Loading…

A Novel Device Identification Method Based on Passive Measurement

Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of intern...

Full description

Saved in:
Bibliographic Details
Published in:Security and communication networks 2019-01, Vol.2019 (2019), p.1-11
Main Authors: Shi, Jin-qiao, Yu, Ai-min, Cai, Li-jun, Zhang, Hao, Sun, Wei, Jiang, Jianguo
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites cdi_FETCH-LOGICAL-c317t-7e0e63ff302200bbe781256fb6b7f4ac0931f4753bdc2cbec0cb45effbcfe0713
container_end_page 11
container_issue 2019
container_start_page 1
container_title Security and communication networks
container_volume 2019
creator Shi, Jin-qiao
Yu, Ai-min
Cai, Li-jun
Zhang, Hao
Sun, Wei
Jiang, Jianguo
description Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of internal network. Accurate identification of the type of device corresponding to the IP address and detailed description of the communication behavior of the device are of great significance for conducting network security risk assessment, hidden danger investigation, and threat warning. Traditional cyberspace surveying and mapping techniques take the form of active measurement, but they cannot be transplanted to large-scale intranet. Resources or specific targets in internal networks are often protected by firewalls, VPNs, gateways, and other technologies, so they are difficult to analyze and determine by active measurement. In this paper, a passive measurement method is proposed to identify and characterize devices in the network through real traffic data. Firstly, a new graph structure mining method is used to determine the server-like devices and host-like devices; then, the NAT-like devices are determined by quantitative analysis of traffic; finally, by qualitative analysis of the NAT-like device traffic, it is determined whether there are server-like devices behind the NAT-like device. This method will prove to be useful in identifying all kinds of devices in network data traffic, detecting unauthorized NAT-like devices and whether there are server-like devices behind the NAT-like devices.
doi_str_mv 10.1155/2019/6045251
format article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2455785756</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2455785756</sourcerecordid><originalsourceid>FETCH-LOGICAL-c317t-7e0e63ff302200bbe781256fb6b7f4ac0931f4753bdc2cbec0cb45effbcfe0713</originalsourceid><addsrcrecordid>eNqF0EtLw0AQB_BFFKzVm2cJeNTYmX1km2Otr0J9HPQcdjezdEvb1Gxa8dubkqJHT_Pgxwz8GTtHuEFUasAB80EGUnGFB6yHuchTQM4Pf3uUx-wkxjlAhlLLHhuNkpdqS4vkjrbBUTIpadUEH5xpQrVKnqmZVWVyayKVSTu_mRjDltq9iZuali0-ZUfeLCKd7WuffTzcv4-f0unr42Q8mqZOoG5STUCZ8F4A5wDWkh4iV5m3mdVeGge5QC-1ErZ03Fly4KxU5L11nkCj6LPL7u66rj43FJtiXm3qVfuy4FIpPVRaZa267pSrqxhr8sW6DktTfxcIxS6kYhdSsQ-p5Vcdn4VVab7Cf_qi09Qa8uZPcwSZD8UP8B5vpg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2455785756</pqid></control><display><type>article</type><title>A Novel Device Identification Method Based on Passive Measurement</title><source>Wiley Online Library Open Access</source><source>Publicly Available Content (ProQuest)</source><creator>Shi, Jin-qiao ; Yu, Ai-min ; Cai, Li-jun ; Zhang, Hao ; Sun, Wei ; Jiang, Jianguo</creator><contributor>Li, Fagen ; Fagen Li</contributor><creatorcontrib>Shi, Jin-qiao ; Yu, Ai-min ; Cai, Li-jun ; Zhang, Hao ; Sun, Wei ; Jiang, Jianguo ; Li, Fagen ; Fagen Li</creatorcontrib><description>Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of internal network. Accurate identification of the type of device corresponding to the IP address and detailed description of the communication behavior of the device are of great significance for conducting network security risk assessment, hidden danger investigation, and threat warning. Traditional cyberspace surveying and mapping techniques take the form of active measurement, but they cannot be transplanted to large-scale intranet. Resources or specific targets in internal networks are often protected by firewalls, VPNs, gateways, and other technologies, so they are difficult to analyze and determine by active measurement. In this paper, a passive measurement method is proposed to identify and characterize devices in the network through real traffic data. Firstly, a new graph structure mining method is used to determine the server-like devices and host-like devices; then, the NAT-like devices are determined by quantitative analysis of traffic; finally, by qualitative analysis of the NAT-like device traffic, it is determined whether there are server-like devices behind the NAT-like device. This method will prove to be useful in identifying all kinds of devices in network data traffic, detecting unauthorized NAT-like devices and whether there are server-like devices behind the NAT-like devices.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1155/2019/6045251</identifier><language>eng</language><publisher>Cairo, Egypt: Hindawi Publishing Corporation</publisher><subject>Access control ; Accuracy ; Algorithms ; Cluster analysis ; Communication ; Computer networks ; Electronic devices ; Firewalls ; Gateways ; Identification methods ; Industrial applications ; Internet of Things ; Intranets ; IP (Internet Protocol) ; Measurement methods ; Methods ; Qualitative analysis ; Risk assessment ; Servers ; Traffic congestion ; Traffic information ; Virtual private networks</subject><ispartof>Security and communication networks, 2019-01, Vol.2019 (2019), p.1-11</ispartof><rights>Copyright © 2019 Wei Sun et al.</rights><rights>Copyright © 2019 Wei Sun et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c317t-7e0e63ff302200bbe781256fb6b7f4ac0931f4753bdc2cbec0cb45effbcfe0713</cites><orcidid>0000-0002-5165-6806</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2455785756?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,25753,27924,27925,37012,44590</link.rule.ids></links><search><contributor>Li, Fagen</contributor><contributor>Fagen Li</contributor><creatorcontrib>Shi, Jin-qiao</creatorcontrib><creatorcontrib>Yu, Ai-min</creatorcontrib><creatorcontrib>Cai, Li-jun</creatorcontrib><creatorcontrib>Zhang, Hao</creatorcontrib><creatorcontrib>Sun, Wei</creatorcontrib><creatorcontrib>Jiang, Jianguo</creatorcontrib><title>A Novel Device Identification Method Based on Passive Measurement</title><title>Security and communication networks</title><description>Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of internal network. Accurate identification of the type of device corresponding to the IP address and detailed description of the communication behavior of the device are of great significance for conducting network security risk assessment, hidden danger investigation, and threat warning. Traditional cyberspace surveying and mapping techniques take the form of active measurement, but they cannot be transplanted to large-scale intranet. Resources or specific targets in internal networks are often protected by firewalls, VPNs, gateways, and other technologies, so they are difficult to analyze and determine by active measurement. In this paper, a passive measurement method is proposed to identify and characterize devices in the network through real traffic data. Firstly, a new graph structure mining method is used to determine the server-like devices and host-like devices; then, the NAT-like devices are determined by quantitative analysis of traffic; finally, by qualitative analysis of the NAT-like device traffic, it is determined whether there are server-like devices behind the NAT-like device. This method will prove to be useful in identifying all kinds of devices in network data traffic, detecting unauthorized NAT-like devices and whether there are server-like devices behind the NAT-like devices.</description><subject>Access control</subject><subject>Accuracy</subject><subject>Algorithms</subject><subject>Cluster analysis</subject><subject>Communication</subject><subject>Computer networks</subject><subject>Electronic devices</subject><subject>Firewalls</subject><subject>Gateways</subject><subject>Identification methods</subject><subject>Industrial applications</subject><subject>Internet of Things</subject><subject>Intranets</subject><subject>IP (Internet Protocol)</subject><subject>Measurement methods</subject><subject>Methods</subject><subject>Qualitative analysis</subject><subject>Risk assessment</subject><subject>Servers</subject><subject>Traffic congestion</subject><subject>Traffic information</subject><subject>Virtual private networks</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqF0EtLw0AQB_BFFKzVm2cJeNTYmX1km2Otr0J9HPQcdjezdEvb1Gxa8dubkqJHT_Pgxwz8GTtHuEFUasAB80EGUnGFB6yHuchTQM4Pf3uUx-wkxjlAhlLLHhuNkpdqS4vkjrbBUTIpadUEH5xpQrVKnqmZVWVyayKVSTu_mRjDltq9iZuali0-ZUfeLCKd7WuffTzcv4-f0unr42Q8mqZOoG5STUCZ8F4A5wDWkh4iV5m3mdVeGge5QC-1ErZ03Fly4KxU5L11nkCj6LPL7u66rj43FJtiXm3qVfuy4FIpPVRaZa267pSrqxhr8sW6DktTfxcIxS6kYhdSsQ-p5Vcdn4VVab7Cf_qi09Qa8uZPcwSZD8UP8B5vpg</recordid><startdate>20190101</startdate><enddate>20190101</enddate><creator>Shi, Jin-qiao</creator><creator>Yu, Ai-min</creator><creator>Cai, Li-jun</creator><creator>Zhang, Hao</creator><creator>Sun, Wei</creator><creator>Jiang, Jianguo</creator><general>Hindawi Publishing Corporation</general><general>Hindawi</general><general>Hindawi Limited</general><scope>ADJCN</scope><scope>AHFXO</scope><scope>RHU</scope><scope>RHW</scope><scope>RHX</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0002-5165-6806</orcidid></search><sort><creationdate>20190101</creationdate><title>A Novel Device Identification Method Based on Passive Measurement</title><author>Shi, Jin-qiao ; Yu, Ai-min ; Cai, Li-jun ; Zhang, Hao ; Sun, Wei ; Jiang, Jianguo</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c317t-7e0e63ff302200bbe781256fb6b7f4ac0931f4753bdc2cbec0cb45effbcfe0713</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Access control</topic><topic>Accuracy</topic><topic>Algorithms</topic><topic>Cluster analysis</topic><topic>Communication</topic><topic>Computer networks</topic><topic>Electronic devices</topic><topic>Firewalls</topic><topic>Gateways</topic><topic>Identification methods</topic><topic>Industrial applications</topic><topic>Internet of Things</topic><topic>Intranets</topic><topic>IP (Internet Protocol)</topic><topic>Measurement methods</topic><topic>Methods</topic><topic>Qualitative analysis</topic><topic>Risk assessment</topic><topic>Servers</topic><topic>Traffic congestion</topic><topic>Traffic information</topic><topic>Virtual private networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Shi, Jin-qiao</creatorcontrib><creatorcontrib>Yu, Ai-min</creatorcontrib><creatorcontrib>Cai, Li-jun</creatorcontrib><creatorcontrib>Zhang, Hao</creatorcontrib><creatorcontrib>Sun, Wei</creatorcontrib><creatorcontrib>Jiang, Jianguo</creatorcontrib><collection>الدوريات العلمية والإحصائية - e-Marefa Academic and Statistical Periodicals</collection><collection>معرفة - المحتوى العربي الأكاديمي المتكامل - e-Marefa Academic Complete</collection><collection>Hindawi Publishing Complete</collection><collection>Hindawi Publishing Subscription Journals</collection><collection>Hindawi Publishing Open Access</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer science database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ProQuest advanced technologies &amp; aerospace journals</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>Publicly Available Content (ProQuest)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Shi, Jin-qiao</au><au>Yu, Ai-min</au><au>Cai, Li-jun</au><au>Zhang, Hao</au><au>Sun, Wei</au><au>Jiang, Jianguo</au><au>Li, Fagen</au><au>Fagen Li</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Novel Device Identification Method Based on Passive Measurement</atitle><jtitle>Security and communication networks</jtitle><date>2019-01-01</date><risdate>2019</risdate><volume>2019</volume><issue>2019</issue><spage>1</spage><epage>11</epage><pages>1-11</pages><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of internal network. Accurate identification of the type of device corresponding to the IP address and detailed description of the communication behavior of the device are of great significance for conducting network security risk assessment, hidden danger investigation, and threat warning. Traditional cyberspace surveying and mapping techniques take the form of active measurement, but they cannot be transplanted to large-scale intranet. Resources or specific targets in internal networks are often protected by firewalls, VPNs, gateways, and other technologies, so they are difficult to analyze and determine by active measurement. In this paper, a passive measurement method is proposed to identify and characterize devices in the network through real traffic data. Firstly, a new graph structure mining method is used to determine the server-like devices and host-like devices; then, the NAT-like devices are determined by quantitative analysis of traffic; finally, by qualitative analysis of the NAT-like device traffic, it is determined whether there are server-like devices behind the NAT-like device. This method will prove to be useful in identifying all kinds of devices in network data traffic, detecting unauthorized NAT-like devices and whether there are server-like devices behind the NAT-like devices.</abstract><cop>Cairo, Egypt</cop><pub>Hindawi Publishing Corporation</pub><doi>10.1155/2019/6045251</doi><tpages>11</tpages><orcidid>https://orcid.org/0000-0002-5165-6806</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1939-0114
ispartof Security and communication networks, 2019-01, Vol.2019 (2019), p.1-11
issn 1939-0114
1939-0122
language eng
recordid cdi_proquest_journals_2455785756
source Wiley Online Library Open Access; Publicly Available Content (ProQuest)
subjects Access control
Accuracy
Algorithms
Cluster analysis
Communication
Computer networks
Electronic devices
Firewalls
Gateways
Identification methods
Industrial applications
Internet of Things
Intranets
IP (Internet Protocol)
Measurement methods
Methods
Qualitative analysis
Risk assessment
Servers
Traffic congestion
Traffic information
Virtual private networks
title A Novel Device Identification Method Based on Passive Measurement
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T18%3A00%3A20IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Novel%20Device%20Identification%20Method%20Based%20on%20Passive%20Measurement&rft.jtitle=Security%20and%20communication%20networks&rft.au=Shi,%20Jin-qiao&rft.date=2019-01-01&rft.volume=2019&rft.issue=2019&rft.spage=1&rft.epage=11&rft.pages=1-11&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1155/2019/6045251&rft_dat=%3Cproquest_cross%3E2455785756%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c317t-7e0e63ff302200bbe781256fb6b7f4ac0931f4753bdc2cbec0cb45effbcfe0713%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2455785756&rft_id=info:pmid/&rfr_iscdi=true