Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
AGENP: An ASGrammar-based GENerative Policy Framework Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

Policy-Based Identification of IoT Devices’ Vendor and Type by DNS Traffic Analysis

verfasst von : Franck Le, Jorge Ortiz, Dinesh Verma, Dilip Kandlur

Erschienen in: Policy-Based Autonomic Data Governance

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The explosive growth of IoT devices and the weak security protection in some types of devices makes them an attractive target for attackers. IoT devices can become a vulnerable weak link for penetrating a secure IT infrastructure. The risks are exacerbated by the Bring-Your-Own-Device trend that allows employees to connect their own personal devices into an enterprise network. Currently, network administrators lack adequate tools to discover and manage IoT devices in their environments. A good tool to address this requirement can be created by adapting and applying natural language interpretation algorithms to network traffic. In this paper, we show that an application of algorithms like Term Frequency - Inverse Document Frequency (TF-IDF) to the domain name resolution process, a required first step in every Internet based communication, can be highly effective to determine IoT devices, their manufacturers and their type. By treating the domain names being resolved as words, and the set of domain names queried by a device as a document, then comparing these synthetic documents from a reference data set to real traffic results in a very effective approach for IoT discovery. Evaluation of our approach on a traffic data set shows that the approach can identify 84% of the instances, with an accuracy of 91% for the IoT devices’ vendor, and 100% of the instances with an accuracy of 94% for the IoT devices’ type. We believe that this is the first attempt to apply natural language processing algorithms for traffic analysis, and the promising results could open new venues for securing and understanding computer networks through natural language processing algorithms. These and other techniques require policies to determine how the large volume of data will be handled efficiently. By assisting in detecting potential malicious devices, this paper contributes to the topic of safe autonomy.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Secure Model Fusion for Distributed Learning Using Partial Homomorphic Encryption
Nächstes Kapitel Redundancy as a Measure of Fault-Tolerance for the Internet of Things: A Review
Fußnoten
1
While IoT-VEN takes as input the set of queried DNS names from an IoT device, IoT-TYP takes the list of DNS names. In a list, a DNS name may appear multiple times. The difference comes from the fact that IoT-TYP is based on TF/TF-IDF: the term frequency of each DNS name can reflect how important that domain is to the device type.
 
2
Similar to the preprocessing in IoT-VEN, we discard *.local domains, and queries to common services (e.g., *.ntp.org, *.arpa).
 
Literatur
1.
2.
Hautala, L.: Why it was so easy to hack the cameras that took down the web. In: CNET Security (2016)
3.
Palmer, D.: 175,000 IoT cameras can be remotely hacked thanks to flaw, says security researcher. In: ZDNet (2017)
4.
Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the internet-of-things. In: ACM Workshop on Hot Topics in Networks (2015)
5.
Apthorpe, N., Reissman, D., Feamster, N.: A smart home is no castle: privacy vulnerabilities of encrypted IoT traffic. In: Workshop on Data and Algorithmic Transparency (DAT) (2016)
6.
Sivanathan, A., Sherratt, D., Gharakheili, H.H., Vishwanath, A., Sivaraman, V.: Low-cost flow-based security solutions for smart-home IoT devices. In: Advanced Networks and Telecommunications Systems (2016)
7.
Miettinen, M., et al.: IoT sentinel demo: automated device-type identification for security enforcement in IoT. In: IEEE International Conference on Distributed Computing Systems (2017)
8.
Sivanathan, A., et al.: Characterizing and classifying IoT traffic in smart cities and campuses. In: IEEE INFOCOM Workshop Smart Cities and Urban Computing (SmartCity 2017) (2017)
9.
10.
11.
Markowsky, L., Markowsky, G.: Scanning for vulnerable devices in the internet of things. In: Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS) (2015)
12.
Ramos, J.: Using TF-IDF to determine word relevance in document queries. Department of Computer Science, Rutgers University (1999)
13.
Mockapetris, P.: Domain names - implementation and specification. RFC 1035, Internet Engineering Task Force (1987)
14.
Droms, R., Lemon, T.: The DHCP Handbook: Understanding, Deploying, and Managing Automated Configuration Services. New Riders Publishing, Thousand Oaks (1999)
15.
16.
17.
Le, Q., Mikolov, T.: Distributed representations of sentences and documents. In: International Conference on International Conference on Machine Learning (2014)
18.
Verma, D.: Principles of Computer Systems and Network Management. Springer, New York (2009)CrossRef
19.
Stallings, W.: SNMP, SNMPv2, SNMPv3, and RMON 1 and 2. Addison-Wesley Longman Publishing Co., Inc., Boston (1998)
20.
Breitbart, Y., Garofalakis, M., Martin, C., Rastogi, R., Seshadri, S., Silberschatz, A.: Topology discovery in heterogeneous IP networks. In: IEEE INFOCOM (2000)
21.
22.
Pautasso, C., Zimmermann, O., Leymann, F.: Restful web services vs. big’web services: making the right architectural decision. In: Proceedings of the 17th International Conference on World Wide Web, pp. 805–814. ACM (2008)
23.
Martin, J., Rye, E., Beverly, R.: Decomposition of MAC address structure for granular device inference. In: Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM (2016)
24.
Franklin, J., McCoy, D., Tabriz, P., Neagoe, V., Randwyk, J.V., Sicker, D.: Passive data link layer 802.11 wireless device driver fingerprinting. In: USENIX Security Symposium, vol. 3, pp. 16–89 (2006)
25.
Martin, J., Rhame, D., Beverly, R., McEachen, J.: Correlating GSM and 802.11 hardware identifiers. In: Military Communications Conference, MILCOM 2013–2013 IEEE, pp. 1398–1403. IEEE (2013)
26.
27.
Hupperich, T., Maiorca, D., Kührer, M., Holz, T., Giacinto, G.: On the robustness of mobile device fingerprinting: can mobile users escape modern web-tracking mechanisms? In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 191–200. ACM (2015)
28.
Guo, H., Heidemann, J.: IP-based IoT device detection. In: Proceedings of the 2018 Workshop on IoT Security and Privacy. ACM (2018)
29.
Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31, 2435–2463 (1999)CrossRef
30.
31.
32.
Chokhani, S., Ford, W., Sabett, R., Merrill, C., Wu, S.: Internet x.509 public key infrastructure certificate policy and certification practices framework (2003)
33.
34.
35.
Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, USA (2009)
Metadaten
Titel
Policy-Based Identification of IoT Devices’ Vendor and Type by DNS Traffic Analysis
verfasst von
Franck Le
Jorge Ortiz
Dinesh Verma
Dilip Kandlur
Copyright-Jahr
2019
Buch
Policy-Based Autonomic Data Governance

Print ISBN: 978-3-030-17276-3

Electronic ISBN: 978-3-030-17277-0

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-030-17277-0_10