首页 » 文章 » 文章详细信息
Security and Communication Networks Volume 2019 ,2019-06-23
A Novel Device Identification Method Based on Passive Measurement
Research Article
Wei Sun 1 Hao Zhang 2 Li-jun Cai 2 Ai-min Yu 2 Jin-qiao Shi 3 Jian-guo Jiang 2
Show affiliations
DOI:10.1155/2019/6045251
Received 2019-02-27, accepted for publication 2019-05-19, Published 2019-05-19
PDF
摘要

Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of internal network. Accurate identification of the type of device corresponding to the IP address and detailed description of the communication behavior of the device are of great significance for conducting network security risk assessment, hidden danger investigation, and threat warning. Traditional cyberspace surveying and mapping techniques take the form of active measurement, but they cannot be transplanted to large-scale intranet. Resources or specific targets in internal networks are often protected by firewalls, VPNs, gateways, and other technologies, so they are difficult to analyze and determine by active measurement. In this paper, a passive measurement method is proposed to identify and characterize devices in the network through real traffic data. Firstly, a new graph structure mining method is used to determine the server-like devices and host-like devices; then, the NAT-like devices are determined by quantitative analysis of traffic; finally, by qualitative analysis of the NAT-like device traffic, it is determined whether there are server-like devices behind the NAT-like device. This method will prove to be useful in identifying all kinds of devices in network data traffic, detecting unauthorized NAT-like devices and whether there are server-like devices behind the NAT-like devices.

授权许可

Copyright © 2019 Wei Sun et al. 2019
This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

通讯作者

Wei Sun.Beijing Jiaotong University, School of Computer and Information Technology, Beijing 100044, China, njtu.edu.cn.11112075@bjtu.edu.cn

推荐引用方式

Wei Sun,Hao Zhang,Li-jun Cai,Ai-min Yu,Jin-qiao Shi,Jian-guo Jiang. A Novel Device Identification Method Based on Passive Measurement. Security and Communication Networks ,Vol.2019(2019)

您觉得这篇文章对您有帮助吗?
分享和收藏
0

是否收藏?

参考文献
[1] M. Li, Y. Sun, Y. Jiang, Z. Tian. et al.(2018). Answering the min-cost quality-aware query on multi-sources in sensor-cloud systems. Sensors.18(12):4486. DOI: 10.1109/COMST.2014.2376520.
[2] J. Chen, Z. Tian, X. Cui, L. Yin. et al.(2018). Trust architecture and reputation evaluation for internet of things. Journal of Ambient Intelligence and Humanized Computing.2:1-9. DOI: 10.1109/COMST.2014.2376520.
[3] W. Sun, J. Jiang, M. Su. A passive-measurement-guided tree network surveying and mapping model. :646-651. DOI: 10.1109/COMST.2014.2376520.
[4] Q. Tan, Y. Gao, J. Shi, X. Wang. et al.(2018). Towards a comprehensive insight into the eclipse attacks of tor hidden services. IEEE Internet of Things Journal.6(2):1584-1593. DOI: 10.1109/COMST.2014.2376520.
[5] W. Han, Z. Tian, Z. Huang, S. Li. et al.(2018). Bidirectional self-adaptive resampling in internet of things big data learning. Multimedia Tools and Applications. DOI: 10.1109/COMST.2014.2376520.
[6] R. Fink. A statistical approach to remote physical device fingerprinting. . DOI: 10.1109/COMST.2014.2376520.
[7] J.-W. Wang, L.-L. Rong, T.-Z. Guo. (2010). A new measure method of network node importance based on local characteristics. Journal of Dalian University of Technology.50(5):822-826. DOI: 10.1109/COMST.2014.2376520.
[8] R. Li, H. Zhu, Y. Xin. Remote NAT detect algorithm based on support vector machine. . DOI: 10.1109/COMST.2014.2376520.
[9] F. Zhao, X.-y. Luo, F.-l. Liu. (2016). Research on cyberspace surveying and mapping technology. Chinese Journal of Network and Information Security.9(2):1-11. DOI: 10.1109/COMST.2014.2376520.
[10] J.-H. Xue, D. M. Titterington. (2008). Comment on "on discriminative vs. generative classifiers: A comparison of logistic regression and naive bayes". Neural Processing Letters.28(3):169-187. DOI: 10.1109/COMST.2014.2376520.
[11] T. Kohno, A. Broido, K. C. Claffy. (2005). Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing.2(2):93-108. DOI: 10.1109/COMST.2014.2376520.
[12] Z. Tian, Y. Cui, L. An, S. Su. et al.(2018). A real-time correlation of host-level events in cyber range service for smart campus. IEEE Access.6:35355-35364. DOI: 10.1109/COMST.2014.2376520.
[13] . DOI: 10.1109/COMST.2014.2376520.
[14] J. Qiu, Y. Chai, Y. Liu, Z. Gu. et al.(2018). Automatic non-taxonomic relation extraction from big data in smart city. IEEE Access.6:74854-74864. DOI: 10.1109/COMST.2014.2376520.
[15] Y. Wang, Z. Tian, H. Zhang, S. Su. et al.(2018). A privacy preserving scheme for nearest neighbor query. Sensors.18(8):2440. DOI: 10.1109/COMST.2014.2376520.
[16] R. Motamedi, R. Rejaie, W. Willinger. (2015). A survey of techniques for internet topology discovery. IEEE Communications Surveys & Tutorials.17(2):1044-1065. DOI: 10.1109/COMST.2014.2376520.
[17] Z. Tian, S. Su, W. Shi, X. Du. et al.(2019). A data-driven method for future Internet route decision modeling. Future Generation Computer Systems.95:212-220. DOI: 10.1109/COMST.2014.2376520.
[18] A. Dainotti, K. Benson, A. King, M. Kallitsis. et al.(2014). Errata for: Estimating internet address space usage through passive measurements (SIGCOMM CCR (Vol. 44, Issue 1, January, 2014). Acm Sigcomm Computer Communication Review.44(2):99-100. DOI: 10.1109/COMST.2014.2376520.
[19] K. Park, H. Lee. On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets. :15-26. DOI: 10.1109/COMST.2014.2376520.
[20] K. Levchenko, A. Dhamdhere, B. Huffaker, K. Claffy. et al.PacketLab: A universal measurement endpoint interface. :254-260. DOI: 10.1109/COMST.2014.2376520.
[21] X. Yu, Z. Tian, J. Qiu, F. Jiang. et al.(2018). A data leakage prevention method based on the reduction of confidential and context terms for smart mobile devices. Wireless Communications and Mobile Computing.2018-11. DOI: 10.1109/COMST.2014.2376520.
[22] A. Dupuy, S. Sengupta, O. Wolfson, Y. Yemini. et al.(1991). NETMATE: a network management environment. IEEE Network.5(2):35-40. DOI: 10.1109/COMST.2014.2376520.
[23] M. Kitsak, L. K. Gallos, S. Havlin, F. Liljeros. et al.(2010). Identification of influential spreaders in complex networks. Nature Physics.6(11):888-893. DOI: 10.1109/COMST.2014.2376520.
[24] Y. Gokcen, V. A. Foroushani, A. N. Z. Heywood. Can we identify NAT behavior by analyzing traffic flows?. :132-139. DOI: 10.1109/COMST.2014.2376520.
[25] P. Srisuresh, M. Holdrege. (1999). IP Network Address Translator (NAT) Terminology and Considerations. RFC Editor(RFC2663). DOI: 10.1109/COMST.2014.2376520.
[26] Z. Wang, C. Liu, J. Qiu, Z. Tian. et al.(2018). Automatically traceback rdp-based targeted ransomware attacks. Wireless Communications and Mobile Computing.2018-13. DOI: 10.1109/COMST.2014.2376520.
文献评价指标
浏览 9次
下载全文 0次
评分次数 0次
用户评分 0.0分
分享 0次