Intelligent Network Device Identification Based on Active TCP/IP Stack Probing

With the continuous development of network devices, there are increasingly types and quantities of network devices. Accurate identification of device types helps proactively protect potentially vulnerable devices exposed on the Internet. Among the network device identification methods, the TCP/IP st...

Full description

Saved in:
Bibliographic Details
Published in:IEEE network 2024-11, Vol.38 (6), p.187-193
Main Authors: Qiao, Libing, Dong, Enhuan, Yin, Huanpu, Li, Haisheng, Yang, Jiahai
Format: Article
Language:English
Subjects:
Active TCP/IP Stack Probing
Feature extraction
Intelligent networks
Machine learning
Monitoring
Network Device Identification
Object recognition
Protocols
TCPIP
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the continuous development of network devices, there are increasingly types and quantities of network devices. Accurate identification of device types helps proactively protect potentially vulnerable devices exposed on the Internet. Among the network device identification methods, the TCP/IP stack active detection method is an important kind since it does not require many open ports of target devices. However, its performance is limited by the rule/fingerprint database quality. Maintaining such a database requires a lot of expert effort, making the method difficult to scale up. To solve the scalability problem, our insight in this paper is to use machine learning methods to generate network device classifiers without needing expert effort. However, generating labeled datasets, extracting features, and selecting features without expert effort is nontrivial. We propose IntelliNDI, an intelligent and active network device identification method. IntelliNDI collects network device type information from multiple cyberspace search engines and filter out the network devices with different types on different search engines. We regard the approximately consistent network device types as the ground truth network device types. As for feature extraction, we use the same attributes employed in the well-known Nmap protocol stack detection to avoid the requirements for constructing features. Finally, we select features with basic ML methods. We implement IntelliNDI for several kinds of typical network devices. The trained classifiers in our experiments can achieve 90 percent accuracy.
ISSN:0890-8044
1558-156X
DOI:10.1109/MNET.2024.3374080