Abstract
The widespread application of wireless communication technology brings great convenience to people, but security and privacy problems also arise. To assess and guarantee the security of wireless networks and user devices, discovering and identifying wireless devices become a foremost task. Currently, effective device identification is still a challenging issue, as device fingerprinting requires huge training datasets and is difficult to expand, and rule-based identification is not accurate and reliable enough. In this paper, we propose WND-Identifier, a universal and extensible framework for the identification of wireless devices, which can generate high-precision device labels (vendor, type, and product model) efficiently without user interaction. We first introduce the concept of device-info-related network protocols. WND-Identifier makes full use of the natural language features in such protocol messages and combines with the device description in the welcome page, thereby utilizing extraction rules to generate concrete device labels. Considering that the device information in the protocol messages may be incomplete or forged, we further take advantage of the application logic independence and stability of the device-info-related protocol, so as to build a multiprotocol text classification model, which maps the device to a known label. We conduct experiments in homes and public networks and present three application scenarios to verify the effectiveness of WND-Identifier.
Highlights
Nowadays, there are portable devices accessing the Internet through WLAN in every corner of the world
IP addresses are easy to modify, while researches show that MAC addresses are vulnerable to spoofing and attacks [55, 56]. erefore, this type of identifier is not included in the characteristics of our rule-based device identification, and only the first 6 hexadecimal digits of the MAC address are extracted to label the manufacturer of the network card. rough actual observation and analysis, we find that different devices tend to apply distinguishing combinations of protocols
We find that some unknown devices are classified as legitimate devices with very low similarity. erefore, we set a threshold for the classifier, and the classification is valid only when the similarity is greater than 0.6. e selection of the threshold is based on a large amount of experimental data
Summary
There are portable devices accessing the Internet through WLAN in every corner of the world. Compared with another common wireless network technology—cellular network, Wi-Fi has advantages in terms of ease of deployment and low cost. Erefore, in the deployment of indoor and private local networks, Wi-Fi is still the preferred technology that provides reliable and convenient support for home network devices [1], from portable devices such as smartphones and laptops to smart home devices such as webcams, speakers, and thermostats. With the rapid increase of Wi-Fi devices, security and privacy issues arise. In 2017, the key reinstallation attack (KRACK) [4] took advantage of design flaws in the WPA/ WPA2 encryption protocol, allowing attackers to hijack TCP connections and steal user privacy. In the year 2019, the Kr00k vulnerability [5] affected devices using Cypress and Broadcom Wi-Fi chips, making more than one billion Wi-Fi devices such as access points, smartphones, tablets, and IoT gadgets vulnerable to attacks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
