| Popis: |
Increasingly, network smart devices are being deployed and operated over the network. The Mirai attack has shown that the vulnerabilities of these devices can be exploited to stage large-scale attacks. In this paper, we explore the potential for identifying a device before it connects to the network such that appropriate security postures can be taken based on the known characteristics of the device. We propose to identify a device by (1) Device Vendor (2) Device Operating System (3) Device Type. We propose to utilize several pieces of information available before a device is allowed to connect to the network, such as MAC address and DHCP packet information, to classify the device. We propose a number of algorithms to utilize this information to robustly identify the device on these 3 dimensions. We show that it is possible to effectively identify a device before it is allowed access on the network and thus inform the security policies governing the network. |
