CN111385297B - Wireless device fingerprint identification method, system, device and readable storage medium - Google Patents

Wireless device fingerprint identification method, system, device and readable storage medium Download PDF

Info

Publication number
CN111385297B
CN111385297B CN202010144165.1A CN202010144165A CN111385297B CN 111385297 B CN111385297 B CN 111385297B CN 202010144165 A CN202010144165 A CN 202010144165A CN 111385297 B CN111385297 B CN 111385297B
Authority
CN
China
Prior art keywords
wireless
characteristic
fingerprint
wireless equipment
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010144165.1A
Other languages
Chinese (zh)
Other versions
CN111385297A (en
Inventor
沈超
倪琴琴
张萌
郑超
贾战培
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Jiaotong University
Original Assignee
Xian Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Jiaotong University filed Critical Xian Jiaotong University
Priority to CN202010144165.1A priority Critical patent/CN111385297B/en
Publication of CN111385297A publication Critical patent/CN111385297A/en
Application granted granted Critical
Publication of CN111385297B publication Critical patent/CN111385297B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2411Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2413Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on distances to training or reference patterns
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2415Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
    • G06F18/24155Bayesian classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Abstract

The invention belongs to the field of wireless equipment identification, and discloses a wireless equipment fingerprint identification method, a system, equipment and a readable storage medium, which comprise the following steps: collecting network data frames of wireless equipment in a communication process; extracting characteristic parameters of the wireless device capable of reflecting the characteristics of the wireless device from the network data frame; constructing a characteristic fingerprint of the wireless device according to the characteristic parameters of the wireless device; training the characteristic fingerprint of the wireless equipment through a classifier, and determining the parameters of the classifier to obtain a fingerprint identification model of the wireless equipment; and identifying the current wireless equipment through the fingerprint identification model of the wireless equipment and the characteristic fingerprint preset in the fingerprint database. The method overcomes the defect that the traditional equipment identification method based on a certain characteristic parameter of the wireless equipment is easy to forge and tamper, realizes accurate identification of the wireless equipment by implicitly collecting network flow of the wireless equipment, does not interfere normal work of the wireless equipment in the whole identification process, does not need participation of a user, and has good user experience.

Description

Wireless device fingerprint identification method, system, device and readable storage medium
Technical Field
The invention belongs to the field of wireless equipment identification, and relates to a wireless equipment fingerprint identification method, a system, equipment and a readable storage medium.
Background
With the popularization of the internet and the development of WiFi technology, wireless/mobile communication has become an indispensable part of the current society, and meanwhile, wireless network security also attracts a wide attention of the society, wherein wireless device fingerprint identification is a hot topic of academia and industry.
Conventional device fingerprinting is initiated from a wireless device by analyzing the wireless device's unique patterns of behavior characteristics to accurately identify the device. If the MAC address of the device is used to identify the device, unfortunately, it is easy for an attacker to forge or tamper the MAC address through a network attack tool and fake himself to make a legitimate device access to the network, and the device is not easy to detect and discover.
In response to the above-mentioned shortcomings, it is a trend to find unique attributes of wireless devices, such as genes or fingerprints of living beings.
Disclosure of Invention
The invention aims to overcome the defects that the MAC address of a device is used for identifying the device in the prior art, but the MAC address is easy to forge and tamper, and provides a wireless device fingerprint identification method, a system, a device and a readable storage medium.
In order to achieve the purpose, the invention adopts the following technical scheme to realize the purpose:
in a first aspect of the present invention, a method for fingerprint identification of a wireless device includes the following steps:
s1: collecting network data frames of wireless equipment in a communication process;
s2: extracting characteristic parameters of the wireless device capable of reflecting the characteristics of the wireless device from the network data frame;
s3: constructing a characteristic fingerprint of the wireless device according to the characteristic parameters of the wireless device;
s4: training the characteristic fingerprint of the wireless equipment through a classifier, and determining the parameters of the classifier to obtain a fingerprint identification model of the wireless equipment;
s5: and identifying the current wireless equipment through the wireless equipment fingerprint identification model and the preset characteristic fingerprint in the fingerprint library, wherein the preset characteristic fingerprint in the fingerprint library has a wireless equipment identifier.
The fingerprint identification method of the wireless equipment is further improved as follows:
the specific method of S2 is as follows:
extracting data frame parameters capable of reflecting the characteristics of the wireless equipment from the network data frame, wherein the data frame parameters capable of reflecting the characteristics of the wireless equipment are frame interval time, frame size or transmission rate, and then carrying out noise reduction and normalization processing on the extracted data frame parameters to obtain the characteristic parameters of the wireless equipment.
The specific method of S3 is as follows:
dividing the characteristic parameters of the wireless equipment into a plurality of groups, counting seven-dimensional statistics of each group of characteristic parameters, wherein the seven-dimensional statistics comprises a maximum value, a minimum value, a standard deviation, a mean, a median, an upper quartile and a lower quartile to obtain characteristic vectors of each group of characteristic parameters, and combining the characteristic vectors of each group of characteristic parameters to obtain the characteristic fingerprint of the wireless equipment.
The specific method of S3 is as follows:
dividing the characteristic parameters of the wireless equipment into a plurality of groups, counting the maximum value and the minimum value of each group of characteristic parameters, dividing a closed interval consisting of the maximum value and the minimum value of each group of characteristic parameters into a plurality of windows, counting the frequency of data falling in each window in the group of characteristic parameters to obtain the characteristic vector of the group of characteristic parameters, and combining the characteristic vector of each group of characteristic parameters to obtain the characteristic fingerprint of the wireless equipment.
The characteristic parameters of the wireless device are obtained by fusing at least two types of data frame parameters capable of reflecting the characteristics of the wireless device.
The specific method of S4 is as follows:
dividing the characteristic fingerprints of the wireless equipment into a training set and a testing set, training the training set through a naive Bayes machine learning classifier, a support vector machine learning classifier, a K nearest neighbor machine learning classifier, a random forest machine learning classifier, a deep neural network deep learning classifier and a convolutional neural network deep learning classifier, and determining classifier parameters; and then testing the identification performance of each classifier through the test set, and selecting the classifier with the best identification performance to obtain the fingerprint identification model of the wireless equipment.
In the step S4, the training set is trained through a naive Bayes machine learning classifier, a support vector machine learning classifier, a K nearest neighbor machine learning classifier, a random forest machine learning classifier, a deep neural network deep learning classifier and a convolutional neural network deep learning classifier, and the modes adopted when the recognition performance of each classifier is tested through the test set are all cross-validation methods.
In a second aspect of the present invention, a wireless device fingerprint identification system is constructed based on a B/S architecture, and includes a network traffic capturing module, a feature fingerprint generating module, a wireless network device identification module, and a fingerprint library, where:
a network traffic capturing module: the wireless device is used for acquiring network data frames of the wireless device in the communication process and sending the network data frames to the characteristic fingerprint generation module;
the characteristic fingerprint generation module: the wireless network equipment identification module is used for extracting the characteristic parameters of the wireless equipment capable of reflecting the characteristics of the wireless equipment from the network data frame and sending the characteristic parameters to the wireless network equipment identification module;
wireless network equipment identification module: the wireless device fingerprint identification method comprises the steps of establishing a characteristic fingerprint of the wireless device according to the characteristic parameters of the wireless device, training the characteristic fingerprint of the wireless device through a classifier, determining the parameters of the classifier to obtain a wireless device fingerprint identification model, and identifying the current wireless device through the wireless device fingerprint identification model and a preset characteristic fingerprint in a fingerprint library, wherein the preset characteristic fingerprint in the fingerprint library has a wireless device identification.
In a third aspect of the present invention, a computer device comprises a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the wireless device fingerprint identification method when executing the computer program.
In a fourth aspect of the present invention, a computer-readable storage medium stores a computer program, which when executed by a processor implements the steps of the above-described wireless device fingerprinting method.
Compared with the prior art, the invention has the following beneficial effects:
the method for identifying the fingerprint of the wireless equipment comprises the steps of capturing a network data frame generated by the wireless equipment in a communication process, extracting characteristic parameters related to identity information of the wireless equipment from the network data frame, and accordingly constructing a characteristic fingerprint capable of uniquely representing the wireless equipment, wherein the characteristic fingerprint of the wireless equipment is independent of a network protocol and an application type used by a user on the wireless equipment, does not change along with time and is not easy to be tampered or forged, a wireless equipment fingerprint identification model is obtained by training under a classifier based on the characteristic fingerprint, and identification of individuals and types of the wireless equipment is further achieved. The method overcomes the defect that the traditional wireless equipment identification method based on certain characteristic parameter (such as MAC address) of the wireless equipment is easy to forge and tamper, realizes accurate identification of the wireless equipment by implicitly collecting the network data frame of the wireless equipment, does not interfere the normal work of the wireless equipment in the whole identification process, does not need the participation of a user, and has good user experience.
Furthermore, several feature fingerprint generation methods are disclosed, and a feature fingerprint generation method of a wireless device fusing multiple types of feature parameters is disclosed, so that the defects that a single type of feature parameter cannot completely represent information of the wireless device, and an independent feature parameter can only represent attributes of the wireless device in a certain aspect are overcome, and the identification precision of the wireless device is further improved.
Furthermore, a plurality of training tests are carried out, and more accurate recognition results can be obtained by integrating a plurality of classification recognition rates.
Furthermore, a cross-validation method is adopted to train and test the characteristic fingerprints, and the cross-validation method randomly generates sub-samples used for training and testing, so that all samples are fully utilized, and meanwhile, the phenomenon of under-fitting caused by insufficient training data can be avoided.
The wireless equipment fingerprint identification system is constructed based on the B/S architecture according to the identification method, can observe the identification result more intuitively and efficiently, and is low in cost.
Drawings
FIG. 1 is a flow chart of a wireless device fingerprinting method of the present invention;
FIG. 2 is a schematic diagram of the feature fingerprint generation process based on seven-dimensional statistics of the present invention;
FIG. 3 is a schematic diagram of a probability density-based feature fingerprint generation process of the present invention;
FIG. 4 is a block diagram of a wireless device fingerprinting system framework of the present invention;
FIG. 5 is a schematic diagram of a network data frame generation process of the present invention;
fig. 6 is a schematic diagram of a wireless network environment model of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Aiming at the problems in the background art, the inventor discovers that the generation of network traffic needs the cooperative work of a plurality of devices by analyzing the generation and transmission mechanisms of the traffic, so that different manufacturers and different device types have differences on hardware, the differences can be reflected in the network traffic, the wireless device fingerprint similar to a biological fingerprint can be found by analyzing the differences of different wireless devices in the network traffic, the wireless device fingerprint is used for unique identification of the wireless device, and a complete identification scheme from the analysis of a wireless device identification principle to the extraction and expression analysis of features, then to the generation of the feature fingerprint and then to the construction and evaluation of a wireless device fingerprint identification model is provided.
The invention is described in further detail below with reference to the accompanying drawings:
referring to fig. 1 to 3, the fingerprint identification method for wireless devices of the present invention includes the following steps:
step 1: network data frame acquisition for a wireless device: based on the correlation analysis of the network data frame and the wireless equipment, a wireless network environment model is designed, a network flow acquisition environment is built according to the wireless network environment model, the network flow acquisition of the wireless equipment in the communication process is realized, and the network data frame of the wireless equipment is obtained.
The generation mechanism of the network data frame is analyzed, the relation between the network data frame and the wireless equipment individual is searched, and the theoretical basis for extracting the unique representation equipment information from the network data frame is researched. Designing a wireless local area network model under a WiFi network, building a network traffic collection environment based on the wireless local area network model, connecting a wireless device to the network environment, and capturing a network data frame generated by the wireless device under the environment, wherein the network data frame comprises a plurality of network protocols (such as TCP, UDP, ICMP and the like).
The correlation analysis of the network data frame and the wireless device specifically comprises the following steps: referring to fig. 4, the generation of network data frames is a complex process that requires the cooperation of multiple hardware components and operating systems within the device. These hardware components include a CPU, multi-layer memory (L1/L2 Cache, main memory, hard disk), DMA controller, PCI bus, network card, etc. The flow package is generated by firstly extracting a corresponding instruction set from a memory structure from an instruction value and sending the instruction set to a CPU for execution; under the command of an operating system, a CPU creates one or more buffer descriptors, each buffer descriptor comprises a starting storage address and a storage length occupied by a flow data frame, if a flow packet is discontinuously stored in a memory, the CPU generates a plurality of buffer descriptors, correspondingly, the operating system instructs the CPU to generate a new buffer descriptor for storing register mapping information into a memory mapping register of a network card, the information needs to pass through a front-end bus, a north bridge and a PCI bus to the network card, then the network card starts one or more DMA transmission to retrieve the descriptor, and then the network card also initiates one or more DMA transmission to transfer the exact flow data frame from a main memory to a transmission buffer of the network card, and the data leaves from the front-end bus and is transmitted into the network card through the north bridge and the PCI bus. Finally, the network card informs the operating system and the CPU that the descriptor has been processed, and the corresponding traffic packet is also successfully generated and sent to the network.
The wireless network environment model is specifically as follows: the wireless network refers to a network built by using a wireless communication technology, and a wireless network environment realized by means of a public mobile communication network is generally divided into two modes, namely a wireless network (such as 4G, 3G or GPRS) realized by means of the public mobile communication network and a Wireless Local Area Network (WLAN), so that a data acquisition environment of the invention can be built by means of wireless network environment models built by the two modes.
Step 2: characteristic parameter extraction and data preprocessing: analyzing the acquired network data frame, extracting data frame parameters capable of reflecting the characteristics of the wireless equipment from the acquired network data frame, further performing noise reduction and normalization processing on the data frame parameters, converting the data frame parameters into a format capable of easily generating characteristic fingerprints, and obtaining the characteristic parameters of the wireless equipment.
For network data frames collected by different network protocols, characteristic parameters of wireless equipment such as frame interval time (IAT), frame size (FrameSize), transmission rate (TransRate) and the like are extracted from the network data frames. The invention adopts a 3 delta method to perform noise reduction processing on original characteristic parameters, namely, assuming that the distribution type of the characteristic parameters is normal distribution, reserving the original data in a (mu-3 delta, mu +3 delta) interval, taking the rest data as noise to be filtered, and then performing normalization processing on the characteristic parameters subjected to noise reduction by using a maximum and minimum value method to ensure that all the characteristic parameters are in the same dimension and magnitude.
The inter-frame time IAT represents the interval between the arrival times of two frames, and is calculated by using the following formula:
Figure BDA0002400136800000081
wherein: t is t1And t2Arrival times of two frames, F1And F2Frame numbers of two frames respectively.
The transmission rate TransRate represents the rate of data transmission of the network card, and is calculated by adopting the following formula:
Figure BDA0002400136800000082
where FrameSize denotes the size of each frame and IAT denotes the inter-frame time.
And step 3: and (3) generating a characteristic fingerprint: the invention discloses a method for constructing a characteristic fingerprint of a wireless device by means of characteristic parameters of the wireless device, and provides three characteristic fingerprint generation schemes: a characteristic fingerprint generation mode based on seven-dimensional statistics, a characteristic fingerprint generation mode based on probability density and a characteristic fingerprint generation mode based on fusion characteristics.
For each characteristic parameter, the number is N, and is marked as x1,x2,...,xN
For a feature fingerprint generation process based on seven-dimensional statistics: firstly, dividing N characteristic parameters into T groups, wherein the sample amount of each group is M, and the sample grouping T can be calculated by adopting the following formula:
Figure BDA0002400136800000083
record sample data as Gi(1<i<T), using the following formulaThe following steps: gi=[xM×(i-1)+1,xM×(i-1)+2,...,xM×i]Then the T group of samples can be represented as G1,G2,...,GT. Second, statistics GiThe seven-dimensional statistic of (1 × 7) is formed, and is expressed as a feature vector s by the following formula: s ═ max, min, std, mean, Q1, Q3]Wherein max is the maximum, min is the minimum, std is the standard deviation, mean is the mean, mean is the median, Q1 is the upper quartile, and Q3 is the lower quartile. And thirdly, combining the feature vectors of the T groups of data together to form a feature matrix with dimension of T multiplied by 7, wherein the feature matrix is the feature fingerprint of the wireless equipment based on seven-dimensional statistics.
For a probability density based feature fingerprint generation process: firstly, dividing N characteristic parameters into T groups, wherein the sample amount of each group is M, and the sample grouping T can be calculated by adopting the following formula:
Figure BDA0002400136800000091
record sample data as Gi(1<i<T), expressed using the following formula: gi=[xM×(i-1)+1,xM×(i-1)+2,...,xM×i]Then the T group of samples can be represented as G1,G2,...,GT. Second, statistics GiG is the statistical probability density distribution ofiMinimum value of (1) is gminMaximum value of gmaxThe interval [ g ]min,gmax]Equally divided into W windows: [ g ]min,g1],(g1,g2],...(gW-1,gmax]Statistics GiThe frequency freq of the medium data in each window forms a 1 × W frequency vector, which is called a feature vector f and is expressed by the following formula: f ═ freq [ freq1,freq2,...,freqW](ii) a And thirdly, generating a characteristic fingerprint, combining the characteristic vectors f of the T groups of data to form a characteristic matrix, wherein the dimensionality of the characteristic matrix is T multiplied by W, T is the grouping number, and W is the window number, and the characteristic matrix is the characteristic fingerprint of the equipment based on the probability density.
In the feature fingerprint generation process based on feature fusion, it is considered that a single feature parameter cannot completely represent information of a wireless device, and independent feature parameters can only represent attributes of the wireless device in a certain aspect, so that three independent feature parameters are fused together to generate a feature fingerprint, specifically, three feature vectors are combined into a fusion vector S or a fusion vector F, and then all feature vectors are spliced into a feature matrix, and the dimension of the feature matrix is T × (7 × 3) (feature fusion based on seven-dimensional statistics) or T × (W × 3) (feature fusion based on probability density), so that the feature matrix is the feature fingerprint based on fusion features of the device.
The fusion vector S or the fusion vector F is respectively expressed by the following formulas:
F=[IAT1,...,IATW,FS1,...,FSW,TR1,...,TRW]
S=[maxIAT,minIAT,...,Q3IAT,maxFS,minFS,...,Q3FS,maxFR,minFR,...,Q3FR]
among them, IATjFor the probability distribution of the inter-frame time within the sample, FSjFor the probability distribution of the frame size within the sample, TRjFor the probability distribution of the transmission rate within the sample, [ maxIAT,minIAT,...,Q3IAT]Is the seven-dimensional statistic of the frame interval time within the sample, [ max ]FS,minFS,...,Q3FS]For seven-dimensional statistics of frame size within a sample, maxFR,minFR,...,Q3FRIs a seven-dimensional statistic of the transmission rate within the sample.
And 4, step 4: constructing and evaluating a wireless equipment fingerprint identification model: the method comprises the steps of dividing generated characteristic fingerprints into two modules, a training set and a testing set, respectively training under four machine learning classifiers and two deep learning classifiers to determine classifier parameters, constructing a wireless equipment fingerprint identification model based on the characteristic fingerprints of wireless equipment, simultaneously testing the identification performance of the wireless equipment fingerprint identification model by using the testing set, and using the evaluation indexes of accuracy, recall rate and F1-score.
Dividing each characteristic parameter into a training set and a testing set based on characteristic fingerprints generated by different methods, training and testing the characteristic fingerprints by using a cross validation method, firstly, respectively training and determining parameters under four machine learning classifiers of naive Bayes, a support vector machine, K nearest neighbor and random forests and two deep learning classifiers of a deep neural network and a convolutional neural network, constructing a wireless equipment fingerprint identification model based on the wireless equipment fingerprint, then testing the identification performance of the wireless equipment fingerprint identification model by using the testing set, and evaluating the identification performance by using the accuracy, the recall rate and F1-score.
In a wireless device identification scene based on correlation analysis of a network data frame and a wireless device, a user extracts a characteristic fingerprint of the wireless device from the network data frame of the captured wireless device, and then compares the characteristic fingerprint of the wireless device with all characteristic fingerprints in a fingerprint library to identify which wireless device in the fingerprint library is or an unknown new wireless device, which is a multi-classification problem. In a first step, two wireless devices are randomly chosen from the data set, one of which is designated as a positive class and the other as a negative class. And secondly, inputting the characteristic fingerprint into four machine learning classifiers of a random forest, naive Bayes, a support vector machine and K nearest neighbors and two deep learning classifiers of a deep neural network and a convolutional neural network for training and testing after giving a corresponding label. And thirdly, calculating corresponding evaluation index results, wherein F1-score is a comprehensive evaluation result of the accuracy and the recall ratio, so that F1-score is used for testing and evaluating the effectiveness of the model, and the larger F1-score is, the higher the effectiveness of the model is.
Referring to fig. 5, the fingerprint identification system of wireless device of the present invention, based on the above fingerprint identification method of wireless device, develops a set of device fingerprint identification system with B/S architecture, comprising five modules: the system comprises a network flow capturing module, a characteristic fingerprint generating module, a wireless network equipment identifying module, a fingerprint library and a fingerprint library updating module.
Wherein, the network flow capturing module: the method comprises the steps of collecting flow sent by wireless equipment connected to a wireless network environment in real time, obtaining a network data frame of the wireless equipment, storing the network data frame in a system background, reading the network data frame of the wireless equipment from a system foreground visualization module, and displaying related information of the network data frame of the wireless equipment on an interface.
The characteristic fingerprint generation module: the method comprises the steps of reading a network data frame of the wireless equipment, extracting data frame parameters capable of reflecting characteristics of the wireless equipment from the network data frame of the wireless equipment, carrying out noise reduction and normalization processing on the data frame parameters to obtain characteristic parameters of the wireless equipment, and obtaining the characteristic fingerprint of the wireless equipment according to the characteristic parameters of the wireless equipment through a characteristic fingerprint generation mode based on seven-dimensional statistics, a characteristic fingerprint generation mode based on probability density or a characteristic fingerprint generation mode based on fusion characteristics.
Wireless network equipment identification module: dividing wireless equipment into a training set and a testing set, training and testing through a naive Bayes, a support vector machine, a K nearest neighbor, a random forest, a deep neural network and a convolutional neural network learning classifier to obtain 6 wireless equipment fingerprint identification models, testing the identification performance of the 6 wireless equipment fingerprint identification models through the testing set, evaluating the identification performance through accuracy, recall rate and F1-score, identifying the characteristic fingerprints in a fingerprint library through the wireless equipment fingerprint identification model with the best identification performance, and obtaining the identification result of the wireless equipment according to the marks of the characteristic fingerprints in the fingerprint library when the characteristic fingerprints of the wireless equipment are identified in the fingerprint library; otherwise, the characteristic fingerprint of the wireless equipment is sent to the fingerprint database updating module.
Fingerprint storehouse update module: the characteristic fingerprint of the wireless device is marked and then added to the fingerprint library.
The wireless device fingerprinting methods of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The fingerprint identification method of the wireless device can be stored in a computer readable storage medium if the fingerprint identification method is realized in the form of a software functional unit and sold or used as an independent product.
Based on such understanding, in the exemplary embodiment, a computer readable storage medium is also provided, all or part of the processes in the method of the above embodiments of the present invention can be realized by a computer program to instruct related hardware, the computer program can be stored in the computer readable storage medium, and when the computer program is executed by a processor, the steps of the above method embodiments can be realized. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. Computer-readable storage media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice. The computer storage medium may be any available medium or data storage device that can be accessed by a computer, including but not limited to magnetic memory (e.g., floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical memory (e.g., CD, DVD, BD, HVD, etc.), and semiconductor memory (e.g., ROM, EPROM, EEPROM, nonvolatile memory (NANDFLASH), Solid State Disk (SSD)), etc.
In an exemplary embodiment, a computer device is also provided, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the wireless device fingerprinting method when executing the computer program. The processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, etc.
In order to prove the effect of the fingerprint identification method of the wireless equipment, the feasibility of the technical scheme is proved by using an example.
1. And establishing a network flow acquisition environment.
The wireless network is a network built by using a wireless communication technology and generally comprises a wireless network and a Wireless Local Area Network (WLAN) which are realized by public mobile communication networks (such as 4G, 3G and GPRS), the embodiment takes the wireless local area network as an example for explanation, a wireless network environment model shown in fig. 6 is designed, a network comprising a mirror image switch, two routers and a plurality of wireless terminal devices is built based on the network model, one router is responsible for building a WiFi hotspot, the other router is responsible for receiving and forwarding data, a dotted line in the figure represents WiFi connection, and a pad, a notebook computer and a smart phone are schematically drawn in the figure. The flow generated when the wireless equipment is accessed to the local area network is forwarded to the mirror image switch through the router, and the flow packet can be captured by a notebook computer with Wireshark, so that the flow collection of the wireless equipment is realized. In the wireless network environment shown in fig. 6, network data frames of 23 mobile devices including a PC, a smart phone, a tablet computer, and the like are collected as experimental description data in the experiment, the data collection scale of each wireless device reaches over 600MB, and the number of the network data frames is at least 50 ten thousand.
2. Extracting characteristic parameters and preprocessing data.
Aiming at network data frames of a plurality of wireless devices acquired in the data acquisition process, three characteristic parameters, namely frame interval time (IAT), frame size (FrameSize) and transmission rate (TransRate), are extracted from original data frames according to different network protocols. And calculating the mean value and the variance of each characteristic parameter, selecting a 3 delta method to filter noise data in the characteristic parameters under the assumption that the distribution follows normal distribution, keeping the data with the median size of (mu-3 delta, mu +3 delta), regarding the rest data as the noise data, and finally normalizing the data by adopting a maximum-minimum method so as to keep the dimension and the magnitude of the data at the same level.
3. And generating the characteristic fingerprint.
And 3.1, generating the characteristic fingerprint based on the seven-dimensional statistic.
The first step is as follows: dividing the preprocessed characteristic parameters into T groups, and calculating the maximum value, the minimum value, the standard deviation, the mean number, the median, the upper quartile and the lower quartile of each group of characteristic parameters.
The second step is that: the seven data are combined into a seven-dimensional vector.
The third step: and combining the seven-dimensional vectors of the T groups together to form a feature matrix, namely the feature fingerprint based on the seven-dimensional statistic.
And 3.2, generating the characteristic fingerprint based on the probability density.
The first step is as follows: dividing the preprocessed characteristic parameters into T groups, sorting each group of data, finding out the maximum value and the minimum value, dividing the interval formed by the maximum value and the minimum value into W equal-width areas, and calculating the frequency of the characteristic parameters in each area.
The second step is that: and forming a W-dimensional vector by using the calculated frequency values of each group of characteristic parameters, wherein the dimension of the vector is determined by dividing the equal-width area into W.
The third step: and combining the T W-dimensional vectors to form a feature matrix, namely the feature fingerprint based on probability density.
And 3.2, generating the feature fingerprint based on feature fusion.
Seven-dimensional statistics or W-dimensional frequency vectors generated by various feature parameters are combined together to generate higher-dimensional statistics, and T groups of higher-dimensional statistics are combined together to form a feature matrix, namely the feature fingerprint based on the fusion features.
4. Training and testing.
Based on the generated characteristic fingerprint, the invention uses a cross-validation method to train and test the characteristic fingerprint, the specific process is to divide a data set into k mutually exclusive subsets with similar sizes, and the following expansion description is carried out by taking k as 10, namely, the cross-validation method is a ten-fold cross-validation method, and the method comprises the steps of randomly dividing original data into 10 sub-samples with the same scale, taking 9 sub-samples as training data and one sub-sample as test data, repeating the cross-validation for 10 times, and finally taking the average value of 10 test results. The cross-validation method randomly generates the sub-samples used for training and testing, so that all samples are fully utilized, and simultaneously, the phenomenon of under-fitting caused by insufficient training data can be avoided, and the specific process is as follows:
the first step is as follows: two wireless devices are randomly selected from the plurality of wireless devices, one of which is taken as a positive example, the sample is marked as +1 and the sample of the other wireless device is marked as-1.
The second step is that: and respectively randomly dividing the positive example data and the negative example data into k sub-samples with the same scale, wherein in the divided k sub-samples, the proportion of each class data in each sub-sample is the same as that of each class in the original data set.
The third step: and respectively taking k-1 subsamples as training samples of positive examples and negative examples to establish corresponding authentication models.
The fourth step: the remaining 1 subsample is used as test data to test the classifier's ability to identify the target wireless device and other wireless devices.
5. Wireless device fingerprint identification.
In the wireless device fingerprint identification scene, a user extracts the characteristic fingerprint of the wireless device from the network flow of the captured wireless device, then compares the characteristic fingerprint of the wireless device with the characteristic fingerprint in the fingerprint library, and identifies which wireless device in the fingerprint library is the wireless device or an unknown new wireless device, which is a multi-classification problem.
The first step is as follows: two wireless devices are randomly chosen from the data set, one of which is designated as a positive class and the other as a negative class.
The second step is that: and after a corresponding label is given, inputting the characteristic fingerprint into four machine learning classifiers of a random forest, naive Bayes, a support vector machine and K nearest neighbors and two deep learning classifiers of a deep neural network and a convolutional neural network for training and testing.
The third step: and calculating corresponding evaluation index results to test and evaluate the effectiveness of the model.
6. Designing a fingerprint identification system of the equipment.
The invention develops a set of B/S framework equipment fingerprint identification system, which mainly comprises five modules: the system comprises a network flow capturing module, a characteristic fingerprint generating module, a wireless network equipment identifying module, a fingerprint library and a fingerprint library updating module.
7. According to the invention, the result of the characteristic fingerprint identification of part of the wireless devices is verified.
According to the method, data flow generated by 23 wireless devices is collected, a data set of wireless device fingerprint identification based on flow behavior analysis is established, and the method provided by the invention is verified through experiments. Table 1 lists the wireless device fingerprinting results for feature fingerprints generated based on frame size.
TABLE 1 Wireless device fingerprinting results based on feature fingerprints generated by frame size
Figure BDA0002400136800000161
As can be seen from Table 1, F1-score of the feature fingerprints generated based on the frame sizes is above 85% when the feature fingerprints are identified under different classifiers, and F1-score of the rest classifiers except CNN is greater than 93%, wherein F1-score of the random forest is even as high as 97%, so that the effectiveness and application prospect of the wireless device fingerprint identification method can be seen.
The invention researches the generation mechanism of the network flow, discovers the correlation between the network flow and the wireless equipment and lays a theoretical foundation for researching the equipment fingerprint identification method based on flow behavior analysis. The fingerprint identification method of the wireless equipment captures the network flow of the wireless equipment under the passive condition, the whole process is performed implicitly, the normal use of the wireless equipment is not interfered, the user does not need to participate, and the fingerprint identification method of the wireless equipment has good user experience. Starting from a streaming network data frame generated by a wireless device, extracting a characteristic parameter uniquely related to the wireless device, constructing a characteristic fingerprint of the wireless device unique to the device based on the characteristic parameter, wherein the characteristic fingerprint can uniquely identify the wireless device, is independent of a network protocol and an application type used by a user on the wireless device, does not change along with time, is not easy to be falsified or forged, then training and testing are carried out under different classifiers, and a more accurate identification result can be obtained by integrating a plurality of classification identification rates. The invention not only provides a set of complete identification scheme from the analysis of the identification principle of the wireless equipment to the extraction and expression of the characteristics to the generation of the characteristic fingerprint to the construction and evaluation of the fingerprint identification model of the wireless equipment, but also develops a set of B/S framework based wireless equipment fingerprint identification system, and can observe the identification result more intuitively and efficiently.
The above-mentioned contents are only for illustrating the technical idea of the present invention, and the protection scope of the present invention is not limited thereby, and any modification made on the basis of the technical idea of the present invention falls within the protection scope of the claims of the present invention.

Claims (5)

1. A method for fingerprint identification of a wireless device, comprising the steps of:
s1: collecting network data frames of wireless equipment in a communication process;
s2: extracting characteristic parameters of the wireless device capable of reflecting the characteristics of the wireless device from the network data frame;
the specific method of S2 is as follows:
extracting data frame parameters capable of reflecting the characteristics of the wireless equipment from a network data frame, wherein the data frame parameters capable of reflecting the characteristics of the wireless equipment are frame interval time, frame size or transmission rate, and then carrying out noise reduction and normalization processing on the extracted data frame parameters to obtain characteristic parameters of the wireless equipment;
the characteristic parameters of the wireless equipment are obtained by fusing at least two types of data frame parameters capable of reflecting the characteristics of the wireless equipment;
s3: constructing a characteristic fingerprint of the wireless device according to the characteristic parameters of the wireless device; the specific method comprises the following steps:
dividing the characteristic parameters of the wireless equipment into a plurality of groups, counting seven-dimensional statistics of each group of characteristic parameters, wherein the seven-dimensional statistics comprises a maximum value, a minimum value, a standard deviation, a mean number, a median, an upper quartile and a lower quartile to obtain characteristic vectors of each group of characteristic parameters, and combining the characteristic vectors of each group of characteristic parameters to obtain characteristic fingerprints of the wireless equipment;
s4: training the characteristic fingerprint of the wireless equipment through a classifier, and determining the parameters of the classifier to obtain a fingerprint identification model of the wireless equipment; the specific method comprises the following steps:
dividing the characteristic fingerprints of the wireless equipment into a training set and a testing set, training the training set through a naive Bayes machine learning classifier, a support vector machine learning classifier, a K nearest neighbor machine learning classifier, a random forest machine learning classifier, a deep neural network deep learning classifier and a convolutional neural network deep learning classifier, and determining classifier parameters; then testing the identification performance of each classifier through a test set, and selecting the classifier with the best identification performance to obtain a wireless equipment fingerprint identification model;
s5: and identifying the current wireless equipment through the wireless equipment fingerprint identification model and the preset characteristic fingerprint in the fingerprint library, wherein the preset characteristic fingerprint in the fingerprint library has a wireless equipment identifier.
2. The method for fingerprint recognition of a wireless device according to claim 1, wherein the training set is trained by a naive bayes machine learning classifier, a support vector machine learning classifier, a K-nearest neighbor machine learning classifier, a random forest machine learning classifier, a deep neural network deep learning classifier, and a convolutional neural network deep learning classifier in S4, and the recognition performance of each classifier is tested by a test set in a cross-validation manner.
3. The wireless equipment fingerprint identification system is constructed based on a B/S (browser/Server) architecture and comprises a network flow capturing module, a characteristic fingerprint generating module, a wireless network equipment identification module and a fingerprint library, wherein:
a network traffic capturing module: the wireless device is used for acquiring network data frames of the wireless device in the communication process and sending the network data frames to the characteristic fingerprint generation module;
the characteristic fingerprint generation module: the wireless network equipment identification module is used for extracting the characteristic parameters of the wireless equipment capable of reflecting the characteristics of the wireless equipment from the network data frame and sending the characteristic parameters to the wireless network equipment identification module; the specific method for extracting the characteristic parameters of the wireless device capable of reflecting the characteristics of the wireless device from the network data frame comprises the following steps: extracting data frame parameters capable of reflecting the characteristics of the wireless equipment from a network data frame, wherein the data frame parameters capable of reflecting the characteristics of the wireless equipment are frame interval time, frame size or transmission rate, and then carrying out noise reduction and normalization processing on the extracted data frame parameters to obtain characteristic parameters of the wireless equipment; the characteristic parameters of the wireless equipment are obtained by fusing at least two types of data frame parameters capable of reflecting the characteristics of the wireless equipment;
wireless network equipment identification module: the method is used for constructing the characteristic fingerprint of the wireless device according to the characteristic parameters of the wireless device, and comprises the following steps: dividing the characteristic parameters of the wireless equipment into a plurality of groups, counting seven-dimensional statistics of each group of characteristic parameters, wherein the seven-dimensional statistics comprises a maximum value, a minimum value, a standard deviation, a mean number, a median, an upper quartile and a lower quartile to obtain characteristic vectors of each group of characteristic parameters, and combining the characteristic vectors of each group of characteristic parameters to obtain characteristic fingerprints of the wireless equipment; after training the characteristic fingerprint of the wireless equipment through a classifier, determining the parameters of the classifier to obtain a fingerprint identification model of the wireless equipment, wherein the specific method comprises the following steps: dividing the characteristic fingerprints of the wireless equipment into a training set and a testing set, training the training set through a naive Bayes machine learning classifier, a support vector machine learning classifier, a K nearest neighbor machine learning classifier, a random forest machine learning classifier, a deep neural network deep learning classifier and a convolutional neural network deep learning classifier, and determining classifier parameters; then testing the identification performance of each classifier through a test set, and selecting the classifier with the best identification performance to obtain a wireless equipment fingerprint identification model; and identifying the current wireless equipment through the wireless equipment fingerprint identification model and the preset characteristic fingerprint in the fingerprint library, wherein the preset characteristic fingerprint in the fingerprint library has a wireless equipment identifier.
4. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program performs the steps of the wireless device fingerprinting method according to any one of claims 1 to 2.
5. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method for wireless device fingerprinting according to any one of claims 1 to 2.
CN202010144165.1A 2020-03-04 2020-03-04 Wireless device fingerprint identification method, system, device and readable storage medium Active CN111385297B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010144165.1A CN111385297B (en) 2020-03-04 2020-03-04 Wireless device fingerprint identification method, system, device and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010144165.1A CN111385297B (en) 2020-03-04 2020-03-04 Wireless device fingerprint identification method, system, device and readable storage medium

Publications (2)

Publication Number Publication Date
CN111385297A CN111385297A (en) 2020-07-07
CN111385297B true CN111385297B (en) 2021-12-28

Family

ID=71217066

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010144165.1A Active CN111385297B (en) 2020-03-04 2020-03-04 Wireless device fingerprint identification method, system, device and readable storage medium

Country Status (1)

Country Link
CN (1) CN111385297B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112311630A (en) * 2020-11-04 2021-02-02 国网北京市电力公司 Network equipment identification method and device
CN112600793A (en) * 2020-11-23 2021-04-02 国网山东省电力公司青岛供电公司 Internet of things equipment classification and identification method and system based on machine learning
CN112464209A (en) * 2020-11-30 2021-03-09 深圳供电局有限公司 Fingerprint authentication method and device for power terminal
CN112528695B (en) * 2020-12-18 2024-03-15 北京元心科技有限公司 Identification method, device, equipment and computer readable storage medium
CN112738793A (en) * 2020-12-29 2021-04-30 永辉云金科技有限公司 Equipment fingerprint generation method and device based on BP algorithm and storage medium
CN112712046B (en) * 2021-01-06 2023-06-16 浙江大学 Wireless charging equipment authentication method based on equipment hardware fingerprint
CN112988325A (en) * 2021-02-01 2021-06-18 中国科学院信息工程研究所 Android simulator identification method and system based on user information
CN112637834B (en) * 2021-03-10 2021-06-18 网络通信与安全紫金山实验室 Fingerprint fusion identification method and device for wireless communication equipment
CN113873471A (en) * 2021-09-09 2021-12-31 上海伽易信息技术有限公司 Construction method of subway track line wireless environment fingerprint database based on SVM

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103229528A (en) * 2010-11-25 2013-07-31 汤姆逊许可公司 Method and device for fingerprinting of wireless communication device
CN110086810A (en) * 2019-04-29 2019-08-02 西安交通大学 Passive type industrial control equipment fingerprint identification method and device based on characteristic behavior analysis
CN110380989A (en) * 2019-07-26 2019-10-25 东南大学 The polytypic internet of things equipment recognition methods of network flow fingerprint characteristic two-stage
CN110401662A (en) * 2019-07-29 2019-11-01 华能阜新风力发电有限责任公司 A kind of industrial control equipment fingerprint identification method, storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961434B (en) * 2017-03-21 2020-10-16 南京大学 Method for fingerprint modeling and identification of wireless equipment
US10708266B2 (en) * 2018-08-22 2020-07-07 Hewlett Packard Enterprise Development Lp Wireless network device fingerprinting and identification using packet reception success probabilities
CN110519128B (en) * 2019-09-20 2021-02-19 西安交通大学 Random forest based operating system identification method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103229528A (en) * 2010-11-25 2013-07-31 汤姆逊许可公司 Method and device for fingerprinting of wireless communication device
CN110086810A (en) * 2019-04-29 2019-08-02 西安交通大学 Passive type industrial control equipment fingerprint identification method and device based on characteristic behavior analysis
CN110380989A (en) * 2019-07-26 2019-10-25 东南大学 The polytypic internet of things equipment recognition methods of network flow fingerprint characteristic two-stage
CN110401662A (en) * 2019-07-29 2019-11-01 华能阜新风力发电有限责任公司 A kind of industrial control equipment fingerprint identification method, storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations;A. Selcuk Uluagac, Sakthi V. Radhakrishnan etc.;《IEEE Xplore》;20131212;全文 *
Chao shen ; Ruiyuan Liu etc..Passive Fingerprinting for Wireless Devices: A Multi-Level Decision Approach.《2017 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA)》.2017, *
chao shen ; Ruiyuan Lu etc..Passive Fingerprinting for Wireless Devices: A Multi-Level Decision Approach.《2017 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA)》.2017, *

Also Published As

Publication number Publication date
CN111385297A (en) 2020-07-07

Similar Documents

Publication Publication Date Title
CN111385297B (en) Wireless device fingerprint identification method, system, device and readable storage medium
CN109063745B (en) Network equipment type identification method and system based on decision tree
CN110391958B (en) Method for automatically extracting and identifying characteristics of network encrypted flow
CN105871832B (en) A kind of network application encryption method for recognizing flux and its device based on protocol attribute
WO2021189730A1 (en) Method, apparatus and device for detecting abnormal dense subgraph, and storage medium
CN112367274A (en) Industrial control unknown protocol flow identification method
CN112528277A (en) Hybrid intrusion detection method based on recurrent neural network
CN113706100B (en) Real-time detection and identification method and system for Internet of things terminal equipment of power distribution network
CN113328985B (en) Passive Internet of things equipment identification method, system, medium and equipment
CN116150688A (en) Lightweight Internet of things equipment identification method and device in smart home
CN109660656A (en) A kind of intelligent terminal method for identifying application program
CN112165484B (en) Network encryption traffic identification method and device based on deep learning and side channel analysis
CN112383488B (en) Content identification method suitable for encrypted and non-encrypted data streams
Yin et al. Anomaly traffic detection based on feature fluctuation for secure industrial internet of things
KR102014234B1 (en) Method and Apparatus for automatic analysis for Wireless protocol
CN110472410B (en) Method and device for identifying data and data processing method
CN116232696A (en) Encryption traffic classification method based on deep neural network
CN113221863B (en) Encryption protocol identification method, system and medium based on electromagnetic space period statistics
CN112953961B (en) Equipment type identification method in power distribution room Internet of things
CN113286260B (en) Crowd distribution determination method, system, computer device and storage medium
CN108881307B (en) Security detection method and device for mobile terminal
CN113765891A (en) Equipment fingerprint identification method and device
CN111917715B (en) Equipment identification method based on 802.11ac MAC layer fingerprint
Kostas et al. Externally validating the IoTDevID device identification methodology using the CIC IoT 2022 Dataset
CN117041070B (en) Network space mapping node discovery and attribution judging method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant