CN114205332A - Power Internet of things equipment identification method based on TCP retransmission message - Google Patents
Power Internet of things equipment identification method based on TCP retransmission message Download PDFInfo
- Publication number
- CN114205332A CN114205332A CN202111341231.5A CN202111341231A CN114205332A CN 114205332 A CN114205332 A CN 114205332A CN 202111341231 A CN202111341231 A CN 202111341231A CN 114205332 A CN114205332 A CN 114205332A
- Authority
- CN
- China
- Prior art keywords
- equipment
- field
- euclidean distance
- messages
- tcp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000004044 response Effects 0.000 claims abstract description 29
- 238000001514 detection method Methods 0.000 claims abstract description 25
- 230000007246 mechanism Effects 0.000 claims abstract description 7
- 238000007781 pre-processing Methods 0.000 claims abstract description 5
- 238000012216 screening Methods 0.000 claims abstract description 4
- 238000013139 quantization Methods 0.000 claims description 9
- 230000008859 change Effects 0.000 claims description 7
- 239000000523 sample Substances 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 5
- 238000010801 machine learning Methods 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 230000004083 survival effect Effects 0.000 abstract 2
- 238000005516 engineering process Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
- 238000012706 support-vector machine Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The invention belongs to the technical field of Internet of things, and relates to a power Internet of things equipment identification method based on TCP retransmission messages; the method is realized by the following steps: s1: setting a detection side node of the power Internet of things equipment, and transmitting and receiving network messages to the terminal equipment; s2: the detection side node detects whether the terminal equipment in the power network of a certain network segment is survival equipment or not in a broadcasting mode, and transmits a TCP retransmission request message to the survival equipment; s3: acquiring and collecting retransmission response messages, screening the retransmission response messages, and storing message information with complete response to form a response message data set; s4: preprocessing the response message data set, and extracting a characteristic field; s5: evaluating each field according to the quantitative standards of consistency and difference, and selecting a feature set; s6: according to the device fingerprint, carrying out operations of steps S1-S2 on the unknown device, and collecting a corresponding header field; s7: and judging the similarity degree of the unknown device fingerprint and the prestored fingerprint by adopting a voting mechanism, and realizing the identification of the device information.
Description
Technical Field
The invention belongs to the technical field of Internet of things, relates to an Internet of things equipment identification method, and particularly relates to a power Internet of things equipment identification method based on a TCP retransmission message.
Background
With the continuous increase of the number of the devices of the internet of things, in order to solve the problems that the devices are difficult to manage, the safety cannot be guaranteed and the like, a plurality of methods for identifying the devices of the internet of things are proposed, and relevant research work is introduced from two aspects of a passive identification technology and an active identification technology of the devices of the internet of things.
In the passive identification technology, the traffic characteristics of the equipment and the signal characteristics of the wireless equipment are mainly analyzed, and the differences of the equipment are reflected through the characteristics, so that the equipment attribute information is accurately identified. Glatz et al, using 4 unused subspaces in the network space, monitor the packets sent to the four subspaces, analyze the background traffic characteristics of the network space, find their prevalence in the analysis of the background traffic, which may be classified according to the different recognition targets. (Glatz E, Dimitopoulos X. Classification interconnecting one-way traffic [ C ]// Proceedings of the 2012 ACM conference on Internet traffic conference. ACM,2012:37-50.) unidirectional traffic in the network is monitored by passive interception, and the effects of network faults are detected and analyzed using it, and the traffic is classified according to these effects. In passive identification, identification based on the change characteristics of radio frequency signals is also a common identification method, and different from flow information, the radio frequency signals reflect the physical state of equipment, so that differences among the equipment can be more clearly shown. But it can only reflect the difference of hardware of the device and cannot distinguish the firmware version of the device. (Patel H J, sample M, Baldwin R O. Impropriation ZigBee Device Network Authentication Using with Radio Frequency discrimination Nature Attribute modification [ J ]. IEEE Transactions on Reliability,2015,64(1):221-233.) Patel et al propose a measurement mode based on clock synchronization sampling, which greatly reduces timestamp quantization error. In the field of wireless communication, aiming at the security challenge of network intrusion detection and prevention in a ZigBee Ad-Hoc distributed architecture, unique original attributes of radio frequency between devices are used as fingerprints, and therefore device identification is achieved. However, the passive identification technology requires a probe or a proprietary device to be deployed to detect information such as side traffic, and is not suitable for identification and detection of large-scale power communication equipment. Therefore, the active identification technology sends the detection data packet to the target equipment, and utilizes the returned response message characteristics to identify the difference of the target equipment so as to realize the identification of the equipment of the internet of things. The existing active identification technology of the internet of things equipment is mainly divided into equipment identification based on slogans and equipment identification based on field characteristics. The internet of things device information comprises the proprietary attributes of the devices such as the types, brands, models and firmware versions of the devices. The identification of the internet of things equipment is a relatively new research field, different from the identification of a traditional operating system, the mainstream method of the identification of the internet of things equipment is to distinguish equipment differences based on application layer protocol contents, explicit information fed back by an application layer protocol message is called a Banner (Banner), the Banner is captured in a mode that a detection host sends a protocol detection message aiming at a specific service and a specific port to a target equipment, if the target equipment opens the service and the port, the target equipment returns a response message (Zhou, Liu, Yuan and the like) containing equipment Banner information, and an internet of things equipment identification framework [ J ] information safety academic newspaper based on search 2018,3(4):25-40 ]. At present, good commercial equipment identification systems Shodan, zoomeeye, Censys and the like identify equipment attribute information through slogans in application layer protocols.
However, the disadvantage of the slogan-based identification technology is that the slogan often lacks fine-grained information such as an equipment model and a firmware version, and cannot perform fine-grained identification on the internet of things equipment. The identification technology based on the field characteristics is to acquire the response message field of a specific protocol by purposefully sending some detection messages to the internet of things equipment, and then generate the equipment fingerprint by using the response message field as the characteristics, which is a relatively mature equipment identification method. The traditional identification method based on field features is mainly used for identifying an operating system. The most classical TCP/IP operating system identification technology is Nmap developed and implemented by the russian security expert Gordon Fyodor Lyon, which obtains a response packet by sending 15 probe packets to a target device, analyzes and extracts the content of a characteristic field in the 15 response packets, and uses the content as a fingerprint for identifying the type of the operating system. The method comprises The following steps of (Lyon G F. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning [ M ]. acquisition, 2009.) however, for The identification of massive heterogeneous electric power Internet of things equipment, The Nmap fingerprint characteristics are far insufficient, therefore, The method further excavates TCP retransmission message characteristics, increases The fingerprint characteristics of The existing field and improves The identification precision of The electric power Internet of things equipment.
Disclosure of Invention
The invention overcomes the problems of insufficient identification granularity and small application range of the method in the prior art, and provides a power Internet of things equipment identification method based on TCP retransmission messages.
In order to solve the technical problems, the invention adopts the technical scheme that: a power Internet of things equipment identification method based on TCP retransmission messages specifically comprises the following steps:
s1: setting a detection side node of the power Internet of things equipment, and transmitting and receiving network messages to the terminal equipment;
s2: the node on the probing side in step S1 probes whether the terminal device in the power network of a certain network segment is a surviving device in a broadcast manner, and sends a TCP retransmission request message to the surviving device;
s3: acquiring and collecting retransmission response messages, screening the retransmission response messages, and storing message information with complete response to form a response message data set;
s4: preprocessing the response message data set in the step S3, and extracting characteristic fields;
s5: evaluating each field according to the quantitative standards of consistency and difference, and selecting a feature set for equipment identification, namely an equipment fingerprint;
s6: according to the device fingerprint, carrying out operations of steps S1-S2 on unknown devices, and collecting corresponding header fields;
s7: and judging the similarity degree of the unknown device fingerprint and the prestored fingerprint by adopting a voting mechanism, and realizing the identification of the device information.
When the step S4 is to preprocess the response packet data set, the method specifically includes the following steps:
s401: extracting IP and TCP headers in each message;
s402: and generating a key value pair corresponding to the IP address and the TCP header.
In the step S4, a wireshark tool is used to split and extract the data in the pcap packet. (extraction feature field)
The step S5 specifically includes the following steps:
s501: the consistency quantization standard uses information entropy to compute the discrete cases of a field:
wherein Y represents a value of a device field, including { Y1、y1…ym},YiProbability of occurrence is Pi;
S502: the difference quantization standard adopts an optimized Euclidean distance to express the difference quality of the field, and calculates the proportion occupied by points with the same value among different devices in all result combinations:
wherein x issameRepresenting the number of points with the same value of different devices; x is the number ofallRepresents the number of all points;
s503: calculating Euclidean distances of different equipment values in a field to form an Euclidean distance set, and solving the mean value of the Euclidean distance set:
wherein D represents a Euclidean distance set, xiAnd yiA value representing this field corresponding to the two devices; d' represents the approximate device distance;
s504: when U is less than or equal to 2.31, the Euclidean distance of the same equipment begins to become smaller along with the addition of the characteristics, and the same equipment is easier to cluster; when U is less than or equal to 4.52, although the Euclidean distance is still reduced, the change amount is obviously reduced compared with the previous characteristics; when U is larger than 4.52, adding the characteristic Euclidean distance to start to increase; when D' is less than or equal to 0.014, the Euclidean distance of different equipment begins to be reduced; when D' is more than 0.014, the Euclidean distance begins to gradually increase; similarly, after D' > 0.064, the change in euclidean distance also begins to diminish;
s505: after classification testing of the different sets, the final selection results are shown in table 1:
table 1 message field consistency and difference quantization results
1) 0< U <4.52,0< D' <0.06(G2) when identifying the device type;
2) 0< U <2.31,0.02< D' <0.07(G4) when identifying the device brand;
3) when identifying the device model, 0< U <8,0.02< D' <0.098 (G5).
The step S7 uses the header fields corresponding to G2, G4 and G5 to output the corresponding matching results according to the five machine learning methods, and selects the final device information according to the voting method.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention uses the TCP protocol as the information source for identification, and the extremely high universality of the TCP protocol also improves the applicability of equipment identification;
2. aiming at a TCP retransmission mechanism, the invention designs a set of lightweight detection rules, thereby reducing the detection time and cost;
3. the retransmission header field in the TCP is used for device identification, and the accuracy and recall rate of detection by combining a voting mechanism are obviously improved.
Drawings
The invention is further described below with reference to the accompanying drawings.
FIG. 1 is a schematic diagram of a probing side process of the present invention;
FIG. 2 is a diagram of a connected retransmission detection rule according to the present invention;
FIG. 3 is a diagram of connectionless retransmission detection rules in accordance with the present invention;
FIG. 4 is a feature matching model of the method of the present invention.
Detailed Description
As shown in the figure, a method for identifying power internet of things equipment based on a TCP retransmission message specifically includes the following steps:
s1: and arranging a detection side node of the power Internet of things equipment, and transmitting and receiving network messages to the terminal equipment.
S2: the node on the probing side in step S1 probes whether the terminal device in the power network of a certain network segment is a surviving device in a broadcast manner, and sends a TCP retransmission request message to the surviving device.
S3: acquiring and collecting retransmission response messages, screening the retransmission response messages, and storing message information with complete response to form a response message data set.
S4: preprocessing the response message data set in the step S3, and extracting characteristic fields;
when the step S4 is to preprocess the response packet data set, the method specifically includes the following steps:
s401: extracting IP and TCP headers in each message;
s402: generating a key value pair corresponding to the IP address and the TCP header;
in the step S4, a wireshark tool is used to split and extract data in the pcap package (extract feature fields).
S5: evaluating each field according to the quantitative standards of consistency and difference, and selecting a feature set for equipment identification, namely an equipment fingerprint;
the step S5 specifically includes the following steps:
s501: the consistency quantization standard uses information entropy to compute the discrete cases of a field:
wherein Y represents a value of a device field, including { Y1、y1…ym},YiProbability of occurrence is Pi;
S502: the difference quantization standard adopts an optimized Euclidean distance to express the difference quality of the field, and calculates the proportion occupied by points with the same value among different devices in all result combinations:
wherein x issameRepresenting the number of points with the same value of different devices; x is the number ofallRepresents the number of all points;
s503: calculating Euclidean distances of different equipment values in a field to form an Euclidean distance set, and solving the mean value of the Euclidean distance set:
wherein D represents a Euclidean distance set, xiAnd yiA value representing this field corresponding to the two devices; d' represents the approximate device distance; in order to reduce the influence of data randomness, if the number of repeated points is more, the situation that different devices on the detection side of the field generate the same value is higher, the actual distance calculated among the different devices is smaller, and the approximate device distance D' is obtained by multiplying 1-W (non-coincident proportion) by the Euclidean distance D;
s504: when U is less than or equal to 2.31, the Euclidean distance of the same equipment begins to become smaller along with the addition of the characteristics, and the same equipment is easier to cluster; when U is less than or equal to 4.52, although the Euclidean distance is still reduced, the change amount is obviously reduced compared with the previous characteristics; when U is larger than 4.52, adding the characteristic Euclidean distance to start to increase; when D' is less than or equal to 0.014, the Euclidean distance of different equipment begins to be reduced; when D' is more than 0.014, the Euclidean distance begins to gradually increase; similarly, after D' > 0.064, the change in euclidean distance also begins to diminish;
s505: after classification testing of the different sets, the final selection results are shown in table 1:
table 1 message field consistency and difference quantization results
1) 0< U <4.52,0< D' <0.06(G2) when identifying the device type;
2) 0< U <2.31,0.02< D' <0.07(G4) when identifying the device brand;
3) when identifying the device model, 0< U <8,0.02< D' <0.098 (G5).
S6: and performing operations S1-S2 on the unknown device according to the device fingerprint, and collecting corresponding header fields.
S7: judging the similarity degree of the unknown device fingerprint and a prestored fingerprint by adopting a voting mechanism to realize device information identification;
the step S7 uses the header fields corresponding to G2, G4 and G5 to output the corresponding matching results according to the five machine learning methods, and selects the final device information according to the voting method.
The first embodiment is as follows:
the method is used for detecting the power Internet of things equipment (Hall sensor), and the specific detection process is as shown in the figure:
1. firstly, sending a preset retransmission message to a hall sensor as shown in fig. 2, wherein fig. 2 is a retransmission detection mode with connection, and the mode establishes and maintains connection in an interaction process with detection equipment, so that detection stability can be ensured, but if the detection time is too long, and some equipment is not easy to establish connection, the rule is optimized, the optimized result is shown in fig. 3, and fig. 3 is a detection side mode without connection, so that connection establishment is not required for multiple handshaking, the time cost of detection can be reduced, and the system efficiency is improved;
2. after obtaining the message, extracting a header field of a retransmission message by using a wireshark tool;
3. after the data is obtained, five detection methods (support vector machine, decision tree, classifier LDC, K-nearest neighbor algorithm, and classifier LSTM) are used to calculate the similarity between the field set and each device fingerprint respectively, and a voting mechanism is used to finally output the detection result, as shown in fig. 4.
The above embodiments are merely illustrative of the principles of the present invention and its effects, and do not limit the present invention. It will be apparent to those skilled in the art that modifications and improvements can be made to the above-described embodiments without departing from the spirit and scope of the invention. Accordingly, it is intended that all equivalent modifications or changes be made by those skilled in the art without departing from the spirit and technical spirit of the present invention, and be covered by the claims of the present invention.
Claims (5)
1. A power Internet of things equipment identification method based on TCP retransmission messages is characterized by specifically comprising the following steps:
s1: setting a detection side node of the power Internet of things equipment, and transmitting and receiving network messages to the terminal equipment;
s2: the node on the probing side in step S1 probes whether the terminal device in the power network of a certain network segment is a surviving device in a broadcast manner, and sends a TCP retransmission request message to the surviving device;
s3: acquiring and collecting retransmission response messages, screening the retransmission response messages, and storing message information with complete response to form a response message data set;
s4: preprocessing the response message data set in the step S3, and extracting characteristic fields;
s5: evaluating each field according to the quantitative standards of consistency and difference, and selecting a feature set for equipment identification, namely an equipment fingerprint;
s6: according to the device fingerprint, carrying out operations of steps S1-S2 on unknown devices, and collecting corresponding header fields;
s7: and judging the similarity degree of the unknown device fingerprint and the prestored fingerprint by adopting a voting mechanism, and realizing the identification of the device information.
2. The method for identifying power internet of things equipment based on TCP retransmission messages according to claim 1, wherein the step S4 specifically includes the following steps when preprocessing the response message data set:
s401: extracting IP and TCP headers in each message;
s402: and generating a key value pair corresponding to the IP address and the TCP header.
3. The method for identifying the power internet of things equipment based on the TCP retransmission packet according to claim 2, wherein in step S4, a wireshark tool is used to split and extract data in the pcap packet. (extracted features field).
4. The method for identifying the power internet of things equipment based on the TCP retransmission packet according to claim 1, wherein the step S5 specifically includes the following steps:
s501: the consistency quantization standard uses information entropy to compute the discrete cases of a field:
wherein Y represents a value of a device field, including { Y1、y1…ym},YiProbability of occurrence is Pi;
S502: the difference quantization standard adopts an optimized Euclidean distance to express the difference quality of the field, and calculates the proportion occupied by points with the same value among different devices in all result combinations:
wherein x issameRepresenting the number of points with the same value of different devices; x is the number ofallRepresents the number of all points;
s503: calculating Euclidean distances of different equipment values in a field to form an Euclidean distance set, and solving the mean value of the Euclidean distance set:
wherein D represents a Euclidean distance set, xiAnd yiA value representing this field corresponding to the two devices; d' represents the approximate device distance;
s504: when U is less than or equal to 2.31, the Euclidean distance of the same equipment begins to become smaller along with the addition of the characteristics, and the same equipment is easier to cluster; when U is less than or equal to 4.52, the Euclidean distance is still reduced, but the change quantity is obviously weakened compared with other characteristics; when U is larger than 4.52, adding the characteristic Euclidean distance to start to increase; when D' is less than or equal to 0.014, the Euclidean distance of different equipment begins to be reduced; when D' is more than 0.014, the Euclidean distance begins to gradually increase; similarly, after D' > 0.064, the change in euclidean distance also begins to diminish;
s505: after classification testing is performed on different sets, the final selection result is as follows:
1) 0< U <4.52,0< D' <0.06(G2) when identifying the device type;
2) 0< U <2.31,0.02< D' <0.07(G4) when identifying the device brand;
3) when identifying the device model, 0< U <8,0.02< D' <0.098 (G5).
5. The method for identifying the power internet of things equipment based on the TCP retransmission packet according to claim 1, wherein the step S7 uses header fields corresponding to G2, G4 and G5 to output corresponding matching results according to five machine learning methods, and selects the final equipment information according to a voting method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111341231.5A CN114205332A (en) | 2021-11-12 | 2021-11-12 | Power Internet of things equipment identification method based on TCP retransmission message |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111341231.5A CN114205332A (en) | 2021-11-12 | 2021-11-12 | Power Internet of things equipment identification method based on TCP retransmission message |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114205332A true CN114205332A (en) | 2022-03-18 |
Family
ID=80647624
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111341231.5A Pending CN114205332A (en) | 2021-11-12 | 2021-11-12 | Power Internet of things equipment identification method based on TCP retransmission message |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114205332A (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101888831B1 (en) * | 2017-11-07 | 2018-08-16 | 한국인터넷진흥원 | Apparatus for collecting device information and method thereof |
WO2018196493A1 (en) * | 2017-04-24 | 2018-11-01 | 乐鑫信息科技(上海)有限公司 | Fingerprint identification authority control-based internet of things control switch and method |
CN108923974A (en) * | 2018-06-29 | 2018-11-30 | 杭州安恒信息技术股份有限公司 | A kind of Internet of Things assets fingerprint identification method and system |
CN110380989A (en) * | 2019-07-26 | 2019-10-25 | 东南大学 | The polytypic internet of things equipment recognition methods of network flow fingerprint characteristic two-stage |
CN111431872A (en) * | 2020-03-10 | 2020-07-17 | 西安交通大学 | Two-stage Internet of things equipment identification method based on TCP/IP protocol characteristics |
US10826902B1 (en) * | 2018-03-01 | 2020-11-03 | The United States Of America As Represented By The Secretary Of The Air Force | Internet of things (IoT) identifying system and associated methods |
CN111917699A (en) * | 2020-03-24 | 2020-11-10 | 北京融汇画方科技有限公司 | Detection technology for identifying counterfeit dumb terminal of illegal equipment based on fingerprint |
US20210120400A1 (en) * | 2019-10-18 | 2021-04-22 | Verizon Patent And Licensing Inc. | Differentiating user equipment types based on tcp signatures |
-
2021
- 2021-11-12 CN CN202111341231.5A patent/CN114205332A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018196493A1 (en) * | 2017-04-24 | 2018-11-01 | 乐鑫信息科技(上海)有限公司 | Fingerprint identification authority control-based internet of things control switch and method |
KR101888831B1 (en) * | 2017-11-07 | 2018-08-16 | 한국인터넷진흥원 | Apparatus for collecting device information and method thereof |
US10826902B1 (en) * | 2018-03-01 | 2020-11-03 | The United States Of America As Represented By The Secretary Of The Air Force | Internet of things (IoT) identifying system and associated methods |
CN108923974A (en) * | 2018-06-29 | 2018-11-30 | 杭州安恒信息技术股份有限公司 | A kind of Internet of Things assets fingerprint identification method and system |
CN110380989A (en) * | 2019-07-26 | 2019-10-25 | 东南大学 | The polytypic internet of things equipment recognition methods of network flow fingerprint characteristic two-stage |
US20210120400A1 (en) * | 2019-10-18 | 2021-04-22 | Verizon Patent And Licensing Inc. | Differentiating user equipment types based on tcp signatures |
CN111431872A (en) * | 2020-03-10 | 2020-07-17 | 西安交通大学 | Two-stage Internet of things equipment identification method based on TCP/IP protocol characteristics |
CN111917699A (en) * | 2020-03-24 | 2020-11-10 | 北京融汇画方科技有限公司 | Detection technology for identifying counterfeit dumb terminal of illegal equipment based on fingerprint |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112085039B (en) | ICMP hidden channel detection method based on random forest | |
CN112714045B (en) | Rapid protocol identification method based on device fingerprint and port | |
US7508768B2 (en) | Traffic measurement system and traffic analysis method thereof | |
WO2011050545A1 (en) | Automatic analysis method for unknown application layer protocols | |
CN102164049B (en) | Universal identification method for encrypted flow | |
JP4553315B2 (en) | Congestion path classification method, management apparatus, and program for classifying congestion path from packet delay | |
CN109299742A (en) | Method, apparatus, equipment and the storage medium of automatic discovery unknown network stream | |
CN105024993A (en) | Protocol comparison method based on vector operation | |
CN113206860A (en) | DRDoS attack detection method based on machine learning and feature selection | |
CN108846275A (en) | Unknown Method of Detecting Operating System based on RIPPER algorithm | |
CN110351251B (en) | Industrial control equipment asset detection method based on filtering technology | |
CN106330584A (en) | Identification method and identification device of business flow | |
CN111555988A (en) | Big data-based network asset mapping and discovering method and device | |
CN112134873B (en) | IoT network abnormal flow real-time detection method and system | |
CN109815286A (en) | A kind of adaptive telemetry of launch vehicle system and its implementation | |
CN114422379B (en) | Analysis method for multi-platform equipment wireless networking | |
CN104092588A (en) | Network anomaly traffic flow detection method based on combination of SNMP and NetFlow | |
US20190190781A1 (en) | Apparatus and measurement method for identifying network devices | |
CN114205332A (en) | Power Internet of things equipment identification method based on TCP retransmission message | |
US20150150132A1 (en) | Intrusion detection system false positive detection apparatus and method | |
CN113179256A (en) | Time information safety fusion method and system for time synchronization system | |
CN116070218B (en) | Industrial asset detection method, terminal equipment and storage medium | |
CN106850272A (en) | Central server, service server and its method for detecting abnormality and system | |
US7318105B1 (en) | Dynamically detecting topology and egress nodes in communication networks | |
CN116401586A (en) | Intelligent sensing and accurate classifying method for full scene service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |