A fast and accurate method for identifying the equipment fingerprint of distribution secondary system

During the operation of the distribution secondary system attackers will use the uncertainty of device identity to obtain device fingerprint information by scanning the network to associate vulnerabilities and invade the system thus exposing the system to great risks. A device fingerprint is a set of characteristic information that uniquely identifies a device. Therefore, a device fingerprint can be used to discover malicious devices and system vulnerabilities. In this paper the passive device fingerprint identification method based on TCP/ IP protocol is proposed to solve the problem of inaccurate matching in the device fingerprint database of the distribution secondary system and the low efficiency of the existing device fingerprint identification method. The method combines the RIPPER algorithm to build the device fingerprint identification classification model. The automatic fingerprint library based on HTTP User-Agent is used to recognize the device fingerprint.