Clustering Network-Connected Devices Using Affiliation Graphs

Device management in large networks is of growing importance to network administrators and security analysts alike. The com-position of devices on a network can help forecast future traffic demand as well as identify devices that may pose a security risk. However, the sheer number and diversity of devices that comprise most modern networks has vastly increased the complexity of per-forming this management. Motivated by these issues, we exam-ine the application of affiliation graphs to quantify the relation-ship between devices operating on a network and the services for which they connect to via the internet. These relationships can then be used to identify clusters of devices which exhibit similar behavioural characteristics. Through empirical analysis of two 26-hour captures of a uni-versity campus network, we show that affiliation graphs can be utilised to cluster the devices on a network without any a priori knowledge of the network itself. In particular, our preliminary re-sults show that devices can be clustered into specific device types (e.g., servers, user devices, and printers). These clusters can then be used to examine the composition of devices on the network, cre-ate informed device management policies, and identify potentially vulnerable devices.