research-article

Automatically Discovering Surveillance Devices in the Cyberspace

Authors:

Limin SunAuthors Info & Claims

MMSys'17: Proceedings of the 8th ACM on Multimedia Systems Conference

Pages 331 - 342

https://doi.org/10.1145/3083187.3084020

Published: 20 June 2017 Publication History

Abstract

Surveillance devices with IP addresses are accessible on the Internet and play a crucial role in monitoring physical worlds. Discovering surveillance devices is a prerequisite for ensuring high availability, reliability, and security of these devices. However, today's device search depends on keywords of packet head fields, and keyword collection is done manually, which requires enormous human efforts and induces inevitable human errors. The difficulty of keeping keywords complete and updated has severely impeded an accurate and large-scale device discovery. To address this problem, we propose to automatically generate device fingerprints based on webpages embedded in surveillance devices. We use natural language processing to extract the content of webpages and machine learning to build a classification model. We achieve real-time and non-intrusive web crawling by leveraging network scanning technology. We implement a prototype of our proposed discovery system and evaluate its effectiveness through real-world experiments. The experimental results show that those automatically generated fingerprints yield very high accuracy of 99% precision and 96% recall. We also deploy the prototype system on Amazon EC2 and search surveillance devices in the whole IPv4 space (nearly 4 billion). The number of devices we found is almost 1.6 million, about twice as many as those using commercial search engines.

References

[1]

2000. Nmap, Network Security Scanner tool. (2000). https://nmap.org/

[2]

2014. Scikit-Learn Machine Learning in Python. (2014). http://scikit-learn.org/stable/index.html

[3]

2016. Major cyber attack disrupts Internet service across Europe and US. (2016). https://www.theguardian.com/technology/2016/oct/21/ddos-attack-dyn-internet-denial-service

[4]

RFC 2616. 1970. List of HTTP status codes. (1970). https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

[5]

Mark Allman, Vern Paxson, and Jeff Terrell. 2007. A brief history of scanning. In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement. ACM, 77--82.

Digital Library

[6]

BeautifulSoup. 2010. A Python library designed for quick turnaround projects like screen-scraping. (2010). https://www.crummy.com/software/BeautifulSoup/

[7]

Christopher M Bishop. 2007. Pattern recognition and machine learning (information science and statistics). (2007).

Digital Library

[8]

Censys. 2016. A search engine for devices and networks based on Internet-wide scanning. (2016). https://censys.io/

[9]

Darning D Chen, Manuel Egele, Maverick Woo, and David Brumley. 2016. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In The Network and Distributed System Security Symposium (NDSS).

[10]

Chi2. 2010. The Chi Square Statistic. (2010). http://math.hws.edu/javamath/ryan/ChiSquare.html

[11]

Search Claim. 2016. Internet-Wide Physical Devices Scaning Research. (2016). https://www.cpsteam.org/

[12]

Douglas E. Comer and John C. Lin. 1994. Probing TCP Implementations. In Proceedings of the USENIX Summer 1994 Technical Conference-Volume 1 (USTC'94). USENIX Association, Berkeley, CA, USA, 17--17. http://dl.acm.org/citation.cfm?id=1267257.1267274

Digital Library

[13]

Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti. 2014. A Large-Scale Analysis of the Security of Embedded Firmwares. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, San Diego, CA, 95--110. https://www.usenix.org/conference/usenixsecurityl4/technical-sessions/presentation/costin

Digital Library

[14]

Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2013. ZMap: Fast Internet-wide Scanning and Its Security Applications. In Proceedings of the 22nd USENIX Security Symposium.

Digital Library

[15]

Amazon EC2. 2014. Amazon Elastic Compute Cloud. (2014). https://aws.amazon.com/ec2/

[16]

Xuan Feng, Qiang Li, Haining Wang, and Limin Sun. 2016. Characterizing industrial control system devices on the Internet. In 2016 IEEE 24th International Conference on Network Protocols (ICNP). 1--10.

[17]

John Heidemann, Yuri Pradkin, Ramesh Govindan, Christos Papadopoulos, Genevieve Bartlett, and Joseph Bannister. 2008. Census and survey of the visible Internet. In Proceedings of the 8th ACM SIGCOMM conference on Internet measurement. ACM, 169--182.

Digital Library

[18]

Chi-Yao Hong, Fang Yu, and Yinglian Xie. 2012. Populated IP addresses: classification and applications. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 329--340.

Digital Library

[19]

INNA. 1990. Assigned Numbers Authority (IANA). (1990). http://www.iana.org/

[20]

Tadayoshi Kohno, Andre Broido, and K. C. Claffy. 2005. Remote Physical Device Fingerprinting. IEEE Transactions on Dependable and Secure Computing 2, 2 (April 2005), 93--108.

Digital Library

[21]

The Go Programming Language. 2014. Open Source Project. (2014). https://golang.org/

[22]

Derek Leonard and Dmitri Loguinov. 2010. Demystifying service discovery: implementing an Internet-wide scanner. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement. ACM, 109--122.

Digital Library

[23]

Information Handling Services Markit Ltd. 2014. 245 million video surveillance cameras installed globally in 2014. (2014). https://technology.ihs.com/532501/245-million-video-surveillance-cameras-installed-globally-in-2014

[24]

NLTK. 2009. A leading platform for building Python programs for Natural Language Toolkit. (2009). http://www.nltk.org/

[25]

Numpy. 2006. Randomly Permute A Sequence. (2006). http://docs.scipy.org/doc/numpy/reference/generated/numpy.random.permutation.html

[26]

ONVIF. 2009. Open Network Video Interface Forum website. (2009). http://www.onvif.org

[27]

PSIA. 2010. Physical Security Interoperability Alliance website. (2010). http://www.psialliance.org

[28]

Gerard Salton, Anita Wong, and Chung-Shu Yang. 1975. A vector space model for automatic indexing. Commun. ACM 18, 11 (1975), 613--620.

Digital Library

[29]

Shodan. 2014. The search engine for Internet-connected devices. (2014). https://www.shodan.io/

[30]

Stuart Staniford, Vern Paxson, and Nicholas Weaver. 2002. How to Own the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium. USENIX Association, Berkeley, CA, USA, 149--167. http://dl.acm.org/citation.cfm?id=647253.720288

Digital Library

[31]

Franck Veysset, Olivier Courtay, Olivier Heen, IR Team, et al. 2002. New tool and technique for remote operating system fingerprinting. Intranode Software Technologies 4 (2002).

[32]

Yinglian Xie, Fang Yu, Kannan Achan, Eliot Gillum, Moises Goldszmidt, and Ted Wobber. 2007. How dynamic are IP addresses?. In ACM SIGCOMM Computer Communication Review, Vol. 37. ACM, 301--312.

Digital Library

Cited By

Bin HZhao SLi ZYu NXi RZhu HSun L(2023)UID-Auto-Gen: Extracting Device Fingerprinting from Network Traffic2023 IEEE International Performance, Computing, and Communications Conference (IPCCC)10.1109/IPCCC59175.2023.10253856(82-90)Online publication date: 17-Nov-2023
https://doi.org/10.1109/IPCCC59175.2023.10253856
Wu TZhou XWu HZhang DZhang YHan X(2023)Device Identification based on Network Traffic Fingerprint2023 2nd International Conference on Artificial Intelligence and Intelligent Information Processing (AIIIP)10.1109/AIIIP61647.2023.00026(110-113)Online publication date: 27-Oct-2023
https://doi.org/10.1109/AIIIP61647.2023.00026
Wang XLi RDu SLuo X(2023)An accurate identification method for network devices based on spatial attention mechanismSecurity and Safety10.1051/sands/20230022(2023002)Online publication date: 3-May-2023
https://doi.org/10.1051/sands/2023002
Show More Cited By

Index Terms

Automatically Discovering Surveillance Devices in the Cyberspace
1. Information systems
  1. Data management systems
    1. Database design and models
      1. Data model extensions
        Data provenance
2. Networks
  1. Network performance evaluation
    1. Network experimentation
  2. Network services
    1. Network management

Recommendations

Automatically adapting web pages to heterogeneous devices
CHI EA '11: CHI '11 Extended Abstracts on Human Factors in Computing Systems

Smartphones and other handheld devices have become popular and powerful Internet access devices, yet the Web is still largely optimized for the desktop. We describe a system that automatically transforms desktop-optimized pages to ones better suited to ...
Detecting Internet-Scale Surveillance Devices Using RTSP Recessive Features
Science of Cyber Security
Abstract
In recent years, fingerprinting online surveillance devices has been a hot research topic. However, large-scale devices still can not be identified their brands in previous studies and mainstream search engines. In this work, we propose a novel ...
A Real-Time Smart Assistant for Video Surveillance Through Handheld Devices
MM '14: Proceedings of the 22nd ACM international conference on Multimedia

In a remote surveillance system, a high resolution surveillance camera streams its video to a user's handheld device. Such devices are unable to make use of the high resolution video due to their limited display size and bandwidth. In this paper, we ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MMSys'17: Proceedings of the 8th ACM on Multimedia Systems Conference

June 2017

407 pages

ISBN:9781450350020

DOI:10.1145/3083187

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMM: ACM Special Interest Group on Multimedia

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

MMSys'17

Sponsor:

SIGMM

MMSys'17: Multimedia Systems Conference 2017

June 20 - 23, 2017

Taipei, Taiwan

Acceptance Rates

MMSys'17 Paper Acceptance Rate 13 of 47 submissions, 28%;

Overall Acceptance Rate 176 of 530 submissions, 33%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
227
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)2

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bin HZhao SLi ZYu NXi RZhu HSun L(2023)UID-Auto-Gen: Extracting Device Fingerprinting from Network Traffic2023 IEEE International Performance, Computing, and Communications Conference (IPCCC)10.1109/IPCCC59175.2023.10253856(82-90)Online publication date: 17-Nov-2023
https://doi.org/10.1109/IPCCC59175.2023.10253856
Wu TZhou XWu HZhang DZhang YHan X(2023)Device Identification based on Network Traffic Fingerprint2023 2nd International Conference on Artificial Intelligence and Intelligent Information Processing (AIIIP)10.1109/AIIIP61647.2023.00026(110-113)Online publication date: 27-Oct-2023
https://doi.org/10.1109/AIIIP61647.2023.00026
Wang XLi RDu SLuo X(2023)An accurate identification method for network devices based on spatial attention mechanismSecurity and Safety10.1051/sands/20230022(2023002)Online publication date: 3-May-2023
https://doi.org/10.1051/sands/2023002
Wang RLi HJing JJiang LDong W(2022)WYSIWYG: IoT Device Identification Based on WebUI Login PagesSensors10.3390/s2213489222:13(4892)Online publication date: 29-Jun-2022
https://doi.org/10.3390/s22134892
Chen YPan JYu DMa YYang Y(2022)Retransmission-Based TCP Fingerprints for Fine-Grain IoV Edge Device IdentificationIEEE Transactions on Vehicular Technology10.1109/TVT.2022.316909071:7(7835-7847)Online publication date: Jul-2022
https://doi.org/10.1109/TVT.2022.3169090
Chen JZeng YLiu ZMa JZhou TLiu J(2022)An IoT Device Identification Method over Encrypted Traffic Based on t-SNE Dimensionality2022 IEEE 21st International Conference on Ubiquitous Computing and Communications (IUCC/CIT/DSCI/SmartCNS)10.1109/IUCC-CIT-DSCI-SmartCNS57392.2022.00024(67-72)Online publication date: Dec-2022
https://doi.org/10.1109/IUCC-CIT-DSCI-SmartCNS57392.2022.00024
Li RWang XLuo X(2022)High-accuracy model recognition method of mobile device based on weighted feature similarityScientific Reports10.1038/s41598-022-26518-y12:1Online publication date: 18-Dec-2022
https://doi.org/10.1038/s41598-022-26518-y
Duan PLi RZhu LYu H(2022)Classification Method of Blockchain and IoT Devices Based on LSTMBlockchain and Trustworthy Systems10.1007/978-981-16-7993-3_27(355-367)Online publication date: 1-Jan-2022
https://doi.org/10.1007/978-981-16-7993-3_27
Wang XLuo XDu SLi LYang YLiu F(2022)A Rapid Device Type Identification Method Based on Feature Reduction and Dynamical Feature Weights AssignmentArtificial Intelligence and Security10.1007/978-3-031-06791-4_52(663-677)Online publication date: 4-Jul-2022
https://doi.org/10.1007/978-3-031-06791-4_52
Yao LZhuang HSu QLin ZGu J(2021)Automatic Smart Device Identification Based on Web Fingerprint and Neural NetworkProceedings of the 2021 3rd International Conference on Big-data Service and Intelligent Computation10.1145/3502300.3502305(33-41)Online publication date: 19-Nov-2021
https://dl.acm.org/doi/10.1145/3502300.3502305
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents