Network Device Detection Method Based on Device Time-Delay and Hybrid Deep Learning Model

doi:10.19678/j.issn.1000-3428.0069858

Abstract

Abstract: Current network device identification methods based on hardware fingerprints are not efficient in collecting and extracting features, and device classification methods based on traffic characteristics only consider existing device types and cannot detect abnormal devices. To address these problems, this study proposes a method that extracts the processing time-delay feature of network device based on Global Navigation Satellite System (GNSS) high-precision timing technology. A Bayesian convolutional autoencoder model, called BCNN-AE, is constructed to efficiently identify known types and detect unknown types: the model includes feature extraction, feature reconstruction, and composite prediction modules. First, the proposed method uses GNSS high-precision timing technology to achieve nanosecond-level measurement of network traffic processing time-delays and constructs a device time-delay distribution feature vector. Next, the feature extraction module uses Bayesian convolution to extract time-delay distribution features, and the feature reconstruction module uses an Autoencoder (AE) to learn a compressed reconstruction representation of the time-delay vector. Finally, the composite prediction module makes a comprehensive judgment based on uncertainty and reconstruction error thresholds to identify known types and detect unknown/abnormal device types. Experiments conducted on a dataset collected in a laboratory simulation environment and a public dataset Aalto show that the use of device time-delays can accurately represent different network device types. The results show that the proposed method achieves higher recognition accuracy than that of the baseline model and can effectively detect unknown/abnormal device types.

Key words: device identification and detection, device time-delay, Bayesian convolutional network, Autoencoder (AE), Global Navigation Satellite System (GNSS) timing technology

摘要： 针对目前基于硬件指纹的网络设备识别方法采集和提取特征效率低下以及基于流量特征的设备分类方法仅考虑已有类型而不能对异常设备进行检测的问题,提出基于设备时延和混合深度学习模型的网络设备检测方法。该方法基于全球导航卫星系统(GNSS)高精度授时技术提取纳秒级精度网络设备处理时延特征,构建贝叶斯卷积自动编码器模型BCNN-AE,包含特征提取模块、特征重构模块和复合预测模块,实现了对于已知网络设备类型的识别和未知网络设备类型的检测,具体为:首先采用GNSS高精度授时技术实现对于网络流量处理时延的纳秒级精度测量,并构建设备时延分布特征向量;接着特征提取模块使用贝叶斯卷积提取时延分布特征信息,特征重构模块使用自动编码器(AE)学习时延特征向量的压缩重构表示;最后复合预测模块基于不确定性阈值和重构误差阈值进行综合判断,实现已知类型识别和未知/异常设备类型检测。在实验室仿真环境下采集的数据集和公开数据集Aalto上的实验结果表明,采用设备时延能够实现不同网络设备类型的准确表示,并且BCNN-AE模型除了能取得比基线模型更高的识别准确率之外,还能够实现对于未知/异常设备类型的检测。

关键词: 设备识别与检测, 设备时延, 贝叶斯卷积网络, 自动编码器, 全球导航卫星系统授时技术

CLC Number:

TP393

CUI Jingsong, GUO Mengwei, GUO Chi. Network Device Detection Method Based on Device Time-Delay and Hybrid Deep Learning Model[J]. Computer Engineering, 2026, 52(2): 221-235.

崔竞松, 郭孟伟, 郭迟. 基于设备时延和混合深度学习模型的网络设备检测方法[J]. 计算机工程, 2026, 52(2): 221-235.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0069858

https://www.ecice06.com/EN/Y2026/V52/I2/221

References

[1] YOUSEFNEZHAD N, MALHI A, FRÄMLING K. Automated IoT device identification based on full packet information using real-time network traffic[J]. Sensors, 2021, 21(8): 2660.
[2] BAO J Q, HAMDAOUI B, WONG W K. IoT device type identification using hybrid deep learning approach for increased IoT security[C]//Proceedings of the International Wireless Communications and Mobile Computing (IWCMC). Washington D.C., USA: IEEE Press, 2020: 565-570.
[3] KUMAR V, PAUL K. Device fingerprinting for cyber-physical systems: a survey[J]. ACM Computing Surveys, 2023, 55(14s): 1-41.
[4] VAIDYA G, PRABHAKAR T V, GNANI N, et al. Sensor identification via acoustic physically unclonable function[J]. Digital Threats: Research and Practice, 2023, 4(2): 1-25.
[5] LI J C, MENG Y, ZHANG L, et al. MagFingerprint: a magnetic based device fingerprinting in wireless charging[C]//Proceedings of the IEEE Conference on Computer Communications. Washington D.C., USA: IEEE Press, 2023: 1-10.
[6] BERDICH A, GROZA B, MAYRHOFER R, et al. Sweep-to-unlock: fingerprinting smartphones based on loudspeaker roll-off characteristics[J]. IEEE Transactions on Mobile Computing, 2023, 22(4): 2417-2434.
[7] BERDICH A, GROZA B. Smartphone camera identification from low-mid frequency DCT coefficients of dark images[J]. Entropy, 2022, 24(8): 1158.
[8] YANG D L, XING G L, HUANG J, et al. QID: robust mobile device recognition via a multi-coil Qi-wireless charging system[J]. ACM Transactions on Internet of Things, 2022, 3(2): 1-27.
[9] LIU J Q, HU A Q, LI S. Spectrum-based fingerprint extraction and identification method of 100 m Ethernet card[C]//Proceedings of the 6th International Conference on Cryptography, Security and Privacy (CSP). Washington D.C., USA: IEEE Press, 2022: 102-107.
[10] PARMAKSIZ H, KARAKUZU C. A review of recent developments on secure authentication using RF fingerprints techniques[J]. Sakarya University Journal of Computer and Information Sciences, 2025, 5(3): 278-303.
[11] ALIYU M B, HAFEEZ M, JOHNSON A. LoRa-PUF: a two-step security solution for LoRaWAN[C]//Proceedings of the IEEE 97th Vehicular Technology Conference (VTC2023-Spring). Washington D.C., USA: IEEE Press, 2023: 1-6.
[12] FANG D W, HU A Q, SHI J X. An all-data-segment radio frequency fingerprint extraction method based on cross-power spectrum[C]//Proceedings of the 2nd International Conference on Consumer Electronics and Computer Engineering (ICCECE). Washington D.C., USA: IEEE Press, 2022: 384-388.
[13] AHMED C M, MATHUR A P, OCHOA M. NoiSense print[J]. ACM Transactions on Privacy and Security, 2021, 24(1): 1-35.
[14] LIU Y N, LI T, HU A Q. A correlation spectrum-based fingerprint extraction method for 1000BASE-T devices[C]//Proceedings of the 8th International Conference on Signal and Image Processing (ICSIP). Washington D.C., USA: IEEE Press, 2023: 486-490.
[15] MICHAELS A J, PALUKURU V S S, FLETCHER M J, et al. CAN bus message authentication via co-channel RF watermark[J]. IEEE Transactions on Vehicular Technology, 2022, 71(4): 3670-3686.
[16] 韩晓艺. 基于多维射频指纹的无线设备身份识别研究[D]. 北京: 北京交通大学, 2021. HAN X Y. Research on wireless device identity recognition based on multi-dimensional radio frequency fingerprint[D]. Beijing: Beijing Jiaotong University, 2021. (in Chinese)
[17] 宋宇波, 陈冰, 郑天宇, 等. 基于混合特征指纹的无线设备身份识别方法[J]. 计算机研究与发展, 2021, 58(11): 2374-2399. SONG Y B, CHEN B, ZHENG T Y, et al. Hybrid feature fingerprint-based wireless device identification[J]. Journal of Computer Research and Development, 2021, 58(11): 2374-2399. (in Chinese)
[18] 曹来成, 赵建军, 崔翔, 等. 基于余弦测度下k-means的网络空间终端设备识别[J]. 中国科学院大学学报, 2016, 33(4): 562-569. CAO L C, ZHAO J J, CUI X, et al. Cyberspace device identification based on k-means with cosine distance measure[J]. Journal of University of Chinese Academy of Sciences, 2016, 33(4): 562-569. (in Chinese)
[19] 祝博宇, 陈霄, 沙乐天, 等. 基于流量和文本指纹的两层物联网设备分类识别模型[J]. 计算机科学, 2023, 50(8): 304-313. ZHU B Y, CHEN X, SHA L T, et al. Two-layer IoT device classification recognition model based on traffic and text fingerprints[J]. Computer Science, 2023, 50(8): 304-313. (in Chinese)
[20] Spirent. Testing, assurance, cybersecurity[EB/OL].[2024-04-29]. https://www.spirent.cn/products/testcenter-hardware.
[21] EIDSON J, LEE K. IEEE 1588 standard for a precision clock synchronization protocol for networked measurement and control systems[C]//Proceedings of the 2nd ISA/IEEE Sensors for Industry Conference. Washington D.C., USA: IEEE Press, 2003: 98-105.
[22] BREUER J, VIGNER V, ROZTO AČG IL J. Precise packet delay measurement in an Ethernet network[J]. Measurement, 2014, 54: 215-221.
[23] ANGRISANI L, VENTRE G, PELUSO L, et al. Measurement of processing and queuing delays introduced by an open-source router in a single-hop network[J]. IEEE Transactions on Instrumentation and Measurement, 2006, 55(4): 1065-1076.
[24] KENDALL A, BADRINARAYANAN V, CIPOLLA R. Bayesian segnet: model uncertainty in deep convolutional encoder-decoder architectures for scene understanding[EB/OL].[2024-04-29]. https://arxiv.org/abs/1511.02680.
[25] GAL Y, GHAHRAMANI Z. Dropout as a Bayesian approximation: representing model uncertainty in deep learning[C]//Proceedings of International Conference on Machine Learning.[S. l.]: PMLR, 2016: 1050-1059.
[26] ROMERO A, GATTA C, CAMPS-VALLS G. Unsupervised deep feature extraction for remote sensing image classification[J]. IEEE Transactions on Geoscience and Remote Sensing, 2016, 54(3): 1349-1362.
[27] RUFF L, VANDERMEULEN R, GOERNITZ N, et al. Deep one-class classification[C]//Proceedings of International Conference on Machine Learning.[S. l.]: PMLR, 2018: 4393-4402.
[28] XU H W, FENG Y, CHEN J, et al. Unsupervised anomaly detection via variational auto-encoder for seasonal KPIs in Web applications[C]//Proceedings of the 2018 Conference on World Wide Web. New York, USA: ACM Press, 2018: 187-196.
[29] 刘芹, 史桢港, 崔竞松. 基于行为指纹的网络设备识别方法[J]. 武汉科技大学学报, 2023, 46(1): 64-74. LIU Q, SHI Z G, CUI J S. A behavior fingerprint-based identification method for network devices[J]. Journal of Wuhan University of Science and Technology, 2023, 46(1): 64-74. (in Chinese)
[30] GUO W F, SONG W W, NIU X J, et al. Foundation and performance evaluation of real-time GNSS high-precision one-way timing system[J]. GPS Solutions, 2019, 23(1): 23.
[31] KINGMA D P, SALIMANS T, WELLING M. Variational dropout and the local reparameterization trick[C]// Proceedings of Advances in Neural Information Processing Systems. New York, USA: ACM Press, 2015: 2575-2583.
[32] ZHANG C, BUTEPAGE J, KJELLSTROM H, et al. Advances in variational inference[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2019, 41(8): 2008-2026.
[33] YOUSEFI-AZAR M, VARADHARAJAN V, HAMEY L, et al. Autoencoder-based feature learning for cyber security applications[C]//Proceedings of the International Joint Conference on Neural Networks (IJCNN). Washington D.C., USA: IEEE Press, 2017: 3854-3861.
[34] NG A. Sparse autoencoder[EB/OL].[2024-04-29]. https://web.stanford.edu/class/cs294a/sparseAutoencoder_2011new.pdf.
[35] KOSTAS K, JUST M, LONES M A. IoTDevID: a behavior-based device identification method for the IoT[J]. IEEE Internet of Things Journal, 2022, 9(23): 23741-23749.

Please choose a citation manager

Content to export