View article

Classifying devices connected to an enterprise network is a fundamental security control that is nevertheless challenging due to the limitations of fingerprint-based classification and black-box machine learning. In this paper, we address such limitations by proposing a similarity-based clustering method. We evaluate our solution and compare it to a state-of-the-art fingerprint-based classification engine using data from 20,000 devices. The results show that we can successfully classify around half of the unclassified devices with a high accuracy. We also validate our approach with domain experts to demonstrate its usability in producing new fingerprinting rules.