Research On Features Extraction And Online Identification Of Large-scale Iot Devices

With the rapid development of Io T technology,Io T devices play a great role in medical,transportation,industrial and other fields.However,Io T security issues have become more serious in recent years.Several large-scale cyber attacks have happened which utilize Io T devices and become a serious threat to personal privacy and national security.Io T device identification is the first step to carry out Io T security management.By identifying the brand and model information of devices,it helps security researchers analyze the network security posture and improve equipment vulnerability manage ment.Currently Io T device identification technologies can be classified into two categories: device identification based on classification models and device identification based on banners.Although the existing identification methods have achieved a high recognition accuracy rate,there are still shortcomings.On the one hand,traditional device features relies on keywords such as brand and model,and cannot correctly identify devices when keywords are difficult to confirm;on the other hand,traditional identification methods have difficulties in dynamic updating of models,insufficient training data and large comput ing cost,which are difficult to cope with the current rapidly developing Io T environment.To solve the above problems,this paper proposes method of features extraction and the online Io T device identification based on SOINN.The main work of this paper has the following three points.1.The extraction method of structured and unstructured features of Io T devices is studied.Firstly,the structure features of the DOM tree are analyzed,and the structured features are generated by combining the locally sensitive hash function N ilsimsa.Then the TF-IDF technique is used to optimize the regular matching result and give high weight values to the model keywords to generate unstructured features.2.Online Io T device identification technology based on SOINN network is studied.First,an incremental supervised learning method is constructed using SOINN and SVM to achieve dynamic update of the device brand classification model,which avoids repeatedly using the complete data set to train the classification model and reduces the comput ing cost.Then,the Jaro distance and TF-IDF weight values are combined to calculate the text similarity between device and model feature library to achieve device model identification.3.An Io T device identification system is realized and experimentally evaluated.The experimental results show that the device identification method in this paper achieves an accuracy rate of 95.9%,while reducing the computing cost compared with other methods.The device brand classification can update models during the identification and t he F1 value of classifiers improves from 84% to 95.4% after identifying and learning ten data sets.Compared with text features,the features designed in this paper help the system discover about 37.05% more devices.In addition,this paper used the system to scan devices in real networks and discovered nearly one million Io T devices.