Characterising Network-Connected Devices Using Affiliation Graphs

Submitted by grigby1 on Tue, 02/23/2021 - 2:56pm

Title	Characterising Network-Connected Devices Using Affiliation Graphs
Publication Type	Conference Paper
Year of Publication	2020
Authors	Millar, K., Cheng, A., Chew, H. G., Lim, C.
Conference Name	NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium
Date Published	April 2020
Publisher	IEEE
ISBN Number	978-1-7281-4973-8
Keywords	affiliation graphs, computer network management, device discovery and management, encryption-invariant device management strategy, future traffic demand, graph theory, Internet, IP networks, Local area networks, management complexity, network administrators, Network reconnaissance, network-connected devices, passive network reconnaissance, pubcrawl, resilience, Resiliency, Scalability, security analysts, security risk, university campus network
Abstract	Device management in large networks is of growing importance to network administrators and security analysts alike. The composition of devices on a network can help forecast future traffic demand as well as identify devices that may pose a security risk. However, the sheer number and diversity of devices that comprise most modern networks have vastly increased the management complexity. Motivated by a need for an encryption-invariant device management strategy, we use affiliation graphs to develop a methodology that reveals key insights into the devices acting on a network using only the source and destination IP addresses. Through an empirical analysis of the devices on a university campus network, we provide an example methodology to infer a device's characteristics (e.g., operating system) through the services it communicates with via the Internet.
URL	https://ieeexplore.ieee.org/document/9110309/
DOI	10.1109/NOMS47738.2020.9110309
Citation Key	millar_characterising_2020

Groups:

Science of Security VO