JP6730969B2 - Device identification device and device identification method - Google Patents

Description

The present invention relates to a device identification device and a device identification method.

Today, the Internet of Things (IoT) is expanding rapidly, and a huge variety of devices (IoT devices) are being connected to networks. It is predicted that 50 billion devices will be connected to the Internet in 2020, and it is expected that more and more devices will be installed in various environments such as homes, factories, and streets in the future. There are various types of devices connected to the network, such as sensors such as cameras and thermometers, small computers such as smartphones, and actuators such as speakers and displays. Therefore, there are various types of calculation processing capabilities of each device and protocols used for each device. In order to properly and safely use such various and enormous devices, the device administrator of each environment is required to accurately grasp and manage the property and state of each device.

Considering the operation of IoT, the number of managed devices installed in the environment, their installation locations (locations), the connection status to the network, and the installed software versions change dynamically. For example, considering the position, in the home environment, the installation location of the mounted sensor is changed as the electric appliance moves. In the factory, when the manufacturing line is refurbished, the installation location is changed to move the sensor to another manufacturing line and reuse it. In addition, the installation location of laptops, webcams, etc. naturally changes according to the movement of the user. At this time, if a change in the installation location such as a room or area cannot be detected, it becomes impossible to know where the device is now.

Further, considering a network, in a device having a plurality of access interfaces such as a smartphone, the network is changed from WiFi (registered trademark) to a mobile line such as LTE (Long Term Evolution). At this time, even if the network information of the device such as the IP address is changed, if it cannot be recognized as the same device, it is still unknown where it is on the network. In the past, to uniquely identify a device connected to the network, it was sufficient to look at the MAC address, but in recent years OS's are designed to randomly generate a MAC address each time the network is connected, in consideration of security. ing. As a result, MAC addresses can no longer be used as a consistent key.

Also, considering software that runs on IoT devices, firmware and OS updates will occur. At this time as well, as in the case of the network, if it is not possible to recognize the same device before and after the software update, the location of the device is lost.

As described above, in the operation of IoT, it is difficult to guarantee the identity of devices. Therefore, if the location of the device, the network, or the software changes, if it is not possible to track and understand which individual has changed what, the device assets installed in the past may exist in the physical space or in the network. You may not be able to control whether you are present.

Also, from the viewpoint of security, it is required to be able to consistently grasp the individual devices whose states change dynamically. For example, when a failure is detected in a device regardless of a change in position or software, it is necessary to deal with the failure such as specifying past behavior at the time of detection and the range of influence. However, in the IoT where it is difficult to guarantee the identity of devices, if there is a change in the location or software of a device, for example, if the status log of the device from the past to the present cannot be tracked, a failure occurs. It may not be possible to respond.
Also, from the viewpoint of device authentication, when a device that has been authenticated once changes its state within a range that does not violate the authentication policy, it is necessary to recognize the identity before and after the change in order to judge safety without re-authentication. However, in the IoT where it is difficult to guarantee the identity of devices, there is a possibility that re-authentication will be forced due to state changes.

In this way, managing a huge number of IoT devices involves understanding the states of a wide variety of devices with different characteristics and protocols, and even if the state of the device changes, other devices and newly installed devices can be managed. It is required to be able to identify and manage individuals without confusion. It is not realistic to manage such a huge number of IoT devices manually, and there is a demand for a technology that can perform this automatically.

An example of conventional technology for identifying an individual device is an International Mobile Equipment Identity (IMEI) given to a mobile phone and some satellite phones. By using IMEI, it is possible to uniquely identify the device connected to the network. However, the method of using the device unique identifier including IMEI is based on the premise that dedicated hardware in which the identifier is embedded is used, and the compatible devices are limited.

Further, as another example of the conventional technique for identifying the individual device, there is a method of issuing a computer certificate by EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) (Non-Patent Document 1). According to this method, an individual can be identified by issuing a computer certificate for each device and installing it in the device. However, it is premised that the device can handle the EAP-TLS protocol, and although it can be applied to devices with ample computing power such as personal computers, it is applied to devices with limited computing power, which is often assumed for IoT devices Can not. That is, as in the case of IMEI, compatible devices are limited.

D. Simon, et.al, “The EAP-TLS Authentication Protocol”, RFC5216, 2008.3, [online], [September 6, 2017 search], Internet <URL: https://www.rfc-editor. org/rfc/rfc5216.txt>

In view of such a background, an object of the present invention is to identify every device connected to a network.

In order to solve the above-mentioned problem, the invention according to claim 1 is a device identification device for identifying an unknown device connected to a network, wherein a device feature amount of the unknown device is detected from a signal received from the unknown device. A device feature quantity extraction unit that periodically extracts a change pattern, a change pattern generation unit that generates a change pattern of the extracted device feature quantity, and a generated change pattern that the storage unit of the device identification device stores. The device similarity between the unknown device and each of the known devices is calculated by matching the change patterns of known devices of each type, and the maximum value of the calculated device similarities is equal to or greater than a predetermined threshold value. And a device similarity calculation unit that identifies the unknown device as a known device exhibiting the maximum value.

Further, the invention according to claim 4 is a device identifying method in a device identifying apparatus for identifying an unknown device connected to a network, wherein the device identifying apparatus uses the signal received from the unknown device to identify the unknown device. Periodically extracting the device feature amount of, the step of generating the change pattern of the extracted device feature amount, the generated change pattern is stored in the storage unit of the device identification device, a plurality of types of known By comparing with the device change pattern, the step of calculating the device similarity between the unknown device and each of the known device, and the maximum value of the calculated device similarity is a predetermined threshold or more. If there is, a step of identifying the unknown device as a known device showing the maximum value is performed.

According to the invention described in claims 1 and 4, the device is identified by using the change pattern of the device feature quantity that appears uniquely to each device. That is, since the device feature amount itself is not used to identify the device, the device identification process can be performed regardless of the characteristics of each device feature amount. In addition, although there are various types of device feature amounts, in the present embodiment, since the change pattern of the device feature amount is focused on, the device identification process is executed regardless of the type of the device feature amount. be able to.
Therefore, every device connected to the network can be identified.

The invention according to claim 2 is the device identification apparatus according to claim 1, wherein when there are a plurality of types of the extracted device feature amounts, the device similarity calculation unit causes the extracted device feature amount to be calculated. For each type of amount, the pattern similarity between the change pattern of the unknown device and the change pattern of the known device is calculated, and for each type of the extracted device feature amount, the variance of the extracted device feature amount, And, a weight having a larger value is calculated as the calculated variance is larger, and the calculated weight is assigned to the calculated pattern similarity for each type of the extracted device feature amount, and the weight is assigned. It is characterized in that the device similarity is calculated using the pattern similarity.

According to the invention described in claim 2, by weighting the pattern similarity for each device feature amount, it is possible to adjust so that the more unique the device feature amount change is, the greater the contribution to the calculation of the device similarity is. .. As a result, the accuracy of device identification can be improved.

The invention according to claim 3 is the device identification apparatus according to claim 1 or 2, wherein the device similarity calculation unit uses a change pattern of a device feature amount of the identified unknown device. Then, the change pattern of the corresponding known device is updated.

According to the invention described in claim 3, since the change pattern of the corresponding known device is updated using the change pattern generated by the change pattern generating unit, the change pattern of the known device is always updated. You can As a result, the latest change pattern can be used for the subsequent identification of the unknown device, and an error in the identification of the device due to the use of the old change pattern can be avoided.

According to the present invention, any device connected to the network can be identified.

It is a functional block diagram of the device identification apparatus of this embodiment. It is a table which shows the example of the device feature-value extracted regularly. It is an example of a data structure of a change pattern DB. It is an example of a data structure of a device DB. It is a flowchart which shows a device identification process.

Hereinafter, a mode for carrying out the present invention (hereinafter, referred to as “the present embodiment”) will be described with reference to the drawings.
(Overview)
The present invention is characterized in that a device characteristic amount is extracted from a signal transmitted by a device such as a sensor, and an individual is identified from a change pattern of the extracted device characteristic amount. In the change pattern of the device characteristic amount, characteristics such as transmission data size for each type of device, and uniqueness such as communication delay unique to the usage environment appear. Therefore, the change pattern can be used as information for identifying the device individual.

≪Structure≫
The device identification device of the present embodiment is a device that identifies a device connected to a network. As shown in FIG. 1, the device identification apparatus 100 according to the present embodiment includes a device feature quantity extraction unit 1-1 and 1-2, a change pattern generation unit 2, a device similarity calculation unit 3, and a change pattern DB 4. , Device DB5. Reference numerals 10-1 to 10-3 in FIG. 1 are devices (IoT devices) connected to the network, and are unknown devices that are identification targets of the device identification apparatus 100. The change pattern DB 4 and the device DB 5 are databases stored in the storage unit of the device identification apparatus 100.

The device characteristic amount extraction units 1-1 and 1-2 receive signals from the devices 10-1 to 10-3. The signals transmitted by the devices 10-1 to 10-3 are, for example, sensor values, life and death monitoring signals, and responses to requests such as port scans by the device identification apparatus 100.

The device characteristic amount extraction units 1-1 and 1-2 periodically extract the device characteristic amounts of the devices 10-1 to 10-3 from the signals received from the devices 10-1 to 10-3. The device characteristic amount can be mainly classified into information indicating the states of the devices 10-1 to 10-3 and traffic characteristics. The information indicating the states of the devices 10-1 to 10-3 is, for example, the position (installation place) of the devices 10-1 to 10-3 and the version of software executed by the devices 10-1 to 10-3. is there. The traffic characteristics are, for example, the average traffic volume within a predetermined time and the communication interval.

As described above, various types can be prepared as the device feature amount, but the device feature amount is obtained by the device feature amount extracting units 1-1 and 1-2 from the devices 10-1 to 10-3. It is the amount when received. FIG. 2 exemplifies the values of the respective reception times for the device characteristic amounts Param1, 2, 3 having various values. The periodical extraction of device feature amounts by the device feature amount extraction units 1-1 and 1-2 means that a plurality of device feature amounts are acquired at arbitrary reception times over a predetermined period.

Since the communication protocol to be handled, the data acquisition method, and the device feature amount extraction method differ depending on the type of IoT device, it is preferable that the device feature amount extraction units 1-1 and 1-2 be prepared for each protocol. In the example of FIG. 1, the communication protocol handled by the device feature quantity extraction unit 1-1 is the communication protocol used by the devices 10-1 and 10-2. Further, the communication protocol handled by the device feature quantity extraction unit 1-2 is the communication protocol used by the device 10-3. The number of device feature amount extraction units 1-1 and 1-2 is not limited to 2, and may be 3 or more, or 1. In the present embodiment, the number of devices 10-1 to 10-3 is not limited to 3, and may be 4 or more, or 2 or less.

The device feature quantity extraction units 1-1 and 1-2 can be implemented as a gateway in the local network environment. With such an implementation, the device feature amount extraction units 1-1 and 1-2 can also acquire low layer information such as a MAC frame and extract it as a device feature amount.

The change pattern generation unit 2 generates a change pattern for each device with respect to the device feature amount that is periodically extracted by the device feature amount extraction units 1-1 and 1-2. These change patterns are prepared for each type of device feature amount that changes with time. The change pattern generation unit 2 incorporates change pattern calculation logic. As the calculation logic, various logics can be used according to the characteristics of each device characteristic amount, and the present embodiment is not limited to a specific logic. As an example, for a device feature amount that can take different values at different times, an approximate expression of time change represented by a linear function of the slope a and the intercept b can be used as the change pattern calculation logic.
The change pattern generation unit 2 outputs the change pattern generated for each device feature amount to the device similarity calculation unit 3 as a change pattern of an unknown device whose individual is not specified.

The device similarity calculation unit 3 matches the change pattern of the unknown device with the change pattern stored in the change pattern DB 4 to identify the individual. The change pattern DB 4 is a database that stores change patterns collected in the past from known devices in the network environment. For example, as shown in FIG. 3, the change pattern DB 4 stores device IDs of known devices, device feature amounts of known devices, and change patterns generated from the device feature amounts in association with each other.

The device similarity calculation unit 3 calculates the pattern similarity between the change pattern of the unknown device and the change pattern of the existing device for each device feature amount of the unknown device. As a specific calculation formula of the pattern similarity, various calculation formulas can be used according to the characteristics of each device feature amount, and the present embodiment is not limited to a specific calculation formula. As an example, when the above-described approximate expression of the time change represented by a linear function of the slope a and the intercept b is calculated, the pattern similarity si for each device feature amount can be calculated using the following Expression 1. it can.

si=0.5×Δa+0.5×Δb
...(Equation 1)
Here, si is the pattern similarity for the i-th device feature amount. i is a natural number from 1 to n. n is the number of types of device feature quantities extracted from unknown devices.
Δa is a value obtained by normalizing the absolute value of the difference between the slope obtained from the change pattern of the unknown device and the slope obtained from the change pattern of the known device for the i-th device feature amount so as to fall within 0 to 1. Is.
Δb is a value obtained by normalizing the absolute value of the difference between the intercept obtained from the change pattern of the unknown device and the intercept obtained from the change pattern of the known device so as to fall within 0 to 1 for the i-th device feature amount. Is.

According to Equation 1, si takes a value of 0 to 1. The device similarity calculation unit 3 uses Expression 1 to calculate the pattern similarity for each type of device feature quantity extracted from an unknown device and for each known device. If the device feature quantity of the same type as the device feature quantity related to the change pattern of the unknown device is not extracted from the known device and the corresponding change pattern does not exist, the pattern for the device feature quantity is used for convenience. The degree of similarity may be regarded as 0.

The device similarity calculator 3 can calculate the device similarity between the unknown device and the known device using the calculated pattern similarity. When calculating the device similarity, the device similarity calculating unit 3 can calculate the weight given to each of the pattern similarities as described below.

The change in the device feature amount used for individual identification of the device is better as long as it is unique among the plurality of individuals. For example, in an environment where there are many mobile terminals, the change pattern of the device position due to the movement of the device is a change pattern that occurs in duplicate in a plurality of devices, and is a parameter that is not helpful in identifying an individual (device movement is , It is random for each device, and device-specific position changes are extremely unlikely to occur).
Similarly, in an environment in which software updates for a large number of devices of the same model are simultaneously executed in a constant cycle, the change pattern of communication characteristics regarding download is a change pattern that is not helpful in identifying an individual.

If the number of device feature quantity types that can be acquired from a device is small, if all device feature quantity changes are handled uniformly, a large number of known devices with a high device similarity will be detected, resulting in a decrease in identification accuracy. May invite. Therefore, in the present embodiment, the variance of changes in the device feature amounts is evaluated for the change patterns held by the change pattern DB 4. Then, the greater the variance of the device feature amount, the greater the weight given to the device feature amount. With such a design, the more unique the device feature amount change is, the more the device feature amount can be adjusted to contribute to the calculation of the device similarity.

For example, the weight ki given to each of the pattern similarities can be obtained by using the following Expression 2.
ki = vi/(Σvi)
...(Formula 2)
Here, vi is a value obtained by normalizing the variance value of the i-th device feature amount so as to fall within 0 to 1. i is a natural number from 1 to n. n is the number of types of device feature quantities extracted from unknown devices. Σvi is the sum of n vi.
ki is a weight for the i-th device feature amount. According to Equation 2, the sum of weights for all n types of device feature amounts is 1 (Σki=1).

The device similarity calculation unit 3 obtains the pattern similarity for all the change patterns stored in the change pattern DB 4 for each device feature amount. Further, the device similarity calculation unit 3 allocates a weight based on the magnitude of the variance value to the obtained pattern similarity using Expression 2.

The device similarity calculation unit 3 calculates the device similarity between the unknown device and each known device, for example, by obtaining the pattern similarity for each device feature amount and multiplying the pattern similarity by a weight to synthesize the pattern similarity. To do. The formula for calculating the device similarity S is, for example, the following formula 3.
S=Σ(ki*si)
...(Formula 3)
According to the expressions 1 to 3, the device similarity S takes a value of 0 to 1.

The device similarity calculation unit 3 selects the maximum value of the device similarities calculated by Expression 3, and when the maximum value is equal to or larger than a predetermined threshold value, the identification target device, that is, the unknown device is set to the maximum value. Identified as a known device. If there is no device similarity that is equal to or higher than the predetermined threshold, the unknown device is determined to be a new device connected to the network. The predetermined threshold can be preset by the system user, for example.

The device similarity calculation unit 3 reflects the identification result for the unknown device in the device DB 5 and the change pattern DB 4, and updates the device DB 5 and the change pattern DB 4. The device DB 5 is a database that manages the states of known devices that have been identified by the device identification apparatus 100. FIG. 4 illustrates the correspondence between the device ID of a known device and the value indicating the state in the device DB 5. As shown in FIG. 4, specific examples of the known device status include an access point for network connection, installed software, and an online status. Another specific example of the state of the known device is the installation location of the known device (displayed in latitude and longitude, for example).

When the unknown device is a known device, the device similarity calculation unit 3 records the latest state of the unknown device in the device DB 5 as the identification result of the unknown device. When the unknown device is a new device, the device similarity calculation unit 3 adds device information indicating the state of the unknown device to the device DB 5 as the identification result of the unknown device. Here, the state of the unknown device recorded in the device DB 5 by the device identification apparatus 100 may be the information obtained in the identification process by the change pattern generation unit 2 and the device similarity calculation unit 3, or after identification. The information may be information obtained by accessing the identification target device (unknown device).

Further, the device similarity calculation unit 3 registers the change pattern generated by the change pattern generation unit 2 in the unknown device identification process in the change pattern DB 4 as the identification result of the unknown device. When the unknown device is a known device, the device similarity calculation unit 3 updates the change pattern DB 4 by replacing the change pattern of the corresponding known device in the change pattern DB 4 with the change pattern generated by the change pattern generation unit 2. To do. When the unknown device is a new device, the device similarity calculation unit 3 adds the change pattern of the new device to the change pattern DB4 and updates the change pattern DB4.

≪Process≫
Next, the device identification processing executed by the device identification apparatus 100 will be described. Here, a case where the device characteristic amount extraction unit 1-1 acquires a signal from an unknown device will be described.

First, in the device identification apparatus 100, the device feature amount extraction unit 1-1 periodically extracts the device feature amount of the unknown device from the signal received from the unknown device (step S1).
Next, the device identification apparatus 100 causes the change pattern generation unit 2 to generate a change pattern of the device feature quantity extracted from the unknown device (step S2).

Next, in the device identification apparatus 100, the device similarity calculation unit 3 calculates the pattern similarity between the change pattern of the unknown device and each change pattern of the known device stored in the change pattern DB 4 (step S3).
Next, in the device identification apparatus 100, the device similarity calculator 3 calculates the device similarity between the unknown device and each of the known devices by using the calculated pattern similarity (step S4). In step S4, the maximum values of the calculated plurality of device similarities and the known device having the maximum device similarity are identified.

Next, the device identification apparatus 100 causes the device similarity calculator 3 to determine whether the calculated maximum value of the device similarity is equal to or greater than a predetermined threshold (step S5). When it is equal to or more than the threshold value (step S5/Yes), the device identification apparatus 100 identifies the unknown device as a known device having the maximum device similarity by the device similarity calculation unit 3 (step S6). On the other hand, when it is not equal to or more than the threshold value (step S5/No), the device identification apparatus 100 causes the device similarity calculation unit 3 to determine the unknown device as a new device connected to the network (step S7).

Next, the device identification apparatus 100 obtains the identification result of the known device having the maximum device similarity by the device similarity calculation unit 3 or the identification target device (unknown device) determined as a new device from the device DB 5 To update the device DB 5 (step S8).
Next, the device identification apparatus 100 uses the device similarity calculation unit 3 to register the change pattern of the identification target device in the change pattern DB 4 and update the change pattern DB 4 (step S9). After the update, the device identification process ends.

According to the present embodiment, the device is identified using the change pattern of the device characteristic amount that appears uniquely to each device. That is, since the device feature amount itself is not used to identify the device, the device identification process can be performed regardless of the characteristics of each device feature amount. In addition, although there are various types of device feature amounts, in the present embodiment, since the change pattern of the device feature amount is focused on, the device identification process is executed regardless of the type of the device feature amount. be able to.
Therefore, every device connected to the network can be identified.

It should be noted that this embodiment does not require dedicated hardware such as IMEI support as in the conventional technique, and can be realized by only software functions as described above. Further, the device is not required to be able to handle a special protocol such as the EAP-TLS protocol of the related art, and therefore the device to which the present embodiment is applicable is not particularly limited.

Further, by weighting the pattern similarity for each device feature amount, it can be adjusted so that the more unique the device feature amount change is, the greater the contribution to the calculation of the device similarity. As a result, the accuracy of device identification can be improved.

Further, since the change pattern of the corresponding known device in the change pattern DB 4 is updated using the change pattern generated by the change pattern generating unit 2, the change pattern of the known device can be always updated. .. As a result, the latest change pattern can be used for the subsequent identification of the unknown device, and an error in the identification of the device due to the use of the old change pattern can be avoided.

≪Other≫
Although the embodiments of the present invention have been described above, the present invention is not limited to the above embodiments and can be appropriately modified without departing from the scope of the present invention.
(A) For example, in the calculation of the pattern similarity si for each device feature amount extracted from an unknown device, instead of expressing the approximate expression of the time change with a linear function as in Expression 1, for example, an n-order function (n May be expressed as a natural number of 2 or more).
(B) Further, for example, in calculating the device similarity S, instead of calculating the sum of the pattern similarities to which weights are assigned, as in Equation 3, for example, the sum of the pattern similarity to which weights are assigned is calculated. You may ask.

Further, of the processes described in the above embodiments, all or part of the processes described as being automatically performed may be manually performed, or the processes described as being manually performed. All or part of the above can be automatically performed by a known method. In addition, the processing procedures, control procedures, specific names, and information including various data and parameters shown in the above-mentioned documents and drawings can be arbitrarily changed unless otherwise specified.
Further, each component of each device shown in the drawings is functionally conceptual and does not necessarily have to be physically configured as shown. That is, the specific form of distribution/integration of each device is not limited to that shown in the figure, and all or part of the device may be functionally or physically distributed/arranged in arbitrary units according to various loads and usage conditions. It can be integrated and configured.

Further, the above-mentioned respective configurations, functions, processing units, processing means, etc. may be realized by hardware by designing a part or all of them with, for example, an integrated circuit. Further, the above-described respective configurations, functions and the like may be realized by software for the processor to interpret and execute programs for realizing the respective functions. Information such as programs, tables, and files that realize each function is stored in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or an IC (Integrated Circuit) card, an SD (Secure Digital) card, an optical disc, or the like. It can be held on a recording medium. Further, in the present specification, the processing steps describing the time-series processing are not limited to the processing performed in the time-series according to the described order, but may be performed in parallel or individually. It also includes processing executed in (for example, parallel processing or processing by objects).

It is also possible to realize a technique in which various techniques described in the present embodiment are appropriately combined.
The software described in this embodiment may be realized as hardware, or the hardware may be realized as software.
In addition, hardware, software, flowcharts, and the like can be appropriately changed without departing from the spirit of the present invention.

100 Device Identification Device 1-1, 1-2 Device Feature Extraction Unit 2 Change Pattern Generation Unit 3 Device Similarity Calculation Unit 4 Change Pattern DB
5 Device DB
10-1 to 10-3 devices

Claims (4)

A device identification device for identifying an unknown device connected to a network,
A device feature quantity extraction unit that periodically extracts a device feature quantity of the unknown device from a signal received from the unknown device,
A change pattern generation unit that generates a change pattern of the extracted device feature quantity;
By comparing the generated change pattern with the change patterns of a plurality of types of known devices stored in the storage unit of the device identification device, the device similarity between the unknown device and each of the known devices is respectively calculated. Calculate,
If the maximum value of the calculated device similarity is equal to or greater than a predetermined threshold value, the unknown device is provided with a device similarity calculation unit that identifies the device as a known device indicating the maximum value.
A device identification device characterized by the above. When there are a plurality of types of the extracted device feature amount, the device similarity calculation unit,
For each type of the extracted device feature amount, the pattern similarity between the change pattern of the unknown device and the change pattern of the known device is calculated,
For each type of the extracted device feature amount, the variance of the extracted device feature amount, and a weight that takes a larger value as the calculated variance is calculated,
For each type of the extracted device feature amount, the calculated weight is assigned to the calculated pattern similarity,
Calculating the device similarity using the pattern similarity to which the weight is assigned,
The device identification apparatus according to claim 1, wherein: The device similarity calculation unit,
Using the change pattern of the device feature amount of the identified unknown device, update the change pattern of the corresponding known device,
The device identification device according to claim 1, wherein the device identification device is a device identification device. A device identification method in a device identification device for identifying an unknown device connected to a network,
The device identification device is
A step of periodically extracting a device feature amount of the unknown device from a signal received from the unknown device;
Generating a change pattern of the extracted device feature quantity,
By comparing the generated change pattern with the change patterns of a plurality of types of known devices stored in the storage unit of the device identification device, the device similarity between the unknown device and each of the known devices is respectively calculated. A step of calculating,
If the maximum value of the calculated device similarity is greater than or equal to a predetermined threshold value, the unknown device is identified as a known device indicating the maximum value.
A device identification method characterized by the above.

Images