Loading…
A Novel Device Identification Method Based on Passive Measurement
Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of intern...
Saved in:
Published in: | Security and communication networks 2019-01, Vol.2019 (2019), p.1-11 |
---|---|
Main Authors: | , , , , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
cited_by | |
---|---|
cites | cdi_FETCH-LOGICAL-c317t-7e0e63ff302200bbe781256fb6b7f4ac0931f4753bdc2cbec0cb45effbcfe0713 |
container_end_page | 11 |
container_issue | 2019 |
container_start_page | 1 |
container_title | Security and communication networks |
container_volume | 2019 |
creator | Shi, Jin-qiao Yu, Ai-min Cai, Li-jun Zhang, Hao Sun, Wei Jiang, Jianguo |
description | Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of internal network. Accurate identification of the type of device corresponding to the IP address and detailed description of the communication behavior of the device are of great significance for conducting network security risk assessment, hidden danger investigation, and threat warning. Traditional cyberspace surveying and mapping techniques take the form of active measurement, but they cannot be transplanted to large-scale intranet. Resources or specific targets in internal networks are often protected by firewalls, VPNs, gateways, and other technologies, so they are difficult to analyze and determine by active measurement. In this paper, a passive measurement method is proposed to identify and characterize devices in the network through real traffic data. Firstly, a new graph structure mining method is used to determine the server-like devices and host-like devices; then, the NAT-like devices are determined by quantitative analysis of traffic; finally, by qualitative analysis of the NAT-like device traffic, it is determined whether there are server-like devices behind the NAT-like device. This method will prove to be useful in identifying all kinds of devices in network data traffic, detecting unauthorized NAT-like devices and whether there are server-like devices behind the NAT-like devices. |
doi_str_mv | 10.1155/2019/6045251 |
format | article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2455785756</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2455785756</sourcerecordid><originalsourceid>FETCH-LOGICAL-c317t-7e0e63ff302200bbe781256fb6b7f4ac0931f4753bdc2cbec0cb45effbcfe0713</originalsourceid><addsrcrecordid>eNqF0EtLw0AQB_BFFKzVm2cJeNTYmX1km2Otr0J9HPQcdjezdEvb1Gxa8dubkqJHT_Pgxwz8GTtHuEFUasAB80EGUnGFB6yHuchTQM4Pf3uUx-wkxjlAhlLLHhuNkpdqS4vkjrbBUTIpadUEH5xpQrVKnqmZVWVyayKVSTu_mRjDltq9iZuali0-ZUfeLCKd7WuffTzcv4-f0unr42Q8mqZOoG5STUCZ8F4A5wDWkh4iV5m3mdVeGge5QC-1ErZ03Fly4KxU5L11nkCj6LPL7u66rj43FJtiXm3qVfuy4FIpPVRaZa267pSrqxhr8sW6DktTfxcIxS6kYhdSsQ-p5Vcdn4VVab7Cf_qi09Qa8uZPcwSZD8UP8B5vpg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2455785756</pqid></control><display><type>article</type><title>A Novel Device Identification Method Based on Passive Measurement</title><source>Wiley Online Library Open Access</source><source>Publicly Available Content (ProQuest)</source><creator>Shi, Jin-qiao ; Yu, Ai-min ; Cai, Li-jun ; Zhang, Hao ; Sun, Wei ; Jiang, Jianguo</creator><contributor>Li, Fagen ; Fagen Li</contributor><creatorcontrib>Shi, Jin-qiao ; Yu, Ai-min ; Cai, Li-jun ; Zhang, Hao ; Sun, Wei ; Jiang, Jianguo ; Li, Fagen ; Fagen Li</creatorcontrib><description>Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of internal network. Accurate identification of the type of device corresponding to the IP address and detailed description of the communication behavior of the device are of great significance for conducting network security risk assessment, hidden danger investigation, and threat warning. Traditional cyberspace surveying and mapping techniques take the form of active measurement, but they cannot be transplanted to large-scale intranet. Resources or specific targets in internal networks are often protected by firewalls, VPNs, gateways, and other technologies, so they are difficult to analyze and determine by active measurement. In this paper, a passive measurement method is proposed to identify and characterize devices in the network through real traffic data. Firstly, a new graph structure mining method is used to determine the server-like devices and host-like devices; then, the NAT-like devices are determined by quantitative analysis of traffic; finally, by qualitative analysis of the NAT-like device traffic, it is determined whether there are server-like devices behind the NAT-like device. This method will prove to be useful in identifying all kinds of devices in network data traffic, detecting unauthorized NAT-like devices and whether there are server-like devices behind the NAT-like devices.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1155/2019/6045251</identifier><language>eng</language><publisher>Cairo, Egypt: Hindawi Publishing Corporation</publisher><subject>Access control ; Accuracy ; Algorithms ; Cluster analysis ; Communication ; Computer networks ; Electronic devices ; Firewalls ; Gateways ; Identification methods ; Industrial applications ; Internet of Things ; Intranets ; IP (Internet Protocol) ; Measurement methods ; Methods ; Qualitative analysis ; Risk assessment ; Servers ; Traffic congestion ; Traffic information ; Virtual private networks</subject><ispartof>Security and communication networks, 2019-01, Vol.2019 (2019), p.1-11</ispartof><rights>Copyright © 2019 Wei Sun et al.</rights><rights>Copyright © 2019 Wei Sun et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c317t-7e0e63ff302200bbe781256fb6b7f4ac0931f4753bdc2cbec0cb45effbcfe0713</cites><orcidid>0000-0002-5165-6806</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2455785756?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,25753,27924,27925,37012,44590</link.rule.ids></links><search><contributor>Li, Fagen</contributor><contributor>Fagen Li</contributor><creatorcontrib>Shi, Jin-qiao</creatorcontrib><creatorcontrib>Yu, Ai-min</creatorcontrib><creatorcontrib>Cai, Li-jun</creatorcontrib><creatorcontrib>Zhang, Hao</creatorcontrib><creatorcontrib>Sun, Wei</creatorcontrib><creatorcontrib>Jiang, Jianguo</creatorcontrib><title>A Novel Device Identification Method Based on Passive Measurement</title><title>Security and communication networks</title><description>Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of internal network. Accurate identification of the type of device corresponding to the IP address and detailed description of the communication behavior of the device are of great significance for conducting network security risk assessment, hidden danger investigation, and threat warning. Traditional cyberspace surveying and mapping techniques take the form of active measurement, but they cannot be transplanted to large-scale intranet. Resources or specific targets in internal networks are often protected by firewalls, VPNs, gateways, and other technologies, so they are difficult to analyze and determine by active measurement. In this paper, a passive measurement method is proposed to identify and characterize devices in the network through real traffic data. Firstly, a new graph structure mining method is used to determine the server-like devices and host-like devices; then, the NAT-like devices are determined by quantitative analysis of traffic; finally, by qualitative analysis of the NAT-like device traffic, it is determined whether there are server-like devices behind the NAT-like device. This method will prove to be useful in identifying all kinds of devices in network data traffic, detecting unauthorized NAT-like devices and whether there are server-like devices behind the NAT-like devices.</description><subject>Access control</subject><subject>Accuracy</subject><subject>Algorithms</subject><subject>Cluster analysis</subject><subject>Communication</subject><subject>Computer networks</subject><subject>Electronic devices</subject><subject>Firewalls</subject><subject>Gateways</subject><subject>Identification methods</subject><subject>Industrial applications</subject><subject>Internet of Things</subject><subject>Intranets</subject><subject>IP (Internet Protocol)</subject><subject>Measurement methods</subject><subject>Methods</subject><subject>Qualitative analysis</subject><subject>Risk assessment</subject><subject>Servers</subject><subject>Traffic congestion</subject><subject>Traffic information</subject><subject>Virtual private networks</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqF0EtLw0AQB_BFFKzVm2cJeNTYmX1km2Otr0J9HPQcdjezdEvb1Gxa8dubkqJHT_Pgxwz8GTtHuEFUasAB80EGUnGFB6yHuchTQM4Pf3uUx-wkxjlAhlLLHhuNkpdqS4vkjrbBUTIpadUEH5xpQrVKnqmZVWVyayKVSTu_mRjDltq9iZuali0-ZUfeLCKd7WuffTzcv4-f0unr42Q8mqZOoG5STUCZ8F4A5wDWkh4iV5m3mdVeGge5QC-1ErZ03Fly4KxU5L11nkCj6LPL7u66rj43FJtiXm3qVfuy4FIpPVRaZa267pSrqxhr8sW6DktTfxcIxS6kYhdSsQ-p5Vcdn4VVab7Cf_qi09Qa8uZPcwSZD8UP8B5vpg</recordid><startdate>20190101</startdate><enddate>20190101</enddate><creator>Shi, Jin-qiao</creator><creator>Yu, Ai-min</creator><creator>Cai, Li-jun</creator><creator>Zhang, Hao</creator><creator>Sun, Wei</creator><creator>Jiang, Jianguo</creator><general>Hindawi Publishing Corporation</general><general>Hindawi</general><general>Hindawi Limited</general><scope>ADJCN</scope><scope>AHFXO</scope><scope>RHU</scope><scope>RHW</scope><scope>RHX</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0002-5165-6806</orcidid></search><sort><creationdate>20190101</creationdate><title>A Novel Device Identification Method Based on Passive Measurement</title><author>Shi, Jin-qiao ; Yu, Ai-min ; Cai, Li-jun ; Zhang, Hao ; Sun, Wei ; Jiang, Jianguo</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c317t-7e0e63ff302200bbe781256fb6b7f4ac0931f4753bdc2cbec0cb45effbcfe0713</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Access control</topic><topic>Accuracy</topic><topic>Algorithms</topic><topic>Cluster analysis</topic><topic>Communication</topic><topic>Computer networks</topic><topic>Electronic devices</topic><topic>Firewalls</topic><topic>Gateways</topic><topic>Identification methods</topic><topic>Industrial applications</topic><topic>Internet of Things</topic><topic>Intranets</topic><topic>IP (Internet Protocol)</topic><topic>Measurement methods</topic><topic>Methods</topic><topic>Qualitative analysis</topic><topic>Risk assessment</topic><topic>Servers</topic><topic>Traffic congestion</topic><topic>Traffic information</topic><topic>Virtual private networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Shi, Jin-qiao</creatorcontrib><creatorcontrib>Yu, Ai-min</creatorcontrib><creatorcontrib>Cai, Li-jun</creatorcontrib><creatorcontrib>Zhang, Hao</creatorcontrib><creatorcontrib>Sun, Wei</creatorcontrib><creatorcontrib>Jiang, Jianguo</creatorcontrib><collection>الدوريات العلمية والإحصائية - e-Marefa Academic and Statistical Periodicals</collection><collection>معرفة - المحتوى العربي الأكاديمي المتكامل - e-Marefa Academic Complete</collection><collection>Hindawi Publishing Complete</collection><collection>Hindawi Publishing Subscription Journals</collection><collection>Hindawi Publishing Open Access</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer science database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ProQuest advanced technologies & aerospace journals</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content (ProQuest)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Shi, Jin-qiao</au><au>Yu, Ai-min</au><au>Cai, Li-jun</au><au>Zhang, Hao</au><au>Sun, Wei</au><au>Jiang, Jianguo</au><au>Li, Fagen</au><au>Fagen Li</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Novel Device Identification Method Based on Passive Measurement</atitle><jtitle>Security and communication networks</jtitle><date>2019-01-01</date><risdate>2019</risdate><volume>2019</volume><issue>2019</issue><spage>1</spage><epage>11</epage><pages>1-11</pages><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of internal network. Accurate identification of the type of device corresponding to the IP address and detailed description of the communication behavior of the device are of great significance for conducting network security risk assessment, hidden danger investigation, and threat warning. Traditional cyberspace surveying and mapping techniques take the form of active measurement, but they cannot be transplanted to large-scale intranet. Resources or specific targets in internal networks are often protected by firewalls, VPNs, gateways, and other technologies, so they are difficult to analyze and determine by active measurement. In this paper, a passive measurement method is proposed to identify and characterize devices in the network through real traffic data. Firstly, a new graph structure mining method is used to determine the server-like devices and host-like devices; then, the NAT-like devices are determined by quantitative analysis of traffic; finally, by qualitative analysis of the NAT-like device traffic, it is determined whether there are server-like devices behind the NAT-like device. This method will prove to be useful in identifying all kinds of devices in network data traffic, detecting unauthorized NAT-like devices and whether there are server-like devices behind the NAT-like devices.</abstract><cop>Cairo, Egypt</cop><pub>Hindawi Publishing Corporation</pub><doi>10.1155/2019/6045251</doi><tpages>11</tpages><orcidid>https://orcid.org/0000-0002-5165-6806</orcidid><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 1939-0114 |
ispartof | Security and communication networks, 2019-01, Vol.2019 (2019), p.1-11 |
issn | 1939-0114 1939-0122 |
language | eng |
recordid | cdi_proquest_journals_2455785756 |
source | Wiley Online Library Open Access; Publicly Available Content (ProQuest) |
subjects | Access control Accuracy Algorithms Cluster analysis Communication Computer networks Electronic devices Firewalls Gateways Identification methods Industrial applications Internet of Things Intranets IP (Internet Protocol) Measurement methods Methods Qualitative analysis Risk assessment Servers Traffic congestion Traffic information Virtual private networks |
title | A Novel Device Identification Method Based on Passive Measurement |
url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T18%3A00%3A20IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Novel%20Device%20Identification%20Method%20Based%20on%20Passive%20Measurement&rft.jtitle=Security%20and%20communication%20networks&rft.au=Shi,%20Jin-qiao&rft.date=2019-01-01&rft.volume=2019&rft.issue=2019&rft.spage=1&rft.epage=11&rft.pages=1-11&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1155/2019/6045251&rft_dat=%3Cproquest_cross%3E2455785756%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c317t-7e0e63ff302200bbe781256fb6b7f4ac0931f4753bdc2cbec0cb45effbcfe0713%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2455785756&rft_id=info:pmid/&rfr_iscdi=true |