Intelligent Network Device Identification Based on Active TCP/IP Stack Probing

With the continuous development of network devices, there are increasingly types and quantities of network devices. Accurate identification of device types helps proactively protect potentially vulnerable devices exposed on the Internet. Among the network device identification methods, the TCP/IP st...

Full description

Saved in:
Bibliographic Details
Published in:IEEE network 2024-11, Vol.38 (6), p.187-193
Main Authors: Qiao, Libing, Dong, Enhuan, Yin, Huanpu, Li, Haisheng, Yang, Jiahai
Format: Article
Language:English
Subjects:
Active TCP/IP Stack Probing
Feature extraction
Intelligent networks
Machine learning
Monitoring
Network Device Identification
Object recognition
Protocols
TCPIP
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 193
container_issue 6
container_start_page 187
container_title IEEE network
container_volume 38
creator Qiao, Libing
Dong, Enhuan
Yin, Huanpu
Li, Haisheng
Yang, Jiahai
description With the continuous development of network devices, there are increasingly types and quantities of network devices. Accurate identification of device types helps proactively protect potentially vulnerable devices exposed on the Internet. Among the network device identification methods, the TCP/IP stack active detection method is an important kind since it does not require many open ports of target devices. However, its performance is limited by the rule/fingerprint database quality. Maintaining such a database requires a lot of expert effort, making the method difficult to scale up. To solve the scalability problem, our insight in this paper is to use machine learning methods to generate network device classifiers without needing expert effort. However, generating labeled datasets, extracting features, and selecting features without expert effort is nontrivial. We propose IntelliNDI, an intelligent and active network device identification method. IntelliNDI collects network device type information from multiple cyberspace search engines and filter out the network devices with different types on different search engines. We regard the approximately consistent network device types as the ground truth network device types. As for feature extraction, we use the same attributes employed in the well-known Nmap protocol stack detection to avoid the requirements for constructing features. Finally, we select features with basic ML methods. We implement IntelliNDI for several kinds of typical network devices. The trained classifiers in our experiments can achieve 90 percent accuracy.
doi_str_mv 10.1109/MNET.2024.3374080
format article
fullrecord <record><control><sourceid>crossref_ieee_</sourceid><recordid>TN_cdi_ieee_primary_10463024</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10463024</ieee_id><sourcerecordid>10_1109_MNET_2024_3374080</sourcerecordid><originalsourceid>FETCH-LOGICAL-c218t-49bff715c8c18d01c658851a40ad8a6cdd4d75b31f7339325a03eaaec6ccfe323</originalsourceid><addsrcrecordid>eNpNkEFLAzEUhIMoWKs_QPCQP7Dte5tkN3ustepCrQUreFvS5KXE1l3ZDRX_vVvag6cZhpk5fIzdIowQoRi_LGarUQqpHAmRS9BwxgaolE5QZR_nbAC6gESDlJfsqus-AVAqkQ7Yoqwj7XZhQ3XkC4o_TbvlD7QPlnjp-jD4YE0MTc3vTUeO92ZiY9gTX02X43LJ36KxW75sm3WoN9fswptdRzcnHbL3x9lq-pzMX5_K6WSe2BR1TGSx9j5HZbVF7QBtprRWaCQYp01mnZMuV2uBPheiEKkyIMgYspm1nkQqhgyPv7Ztuq4lX3234cu0vxVCdQBSHYBUByDVCUi_uTtuAhH968tM9DXxByYJXLc</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Intelligent Network Device Identification Based on Active TCP/IP Stack Probing</title><source>IEEE Electronic Library (IEL) Journals</source><creator>Qiao, Libing ; Dong, Enhuan ; Yin, Huanpu ; Li, Haisheng ; Yang, Jiahai</creator><creatorcontrib>Qiao, Libing ; Dong, Enhuan ; Yin, Huanpu ; Li, Haisheng ; Yang, Jiahai</creatorcontrib><description>With the continuous development of network devices, there are increasingly types and quantities of network devices. Accurate identification of device types helps proactively protect potentially vulnerable devices exposed on the Internet. Among the network device identification methods, the TCP/IP stack active detection method is an important kind since it does not require many open ports of target devices. However, its performance is limited by the rule/fingerprint database quality. Maintaining such a database requires a lot of expert effort, making the method difficult to scale up. To solve the scalability problem, our insight in this paper is to use machine learning methods to generate network device classifiers without needing expert effort. However, generating labeled datasets, extracting features, and selecting features without expert effort is nontrivial. We propose IntelliNDI, an intelligent and active network device identification method. IntelliNDI collects network device type information from multiple cyberspace search engines and filter out the network devices with different types on different search engines. We regard the approximately consistent network device types as the ground truth network device types. As for feature extraction, we use the same attributes employed in the well-known Nmap protocol stack detection to avoid the requirements for constructing features. Finally, we select features with basic ML methods. We implement IntelliNDI for several kinds of typical network devices. The trained classifiers in our experiments can achieve 90 percent accuracy.</description><identifier>ISSN: 0890-8044</identifier><identifier>EISSN: 1558-156X</identifier><identifier>DOI: 10.1109/MNET.2024.3374080</identifier><identifier>CODEN: IENEET</identifier><language>eng</language><publisher>IEEE</publisher><subject>Active TCP/IP Stack Probing ; Feature extraction ; Intelligent networks ; Machine learning ; Monitoring ; Network Device Identification ; Object recognition ; Protocols ; TCPIP</subject><ispartof>IEEE network, 2024-11, Vol.38 (6), p.187-193</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><orcidid>0000-0003-4861-0513 ; 0000-0001-6109-6737 ; 0009-0002-3620-7751 ; 0000-0002-2539-8241</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10463024$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,54796</link.rule.ids></links><search><creatorcontrib>Qiao, Libing</creatorcontrib><creatorcontrib>Dong, Enhuan</creatorcontrib><creatorcontrib>Yin, Huanpu</creatorcontrib><creatorcontrib>Li, Haisheng</creatorcontrib><creatorcontrib>Yang, Jiahai</creatorcontrib><title>Intelligent Network Device Identification Based on Active TCP/IP Stack Probing</title><title>IEEE network</title><addtitle>NET-M</addtitle><description>With the continuous development of network devices, there are increasingly types and quantities of network devices. Accurate identification of device types helps proactively protect potentially vulnerable devices exposed on the Internet. Among the network device identification methods, the TCP/IP stack active detection method is an important kind since it does not require many open ports of target devices. However, its performance is limited by the rule/fingerprint database quality. Maintaining such a database requires a lot of expert effort, making the method difficult to scale up. To solve the scalability problem, our insight in this paper is to use machine learning methods to generate network device classifiers without needing expert effort. However, generating labeled datasets, extracting features, and selecting features without expert effort is nontrivial. We propose IntelliNDI, an intelligent and active network device identification method. IntelliNDI collects network device type information from multiple cyberspace search engines and filter out the network devices with different types on different search engines. We regard the approximately consistent network device types as the ground truth network device types. As for feature extraction, we use the same attributes employed in the well-known Nmap protocol stack detection to avoid the requirements for constructing features. Finally, we select features with basic ML methods. We implement IntelliNDI for several kinds of typical network devices. The trained classifiers in our experiments can achieve 90 percent accuracy.</description><subject>Active TCP/IP Stack Probing</subject><subject>Feature extraction</subject><subject>Intelligent networks</subject><subject>Machine learning</subject><subject>Monitoring</subject><subject>Network Device Identification</subject><subject>Object recognition</subject><subject>Protocols</subject><subject>TCPIP</subject><issn>0890-8044</issn><issn>1558-156X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNpNkEFLAzEUhIMoWKs_QPCQP7Dte5tkN3ustepCrQUreFvS5KXE1l3ZDRX_vVvag6cZhpk5fIzdIowQoRi_LGarUQqpHAmRS9BwxgaolE5QZR_nbAC6gESDlJfsqus-AVAqkQ7Yoqwj7XZhQ3XkC4o_TbvlD7QPlnjp-jD4YE0MTc3vTUeO92ZiY9gTX02X43LJ36KxW75sm3WoN9fswptdRzcnHbL3x9lq-pzMX5_K6WSe2BR1TGSx9j5HZbVF7QBtprRWaCQYp01mnZMuV2uBPheiEKkyIMgYspm1nkQqhgyPv7Ztuq4lX3234cu0vxVCdQBSHYBUByDVCUi_uTtuAhH968tM9DXxByYJXLc</recordid><startdate>20241101</startdate><enddate>20241101</enddate><creator>Qiao, Libing</creator><creator>Dong, Enhuan</creator><creator>Yin, Huanpu</creator><creator>Li, Haisheng</creator><creator>Yang, Jiahai</creator><general>IEEE</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0003-4861-0513</orcidid><orcidid>https://orcid.org/0000-0001-6109-6737</orcidid><orcidid>https://orcid.org/0009-0002-3620-7751</orcidid><orcidid>https://orcid.org/0000-0002-2539-8241</orcidid></search><sort><creationdate>20241101</creationdate><title>Intelligent Network Device Identification Based on Active TCP/IP Stack Probing</title><author>Qiao, Libing ; Dong, Enhuan ; Yin, Huanpu ; Li, Haisheng ; Yang, Jiahai</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c218t-49bff715c8c18d01c658851a40ad8a6cdd4d75b31f7339325a03eaaec6ccfe323</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Active TCP/IP Stack Probing</topic><topic>Feature extraction</topic><topic>Intelligent networks</topic><topic>Machine learning</topic><topic>Monitoring</topic><topic>Network Device Identification</topic><topic>Object recognition</topic><topic>Protocols</topic><topic>TCPIP</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Qiao, Libing</creatorcontrib><creatorcontrib>Dong, Enhuan</creatorcontrib><creatorcontrib>Yin, Huanpu</creatorcontrib><creatorcontrib>Li, Haisheng</creatorcontrib><creatorcontrib>Yang, Jiahai</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) Online</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><jtitle>IEEE network</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Qiao, Libing</au><au>Dong, Enhuan</au><au>Yin, Huanpu</au><au>Li, Haisheng</au><au>Yang, Jiahai</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Intelligent Network Device Identification Based on Active TCP/IP Stack Probing</atitle><jtitle>IEEE network</jtitle><stitle>NET-M</stitle><date>2024-11-01</date><risdate>2024</risdate><volume>38</volume><issue>6</issue><spage>187</spage><epage>193</epage><pages>187-193</pages><issn>0890-8044</issn><eissn>1558-156X</eissn><coden>IENEET</coden><abstract>With the continuous development of network devices, there are increasingly types and quantities of network devices. Accurate identification of device types helps proactively protect potentially vulnerable devices exposed on the Internet. Among the network device identification methods, the TCP/IP stack active detection method is an important kind since it does not require many open ports of target devices. However, its performance is limited by the rule/fingerprint database quality. Maintaining such a database requires a lot of expert effort, making the method difficult to scale up. To solve the scalability problem, our insight in this paper is to use machine learning methods to generate network device classifiers without needing expert effort. However, generating labeled datasets, extracting features, and selecting features without expert effort is nontrivial. We propose IntelliNDI, an intelligent and active network device identification method. IntelliNDI collects network device type information from multiple cyberspace search engines and filter out the network devices with different types on different search engines. We regard the approximately consistent network device types as the ground truth network device types. As for feature extraction, we use the same attributes employed in the well-known Nmap protocol stack detection to avoid the requirements for constructing features. Finally, we select features with basic ML methods. We implement IntelliNDI for several kinds of typical network devices. The trained classifiers in our experiments can achieve 90 percent accuracy.</abstract><pub>IEEE</pub><doi>10.1109/MNET.2024.3374080</doi><tpages>7</tpages><orcidid>https://orcid.org/0000-0003-4861-0513</orcidid><orcidid>https://orcid.org/0000-0001-6109-6737</orcidid><orcidid>https://orcid.org/0009-0002-3620-7751</orcidid><orcidid>https://orcid.org/0000-0002-2539-8241</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 0890-8044
ispartof IEEE network, 2024-11, Vol.38 (6), p.187-193
issn 0890-8044
1558-156X
language eng
recordid cdi_ieee_primary_10463024
source IEEE Electronic Library (IEL) Journals
subjects Active TCP/IP Stack Probing
Feature extraction
Intelligent networks
Machine learning
Monitoring
Network Device Identification
Object recognition
Protocols
TCPIP
title Intelligent Network Device Identification Based on Active TCP/IP Stack Probing
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T07%3A19%3A35IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Intelligent%20Network%20Device%20Identification%20Based%20on%20Active%20TCP/IP%20Stack%20Probing&rft.jtitle=IEEE%20network&rft.au=Qiao,%20Libing&rft.date=2024-11-01&rft.volume=38&rft.issue=6&rft.spage=187&rft.epage=193&rft.pages=187-193&rft.issn=0890-8044&rft.eissn=1558-156X&rft.coden=IENEET&rft_id=info:doi/10.1109/MNET.2024.3374080&rft_dat=%3Ccrossref_ieee_%3E10_1109_MNET_2024_3374080%3C/crossref_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c218t-49bff715c8c18d01c658851a40ad8a6cdd4d75b31f7339325a03eaaec6ccfe323%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10463024&rfr_iscdi=true