基于旗标相似性的物联网设备识别

IoT Device Identification Based on Banner Similarity

精准识别物联网设备是风险评估、威胁感知、漏洞防护等安全活动的基础,对提高物联网的安全级别有着重要的意义。现有的物联网设备识别方法主要通过人工构建设备指纹,并与设备协议数据包的内容匹配,从而识别设备属性,但该方法存在效率低、人工成本高的问题。针对这个问题,提出一种基于旗标相似性的物联网设备识别方法,该方法首先选取响应报文首部字段的特征,构建设备特征集合空间,设计相似性度量规则,将目标设备与设备特征进行匹配,从而识别物联网设备产商和类型。与随机森林算法相比,该方法对物联网设备的品牌和类型的识别准确率提高了2.88%。

Internet of Things device identification is the basis for security activities,such as risk assessment,threat perception,and vulnerability protection,and is thus of great significance to improving Internet of Things security.Existing IoT device identification methods mainly identify device attributes by manually constructing device fingerprints and matching them with the content of device protocol data packets,which has the problems of low efficiency and high labor cost.To solve this problem,this paper proposes an loT device identification method based on banner similarity.The method first selects the features in the header field of the response message,constructs the device feature space,designs similarity measurement rules,and compares the target device and device features.Fingerprints are matched to identify IoT device manufacturers and types.Compared with the random forest algorithm,the identification accuracy is improved by 2.88%.