Fine-grained identification of camera devices based on inherent features

1.   Introduction

Camera devices are typical pieces of Internet of Things (IoT) equipment ubiquitously deployed in cyberspace and play an important role in maintaining safety in daily life and industrial operations. However, camera devices are usually technically heterogeneous and geographically dispersed, and it is time-consuming for devices owners to test which cameras are online and whether they are functioning normally. Camera devices are becoming attractive targets of cyber-attacks lack of security management. In 2016, up to 1.5 million webcams were attacked by the Mirai malware. The compromised webcams launched a large-scale distributed denial-of-service (DDoS) attack against some high-profile network infrastructure, causing paralysis of half of the U.S. internet. Therefore, accurately identifying the fine-grained type of device is of great significance for asset management. Conducting cyberspace resource surveying and mapping ^[1], assessing the impact of equipment vulnerabilities ^[2], and improving the effectiveness of network device governance ^[3] also requires understanding the type of devices.

Precise identification of camera devices is helpful for asset management, vulnerability assessment, and patch upgrading and thus is the groundwork for security management. Concurrently, there are two main kinds of methods for device identification, traffic-based, and web search-based methods—described as follows.

Traffic-based identification approaches can be classified into two main areas: active probing and passive monitoring.

Active Traffic Probing. A server sends a request message to a remote host using a specific application protocol (such as HTTP, FTP, POP3, etc.) via an IP address and extracts features from the response. Features match with a pre-established device fingerprint to establish the identification of the device. Shodan ^[4] is the world's first search engine for networked devices based on this technology. It uses Nmap ^[5] to periodically perform port scans on approximately 600 million devices around the world and returns banner information through processing to identify specific devices. Scholars at the University of Michigan used the self-developed Zmap ^[6] scanning tool to build the Censys ^[7] system to search for devices. In addition, ZoomEye, FoFa, and Oshadan are examples of the implementation of active probing ^[8], which has strong scalability. For new device types, a fingerprint is added to the fingerprint database to establish identification.

This method can customize the request packet to obtain a specific response message text, feature data are easy to obtain. However, with the enhancement of security protection strategies, more and more devices no longer respond to request messages. In this case, the response data is not obtained and the device identification is invalid.

Passive Traffic Monitoring. This technique monitors network traffic without sending any messages. First, it extracts various characteristics such as protocol parameters, packet fingerprints, or communication patterns from the traffic. Second, it establishes an appropriate identification model leveraging machine learning theory is established. Finally, it identifies the device types using the identification model.

Y. Meidan et al. ^[9] took a quadruple composed of a source IP, destination IP, port number, and flag bits (SYN, FIN, ACK, etc.) in the TCP session data as characteristics. They used several machine learning approaches to classify and identify IoT devices.

Miettinen M et al. ^[10] extracted a total of 23 features (e.g., the protocol types of each layer of the packet, source, and destination port number) from network traffic. They built the SENTINEL system by using the random forest method to classify IoT devices.

Arunan Sivanathan et al. ^[11] extracted features such as flow duration, port number, domain name, and cipher suite. They built a multistage classification model based on naive Bayes and random forest methods.

Cheng et al. ^[12] took the differences among the device file headers in traffic as features and used classification algorithms such as a backpropagation neural network ^[13], support vector machine ^[14], and k-nearest neighbors ^[15] to identify device types.

Yang et al. ^[16] took advantage of the characteristics of device network protocols at different open systems interconnection layers and neural network algorithms to generate the fingerprints of IoT devices for device identification.

Arunan et al. ^[17] used traffic characteristics obtained at the network level for IoT device classification. They presented insights into the underlying network traffic characteristics using statistical attributes such as activity cycles, port numbers, signaling patterns, and cipher suites. The work developed a multistage machine learning-based classification algorithm to identify specific IoT devices.

Sakthi et al. ^[18] proposed GTID, a wireless device identification technique based on traffic measurement metrics using the Ping and iPerf tools. They collect the interarrival time (IAT) of messages from the switch as features to create a unique and reproducible device signature and use artificial neural networks (ANNs) for classification.

This type of method circumvents the problem of non-responsive messages due to security policies, but it also limits the acquisition of high-value features and reduces the accuracy of device classification and identification.

Web-search-based. Web-search-based device identification method acquires knowledge of IoT devices—i.e., IoT devices and related vendors, products, and models—to build a device information repository or establish annotation rules.

Zou et al. ^[19] proposed an IoT device recognition framework based on web searches, which identified the brand and model of IoT devices by matching their protocol banners with a product attributes database established by crawling specific electronic business websites.

Feng ^[20] proposed an ARE engine that extracts relevant terms from the response data as search query crawl websites. They used an association algorithm to generate rules for IoT device annotations based on vendors, products, and models.

Agarwal et al. ^[21] developed a tool named WID that captures the web pages of IoT devices and performs device type classification by analyzing the source code of the web pages.

This type of approach does not need manual construction of fingerprints or training data to identify device types, but the accuracy relies on the reliability of Internet resources and requires the design of very complex rules for matching attribute information, which limits the accuracy and recall of the algorithm.

In addition, there is a device type identification method based on clock deviation ^{[22,23,24,25,26,27]}. This type of method uses the deviation that still exists after each device is calibrated by the network time protocol (NTP) to classify IoT devices. However, the clock deviation of a device is very difficult to measure, and it is difficult to distinguish the difference in the clock deviation among devices from the same manufacturer. This method of identifying the specific type of device can cause large errors.

The above methods have high accuracy in identifying coarse-grained device types. However, it is a challenge to accurately identify fine-grained types of devices. We propose a fine-grained camera device identification method based on the inherent features of devices. Inherent features represent characteristics of the device itself, such as device-specific parameters, geometric shapes, physical properties, and technical parameters. There are few research studies based on inherent features for classifying and identifying devices.

We believe that inherent features can be used to effectively identify the fine-grained device. When distinguishing a device, our method determines the weight of each feature based on the coverage and differences of the inherent features. We develop a feature similarity calculation strategy (FSCS) based on the manifestation of an inherent feature value. Based on each weight and the FSCS, we build a device identification model to establish the fine-grained identification of a device type. The detailed contribution of work is given below:

1) We propose a new feature weight determination strategy. The method proposed in this paper selects features based on the coverage of inherent attributes. The greater the feature differences among different types are, the better the distinction of the features. For the inherent selection characteristics, we calculate a feature entropy value based on the feature differences, use the feature entropy value to determine a feature weight, and provide a feature weight determination strategy based on a theoretical foundation.

2) We design a more reasonable feature similarity calculation rule. The inherent characteristics are classified into "phrase type", "numerical value", "interval type", and "collection type" according to the expression form. Similarity calculation rules are developed for each type of inherent characteristic. Compared with a strategy that uses a single calculation rule to calculate all types of similarity, the classification similarity calculation rule is more concise, and the calculation cost is lower.

3) We construct a fine-grained camera equipment type identification model based on inherent characteristics. Based on the feature weights and similarity calculation rules, we design a device type identification model using the idea of weighted average. This model can recognize fine-grained types of target devices with high accuracy even when some inherent feature values are missing, and it has good applicability in a real environment.

The rest of the paper is as follows: Section 2 introduces the detailed methodology and steps of the method. The rationality and reliability analysis of the method is given in Section 3. Section 4 presents the experimental results and analysis. In the end, Section 5 concludes our paper and discusses future work.

2.   Methodology

In this section, we explain our proposed method in detail. We first present the basic framework, and we explain the notations of our algorithm. Then, we analyze the FSCS. Finally, we build the device identification model. Our proposed basic framework is shown in Figure 1, which includes three phases described as follows.

Extracting the inherent features. For data about the inherent attributes (e.g., size, weight, parameter, etc.) of a device ${f}_{i, n}$ in various types of equipment, we select the inherent attributes with large differences and wide coverage as the inherent features.

Building the identification model. First, we design the calculation rules of feature similarity using the manifestation of the inherent features. Then, the feature weights are determined from the information entropy of the features in the dataset. Finally, we construct the identification model according to the calculation rules of feature similarity and the weights of the features.

Identifying the device type. Based on the inherent features of the target device, the similarity between the target device and known devices is calculated to identify the type of the target device, and the device model with the largest similarity value is considered as the model of the target device.

2.1.   Notations

The notations used to describe our proposed approach and the means of evaluating them are summarized below.

$f$: An inherent feature of the device. ${f}_{i, n}$ is the nth feature of the ith device.

$F$: A collection of all inherent features of the device, and the inherent features of the ith device are ${F}_{i} = \left\{{f}_{i, 1}\right., {f}_{i, 2}, \dots, \left.{f}_{i, n}\right\}$

${T}_{i}$: The type of device $I$. ${T}_{no}$ indicates the unknown device type; that is, if the type of device $i$ is unknown, then ${T}_{i} = {T}_{no}$.

${dev}_{i}$: A two-tuple composed of the inherent features and type of device $i$, ${dev}_{i} = < {F}_{i}, {T}_{i} >$.

${D}_{base}$: A knowledge set defined as the collection of all known types of devices, ${D}_{base} = \left\{ < \right.{F}_{base, 1}\left.{, T}_{base, 1} > , < {F}_{base, 2}, {T}_{base, 2} > , \dots, < {F}_{base, n}, {T}_{base, n} > \right\}$, F_{base, n} is the feature set of the nth device in the D_base database and T_{base, n} is the type of the nth device in the D_base database. ${T}_{base, i}\ne {T}_{no}\left(1\le i\le n\right).$

${D}_{target}$: The target set is defined as the set consisting of all types of devices to be identified, ${D}_{target} = \left\{ < {F}_{target, 1}\right., {T}_{no} > , < {F}_{target, 2}, {T}_{no} > , \dots, < {F}_{target, s}, {T}_{no}\left. > \right\}$.

$Similarity\left({f}_{i, k}\right., \left.{f}_{j, k}\right)$: The similarity of the $k$-th inherent feature between ${F}_{j}$ and ${F}_{i}$. At this time, ${f}_{i, k}$ is called the benchmark feature, and ${f}_{j, k}$ is the target feature (note: $Similarity\left({f}_{i, k}\right., \left.{f}_{j, k}\right)$ is not necessarily equal to $Similarity\left({f}_{j, k}\right., \left.{f}_{i, k}\right)$).

$Similarity\left({F}_{i}\right., {F}_{j})$: The similarity of the feature set ${F}_{i}$ and${F}_{j}$. At this time, ${F}_{i}$ is called the benchmark feature set, and ${F}_{j}$ is the target feature set (note: $Similarity\left({F}_{i}\right., {F}_{j})$ is not necessarily equal to $Similarity\left({F}_{j}\right., {F}_{i})$).

2.2.   Feature Similarity Calculation Strategy (FSCS)

Different inherent features are usually expressed in different forms. For example, the size of a device is usually "length × width × height" or "bottom radius × height", and the shape of a device is usually "square", "cylindrical" or "spherical". Therefore, it is necessary to design different feature similarity calculation rules for the features of different expressions. Analyzing the manifestation of the inherent features of the camera devices resulted in the division of the manifestation of the inherent features into four types: "phrase type", "numerical value", "interval type" and "collection type". We design similarity calculation rules for these four manifestations.

For "phrase type", when the feature phrases are the same, the feature similarity is 1; otherwise, it is 0. Considering the $k$-th feature of the inherent feature vectors ${F}_{base}$ and ${F}_{i}$ as a "phrase type" feature, the similarity calculation strategy between the target feature ${f}_{i, k}$ and the benchmark feature ${f}_{base, k}$ is shown in Eq (1).

For the "numerical type", the size of the feature value and the measurement error $\varepsilon$ of the feature value are comprehensively considered. If the kth feature of the inherent feature vectors ${F}_{base}$ and ${F}_{i}$ is a "numerical type" feature, we can obtain the similarity calculation strategy between the target feature ${f}_{i, k}$ and the benchmark feature ${f}_{base, k}$ described as Eq (2).

For "interval type", the calculation strategy is designed based on an interval inclusion relationship. If the kth feature of the inherent feature vectors ${F}_{base}$ and ${F}_{i}$ is an "interval type" feature, then the similarity calculation strategy between the target feature ${f}_{i, k}$ and the benchmark feature ${f}_{base, k}$ is constructed as Eq (3).

For "collection type", the benchmark feature is used as a reference. The target feature and the benchmark feature are vectorized, and the cosine similarity is used to measure the feature similarity. If the kth feature of the inherent feature vectors ${F_{base}}$ and ${F_i}$ is a "collection type" feature, where ${f_{base, k}} = \left({{e_{base, 1}}, {e_{base, 2}}, \cdots, {e_{base, n}}} \right)$ represents the benchmark feature and ${f_{i, k}} = \left({{e_{i, 1}}, {e_{i, 2}}, \cdots, {e_{i, m}}} \right)$ represents the target feature, suppose the vectorization of the benchmark feature is expressed as ${V_{base, k}} = \left({{a_{base, 1}}, {a_{base, 2}}, \cdots, {a_{base, n}}} \right)$, and the vectorization of the target feature is expressed as ${V_{i, k}} = \left({{b_{i, 1}}, {b_{i, 2}}, \cdots, {b_{i, n}}} \right)$. Then, the vectorization process is as follows: for ${V_{base, k}}$, $\forall r \in {Z^ + }$, ${\text{ }}1 \leqslant r \leqslant n$, then ${a_{base, r}} = 1$; for ${V_{i, k}}$, $\forall r \in {Z^ + }$, ${\text{ }}1 \leqslant r \leqslant n$. If ${e_{base, r}} \in {f_{i, k}}$, then${b_{i, r}} = 1$. After vectorization, the similarity calculation strategy is expressed as Eq (4).

where ${b_{i, r}}$ is the vectorization result of the r-th feature of the i-th device.

2.3.   Identification model

According to the differences in the inherent features, an entropy value of a feature is calculated as the weight value. By using the FSCS combined with the inherent feature weights, the device identification model is constructed. The determination strategy of the inherent feature weight is as follows.

Given a feature, for each distinct value v of the feature, let v be the number of occurrences of v in the knowledge set, and let f = v/N be the frequency of occurrence of v, where N is the size of the knowledge set. If we approximate f as the probability of v, we can calculate the entropy of the feature as Eq (5).

where ${p_i}$ represents the probability function of the ith value of the feature ${f_k}$.

After calculating the entropy ${H_1}, {H_2}, \cdots, {H_n}$ of all features, the weight value ${w_1}, {w_2}, \cdots, {w_n}$ of each feature is calculated as Eq (6).

According to the similarity calculation strategy and the weight of each feature, a feature set similarity model is constructed as Eq (7).

The identification model is used to calculate the similarity between the target device and the known devices. In the process of device type identification, the device type with the largest similarity is considered the device type of the target device, so the device type identification is as Eq (8).

3.   Method analysis

In this section, we'll analyze the effectiveness of the inherent feature based device identification and the rationality of the FSCS.

3.1.   Effectiveness analysis of inherent feature-based device identification

Devices of different models are usually different in inherent features. For example, as shown in Table 1, camera devices of different models are different in some inherent features such as appearance. size, weight. and so on. So, it's sound and feasible to distinguish devices by their inherent features. We should avoid identifying devices just by one single inherent feature since the measurement process of the value of an inherent feature may introduce deviation, as many as inherent features should be used instead.

Table 1 shows that almost all devices of different types have different values of the "weight" inherent attribute, but it should be noted that in the actual classification process, the value of the "weight" inherent attribute is measured, and deviations are prone to occur during the measurement process. Using only the "weight" attribute as an inherent feature to identify devices results in large errors. It is necessary to use multiple inherent features to identify a camera device. Therefore, the use of multiple inherent features in this method can more effectively identify a device.

3.2.   Rationality analysis of the FSCS

There are 4 types of inherent features: "phrase", "numerical", "interval" and "collection", and each has a corresponding FSCS respectively.

A. Phrase

The inherent features of the "phrase" type are described by one or more words. For example, the inherent feature of the shape of a camera device may be described by words like "dome", "bullet", or "barrel". The FSCS of inherent features of the "phrase" type is determined by whether the phrases are the same, so it's reasonable to use Eq (1) to calculate the similarity of two features of the "phrase" type.

B. Numerical

For inherent features of the "numerical" type, the similarity depends on numerical differences, and the smaller the numerical difference between two features is, the larger the similarity. Suppose that the kth feature of the vectors ${F_{base}}$ and ${F_i}$ are both of "numerical" type, a naive calculation strategy for the similarity between the target and benchmark feature would be expressed as Eq (9).

Note that the impact of $\left| {{f_{base, k}} - {f_{i, k}}} \right|$ is relevant to the absolute value of ${f_{base, k}}$ or ${f_{i, k}}$, so Eq (9) should be revised as Eq (10).

Practically, values of inherent features of the "numerical" type are acquired by measurement. Due to the precision of measurement tools and human errors during the measurement process, there might be a deviation between the real value and measured value of a feature. So, we introduce an error tolerance $\epsilon$into Eq (10) and obtain Eq (2).

C. Interval

For inherent features of the "interval" type, the similarity is determined by the relationship between intervals. If the interval value of the benchmark feature is the same as the one of the target feature, the benchmark feature and the target feature are considered the same, and vice versa. Thus, suppose that the kth feature of the inherent feature vectors ${F_{base}}$ and ${F_i}$ are both of "interval" type, a naive calculation strategy for the similarity between the target feature ${f_{i, k}}$ and the benchmark feature ${f_{base, k}}$ would be described as Eq (11).

Practically, the interval of a benchmark feature is usually complete, and the interval of a target feature is often a subset of the interval of the benchmark feature, so it might be a fault to calculate similarity using Eq (11). We think it's reasonable to use Eq (3) for evaluating the similarity of features of the "interval" type. When a target feature interval is a subset of the benchmark feature interval, the two features are similar, and vice versa. Note that when an interval value is numeric (denoted by a), the numeric value a should be regarded as an interval [a, a].

D. Collection

Features of the "collection" type contain multiple elements, and the similarity between features can be determined by the inclusion relationship between collections, or by cosine similarity between vectors after collection vectorization.

The calculation strategy of cosine similarity is considered to be more accurate than the strategy of inclusion relationship. Taking the "image resolution" feature as an example, suppose that the benchmark and target features are ${f_{base}} = \{ a \times b, c \times d\}$, ${f_1} = \{ a \times b\}$ and ${f_2} = \{ a \times b, c \times d\}$, when using calculation strategy of inclusion relationship, the similarity values of ${f_1}$ vs.${f_{base}}$ and ${f_2}$vs.${f_{base}}$ are both 1. however, when using calculation strategy of cosine similarity, the similarity value of ${f_1}$ vs.${f_{base}}$ is 0.5 and value of ${f_2}$vs.${f_{base}}$ is 1. Obviously, the calculation strategy of cosine similarity gets a smaller error and is more reasonable.

However, "interval type" features are difficult to vectorize due to the continuous elements, so it is not suitable to use the cosine similarity to measure feature similarity. In contrast, the elements in the "collection type" feature are discrete, and the vectorization process is simple. It is undoubtedly a more reasonable choice to construct an FSCS based on the cosine similarity method with smaller errors. The above analysis shows that the inherent FSCS adopted in this method is reasonable.

4.   Experiment

In this section, we conduct two experiments: 1) when the feature sets are complete, a device type identification experiment verifies the feasibility of the method; 2) when features are missing, a device type identification experiment verify the effectiveness of the method.

4.1.   Dataset

We select 40 types of fine-grained devices each from Dahua and Hikvision camera products as the knowledge set of the experiment. The specific device types are shown in Table 2, while each device has a number for the convenience of recording and presentation.

For each device, the device shape (${f_1}$), size (${f_2}$), weight (${f_3}$), imaging component (${f_4}$), resolution (${f_5}$), minimum illumination (${f_6}$), lens parameters (${f_7}$), compression code rate (${f_8}$), electronic shutter time (${f_9}$) and ambient temperature (${f_{10}}$) are inherent features for device identification. The different inherent characteristic values of the different device types are shown in Table 3

In Table 3, f₁ and f₄ are "phrase type" inherent features; f₂, f₃, and f₆ are "numerical value" inherent features; f₈, f₉ and f₁₀ are "interval type" inherent features; and f₅ and f₇ are "collective type" inherent features. The elements in f₆ represent the minimum illumination of the color camera, black-and-white camera, and infrared camera. For example, in the f₆ value of T01, "0.4; 0.22; -" indicates that the lowest illuminance of the T01 color camera is 0.4 lux, the minimum illuminance of the black-and-white camera is 0.22 lux, and the infrared camera is not supported. Each set element of f₇ includes the focal length, aperture, and horizontal field of view. For example, in the f₇ value of T01, "6, F2.6, 37" indicates that the focal length is 6 mm, the aperture is F2.6, and the horizontal field of view is 37 degrees.

From Eqs (5) and (6), we calculate the weight of each feature separately, and the results are ${w_1} = 0.09089$, ${w_2} = 0.{\text{11481}}$, ${w_3} = 0.{\text{11294}}$, ${w_4} = 0.0{\text{9217}}$, ${w_5} = 0.{\text{11}}0{\text{61}}$, ${w_6} = 0.{\text{1}}0{\text{381}}$, ${w_7} = 0.{\text{11596}}$, ${w_8} = 0.0{\text{9915}}$, ${w_9} = 0.0{\text{7682}}$, and ${w_{10}} = 0.0{\text{8285}}$. In Sections 4.2 and 4.3, we use the calculated feature weights.

4.2.   Experiment on complete feature set

To verify the effectiveness of identifying device types using the inherent features, we carry out a device identification experiment with each feature set complete and calculate the similarity between any two devices.

We use the feature weights calculated in Section 4.1, set the error tolerance $\varepsilon = 1$ for the "numerical type" features, and calculate the difference between any two devices in {T01, T02..., T20} using Eq (7). Figure 2 shows the confusion matrix of the device similarity.

In Figure 2, "True Type" represents the actual fine-grained type of the device, and "Basic Type" represents the basic type. When "True Type" is "T02" and "Basic Type" is "T01", the similarity is 0.492, which means that the similarity between T02 and T01 is 0.492 in other words, $Similarity\left({{F_{base, 1}}, {F_{target, 2}}} \right) = 0.492$.

By using the 10 inherent characteristics described in Section 4.1, Figure 2 shows that the similarity between any two devices is less than 0.85 (the maximum value is 0.842), which can effectively distinguish the devices, in other words, it proves the effectiveness of inherent features in distinguishing devices type. The areas with greater similarity are T1-T15, T16-T20, T21-T25, T36-T40, which indicates that the inherent features of the devices from the same manufacturer are more similar than the devices from different manufacturers.

4.3.   Experiment on incomplete features

Our experiment simulates a situation with incomplete device features in an actual environment. We discard some features or elements of collective features with a certain probability and accomplish fine-grained device identification with incomplete features.

The discarding probability of an inherent feature changes from 0 to 1 in increments of 0.01. At each discarding probability value, the target set with inherent missing features is generated using the knowledge set, and the similarity between each feature in the target set and the knowledge set is calculated separately, and the greatest similar device type is taken as the target device type. To ensure arbitrary discarding of probability values, the experiment is repeated 1000 times to obtain the average identification accuracy of each type of device.

The increase of feature discard probability makes the similarity value between fine-grained device types decrease, which is because when a feature value of the target device is empty (i.e., no feature is acquired), the feature similarity between the target device and the knowledge device will be 0. When the target device has fewer non-empty feature values, the similarity value between it and the knowledge set device type will be less. Therefore, we set a similarity threshold in the experiment. When the maximum similarity is less than the threshold, device identification is considered to fail (even if the type corresponding to the maximum similarity is the correct type). When the threshold value is set to 0.5, the graph of the variation between the average recognition accuracy and the discard probability of each type of device is obtained as shown in Figure 3.

In Figure 3, when the discard probability is less than 0.25, the average identification accuracy of the fine-grained type of the device is greater than 90%. When the discard probability is greater than 0.2, the average identification accuracy decreases rapidly with the increase of discard probability. When the discard probability is 0.4, the average identification accuracy is approximately 60%. When the discard probability is 0.8, the average identification accuracy is close to 0.

An increase in the discard probability inevitably leads to a decrease in the similarity value. While the similarity value of the correct device type decreases, the similarity value between other devices and the target device will also decrease. The strategy of setting the similarity threshold will directly lead to the failure of fine-grained type identification of the device when the discarding probability is large. Figure 4 shows the similarity matrix between the target set devices and the knowledge set devices during the 500th experiment when the discard probability is 0.5.

Figure 4 shows that when the discarding probability of an inherent feature is 0.5, the maximum similarity value (i.e., T10, T19, etc.) is less than 0.5. However, the device type with the maximum similarity value is the correct device type. Therefore, when a feature is missing, a similarity threshold should not be set (or the threshold should be set to 0).

Figure 5 shows that when there is no similarity threshold, the average identification accuracy of each device fine-grained type is still greater than 80% even if the discarding rate of inherent features is 50%. When the discard rate is 0.8, the average identification accuracy of each device is greater than 35%. This shows that the method proposed in this paper can still identify the fine-grained types of devices effectively when some inherent features are missing.

In this section, the experimental results based on real data show that the method proposed in this paper to identify the fine-grained type of device based on inherent features is feasible and effective. In reality, the more inherent features of the target device are obtained, the more accurate the identification of the target device will be. When the "missing rate" of inherent features is 50%, the average accuracy to identify the fine-grained type of device still exceeds 80%.

5.   Conclusions

This paper develops an inherent feature-based device identification method to solve the current deficiency in fine-grained identification of types of camera devices. The method classifies devices inherent features into 4 types according to their expressive form, establishes a similarity calculation strategy (FSCS) for each type of inherent feature, assigns a weight value derived from information entropy for each inherent feature, and constructs a fine-grained device type identification model combining the FSCS and weight value. Experiment results show that the method proposed in this paper can recognize fine-grained types of devices in the partial absence of inherent features. Especially, when the "absence rate" of inherent features is 50%, the average accuracy is still more than 80%. In future work, finding more effective inherent features and combining them with network features may be an important direction to improve the accuracy of fine-grained device type identification.

Acknowledgments

We would like to thank the reviewers for their positive suggestions, which helped to improve the paper enormously.

Conflict of interest

The authors declare that there is no conflict of interest.