Abstract
Network device is an important part of cyberspace, and accurate identification of network device is the basis of network management and security analysis. The current identification method based on MAC address is rely on converting MAC address and other information into fingerprints and MAC address distance to identify network device eventually. However, this identification method based on MAC address distance has high false alarm rate. A method for network device identification based on MAC boundary inference is proposed. Considering the device manufacturers’ strategies of allocating MAC addresses in sequence for devices with same type, the relationship between the type and MAC address is built according known devices firstly. Then, MAC address aggregation rule is built to infer the MAC prefix for those known type, and the MAC boundary is obtained. Finally, the type of target network device is identified by matching target MAC with MAC prefix, or calculating the distance between target MAC with the MAC boundary. The experimental result in simulation dataset show that the identification method proposed in this paper is better than the identification method based on MAC address distance significantly, and then been less affected by the distribution of MACs of known devices. And the experimental result in Cisco device dataset show that our method increases the identification accuracy rate of the identification method based on MAC address distance by 11.9%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Gillivray, C.M., Reinsel, D.: IDC worldwide global data sphere IoT device and data forecast. IDC (2019)
Antiy Research Institute: Preliminary analysis and thinking enlightenment of Venezuela's massive blackout. Inf. Secur. Commun. Priv. (005), 28–39 (2019)
Feng, G.D., Zhang, Y., Zhang, Y.Q.: Overview of information security risk assessment. China Inst. Commun. 25(7), 10–18 (2004)
Baig, Z., Zeadally, S.: Cyber-security risk assessment framework for critical infrastructures. Intell. Autom. Soft Comput. 25(1), 121–129 (2019)
Antunes, J., Neves, N., Correia, M., Verissimo, P., Neves, R.: Vulnerability discovery with attack injection. IEEE Trans. Softw. Eng. 36(3), 357–370 (2010)
Xi, R.R., Yun, X.C., Jin, S.Y., Zhang, Y.Z.: Research survey of network security situation awareness. Comput. Appl. 32(01), 1–4 (2012)
Han, W., Tian, Z., Huang, Z., Zhong, L., Jia, Y.: System architecture and key technologies of network security situation awareness system YHSAS. Comput. Mater. Continua 59(1), 167–180 (2019)
Medeiros, J.P.S.L., Brito, A.M., Pires, P.S.M.: A data mining based analysis of nmap operating system fingerprint database. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds.) Computational Intelligence in Security for Information Systems, vol. 63, pp. 1–8. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04091-7_1
Yarochkin, F.V., Arkin, O., Kydyraliev, M.: Xprobe2++: low volume remote network information gathering tool. In: 2009 IEEE/IFIP International Conference on Dependable Systems & Networks, Lisbon, Portugal, pp. 205–210 (2009)
Beverly, R.: A robust classifier for passive TCP/IP fingerprinting. In: Barakat, C., Pratt, I. (eds.) PAM 2004. LNCS, vol. 3015, pp. 158–167. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24668-8_16
Shamsi, Z., Nandwani, A., Leonard, D.: Hershel: single-packet OS fingerprinting. ACM SIGMETRICS Perform. Eval. Rev. 24(4), 195–206 (2016)
Matsunaka, T., Yamada, A., Kubota, A.: Passive OS fingerprinting by DNS traffic analysis. In: 2013 IEEE Workshops of 27th International Conference on Advanced Information Networking and Applications, Barcelona, Spain, pp. 243–250 (2013)
Radhakrishnan, S.V., Uluagac, A.S., Beyah, R.: GTID: A technique for physical device and device type fingerprinting. IEEE Trans. Dependable Secure Comput. 12(5), 519–532 (2015)
Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. IEEE Trans. Dependable Secure Comput. 2(2), 93–108 (2005)
Cui, A., Stolfo, S.J.: A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan. In: the 26th Annual Computer Security Applications Conference, Austin Texas, AT, USA, pp. 97–106 (2010)
Li, Q., Feng, X., Wang, H.: Automatically discovering surveillance devices in the cyberspace. In: the 8th ACM on Multimedia Systems Conference, New York, NY, USA, pp. 331–342 (2017)
Pan, X., Wang, Z., Sun, Y.: Review of plc security issues in industrial control system. J. Cyber Secur. 2(2), 69–83 (2020)
Martin, J., Rye, E., Beverly, R.: Decomposition of MAC address structure for granular device inference. In: Annual Computer Security Applications Conference, Los Angeles California, USA, pp. 78–88 (2016)
Niedermaier, M., Hanka, T., Plaga, S., von Bodisco, A., Merli, D.: Efficient passive ICS device discovery and identification by MAC address correlation. In: International Symposium for ICS & SCADA Cyber Security, Hamburg, Germany, pp. 21–30 (2018)
Acknowledgments
This work was supported by the National Natural Science Foundation of China (No. U1636219).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Guo, X., Li, X., Li, R., Wang, X., Luo, X. (2021). Network Device Identification Based on MAC Boundary Inference. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds) Advances in Artificial Intelligence and Security. ICAIS 2021. Communications in Computer and Information Science, vol 1424. Springer, Cham. https://doi.org/10.1007/978-3-030-78621-2_58
Download citation
DOI: https://doi.org/10.1007/978-3-030-78621-2_58
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78620-5
Online ISBN: 978-3-030-78621-2
eBook Packages: Computer ScienceComputer Science (R0)