基于WEB信息的特定类型物联网终端识别方法
|
摘要
通过协议特征对联网终端进行远程的类型推断、厂商与型号的有效识别,是实现网络安全测评的重要基础。以识别和推断联网设备的类型为目标,基于物联网终端WEB管理页面,利用信息增益模型提取特定类型终端的特征,提出正样本反馈增强的PU学习方法(FE-PU),进而形成从网络空间的海量设备中过滤特定类型物联网终端的一般方法。通过对100万网络空间联网终端的WEB管理页面中抽取视频监控设备的实验,表明该方法较直接采用PU学习方法的准确率和召回率都有大幅提升,较人工方法召回率也提升超过10%,且能够有效发现小品牌终端设备。
Remote recognition of type, brand and model of cyberspace terminals is an important basis for evaluating the network security. Machine learning is the most applicable method for classifying the specific and other types of devices. Many responses from IOT devices can be used as learning sources, and management webpage is the most valuable of them. The enhanced feedback mechanism is introduced in a classical PU learnning algorithm, FE-PU, and a general-type recognizer framework also designed, which extracts various features with infor-gain model. Numerous experiments, the extraction of ip camera devices from one million devices, indicate that the proposed method can improve precision and recall rate obviously as compared with general PU method, and is better than manual method by over 10%, and could also find lots of niche products which are always ignored by other or manual regnition algorithm.
Remote recognition of type, brand and model of cyberspace terminals is an important basis for evaluating the network security. Machine learning is the most applicable method for classifying the specific and other types of devices. Many responses from IOT devices can be used as learning sources, and management webpage is the most valuable of them. The enhanced feedback mechanism is introduced in a classical PU learnning algorithm, FE-PU, and a general-type recognizer framework also designed, which extracts various features with infor-gain model. Numerous experiments, the extraction of ip camera devices from one million devices, indicate that the proposed method can improve precision and recall rate obviously as compared with general PU method, and is better than manual method by over 10%, and could also find lots of niche products which are always ignored by other or manual regnition algorithm.
引文
[1]Lyon G.The Art of Port Scanning[J].Phrack Magazine,1997(01):51.
[2]Lee D,Rowe J,Ko C,et al.Detecting and Defending against Web-Server Fingerprinting[C].Computer Security Applications Conference,2002:321-330.
[3]Available:http://www.zoomeye.org/
[4]曹来成,赵建军,崔翔等.网络空间终端设备识别框架[J].计算机系统应用,2016,25(09):60-66.CAO Lai-cheng,ZHAO Jian-jun,CUI Xiang,et al.Cyberspace Terminal Device Identification Framework[J].Computer Systems and Applications,2016,25(09):60-66.
[5]Xuan F,Qiang L,Qi H,et al.Identification of Visible Industrial Control Devices at Internet Scale[C].IEEEInternational Conference on Communications(ICC),2016.
[6]Xuan F,Qiang L,Qi H,et al.Active Profiling of Physical Devices at Internet Scale[C].The 25th International Conference on Computer Communication and Networks(ICCCN),2016.
[7]曹来成,赵建军,崔翔等.基于余弦测度下K-means的网络空间终端设备识别[J].中国科学院大学学报,2016(04):562-569.CAO Lai-cheng,ZHAO Jian-jun,CUI Xiang,et al.Cyberspace Device Identification based on K-means with Cosine Distance Measure[J].Journal of University of Chinese Academy of Sciences,2016(04):562-569.
[8]Li Q,Feng X,Li Z,et al.GUIDE:Graphical User Interface Fingerprints Physical Devices[C].IEEE International Conference on Network Protocols,IEEE Computer Society,2016:1-2.
[9]Durumeric Z,Wustrow E,Halderman J A.ZMap:Fast Internet-wide Scanning and Its Security Applications[J].Proceedings of Usenix Security Symposium,2013:605-620.
[10]Letouzey F,Denis F,Gilleron R.Learning from Positive and Unlabeled Examples[J].Springer Berlin Heidelberg,2000,348(01):70-83.
[11]Lee C,Lee G G.Information Gain and Divergence-based Feature Selection for Machine Learning-based Text Categorization[J].Information Processing&Manageme nt,2006,42(42):155-165.
[12]Liu B,Dai Y,Li X,et al.Building Text Classifiers Using Positive and Unlabeled Examples[C].IEEEInternational Conference on Data Mining,IEEE Computer Society,2003:179.
[2]Lee D,Rowe J,Ko C,et al.Detecting and Defending against Web-Server Fingerprinting[C].Computer Security Applications Conference,2002:321-330.
[3]Available:http://www.zoomeye.org/
[4]曹来成,赵建军,崔翔等.网络空间终端设备识别框架[J].计算机系统应用,2016,25(09):60-66.CAO Lai-cheng,ZHAO Jian-jun,CUI Xiang,et al.Cyberspace Terminal Device Identification Framework[J].Computer Systems and Applications,2016,25(09):60-66.
[5]Xuan F,Qiang L,Qi H,et al.Identification of Visible Industrial Control Devices at Internet Scale[C].IEEEInternational Conference on Communications(ICC),2016.
[6]Xuan F,Qiang L,Qi H,et al.Active Profiling of Physical Devices at Internet Scale[C].The 25th International Conference on Computer Communication and Networks(ICCCN),2016.
[7]曹来成,赵建军,崔翔等.基于余弦测度下K-means的网络空间终端设备识别[J].中国科学院大学学报,2016(04):562-569.CAO Lai-cheng,ZHAO Jian-jun,CUI Xiang,et al.Cyberspace Device Identification based on K-means with Cosine Distance Measure[J].Journal of University of Chinese Academy of Sciences,2016(04):562-569.
[8]Li Q,Feng X,Li Z,et al.GUIDE:Graphical User Interface Fingerprints Physical Devices[C].IEEE International Conference on Network Protocols,IEEE Computer Society,2016:1-2.
[9]Durumeric Z,Wustrow E,Halderman J A.ZMap:Fast Internet-wide Scanning and Its Security Applications[J].Proceedings of Usenix Security Symposium,2013:605-620.
[10]Letouzey F,Denis F,Gilleron R.Learning from Positive and Unlabeled Examples[J].Springer Berlin Heidelberg,2000,348(01):70-83.
[11]Lee C,Lee G G.Information Gain and Divergence-based Feature Selection for Machine Learning-based Text Categorization[J].Information Processing&Manageme nt,2006,42(42):155-165.
[12]Liu B,Dai Y,Li X,et al.Building Text Classifiers Using Positive and Unlabeled Examples[C].IEEEInternational Conference on Data Mining,IEEE Computer Society,2003:179.