BLMProbe: Enhancing Internet-Connected Device Discovery by Automated Device Labeling and Label Migration

The rapid growth of Internet-connected devices presents significant challenges to device identification. Existing device probing methods have made progress in identifying device models, but struggle with binary protocols, obfuscated responses, and labels from unknown new devices. In this paper, we present BLMProbe, a network device probing framework that overcomes these challenges through two innovations: a dual-role Large Language Model (LLM) for autonomous label extraction and verification from web data, and a multi-port protocol association technique for cross-port label migration. Experimental results show that BLMProbe achieves a device classification accuracy of 95.86%, outperforming previous state-of-the-art approaches by 13.43%. The framework generates 488 new fingerprints for previously unknown devices, including 59 for binary protocol devices, and updates 306 existing signatures. In unlabeled environments, BLMProbe identifies 5,344 devices, surpassing commercial solutions like Shodan and ZoomEye, demonstrating its effectiveness across different protocols and deployment scenarios.