基于行为指纹的网络设备识别方法

A behavior fingerprint-based identification method for network devices

根据其静态特征进行网络设备识别忽视了固件版本对设备安全性的影响,为此本文提出一种采用行为指纹的设备识别方法。首先通过高精度授时方案采集网络设备转发数据包时的处理时延,然后借助遗传算法提取时延分布特征,进而生成设备的标准行为指纹,据此进行设备识别。实验结果表明,相比于静态指纹,行为指纹可反映设备的动态特征,能检测出设备固件版本的变化,提高了设备指纹的安全性。

Methods for identifying network devices based on their static characteristics ignore the influence of firmware version on device security. Therefore, this paper proposes to recognize network devices by means of behavior fingerprint. Firstly, a high-precision time stamping scheme is used to collect the processing delay of packets forwarded by network devices, and genetic algorithm is used to extract the distribution characteristics of delay data. Then the standard behavior fingerprints of devices are generated for device identification. Experimental results show that, compared with static fingerprints, behavior fingerprints can reflect the dynamic characteristics of network devices and detect the variation of firmware version, which improves the security of device fingerprints.