SPECIAL SECTION:VULNERABILITY ANALYSIS AND RISK ASSESSMENT |
|
|
|
|
|
Two-stage multi-classification algorithm for Internet of Things equipment identification |
SONG Yubo1,2, QI Xinyu1,2, HUANG Qiang1,2, HU Aiqun1,2, YANG Junjie1,2 |
1. Jiangsu Key Laboratory of Computer Networking Technology, School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China; 2. Purple Mountain Laboratories, Nanjing 211189, China |
|
|
Abstract The Internet of Things will have a large number of devices interconnected through the network with effective network access control needed to avoid damage from malicious devices on the system. At present, the most effective method is to extract network traffic characteristics as the device fingerprint for device identification since this method requires relatively few network resources. However, existing device identification algorithms are not very accurate, especially for similar devices since classification overlap is unavoidable. This paper presents a two-stage multi-classification algorithm that identifies the equipment according to its network traffic characteristics. When classification overlap occurs, the maximum similarity comparison algorithm is used for secondary classification. Tests show that the average recognition accuracy of this algorithm is 93.2%.
|
Keywords
device identification
multi-classification technology
maximum similarity
machine learning
|
Issue Date: 26 April 2020
|
|
|
[1] BERTINO E, ISLAM N. Botnets and Internet of Things security[J]. Computer, 2017, 50(2):76-79. [2] MINOLI D, SOHRABY K, OCCHIOGROSSO B. IoT considerations, requirements, and architectures for smart buildings:Energy optimization and next-generation building management systems[J]. IEEE Internet of Things Journal, 2017, 4(1):269-283. [3] Gartner. Gartner says worldwide IoT security spending will reach $1.5 billion in 2018[N/OL].[2019-04-15]. https://www.gartner.com/en/newsroom/press-releases/2018-03-21-gartner-says-worldwide-iot-security-spending-will-reach-1-point-5-billion-in-2018. [4] COPPI R, GIL M A, KIERS H A L. The fuzzy approach to statistical analysis[J]. Computational Statistics & Data Analysis, 2006, 51(1):1-14. [5] JANA S, KASERA S K. On fast and accurate detection of unauthorized wireless access points using clock skews[J]. IEEE Transactions on Mobile Computing, 2010, 9(3):449-462. [6] GAO K, CORBETT C, BEYAH R. A passive approach to wireless device fingerprinting[C]//2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN). Chicago, USA, 2010:383-392. [7] KOHNO T, BROIDO A, CLAFFY K C. Remote physical device fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing, 2005, 2(2):93-108. [8] CORBETT C L, BEYAH R A, COPELAND J A. Passive classification of wireless NICs during active scanning[J]. International Journal of Information Security, 2008, 7(5):335-348. [9] YANG K, LI Q, SUN L M. Towards automatic fingerprinting of IoT devices in the cyberspace[J]. Computer Networks, 2019, 148:318-327. [10] AULD T, MOORE A W, GULL S F. Bayesian neural networks for Internet traffic classification[J]. IEEE Transactions on Neural Networks, 2007, 18(1):223-239. [11] CELIK Z B, MCDANIEL P, BOWEN T. Malware modeling and experimentation through parameterized behavior[J]. The Journal of Defense Modeling and Simulation:Applications, Methodology, Technology, 2018, 15(1):31-48. [12] LIU Z, WANG R Y, JAPKOWICZ N, et al. Mobile app traffic flow feature extraction and selection for improving classification robustness[J]. Journal of Network and Computer Applications, 2019, 125:190-208. [13] MOORE A W, ZUEV D. Internet traffic classification using Bayesian analysis techniques[C]//Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. Banff, Canada, 2005:50-60. [14] SHAFIQ M, YU X Z, BASHIR A K, et al. A machine learning approach for feature selection traffic classification using security analysis[J]. The Journal of Supercomputing, 2018, 74(10):4867-4892. [15] FORMBY D, SRINIVASAN P, LEONARD A, et al. Who's in control of your control system? Device fingerprinting for cyber-physical systems[C]//Network and Distributed System Security Symposium. San Diego, USA, 2016:1-15. [16] RADHAKRISHNAN S V, ULUAGAC A S, BEYAH R. GTID:A technique for physical device and device type fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing, 2015, 12(5):519-532. [17] MIETTINEN M, MARCHAL S, HAFEEZ I, et al. IoT Sentinel:Automated device-type identification for security enforcement in IoT[C]//Proceedings of the 37th International Conference on Distributed Computing Systems (ICDCS). Atlanta, USA, 2017:2177-2184. [18] HSU C W, LIN C J. A comparison of methods for multiclass support vector machines[J]. IEEE Transactions on Neural Networks, 2002, 13(2):415-425. |
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
|
Shared |
|
|
|
|
|
Discussed |
|
|
|
|