Open AccessDissertation
Using machine learning techniques for advanced passive operating system fingerprinting
Julius Schwartzenberg
- 19 Aug 2010
TL;DR: This work focuses on automating the generation and updating of the signatures for passive fingerprinting by using classification algorithms to deal with fingerprints which do not have an exact match with an already known signature.
read more
Abstract: TCP/IP fingerprinting is the active or passive collection of information usually extracted from a remote computer’s network stack. The combination of such information can be then used to infer the remote operating system (OS fingerprinting). OS fingerprinting is traditionally based on a database of “signatures”. A signature comprises several features (i.e., pairs attribute/value) extracted from network packets generated by a known operating system. Signatures are manually generated (and updated) by ob-
serving several operating systems. There are two types of fingerprinting: active and passive. In this work, we focus on automating the generation and updating of the signatures for passive fingerprinting. By using classification algorithms we deal with fingerprints which do not have an exact match with an already known signature.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Automated IoT Device Identification using Network Traffic
Ahmet Aksoy,Mehmet Hadi Gunes +1 more
- 20 May 2019
TL;DR: A system for automated classification of device characteristics, called System IDentifier (SysID), based on their network traffic, which allows the ability to have a completely automated way of classifying IoT devices using their TCP/IP packets without expert input for classification.
166
•Journal Article
Ambiguity resolution via passive OS fingerprinting
TL;DR: In this article, the authors use the passively detected OS fingerprint of the end host in an attempt to correctly resolve ambiguities between different network stack implementations, and a new technique is described to increase the confidence level of a fingerprint match by looking more extensively at TCP connection negotiations.
45
Operating system fingerprinting via automated network traffic analysis
Ahmet Aksoy,Sushil J. Louis,Mehmet Hadi Gunes +2 more
- 05 Jun 2017
TL;DR: This study investigates an automated approach for classifying host OS by analyzing the network packets generated by them without relying on human experts and significantly reduces the number of packet features to be analyzed while increasing the classification performance.
32
Towards identification of operating systems from the internet traffic: IPFIX monitoring with fingerprinting and clustering
Petr Matousek,Ondrej Rysavy,Matej Gregr,Martin Vymlatil +3 more
- 28 Aug 2014
TL;DR: This paper focuses on the passive fingerprinting using TCP SYN packets that is incorporated to a IPFIX probe that enhances standard IPFIX records by additional information about OSs and can be extended using cluster analysis as presented.
27
IPv6 OS Fingerprinting Methods: Review
Omar E. Elejla,Bahari Belaton,Mohammed Anbar,Basem O. Alijla +3 more
- 28 Nov 2017
TL;DR: This paper attempts to describe the existing methods of OS fingerprinting with IPv6, as well as their challenges and limitations, and studies the available datasets that might be used for IPv6 OS fingerprints.
7
References
•Book
C4.5: Programs for Machine Learning
J. Ross Quinlan
- 15 Oct 1992
TL;DR: A complete guide to the C4.5 system as implemented in C for the UNIX environment, which starts from simple core learning methods and shows how they can be elaborated and extended to deal with typical problems such as missing data and over hitting.
27.2K
A training algorithm for optimal margin classifiers
Bernhard E. Boser,Isabelle Guyon,Vladimir Vapnik +2 more
- 01 Jul 1992
TL;DR: A training algorithm that maximizes the margin between the training patterns and the decision boundary is presented, applicable to a wide variety of the classification functions, including Perceptrons, polynomials, and Radial Basis Functions.
Fast effective rule induction
William W. Cohen
- 09 Jul 1995
TL;DR: This paper evaluates the recently-proposed rule learning algorithm IREP on a large and diverse collection of benchmark problems, and proposes a number of modifications resulting in an algorithm RIPPERk that is very competitive with C4.5 and C 4.5rules with respect to error rates, but much more efficient on large samples.
4.5K
Security Architecture for the Internet Protocol
R. Atkinson
- 01 Aug 1995
TL;DR: The Security Architecture for the Internet Protocol describes an updated version of the security architecture for IP traffic.
Requirements for Internet Hosts - Communication Layers
Robert Braden
- 01 Oct 1989
TL;DR: This RFC is an official specification for the Internet community that incorporates by reference, amends, corrects, and supplements the primary protocol standards documents relating to hosts.
1.8K