Research On Key Technologies Of Network Equipment Type Identification Based On Network Traffic Analysis

With the rapid development of the network,network security has been widely concerned by the state,enterprises and individuals.Network device identification is an important part of network security assessment,so more and more people are studying network device identification.Network devices are characterized by complex types and huge numbers in cyberspace.Accurately identifying network devices in cyberspace and combining network device information with network vulnerabilities will have contributed to the evaluation of core assets and core networks,and also reflect the vulnerability of the entire network.Therefore,network device type identification is of great significance for core asset assessment,vulnerability discovery and network security assessment throughout the network.The research work of this paper mainly includes the following contents:(1)In view of the large number,rapid change and high dimension of network traffic data samples,an improved SU(symmetric uncertainty)feature selection algorithm is proposed in the aspect of data and selection.Through the repeated iterations of the threshold increment ?,the algorithm uses the symmetric uncertainty(SU)to remove the redundancy between attributes and between the attributes and the associated classes,so as to obtain the optimal feature attribute set.Based on the decision tree classification algorithm,the experiment is carried out on the sample set of fingerprint feature database finger.os to verify that the algorithm can effectively reduce the dimension of feature attributes,thus improving the efficiency and accuracy of network device recognition.(2)Traditional network device identification methods often rely on scanning,detection and other methods to study flags,ports and individual protocols.This method is easily intercepted by the firewall,resulting in unstable operation of the detected device and low recognition accuracy.Therefore,this paper passively listens to the network traffic of the network device,extracts the feature field of the HTTP packet of the network traffic and the feature field of the TCP session as the network device identification feature attribute set,and uses the the improved SU feature selection algorithm proposed in Chapter 3 to reduce the dimension of feature attributes,the optimal feature subset is obtained.The AGNES clustering algorithm is selected as the clustering algorithm for network device identification.Through the experimental comparison of the “single link”,“full link” or “average link” algorithms,the similarity measure function based on “average link” as the AGNES clustering algorithm is finally adopted.Finally,the experimental comparison with K-means clustering algorithm verifies that the proposed algorithm has higher device recognition accuracy.(3)Based on the foundation of chapters three or four,the prototype system of network equipment identification is designed,and the accuracy of equipment identification is verified by experiments.