WDMTI: Wireless Device Manufacturer and Type Identification Using Hierarchical Dirichlet Process
- 1 October 2018
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2018 IEEE 15th International Conference on Mobile Ad Hoc and Sensor Systems (MASS)
Abstract
Wireless devices have been widely adopted across all domains. With the convenience brought by wireless communication technology, increasing number of conventional (wired) devices are evolving to become wireless. However, significant security issues arise with the popularity of wireless devices. To start an attack, the adversary usually performs a network reconnaissance to discover exposed devices, identify device manufacturers and types, and then scan for vulnerabilities. From the defense side, network administrators are expected to identify the potential vulnerabilities/risks and enforce Network Access Control (or Network Admission Control, NAC) on all the connecting devices. To do this, it is essential to accurately identify the make/model/type of each device that attempts to connect to the network, e.g., MacBooks, Samsung smart phones (Android), Amazon kindles, DLink surveillance cameras, TP-Link smart plugs, etc. In this paper, we present a novel approach, namely WDMTI, for the identification of wireless device manufacturer and type. We tackle the challenge from two aspects: the features and the classification model. First, we claim that it is critical to discover the device manufacturer and type as soon as the device requests to join the WLAN, and it is unrealistic to make other assumptions on the status of the device, e.g., assuming that the device is booting up or initializing a new connection to corresponding servers/clouds. We primarily depend on the features extracted from the network connection phase, while features from device booting are considered "bonus". In particular, we propose to utilize features from the raw HDCP packets, which is shown to be sufficient for device manufacturer and type recognition with high accuracy. Meanwhile, in the WDMTI system, we employ the Hierarchical Dirichlet Process (HDP), which is a nonparametric Bayesian model for grouped data. HDP allows new groups to be introduced with new data being added, i.e. previously unknown devices connect to the network and the extracted features receive new labels. The WDMTI mechanism is dynamically retrained on-line, instead of requiring a time-consuming off-line retraining process. Our experiments show that WDMTI identifies known types of devices with average accuracy of 0.89, and new types of devices with average accuracy of 0.96, both of which is higher than the state-of-art approaches. In summary, we present a wireless device manufacturer and type identification (WDMTI) system that is both scalable and accurate, and capable of adapting to unknown types of devices on-the-fly.Keywords
This publication has 19 references indexed in Scilit:
- GTID: A Technique for Physical Device and Device Type FingerprintingIEEE Transactions on Dependable and Secure Computing, 2014
- Bayesian Inference for Logistic Models Using Pólya–Gamma Latent VariablesJournal of the American Statistical Association, 2013
- How Unique Is Your Web Browser?Lecture Notes in Computer Science, 2010
- The nested chinese restaurant process and bayesian nonparametric inference of topic hierarchiesJournal of the ACM, 2010
- Passive classification of wireless NICs during active scanningInternational Journal of Information Security, 2008
- Passive Classification of Wireless NICs during Rate SwitchingEURASIP Journal on Wireless Communications and Networking, 2007
- Hierarchical Dirichlet ProcessesJournal of the American Statistical Association, 2006
- Remote Physical Device FingerprintingIEEE Transactions on Dependable and Secure Computing, 2005
- Improved automatic keyword extraction given more linguistic knowledgePublished by Association for Computational Linguistics (ACL) ,2003
- A Bayesian Analysis of Some Nonparametric ProblemsThe Annals of Statistics, 1973