Accurate fingerprinting of Internet of Things (IoT) devices is essential for network security, management, and anomaly detection. Existing machine-learning-based approaches can be broadly classified into two categories. The first are time-domain-based approaches that infer device identity from aggregated traffic statistics, while effective in dense communication environments, they perform poorly for devices that generate sparse, low-volume, or irregular traffic, which restricts behavioral visibility. The second, radio frequency fingerprinting (RFF), extracts hardware-specific traits from radio frequency signals but is limited in wired or mixed-connectivity IoT networks and lacks behavioral or functional insights. To overcome these limitations, this paper proposes a hybrid fingerprinting framework that integrates network traffic analysis with frequency-domain representations using wavelet transform techniques. This approach captures both temporal and spectral characteristics, combining behavioral and structural perspectives to enable robust and accurate IoT device identification. The proposed system is evaluated on three real-world datasets under multiple experimental scenarios, including (1) device identification, (2) device type classification, (3) scalability with dataset size and complexity, and (4) performance under Distributed Denial-of-Service (DDoS) attack conditions. Experimental results show that wavelet-based features consistently outperform conventional time-domain features across all evaluation metrics, achieving higher accuracy, resilience, and generalization.
Amamra et al. (Thu,) studied this question.