Automated Behavioral Fingerprinting

Jérôme, François; Abdelnur, Humberto; State, Radu; Festor, Olivier

doi:10.1007/978-3-642-04342-0_10

Cited by 20 publications

(15 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use the same environment and one version for each application both for learning of the feature vectors and for identification. However, different versions of application, underlying environments or topologies possibly result in different flow patterns, as mentioned in device‐fingerprinting works . The impact on the profiling induced by these differences is to be evaluated.…”

Section: Discussionmentioning

confidence: 99%

Network application profiling with traffic causality graphs

Asai

Fukuda²,

Abry

et al. 2014

Int J Network Mgmt

View full text Add to dashboard Cite

SUMMARYA network application profiling framework is proposed that is based on traffic causality graphs (TCGs), representing temporal and spatial causality of flows to identify application programs. The proposed framework consists of three modules: the feature vector space construction using discriminative patterns extracted from TCGs by a graph-mining algorithm; a feature vector supervised learning procedure in the constructed vector space; and an application identification program using a similarity measure in the feature vector space. Accuracy of the proposed framework for application identification is evaluated, making use of ground truth packet traces from seven peer-to-peer (P2P) application programs. It is demonstrated that this framework achieves an overall 90:0% accuracy in application identification. Contributions are twofold:(1) using a graph-mining algorithm, the proposed framework enables automatic extraction of discriminative patterns serving as identification features; 2) high accuracy in application identification is achieved, notably for P2P applications that are more difficult to identify because of their using random ports and potential communication encryption.

show abstract

Section: Discussionmentioning

confidence: 99%

Network application profiling with traffic causality graphs

Asai

Fukuda²,

Abry

et al. 2014

Int J Network Mgmt

View full text Add to dashboard Cite

show abstract

“…General device fingerprinting has been described in [6], [7], [8], which have explored several techniques ranging from packet header features to physical features such as clockskews. Wireless device finger printing techniques have been discussed in [9], [10], [11], [12], [13]. These works explored the device type identification by exploring the implementation differences of a common protocol such as SIP, across similar devices.…”

Section: State Of Current Researchmentioning

confidence: 99%

Behavioral Fingerprinting of IoT Devices

Bezawada

Bachani

Peterson

et al. 2018

Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security

161

101

View full text Add to dashboard Cite

The Internet-of-Things (IoT) has brought in new challenges in device identification -what the device is, and authentication -is the device the one it claims to be. Traditionally, the authentication problem is solved by means of a cryptographic protocol. However, the computational complexity of cryptographic protocols and/or scalability problems related to key management, render almost all cryptography based authentication protocols impractical for IoT. The problem of device identification is, on the other hand, sadly neglected. We believe that device fingerprinting can be used to solve both these problems effectively. In this work, we present a methodology to perform device behavioral fingerprinting that can be employed to undertake device type identification. A device behavior is approximated using features extracted from the network traffic of the device. These features are used to train a machine learning model that can be used to detect similar device types. We validate our approach using five-fold cross validation; we report a identification rate of 86-99% and a mean accuracy of 99%, across all our experiments. Our approach is successful even when a device uses encrypted communication. Furthermore, we show preliminary results for fingerprinting device categories, i.e., identifying different device types having similar functionality.

show abstract

“…Thus, an attacker can inject such erroneous data, as shown in Figure 1, using multiple vehicle identities (sybil attack) using a standard computer which is be considered as the most realistic and threatening scenario [12]. Complementary approaches to automatically identify such unusual or unauthorized devices also exist (device fingerprinting) but are dependent on the specific protocol used [13], [14]. Even without a success rate of 100%, an attacker may cause unforeseen and catastrophic consequences to location based services (creating traffic congestion and so indirectly rerouting people to specific locations, indicating false collisions which may provoke unnecessary braking, etc).…”

Section: B Problem Descriptionmentioning

confidence: 99%

Tracking spoofed locations in crowdsourced vehicular applications

Dolberg

Francis

Engel

2014

2014 IEEE Network Operations and Management Symposium (NOMS)

View full text Add to dashboard Cite

Position information is essential for many vehicular applications like traffic information and route planning but also for enabling vital network routing services. However, the accuracy of the latter is highly dependent of a precise location service which might be altered by attackers forging falsified position data. In this paper, we propose a new method for tracking and removing location spoofing anomalies in large scale position based services assuming no control of the communication infrastructure or additional hardware or software at the client side. Our system uses aggregation of location information combined with relevant stability metrics.

show abstract

Automated Behavioral Fingerprinting

Cited by 20 publications

References 22 publications

Network application profiling with traffic causality graphs

Network application profiling with traffic causality graphs

Behavioral Fingerprinting of IoT Devices

Tracking spoofed locations in crowdsourced vehicular applications

Contact Info

Product

Resources

About