Browse > Article
http://dx.doi.org/10.3837/tiis.2021.01.002

UDP-Based Active Scan for IoT Security (UAIS)  

Jung, Hyun-Chul (Department of Computer Science and Engineering, Korea University)
Jo, Hyun-geun (Norma, Inc.)
Lee, Heejo (Department of Computer Science and Engineering, Korea University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.15, no.1, 2021 , pp. 20-34 More about this Journal
Abstract
Today, IoT devices are flooding, and traffic is increasing rapidly. The Internet of Things creates a variety of added value through connections between devices, while many devices are easily targeted by attackers due to security vulnerabilities. In the IoT environment, security diagnosis has problems such as having to provide different solutions for different types of devices in network situations where various types of devices are interlocked, personal leakage of security solutions themselves, and high cost, etc. To avoid such problems, a TCP-based active scan was presented. However, the TCP-based active scan has limitations that it is difficult to be applied to real-time systems due to long detection times. To complement this, this study uses UDP-based approaches. Specifically, a lightweight active scan algorithm that effectively identifies devices using UPnP protocols (SSDP, MDNS, and MBNS) that are most commonly used by manufacturers is proposed. The experimental results of this study have shown that devices can be distinguished by more than twice the true positive and recall at an average time of 1524 times faster than Nmap, which has a firm position in the field.
Keywords
IoT Device Identification; Active Scan; UPnP Protocols; UDP Based Scan;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. P. S. Medeiros, A. M. Brito, and P. S. M. Pires, "An effective TCP/IP fingerprinting technique based on strange attractors classification," in Proc. of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security, pp. 68-75, 2019.
2 A. Osanaiye and M. Dlodlo, "TCP/IP header classification for detecting spoofed DDoS attack in cloud environment," in Proc. of 2015 International Conference on Computer as a Tool, pp. 1-6, 2015.
3 N. Provos and P. Honeyman, "ScanSSH: Scanning the Internet for SSHServers," in Proc. of the 15th UNENIX Systems Administration Conference, pp. 25-30, 2001.
4 S. Balram and M. Wiscy, "Detection of TCP SYN scanning using packet counts and neural network," in Proc. of IEEE International Conference on Signal Image Technology and Internet Based Systems, pp. 646-649, 2008.
5 S. Lee, J. Jeong, and J. Park, "DNS name autoconfiguration for IoThome devices," in Proc. of IEEE 29th International Conference on Advanced Information Networking and Applications Workshops, pp. 131-134, 2015.
6 J. Jara, P. Lopez, D. Fernandez, J. F. Castillo, M. A. Zamora, and A. F. Skarmeta, "Mobile digcovery: A global service discovery for the Internet of Things," in Proc. of 27th IEEE International Conference on Advanced Information Networking and Applications Workshops, pp. 1325-1330.
7 A. Finamore, M. Mellia, M. Meo, and D. Rossi, "Kiss: Stochastic packet inspection classifier for udp traffic," IEEE/ACM Transactions on Networking, vol. 18, no. 5, pp. 1505-1515, Oct. 2010.   DOI
8 M. Arora, U. Kanjilal, and D. Varshney, "Evaluation of information retrieval: precision and recall," International Journal of Indian Culture and Business Management, vol. 12, no. 2, Jan. 2016.
9 H. Kawai, S. Ata, N. Nakamura, and I. Oka, "Identification of communication devices from analysis of traffic patterns," in Proc. of the 13th International Conference on Network and Service Management, pp. 1-5, 2017.
10 A. Sivanathan, D. Sherratt, H. H. Gharakheili, A. Radford, C. Wijenayake, A. Vishwanath, and V. Sivaraman, "Characterizing and classifying IoT traffic in smart cities and campuses," in Proc. of 2017 IEEE Conference on Computer Communications Workshops, pp. 559-564, 2017.
11 K. Yang, Q. Li, and L. Sun, "Towards automatic fingerprinting of IoT devices in the cyberspace," Computer Networks, vol. 148, pp. 318-327, Jan. 2019.   DOI
12 Y. Meidan, M. Bohadana, A. Shabtai, M. Ochoa, N. O. Tippenhauer, J. D.Guarnizo, and Y. Elovici, "Detection of unauthorized IoT devices using machine learning techniques," arXiv: Cryptography and Security, Sep. 2017.
13 B. Bezawada, M. Bachani, J. Peterson, H. Shirazi, I. Ray, and I. Ray, "Iotsense: Behavioral fingerprinting of IoT devices," in Proc. of 2018 Workshop on Attacks and Solutions in Hardware Security, pp. 41-50, 2018.
14 V. Jincy and S. Sundararajan, "Classification mechanism for IoT devices towards creating a security framework," Intelligent Distributed Computing, vol. 321. pp. 265-277, 2015.   DOI
15 J. Gonzalez and M. Papa, "Passive scanning in Modbus networks," in Proc. of International Conference on Critical Infrastructure Protection, vol. 253, pp. 175-187, 2007.
16 Bitdefender. Bitdefender Advanced Business Security, Data Sheet. [Online]. Available: https://www.bitdefender.com/box
17 A. Raza, A. Ikram, A. Amin, and A. J. Ikram, "A review of low cost and power efficient development boards for IoT applications," in Proc. of 2016 Future Technologies Conference, pp. 786-790, 2016.
18 M. A. Khan and K. Salah, "Iot security: Review, blockchain solutions, and open challenges," Future Generation Computer Systems, vol. 82, pp. 395-411, 2018.   DOI
19 M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A. R. Sadeghi, and S. Tarkoma, "IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT," in Proc. of 2017 IEEE 37th International Conference on Distributed Computing systems, pp. 2177-2184, 2017.
20 Fing ltd. Device Recognition. [Online]. Available: https://www.fing.com/products/fingbox
21 B. V. Solms and R. V. Solms, "The 10 deadly sins of information security management," Computers & security, vol. 23, no. 5, pp. 371-376, July 2004.   DOI
22 S. S. Hasan and M. A. Qadeer, "Security concerns in WiMAX," in Proc. of First Asian Himalayas International Conference on Internet, pp. 1-5, 2009.
23 Y. Meidan, M. Bohadana, A. Shabtai, J. D. Guarnizo, M. Ochoa, N. O. Tippenhauer, and Y. Elovici, "ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis," in Proc. of SAC 2017: Symposium on Applied Computing, pp. 506-509, Apr. 1017.
24 G. F. Lyon, Nmap network scanning: The official Nmap project guide to network discovery and security scanning, Sunnyvale, CA, USA: Insecure, 2009.
25 K. Gao, C. Corbett, and R. Beyah, "A passive approach to wireless device fingerprinting," in Proc. of IFIP International Conference Dependable Systems & Networks, pp. 383-392, 2010.
26 Adaptive passive scanning and/or active probing techniques for mobile device positioning, by V. Sridhara, S. M. Das, A. F. Naguib, and R. Palanki. (2013, Dec. 19). Patent Published No. US20130337847A1.