Retransmission-Based TCP Fingerprints for Fine-Grain IoV Edge Device Identification

Abstract

Due to the deployment of 5G technology, the number of IoV (Internet of Vehicle) devices connected to the Internet will explosively grow. However, as a kind of edge network device, IoV devices also face some problems including weak password authentication, lack of security protection, and lagged firmware updating, which largely threaten the security and legitimacy of these devices. IoV device identification is important in discovering, monitoring, and protecting these devices. Although existing proactive identification methods based on device fingerprints can be used to identify the large-scale Internet-connected IoV devices, they can not meet the fine-grained requirements for security risk assessment. Due to the increase in the types and brands of IoV devices, the fingerprint granularity will be insufficient. In this paper, we proposed a retransmission-based TCP fingerprints for large-scale fine-grained proactive device identification. Firstly, a probing scheme was designed to obtain TCP retransmission packet and increase the granularity space of traditional TCP fingerprint by selecting the multi-group features of TCP retransmission messages. Then, according to the bagging strategy of ensemble learning, a combined classifier with five predominant machine learning algorithms was generated. The experimental results showed that the identification accuracy and recall of IoV devices respectively reached 96.7% and 95.2%.