Abstract
Nowadays, with the continuous integration of production network and business network, more and more Industrial Internet of Things and Internal Office Network have been interconnected and evolved into a large-scale enterprise-level intraindustry network. Terminal devices are the basic units of internal network. Accurate identification of the type of device corresponding to the IP address and detailed description of the communication behavior of the device are of great significance for conducting network security risk assessment, hidden danger investigation, and threat warning. Traditional cyberspace surveying and mapping techniques take the form of active measurement, but they cannot be transplanted to large-scale intranet. Resources or specific targets in internal networks are often protected by firewalls, VPNs, gateways, and other technologies, so they are difficult to analyze and determine by active measurement. In this paper, a passive measurement method is proposed to identify and characterize devices in the network through real traffic data. Firstly, a new graph structure mining method is used to determine the server-like devices and host-like devices; then, the NAT-like devices are determined by quantitative analysis of traffic; finally, by qualitative analysis of the NAT-like device traffic, it is determined whether there are server-like devices behind the NAT-like device. This method will prove to be useful in identifying all kinds of devices in network data traffic, detecting unauthorized NAT-like devices and whether there are server-like devices behind the NAT-like devices.
Highlights
With the rapid development of information technology, the integration of production network and business network has become a reality
Cyberspace surveying and mapping technology is an extension of network measurement, and network measurement technology is used for network mapping [1,2,3]
Security and Communication Networks internal network has strict network boundaries and access control methods, so it is difficult to achieve reachability and coverage. In response to these active measurement problems, this paper presents a cyberspace surveying and mapping model guided by passive measurements
Summary
With the rapid development of information technology, the integration of production network and business network has become a reality. The interconnection of Industrial Internet of Things (IoT) and Internal Office Network has become a new networking trend, which greatly improves the production efficiency, and achieves tight coupling of business work and production scheduling. According to the measurement method, cyberspace surveying and mapping technology can be divided into active measurement and passive measurement [4,5,6,7,8,9]. For large-scale internal networks, especially those connected to industrial IoT, active measurement is not a good way. (3) Active measurement methods are identified as attacks due to the placement of various security products in the internal network. The main reasons are as follows: (1) Industrial IoT requires high real-time performance and stability and cannot tolerate the large number of data detection packages generated by active measurement. (2) Due to the limitation of the internal network transmission bandwidth, active measurement cannot be performed because it is easy to cause network congestion. (3) Active measurement methods are identified as attacks due to the placement of various security products in the internal network. (4) The
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
