While the rapid development and wide application of intelligent Io T devices bring unprecedented convenience to people,many security threats and challenges are existing,such as being exploited by hackers and making it difficult for network administrators to monitor and manage in real time.In order to locate and isolate the attacked abnormal Io T devices in a timely manner and monitor the operation status of Io T devices in the local area network,efficient device classification and identification is the first task.Among the existing research methods,the identification method based on Banner analysis is limited by the constraints of few open services and encrypted communication of the device,while the features selected by the identification method based on traffic or protocol characteristics are not highly correlated with the device,and there is also the problem of imbalance of sample data due to the difference in device status.Therefore,two Io T device identification methods based on traffic or protocol characteristics are proposed in this thesis,and the main innovative works are as follows:(1)An Io T device identification model FT-DRF based on traffic and text fingerprint is proposed,which first designs a feature mining model,selects stable flow statistics as device traffic fingerprints,and then generates device text fingerprints based on sensitive text information in the header fields of application layer protocols such as HTTP,DNS and DHCP;On this basis,a machine learning algorithm based on double-layer random forest is designed.Identification experiments were performed on laboratory datasets and public datasets.Results show that the FTDRF model can effectively identify network cameras,smart speakers and other Io T devices,and the average accuracy can reach 99.81%,which is 2%-5% higher than the existing typical methods.(2)An Io T device identification model Io TExplorer based on protocol feature fingerprint is proposed.First,the device protocol behavior features are extracted as the fingerprint,and a packet serialization algorithm and resampling technology are proposed to balance the public data set and improve the identification accuracy.On this basis,a feature selection method is designed to reduce the dimension of the feature set.Finally,machine learning algorithms such as Decision Tree are used to model and realize device classification recognition.The feasibility of the Io TExplorer model is verified on two datasets,and the recognition accuracy can reach 98.6% and 99.6%,which achieves higher recognition accuracy and better generalization ability than the existing typical work. |