping model is generated based on at least one of: (1) the features extracted for the first IoT device or (2) the features extracted for the second IoT device. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A set of raw events associated with a first IoT device is identified. A context of the first IoT device is identified, and used to enrich at least some of the raw events. At least some of the raw events are aggregated. A context-based IoT device grouping model is generated based at least in part on the aggregated events and events associated with a second IoT device in operation. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A set of raw events associated with a first IoT device is identified. A context of the first IoT device is identified, and used to enrich at least some of the raw events. At least some of the raw events are aggregated. A context-based IoT device grouping model is generated based at least in part on the aggregated events and events associated with a second IoT device in operation. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A set of raw events associated with a first IoT device is identified. A context of the first IoT device is identified, and used to enrich at least some of the raw events. At least some of the raw events are aggregated. A context-based IoT device grouping model is generated based at least in part on the aggregated events and events associated with a second IoT device in operation. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. In accordance with an aspect of the invention, there is provided a computer program product configured to be operable to perform the techniques described in this paper to enable grouping and labeling of IoT devices. As devices are grouped and labeled, and behavior is matched to or deviates from known or expected behavior, the network can be more readily understood and alerts can be more timely and appropriate.

Abstract: Data packets transmitted to and from an IoT device are obtained and at least one of the data packets are analyzed using deep packet inspection to identify transaction data from payload of the at least one of the data packets. An event log is generated for the IoT device from the transaction data, the event log, at least in part, used to generate a historical record for the IoT device. The IoT device into a device profile based on the historical record for the IoT device. The event log is updated in real-time to indicate current operation of the IoT device. Abnormal device behavior of the IoT device is determined using the event log and the device profile. The device profile is updated to indicate the abnormal device behavior of the IoT device.

Abstract: Data packets transmitted to and from an IoT device are obtained and at least one of the data packets are analyzed using deep packet inspection to identify transaction data from payload of the at least one of the data packets. An event log is generated for the IoT device from the transaction data, the event log, at least in part, used to generate a historical record for the IoT device. The IoT device is profiled into a device profile based on the historical record for the IoT device. The event log is updated in real-time to indicate current operation of the IoT device. Abnormal device behavior of the IoT device is determined using the event log and the device profile. The device profile is updated to indicate the abnormal device behavior of the IoT device.

Abstract: Data packets transmitted to and from an IoT device are obtained and at least one of the data packets are analyzed using deep packet inspection to identify transaction data from payload of the at least one of the data packets. An event log is generated for the IoT device from the transaction data, the event log, at least in part, used to generate a historical record for the IoT device. The IoT device is profiled into a device profile based on the historical record for the IoT device. The event log is updated in real-time to indicate current operation of the IoT device. Abnormal device behavior of the IoT device is determined using the event log and the device profile. The device profile is updated to indicate the abnormal device behavior of the IoT device.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. In accordance with an aspect of the invention, there is provided a computer program product configured to be operable to perform the techniques described in this paper to enable grouping and labeling of IoT devices. As devices are grouped and labeled, and behavior is matched to or deviates from known or expected behavior, the network can be more readily understood and alerts can be more timely and appropriate.

Abstract: Data packets transmitted to and from an IoT device are obtained and at least one of the data packets are analyzed using deep packet inspection to identify transaction data from payload of the at least one of the data packets. An event log is generated for the IoT device from the transaction data, the event log, at least in part, used to generate a historical record for the IoT device. The IoT device into a device profile based on the historical record for the IoT device. The event log is updated in real-time to indicate current operation of the IoT device. Abnormal device behavior of the IoT device is determined using the event log and the device profile. The device profile is updated to indicate the abnormal device behavior of the IoT device.

Abstract: Data packets transmitted to and from an IoT device are obtained and at least one of the data packets are analyzed using deep packet inspection to identify transaction data from payload of the at least one of the data packets. An event log is generated for the IoT device from the transaction data, the event log, at least in part, used to generate a historical record for the IoT device. The IoT device into a device profile based on the historical record for the IoT device. The event log is updated in real-time to indicate current operation of the IoT device. Abnormal device behavior of the IoT device is determined using the event log and the device profile. The device profile is updated to indicate the abnormal device behavior of the IoT device.