Abstract |
Determining the constituent components of a distributed system and how they are interacting is in general a very difficult problem. It requires the accumulation of evidence bearing on alternative propositions and decision functions for each of the set of attributes that characterize the elements of the system and their operation. In general, the outcome depends not only on the state of the accumulated evidence but also on the cost of acquiring this evidence; and, the accuracy of the decision functions and the process for combining their outputs. In this paper we describe a characterization system that was developed for identifying IoT devices present in an IP environment based on interpretations of the network traffic that is being generated. We argue that the architecture can be applied to address many kinds of similar problems by changing the analytics and the manners in which they are interconnected. |