Abstract:The Internet of Things will have a large number of devices interconnected through the network with effective network access control needed to avoid damage from malicious devices on the system. At present, the most effective method is to extract network traffic characteristics as the device fingerprint for device identification since this method requires relatively few network resources. However, existing device identification algorithms are not very accurate, especially for similar devices since classification overlap is unavoidable. This paper presents a two-stage multi-classification algorithm that identifies the equipment according to its network traffic characteristics. When classification overlap occurs, the maximum similarity comparison algorithm is used for secondary classification. Tests show that the average recognition accuracy of this algorithm is 93.2%.
宋宇波, 祁欣妤, 黄强, 胡爱群, 杨俊杰. 基于二阶段多分类的物联网设备识别算法[J]. 清华大学学报(自然科学版), 2020, 60(5): 365-370.
SONG Yubo, QI Xinyu, HUANG Qiang, HU Aiqun, YANG Junjie. Two-stage multi-classification algorithm for Internet of Things equipment identification. Journal of Tsinghua University(Science and Technology), 2020, 60(5): 365-370.
[1] BERTINO E, ISLAM N. Botnets and Internet of Things security[J]. Computer, 2017, 50(2):76-79. [2] MINOLI D, SOHRABY K, OCCHIOGROSSO B. IoT considerations, requirements, and architectures for smart buildings:Energy optimization and next-generation building management systems[J]. IEEE Internet of Things Journal, 2017, 4(1):269-283. [3] Gartner. Gartner says worldwide IoT security spending will reach $1.5 billion in 2018[N/OL].[2019-04-15]. https://www.gartner.com/en/newsroom/press-releases/2018-03-21-gartner-says-worldwide-iot-security-spending-will-reach-1-point-5-billion-in-2018. [4] COPPI R, GIL M A, KIERS H A L. The fuzzy approach to statistical analysis[J]. Computational Statistics & Data Analysis, 2006, 51(1):1-14. [5] JANA S, KASERA S K. On fast and accurate detection of unauthorized wireless access points using clock skews[J]. IEEE Transactions on Mobile Computing, 2010, 9(3):449-462. [6] GAO K, CORBETT C, BEYAH R. A passive approach to wireless device fingerprinting[C]//2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN). Chicago, USA, 2010:383-392. [7] KOHNO T, BROIDO A, CLAFFY K C. Remote physical device fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing, 2005, 2(2):93-108. [8] CORBETT C L, BEYAH R A, COPELAND J A. Passive classification of wireless NICs during active scanning[J]. International Journal of Information Security, 2008, 7(5):335-348. [9] YANG K, LI Q, SUN L M. Towards automatic fingerprinting of IoT devices in the cyberspace[J]. Computer Networks, 2019, 148:318-327. [10] AULD T, MOORE A W, GULL S F. Bayesian neural networks for Internet traffic classification[J]. IEEE Transactions on Neural Networks, 2007, 18(1):223-239. [11] CELIK Z B, MCDANIEL P, BOWEN T. Malware modeling and experimentation through parameterized behavior[J]. The Journal of Defense Modeling and Simulation:Applications, Methodology, Technology, 2018, 15(1):31-48. [12] LIU Z, WANG R Y, JAPKOWICZ N, et al. Mobile app traffic flow feature extraction and selection for improving classification robustness[J]. Journal of Network and Computer Applications, 2019, 125:190-208. [13] MOORE A W, ZUEV D. Internet traffic classification using Bayesian analysis techniques[C]//Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. Banff, Canada, 2005:50-60. [14] SHAFIQ M, YU X Z, BASHIR A K, et al. A machine learning approach for feature selection traffic classification using security analysis[J]. The Journal of Supercomputing, 2018, 74(10):4867-4892. [15] FORMBY D, SRINIVASAN P, LEONARD A, et al. Who's in control of your control system? Device fingerprinting for cyber-physical systems[C]//Network and Distributed System Security Symposium. San Diego, USA, 2016:1-15. [16] RADHAKRISHNAN S V, ULUAGAC A S, BEYAH R. GTID:A technique for physical device and device type fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing, 2015, 12(5):519-532. [17] MIETTINEN M, MARCHAL S, HAFEEZ I, et al. IoT Sentinel:Automated device-type identification for security enforcement in IoT[C]//Proceedings of the 37th International Conference on Distributed Computing Systems (ICDCS). Atlanta, USA, 2017:2177-2184. [18] HSU C W, LIN C J. A comparison of methods for multiclass support vector machines[J]. IEEE Transactions on Neural Networks, 2002, 13(2):415-425.