Search

US-12627564-B2 - Device classification at the edge

US12627564B2US 12627564 B2US12627564 B2US 12627564B2US-12627564-B2

Abstract

A method, device, and storage medium are provided and configured to control one or more network functions for user devices in a local network. A fingerprint determination model is provided and configured to determine one or more characteristics of user devices based on messages generated by respective user devices. A first message from a user device is received and processed to determine a set of one or more user device message characteristics. Device fingerprint data, representing at least one determined characteristic of the user device, is generated by processing the set of one or more user device message characteristics using the fingerprint determination model. One or more network functions for the user device are controlled based on the at least one determined characteristics of the user device represented in the device fingerprint data.

Inventors

  • Shashi Hosakere Ankaiah
  • Trevor Miranda
  • Vivek Lakshminarayana Atreya

Assignees

  • CAMBIUM NETWORKS LTD

Dates

Publication Date
20260512
Application Date
20240606
Priority Date
20231228

Claims (20)

  1. 1 . A network management device at an edge of a local network, wherein the network management device is configured to facilitate communication between a plurality of user devices connected in the local network and computing devices in an external network, the network management device comprising one or more communication modules, at least one processor, and storage comprising computer-executable instructions which, when executed by the at least one processor, cause the network management device to: provide a fingerprint determination model configured to determine two or more characteristics of the plurality of user devices based on messages generated by respective user devices, wherein the fingerprint determination model comprises a plurality of inference layers, each of the plurality of inference layers configured to determine a different characteristic from other inference layers of the plurality of inference layers; receive at least a first message from a first user device of the plurality of user devices; process the first message to determine a set of one or more user device message characteristics; generate device fingerprint data representing at least two determined characteristics of the first user device by: processing, in a first inference layer of the plurality of inference layers, the set of one or more user device message characteristics to determine a first characteristic of the first user device; and processing, in a second inference layer of the plurality of inference layers, the set of one or more user device message characteristics and the first characteristic of the first user device to determine a second characteristic of the first user device, and control one or more network functions for the first user device based on the at least two determined characteristics of the first user device represented in the device fingerprint data.
  2. 2 . The network management device of claim 1 , wherein the storage includes a plurality of network management rules for controlling one or more network functions for the first user device, and wherein controlling one or more network functions for the first user device comprises: identifying a network management rule associated with the at least two determined characteristics of the first user device; and applying the identified network management rule to communications associated with the first user device.
  3. 3 . The network management device of claim 1 , wherein controlling one or more network functions includes: determining whether the at least two determined characteristics of the first user device conform to one or more advertised characteristics of the first user device, the one more advertised characteristics being indicated in a service advertisement message generated by the first user device; and controlling a distribution of the service advertisement message in the local network based on an outcome of the determining.
  4. 4 . The network management device of claim 3 , wherein: if it is determined that the at least two determined characteristics of the first user device do not conform to the one or more advertised characteristics of the first user device, controlling the distribution of the service advertisement message in the local network includes preventing the service advertisement message from being sent to further user devices in the local network; and if it is determined that the at least two determined characteristics of the first user device do conform to the one or more advertised characteristics of the first user device, controlling the distribution of the service advertisement message in the local network includes allowing the service advertisement message to be sent to further user devices in the local network.
  5. 5 . The network management device of claim 1 , wherein controlling one or more network functions includes: determining whether the first user device is utilizing a media access control (MAC) address that is the same as a MAC addressed utilized by a further user device in the local network; and controlling access to the local network for the first user device based on an outcome of the determining.
  6. 6 . The network management device of claim 1 , wherein the one or more user device message characteristics include any one or more of: a media access control (MAC) address associated with the first user device; a hostname associated with the first user device; one or more dynamic host configuration protocol (DHCP) parameters associated with the first user device; one or more hypertext transfer protocol (HTTP) user agents associated with the first user device; and one or more domain name system (DNS) query.
  7. 7 . The network management device of claim 1 , wherein the at least two determined characteristics of the first user device includes any two or more of: a device type associated with the first user device; an operating system associated with the first user device; a manufacturer of the first user device; an organization associated with the first user device; and a model of the first user device.
  8. 8 . The network management device of claim 1 , wherein the fingerprint determination model comprises a machine learning classifier.
  9. 9 . Network management device of claim 8 , wherein the fingerprint determination model comprises at least one of: a support vector machine; or an artificial neural network.
  10. 10 . The network management device of claim 1 , wherein the computer-executable instructions, when executed by the at least one processor, cause the network management device to: receive model data for implementing the fingerprint determination model; and store the received model data for providing the fingerprint determination model.
  11. 11 . The network management device of claim 10 , wherein the model data comprises at least one of: training data for training the fingerprint determination model; computer-executable instructions for implementing the fingerprint determination model; or update data representing an update to be made to the fingerprint determination model.
  12. 12 . The network management device of claim 10 , wherein the model data is associated with a geographic region whereby a determination of at least one characteristic of the first user device is associated with a specific geographic region.
  13. 13 . The network management device of claim 10 , wherein the model data is generated at least by: collecting a plurality of messages from at least the plurality of user devices in one or more local networks; storing the plurality of messages in association with fingerprint data associated with the plurality of user devices; segmenting the stored plurality of messages based on a geographic location from which they are sent; and generating training data for training the fingerprint determination model based on a segmented portion of the stored plurality of messages associated with a given geographic location.
  14. 14 . A method of controlling one or more network functions for a plurality of user devices in a local network, the method being performed by a network management device at an edge of the local network, wherein the network management device is configured to facilitate communication between the plurality of user devices connected in the local network and computing devices in an external network, the method comprising: providing a fingerprint determination model configured to determine two or more characteristics of the plurality of user devices based on messages generated by respective user devices, wherein the fingerprint determination model comprises a plurality of inference layers, each of the plurality of inference layers configured to determine a different characteristic from other inference layers of the plurality of inference layers; receiving at least a first message from a first user device of the plurality of user devices; processing the first message to determine a set of one or more user device message characteristics; generating device fingerprint data representing at least two determined characteristics of the first user device by: processing, in a first inference layer of the plurality of inference layers, the set of one or more user device message characteristics to determine a first characteristic of the first user device; and processing, in a second inference layer of the plurality of inference layers, the set of one or more user device message characteristics and the first characteristic of the first user device to determine a second characteristic of the first user device, and controlling one or more network functions for the first user device based on the at least two determined characteristics of the first user device represented in the device fingerprint data.
  15. 15 . The method according to claim 14 , wherein controlling one or more network functions for the first user device comprises: identifying a network management rule associated with at the at least two determined characteristics of the first user device; and applying the identified network management rule to communications associated with the first user device.
  16. 16 . The method of claim 14 , wherein the two or more user device message characteristics include any two or more of: a media access control (MAC) address associated with the first user device; a hostname associated with the first user device; one or more dynamic host configuration protocol (DHCP) parameters associated with the first user device; one or more hypertext transfer protocol (HTTP) user agents associated with the first user device; and one or more domain name system (DNS) query.
  17. 17 . The method of claim 14 , wherein the at least two determined characteristics of the first user device includes any two or more of: a device type associated with the first user device; an operating system associated with the first user device; a manufacturer of the first user device; an organization associated with the first user device; and a model of the first user device.
  18. 18 . The method of claim 14 , wherein the fingerprint determination model comprises a machine learning classifier.
  19. 19 . The method of claim 18 , wherein the machine learning classifier comprises any one or more of: a support vector machine; or an artificial neural network.
  20. 20 . The method of claim 14 , wherein the method comprises: receiving model data for implementing the fingerprint determination model; and storing the received model data for providing the fingerprint determination model.

Description

CROSS-REFERENCE TO RELATED APPLICATION This application claims priority to India Patent Application No. 202341089340, filed on Dec. 28, 2023, the entirety of which is hereby fully incorporated by reference herein. TECHNICAL FIELD The present disclosure relates to computer network management and in particular but not exclusively, to identifying device characteristics and implementing management and/or security functions in the computer network. BACKGROUND Computer networks are fundamental to modern computing infrastructure and are widely used in businesses, schools, and homes. With an increasing number of devices having wireless communication capabilities with other devices, the burden on network management, and particularly network security is commensurately increasing. While the number of devices which may be expected to connect to computer networks increases, users also typically expect higher performance and lower latency in computer networks now as compared to the past. The demands on bandwidth capabilities and network latency are increasing. Device fingerprinting is a technique used to identify and, in some cases track, devices based on their unique characteristics and behaviors. This method is often employed in the context of online security, and fraud detection. Device fingerprinting may also be used as a technique when managing local area networks (LANs) such as those deployed in schools, businesses, homes, and more. For example, device fingerprinting in a local Wi-Fi network can support network security by enabling the identification of unauthorized or suspicious devices. Device fingerprinting typically involves data collection and the processing of that data to determine one or more characteristics of a device. For example, when a device connects to a Wi-Fi network, details which are shared by the device such as the multimedia access control (MAC) address, may be stored. The MAC address along with other data shared by the device, may be used to identify certain characteristics of the device that has connected. A MAC address, also referred to as hardware address or a physical address, is a unique identifier assigned to a network interface controller (NIC), typically by a manufacturer. It is used to uniquely identify devices on a network at the data link layer of the network protocol stack. A MAC address is a 48-bit (6-byte) address, typically represented as six pairs of hexadecimal digits separated by colons or hyphens (e.g., 00:1A:2B:3C:4D:5E). The first half of the MAC address represents the manufacturer or vendor identifier, while the second half is a unique identifier assigned to the specific network interface. MAC addresses are used for devices to communicate on a local area network (LAN). They are used by the Ethernet protocol to ensure that data is sent to the correct destination device. When a device sends data packets, it includes the MAC address of the intended recipient, allowing the network switched and routers to forward the packets appropriately. MAC addresses are specific to the data link layer and are typically not routable across different networks. In contrast, IP (Internet Protocol) addresses are used for network communication at the network later and are routable across different networks. Security is an important area of network management. Ensuring that access to networks, and in particular local area networks in which user devices are connected, is secure is essential for protecting users and their devices from data leaks and other malicious attacks. SUMMARY According to a first aspect of the present disclosure there is provided a network management device configured to facilitate communication between user devices connected in a local network and computing devices in an external network, the network management device comprising one or more communication modules, at least one processor, and storage comprising computer-executable instructions which, when executed by the at least one processor, cause the network management device to: provide a fingerprint determination model configured to determine one or more characteristics of user devices based on messages generated by respective user devices; receive at least a first message from a said user device; process the first message to determine a set of one or more user device message characteristics; generate device fingerprint data representing at least one determined characteristic of the said user device by processing the set of one or more user device message characteristics using the fingerprint determination model; and control one or more network functions for the said user device based on the at least one determined characteristics of the said user device represented in the device fingerprint data. Performing device fingerprinting using a model located within the network, as opposed to relying on an external cloud-based service, offers several benefits. Enhanced privacy and data security: keeping the fingerprinting process