For intrusion detection, it is increasingly important to detect the suspicious entities and potential threats. In this paper,we introduce\nthe identification technologies of network entities to detect the potential intruders. However, traditional entities identification\ntechnologies based on the MAC address, IP address, or other explicit identifiers can be deactivated if the identifier is hidden or\ntampered.Meanwhile, the existing fingerprinting technology is also restricted by its limited performance and excessive time lapse.\nIn order to realize entities identification in high-speed network environment, PFQ kernelmodule and Storm are used for high-speed\npacket capture and online traffic analysis, respectively. On this basis, a novel device fingerprinting technology based on runtime\nenvironment analysis is proposed, which employs logistic regression to implement online identification with a sliding window\nmechanism, reaching a recognition accuracy of 77.03%over a 60-minute period. In order to realize cross-device user identification,\nWeb access records, domain names inDNS responses, andHTTP User-Agent information are extracted to constitute user behavioral\nfingerprints for online identification with Multinomial Naive Bayes model.When the minimum effective feature dimension is set\nto 9, it takes only 5 minutes to reach an accuracy of 79.51%. Performance test results show that the proposed methods can support\nover 10Gbps traffic capture and online analysis, and the system architecture is justified in practice because of its practicability and\nextensibility.
Loading....