{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,17]],"date-time":"2026-01-17T04:16:54Z","timestamp":1768623414452,"version":"3.49.0"},"reference-count":30,"publisher":"MDPI AG","issue":"9","license":[{"start":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T00:00:00Z","timestamp":1713916800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Spanish Government","award":["PID2020-113795RB-C32"],"award-info":[{"award-number":["PID2020-113795RB-C32"]}]},{"name":"Spanish Government","award":["TED 2021-130369B-C32"],"award-info":[{"award-number":["TED 2021-130369B-C32"]}]},{"name":"MICIU\/AEI\/10.13039\/501100011033","award":["PID2020-113795RB-C32"],"award-info":[{"award-number":["PID2020-113795RB-C32"]}]},{"name":"MICIU\/AEI\/10.13039\/501100011033","award":["TED 2021-130369B-C32"],"award-info":[{"award-number":["TED 2021-130369B-C32"]}]},{"name":"Spain-PRTR-of the National Cybersecurity Institute of Spain (INCIBE)","award":["PID2020-113795RB-C32"],"award-info":[{"award-number":["PID2020-113795RB-C32"]}]},{"name":"Spain-PRTR-of the National Cybersecurity Institute of Spain (INCIBE)","award":["TED 2021-130369B-C32"],"award-info":[{"award-number":["TED 2021-130369B-C32"]}]},{"name":"European Union (Next Generation)","award":["PID2020-113795RB-C32"],"award-info":[{"award-number":["PID2020-113795RB-C32"]}]},{"name":"European Union (Next Generation)","award":["TED 2021-130369B-C32"],"award-info":[{"award-number":["TED 2021-130369B-C32"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The deployment of Internet of Things (IoT) devices is widespread in different environments, including homes. Although security is incorporated, homes can become targets for cyberattacks because of their vulnerabilities. IoT devices generate Domain Name Server (DNS) traffic primarily for communication with Internet servers. In this paper, we present a detailed analysis of DNS traffic from IoT devices. The queried domains are highly distinctive, enabling attackers to easily identify the IoT device. In addition, we observed an unexpectedly high volume of queries. The analysis reveals that the same domains are repeatedly queried, DNS queries are transmitted in plain text over User Datagram Protocol (UDP) port 53 (Do53), and the excessive generation of traffic poses a security risk by amplifying an attacker\u2019s ability to identify IoT devices and execute more precise, targeted attacks, consequently escalating the potential compromise of the entire IoT ecosystem. We propose a simple measure that can be taken to reduce DNS traffic generated by IoT devices, thus preventing it from being used as a vector to identify the types of devices present in the network. This measure is based on the implementation of the DNS cache in the devices; caching few resources increases privacy considerably.<\/jats:p>","DOI":"10.3390\/s24092690","type":"journal-article","created":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T03:56:31Z","timestamp":1713930991000},"page":"2690","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Reducing DNS Traffic to Enhance Home IoT Device Privacy"],"prefix":"10.3390","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6068-6233","authenticated-orcid":false,"given":"Marta","family":"Moure-Garrido","sequence":"first","affiliation":[{"name":"Department of Telematic Engineering, University Carlos III of Madrid, Av. de la Universidad 30, E-28911 Leganes, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4635-722X","authenticated-orcid":false,"given":"Carlos","family":"Garcia-Rubio","sequence":"additional","affiliation":[{"name":"Department of Telematic Engineering, University Carlos III of Madrid, Av. de la Universidad 30, E-28911 Leganes, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1788-890X","authenticated-orcid":false,"given":"Celeste","family":"Campo","sequence":"additional","affiliation":[{"name":"Department of Telematic Engineering, University Carlos III of Madrid, Av. de la Universidad 30, E-28911 Leganes, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2024,4,24]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"140","DOI":"10.1109\/IOTM.001.2200009","article-title":"Cybersecurity Issues of IoT in Ambient Intelligence (AmI) Environment","volume":"5","author":"Quadar","year":"2022","journal-title":"IEEE Internet Things Mag."},{"key":"ref_2","unstructured":"Feng, X., Li, Q., Wang, H., and Sun, L. (2018, January 15\u201317). Acquisitional rule-based engine for discovering Internet-of-Things devices. Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA."},{"key":"ref_3","unstructured":"Durumeric, Z., Wustrow, E., and Halderman, J.A. (2013, January 14\u201316). ZMap: Fast internet-wide scanning and its security applications. Proceedings of the 22nd USENIX Security Symposium (USENIX Security 13), Washington, DC, USA."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"97117","DOI":"10.1109\/ACCESS.2022.3205023","article-title":"A survey of smart home iot device classification using machine learning-based network traffic analysis","volume":"10","author":"Jmila","year":"2022","journal-title":"IEEE Access"},{"key":"ref_5","unstructured":"Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J.A., Invernizzi, L., and Kallitsis, M. (2017, January 16\u201318). Understanding the Mirai Botnet. Proceedings of the 26th USENIX Conference on Security Symposium, (USENIX Security 13), Vancouver, BC, Canada."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"7991","DOI":"10.1109\/JIOT.2020.2999327","article-title":"Characterizing DNS Behaviors of Internet of Things in Edge Networks","volume":"7","author":"Xu","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and other botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Neto, E.C.P., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R., and Ghorbani, A.A. (2023). CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment. Sensors, 23.","DOI":"10.20944\/preprints202305.0443.v1"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1145\/3539736","article-title":"A Survey on IoT Profiling, Fingerprinting, and Identification","volume":"3","author":"Safi","year":"2022","journal-title":"ACM Trans. Internet Things"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Meidan, Y., Bohadana, M., Shabtai, A., Guarnizo, J.D., Ochoa, M., Tippenhauer, N.O., and Elovici, Y. (2017, January 3\u20137). ProfilIoT: A machine learning approach for IoT device identification based on network traffic analysis. Proceedings of the Symposium on Applied Computing, Marrakech, Morocco.","DOI":"10.1145\/3019612.3019878"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.R., and Tarkoma, S. (2017, January 5\u20138). Iot sentinel: Automated device-type identification for security enforcement in iot. Proceedings of the 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, USA.","DOI":"10.1109\/ICDCS.2017.283"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Bezawada, B., Bachani, M., Peterson, J., Shirazi, H., Ray, I., and Ray, I. (2018, January 19). Behavioral fingerprinting of iot devices. Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, Toronto, ON, Canada.","DOI":"10.1145\/3266444.3266452"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"940","DOI":"10.1109\/JIOT.2018.2865604","article-title":"DEFT: A distributed IoT fingerprinting technique","volume":"6","author":"Thangavelu","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1745","DOI":"10.1109\/TMC.2018.2866249","article-title":"Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics","volume":"18","author":"Sivanathan","year":"2018","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Papastergiou, T., Alrawi, O., and Antonakakis, M. (2020, January 7\u201311). Iotfinder: Efficient large-scale identification of iot devices via passive dns traffic analysis. Proceedings of the 2020 IEEE European Symposium on Security and Privacy (EuroS&P), Genoa, Italy.","DOI":"10.1109\/EuroSP48549.2020.00037"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"989","DOI":"10.1109\/JIOT.2021.3121517","article-title":"IoT network traffic classification using machine learning algorithms: An experimental analysis","volume":"9","author":"Kumar","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Liu, X., Han, Y., and Du, Y. (2022). IoT Device Identification Using Directional Packet Length Sequences and 1D-CNN. Sensors, 22.","DOI":"10.3390\/s22218337"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"23741","DOI":"10.1109\/JIOT.2022.3191951","article-title":"IoTDevID: A Behavior-Based Device Identification Method for the IoT","volume":"9","author":"Kostas","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"5769","DOI":"10.1109\/TMC.2022.3183118","article-title":"AutoIoT: Automatically Updated IoT Device Identification with Semi-Supervised Learning","volume":"22","author":"Fan","year":"2023","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Alrawi, O., Lever, C., Antonakakis, M., and Monrose, F. (2019, January 19\u201323). Sok: Security evaluation of home-based iot deployments. Proceedings of the 2019 IEEE Symposium on Security and Privacy (sp), San Francisco, CA, USA.","DOI":"10.1109\/SP.2019.00013"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"109450","DOI":"10.1016\/j.comnet.2022.109450","article-title":"EvoIoT: An evolutionary IoT and non-IoT classification model in open environments","volume":"219","author":"Fan","year":"2022","journal-title":"Comput. Netw."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Charyyev, B., and Gunes, M.H. (2020, January 7\u201311). IoT traffic flow identification using locality sensitive hashes. Proceedings of the ICC 2020-2020 IEEE International Conference on Communications (ICC), Dublin, Ireland.","DOI":"10.1109\/ICC40277.2020.9148743"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"58679","DOI":"10.1109\/ACCESS.2023.3284542","article-title":"IoTTFID: An Incremental IoT Device Identification Model Based on Traffic Fingerprint","volume":"11","author":"Hao","year":"2023","journal-title":"IEEE Access"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"5129","DOI":"10.1109\/JIOT.2023.3305585","article-title":"Efficient IoT Device Identification via Network Behavior Analysis Based on Time Series Dictionary","volume":"11","author":"Zhao","year":"2023","journal-title":"IEEE Internet Things J."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Dadkhah, S., Mahdikhani, H., Danso, P.K., Zohourian, A., Truong, K.A., and Ghorbani, A.A. (2022, January 22\u201324). Towards the development of a realistic multidimensional IoT profiling dataset. Proceedings of the 2022 19th Annual International Conference on Privacy, Security & Trust (PST), Fredericton, NB, Canada.","DOI":"10.1109\/PST55820.2022.9851966"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1808","DOI":"10.1109\/COMST.2023.3288942","article-title":"A Survey of Public IoT Datasets for Network Security Research","volume":"25","author":"Cao","year":"2023","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"1646","DOI":"10.1109\/COMST.2020.2988293","article-title":"A survey of machine and deep learning methods for internet of things (IoT) security","volume":"22","author":"Mohamed","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1686","DOI":"10.1109\/COMST.2020.2986444","article-title":"Machine learning in IoT security: Current solutions and future challenges","volume":"22","author":"Hussain","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.future.2023.10.011","article-title":"Adversarial attacks and defenses on ML-and hardware-based IoT device fingerprinting and identification","volume":"152","author":"Bovet","year":"2024","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_30","unstructured":"Son, S., and Shmatikov, V. (2010, January 7\u20139). The hitchhiker\u2019s guide to DNS cache poisoning. Proceedings of the Security and Privacy in Communication Networks: 6th Iternational ICST Conference, SecureComm 2010, Singapore."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/9\/2690\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:32:59Z","timestamp":1760106779000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/9\/2690"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,24]]},"references-count":30,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2024,5]]}},"alternative-id":["s24092690"],"URL":"https:\/\/doi.org\/10.3390\/s24092690","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,24]]}}}