Zigbee is widely used in smart home environments due to its low power consumption and support for mesh networking, making it a relevant target for traffic-based IoT forensic analysis. However, existing studies often rely on limited datasets and fixed network configurations. In this paper, we analyze Zigbee network traffic from three complementary perspectives: data collection, traffic classification, and storage efficiency. We introduce ZIOTP2025, a publicly available dataset of Zigbee traffic collected from commercial smart home devices deployed under multiple network configurations and capturing realistic interaction scenarios. Using this dataset, we study two traffic classification tasks: device type classification and individual device identification, and evaluate their robustness under both intra-configuration and cross-configuration settings. Our results show that while high classification accuracy can be achieved under controlled conditions, performance degrades significantly when models are evaluated across different network configurations, particularly for fine-grained identification tasks. Finally, we investigate the trade-off between traffic storage requirements and classification accuracy. We show that lossy compression of traffic features through quantization can reduce storage requirements by approximately 4-5x compared to lossless storage of raw packet traces, while preserving near-lossless classification performance. Overall, our results highlight the need for topology-aware Zigbee traffic analysis and storage-efficient feature compression to enable robust and scalable IoT forensic systems.

翻译：Zigbee因其低功耗和网状网络支持而广泛应用于智能家居环境，这使其成为基于流量的物联网取证分析的重要目标。然而，现有研究通常依赖于有限的数据集和固定的网络配置。本文从三个互补的视角分析Zigbee网络流量：数据收集、流量分类和存储效率。我们介绍了ZIOTP2025，这是一个公开可用的Zigbee流量数据集，采集自部署于多种网络配置下的商用智能家居设备，并捕获了真实的交互场景。利用该数据集，我们研究了两种流量分类任务：设备类型分类和个体设备识别，并评估了它们在配置内和跨配置设置下的鲁棒性。结果表明，虽然在受控条件下可以实现较高的分类准确率，但当模型在不同网络配置间进行评估时，性能会显著下降，尤其是在细粒度识别任务中。最后，我们研究了流量存储需求与分类准确率之间的权衡。研究表明，通过量化对流量特征进行有损压缩，与原始数据包轨迹的无损存储相比，可将存储需求降低约4-5倍，同时保持近乎无损的分类性能。总体而言，我们的结果凸显了拓扑感知的Zigbee流量分析和存储高效的特征压缩对于构建鲁棒且可扩展的物联网取证系统的必要性。