From a security perspective, identifying Industrial Internet of Things (IIoT) devices connected to a network has multiple applications such as penetration testing, vulnerability assessment, etc. In this work, we propose a feature-based methodology to perform device-type fingerprinting. A device fingerprint consists of the TCP/IP header features and port-based features extracted from the network traffic of the device. These features are collected by a hybrid mechanism which has a negligible impact on device functionality and can avoid the problem of the long TCP connection. Once the fingerprint of a device is generated, it will be fed to the classifiers based on Gradient Boosting to predict its type details. Based on our proposed method, we implement a prototype application called IIoT Device Type Fingerprinting (IDTF) which capable of automatically identifying the types of devices being connected to an IIoT network. We collect a dataset consisting of 19,174 fingerprints from real-world Internet-facing IIoT devices indexed by Shodan to train and evaluate the classifiers using ten-fold cross-validation. And we conduct comparative experiments in an IIoT testbed to compare the effectiveness of IDTF with two famous fingerprinting tools. The experimental result shows that the ability of our approach is confirmed by a high mean F-Measure of 95.76%. It also demonstrates that IDTF achieves the highest identification rate in the testbed and is non-intrusive for IIoT devices. Compared with existing works, our approach is more generic as it does not rely on a specific protocol or deep packet inspection and can distinguish almost all IIoT device-types.
相似文献 |
|||||||
|
|||||||
|
共查询到19条相似文献,搜索用时 765 毫秒
1.
2.
3.
提出了一种基于神经网络的未知雷达辐射源智能识别方法,该方法以实际中获得的雷达信号参数为基础,训练神经网络,对未知雷达参数进行预测识别,给出可能的工作状态,并分析其威胁程度.仿真实验表明,该方法是有效可行的,为工程上实现未知雷达辐射源的识别提供了一种新思路. 相似文献
4.
在日益激烈的通信对抗中,未知协议的分析与识别占据着越来越重要的位置.传统的协议分析主要是针对已知协议类型条件下,对互联网数据传输过程中产生的大量比特流,单纯采用模式匹配方式进行特征序列提取,效率较低.针对这一问题,以更普遍的通信数据流作为研究对象,采用模式匹配和数据挖掘相结合的方法,对AC多模式识别和FP-Growth算法进行了改进和优化,提高了特征序列提取的准确率和效率.实际数据验证证明改进后算法对未知通信协议具有一定的识别效率. 相似文献
5.
利用网络协议格式进行解析可以提取出网络传输的关键数据信息,但是传统的协议解析工具无法自动解析协议报文格式未知的数据流,而要依赖于耗时巨大的人工操作推测未知协议格式。提出一种基于统计分析的自动未知协议报文格式推测算法,可以根据数据流进行统计分析,推测出数据流的协议报文格式。利用真实网络数据进行的实验表明,该算法可以有效地进行未知协议报文格式推断。 相似文献
6.
信息战都追求高速反应机动,对网络协议识别提出了高效快速的要求。基于深度包检测DPI的协议识别方法识别准确率高,但是由于要对所有数据包进行检测,计算量很大。基于端口号的协议识别方法速度快,但识别准确率低。提出一种新的基于数据流前端检测的协议识别方法并进行了系统实现,结合了基于端口方法的快速简单和基于DPI的准确性的优点。实验表明,这种综合快速协议识别方法识别准确率高,与基于DPI的方法相比,识别时间减少将近80%。 相似文献
7.
8.
9.
根据网络数据流的概念及特点,在数据流的初始单位时间片内,统计其数据包个数、大小、时间等基本包属性,并分析提取出数据流的统计特征集。以特征集作为参数,利用即时通信登录认证过程的流量特征匹配函数和特征权重,可计算出特定网络数据流的识别结果百分比。识别结果高于一定阈值,则认为即时通信的登录认证流量识别成功。在中小型局域网内,该方法的识别率可以达到98%以上。 相似文献
10.
11.
在现实通信中,越来越多的空间和地面单元投入使用。无线Adhoc技术的发展,使得组建一个空地一体化的编队通信自组织网络成为可能。提出了一种基于分级结构的网络组织方案,并对其分簇算法和路由协议进行了研究。 相似文献
12.
在网络融合的趋势下,通过电信网络为WLAN网络提供终端认证将是未来WLAN业务认证的主要方式。为高效、安全地实现网间漫游状态下WLAN的鉴权认证,本研究分析了在网间漫游状态下WLAN的鉴权需求,讨论了鉴权模式、流程和存在的问题,提出了基于EAP SIM/AKA协议的、非中转方式的WLAN漫游认证方案,并进行了验证。实验结果证明该非中转认证方案可以满足终端在漫游状态下实现EAP SIM/AKA认证的需要,同时增强了系统的安全性,降低了投资成本,实现了实时计费。 相似文献
13.
Non‐uniform energy consumption during operation of a cluster‐based routing protocol for large‐scale wireless sensor networks (WSN) is major area of concern. Unbalanced energy consumption in the wireless network results in early node death and reduces the network lifetime. This is because nodes near the sink are overloaded in terms of data traffic compared with the far away nodes resulting in node deaths. In this work, a novel residual energy–based distributed clustering and routing (REDCR) protocol has been proposed, which allows multi‐hop communication based on cuckoo‐search (CS) algorithm and low‐energy adaptive‐clustering–hierarchy (LEACH) protocol. LEACH protocol allows choice of possible cluster heads by rotation at every round of data transmission by a newly developed objective function based on residual energy of the nodes. The information about the location and energy of the nodes is forwarded to the sink node where CS algorithm is implemented to choose optimal number of cluster heads and their positions in the network. This approach helps in uniform distribution of the cluster heads throughout the network and enhances the network stability. Several case studies have been performed by varying the position of the base stations and by changing the number of nodes in the area of application. The proposed REDCR protocol shows significant improvement by an average of 15% for network throughput, 25% for network scalability, 30% for network stability, 33% for residual energy conservation, and 60% for network lifetime proving this approach to be more acceptable one in near future. 相似文献
14.
Sanjay Kumar Dhurandher Sudip Misra Mohammad S. Obaidat Vikrant Bansal Prithvi Raj Singh Vikas Punia 《International Journal of Communication Systems》2009,22(7):789-817
Mobile ad hoc networks (MANETs) are characterized by random, multi‐hop topologies that do not have a centralized coordinating entity or a fixed infrastructure that may change rapidly over time. In addition, mobile nodes operate with portable and finite power sources. In this work, we propose an energy‐efficient routing protocol for MANETs to minimize energy consumption and increase the network's consistency. Traditional works mainly focused on the shortest path‐based schemes to minimize energy, which might result into network failure because some nodes might exhaust fast as they are used repetitively, while some other nodes might not be used at all. This can lead to energy imbalance and to network life reduction. We propose an energy‐efficient ad hoc on‐demand routing protocol that balances energy load among nodes so that a minimum energy level is maintained among nodes and the network life increases. We focused on increasing the network longevity by distributing energy consumption in the network. We also compared the simulation results with a popular existing on‐demand routing protocol in this area, AODV, to establish the superiority of our approach. Copyright © 2009 John Wiley & Sons, Ltd. 相似文献
15.
针对传统系统辨识存在的缺点,提出了基于预报误差法的神经网络辨识方法,将神经网络的预报误差法应用于系统辨识中,通过调节神经网络连接权值可使网络输出逼近系统输出。神经网络作为实际系统的辨识模型,可以用于在线控制。仿真实例表明其收敛速度快于BP算法。 相似文献
16.
Zhou Feng Qu Hua Liu Hailong Liu Hong Li Bo 《Journal of Signal Processing Systems》2021,93(7):779-794
17.
18.
Recently, there has been a great deal of research on network mobility management that can support the movement of a mobile
network consisting of several mobile nodes. The IETF NEMO working group proposed a basic support protocol, which defines methodology
for supporting network mobility by using bi-directional tunneling between the home agent and the mobile router. This protocol,
however, suffers from the ‘pinball routing problem,’ and most of the research attempts to solve this problem still have limitations
in the efficiency of intra-domain communication. Moreover, these methods require additional binding procedures in case of
the root mobile router handover. In this paper, we propose new route optimization methodology that can remedy these limitations
by using asymmetric tunneling and a hierarchical local binding mechanism, which can provide faster signaling and data transmission.
It can also be easily extended to support micro-mobility without the need for additional extensions. The performance is evaluated
by simulation which can show the efficiency of the approach, compared with several previous route optimization methods. 相似文献
19.
针对卫星系统的数据截获过程中得到数据多为比特流形式,原有的各种基于完整数据报文的协议识别方法不能很好地识别这类数据.通过距离判别算法和模板分析思想的结合,提出了一种新的基于多级模板分析的空间传输协议识别算法,并经实验进行了验证.根据空间协议特征构建一级模板,利用一级模板间距离建立二级模板,然后基于距离判断算法进行模板分析,实现协议识别.实验结果表明:多级模板分析可提高空间协议识别效率,该方法可为协议识别技术研究提供新的思路. 相似文献
|
| 设为首页 | 免责声明 | 关于勤云 | 加入收藏 |
|
Copyright©北京勤云科技发展有限公司 京ICP备09084417号 |