当前位置: X-MOL 学术J. Sign. Process. Syst. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Fingerprinting IIoT Devices Through Machine Learning Techniques
Journal of Signal Processing Systems ( IF 1.6 ) Pub Date : 2021-04-09 , DOI: 10.1007/s11265-021-01656-0
Feng Zhou , Hua Qu , Hailong Liu , Hong Liu , Bo Li

From a security perspective, identifying Industrial Internet of Things (IIoT) devices connected to a network has multiple applications such as penetration testing, vulnerability assessment, etc. In this work, we propose a feature-based methodology to perform device-type fingerprinting. A device fingerprint consists of the TCP/IP header features and port-based features extracted from the network traffic of the device. These features are collected by a hybrid mechanism which has a negligible impact on device functionality and can avoid the problem of the long TCP connection. Once the fingerprint of a device is generated, it will be fed to the classifiers based on Gradient Boosting to predict its type details. Based on our proposed method, we implement a prototype application called IIoT Device Type Fingerprinting (IDTF) which capable of automatically identifying the types of devices being connected to an IIoT network. We collect a dataset consisting of 19,174 fingerprints from real-world Internet-facing IIoT devices indexed by Shodan to train and evaluate the classifiers using ten-fold cross-validation. And we conduct comparative experiments in an IIoT testbed to compare the effectiveness of IDTF with two famous fingerprinting tools. The experimental result shows that the ability of our approach is confirmed by a high mean F-Measure of 95.76%. It also demonstrates that IDTF achieves the highest identification rate in the testbed and is non-intrusive for IIoT devices. Compared with existing works, our approach is more generic as it does not rely on a specific protocol or deep packet inspection and can distinguish almost all IIoT device-types.



中文翻译:

通过机器学习技术对IIoT设备进行指纹识别

从安全角度来看,识别连接到网络的工业物联网(IIoT)设备具有多种应用程序,例如渗透测试,漏洞评估等。在这项工作中,我们提出了一种基于特征的方法来执行设备类型的指纹识别。设备指纹包括从设备的网络流量中提取的TCP / IP标头功能和基于端口的功能。这些功能是通过混合机制收集的,这种混合机制对设备功能的影响可以忽略不计,并且可以避免长TCP连接的问题。生成设备指纹后,它将基于“梯度增强”将其馈送到分类器,以预测其类型详细信息。根据我们提出的方法,我们实现了一个称为IIoT设备类型指纹(IDTF)的原型应用程序,该应用程序能够自动识别连接到IIoT网络的设备的类型。我们从由Shodan索引的现实世界中面向Internet的IIoT设备收集了由19,174个指纹组成的数据集,以使用十倍交叉验证来训练和评估分类器。并且,我们在IIoT测试平台上进行了对比实验,以比较IDTF和两种著名的指纹识别工具的有效性。实验结果表明,我们的方法的能力得到了95.76%的高平均F值的确认。它还证明了IDTF在测试平台上实现了最高的识别率,并且对IIoT设备没有干扰。与现有作品相比,

更新日期:2021-04-09
down
wechat
bug