Affiliation:
1. Texas A&M University, College Station, TX, USA
Abstract
Traditional TCP/IP fingerprinting tools (e.g., nmap) are poorly suited for Internet-wide use due to the large amount of traffic and intrusive nature of the probes. This can be overcome by approaches that rely on a single SYN packet to elicit a vector of features from the remote server; however, these methods face difficult classification problems due to the high volatility of the features and severely limited amounts of information contained therein. Since these techniques have not been studied before, we first pioneer stochastic theory of single-packet OS fingerprinting, build a database of 116 OSes, design a classifier based on our models, evaluate its accuracy in simulations, and then perform OS classification of 37.8M hosts from an Internet-wide scan.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Hardware and Architecture,Software
Reference52 articles.
1. Akamai. {Online}. Available: http://www.akamai.com/html/about/facts_figures.html. Akamai. {Online}. Available: http://www.akamai.com/html/about/facts_figures.html.
2. SinFP, unification of active and passive operating system fingerprinting
3. D. B. Berrueta "A Practical Approach for Defeating Nmap OS-Fingerprinting " 2003. {Online}. Available: http://nmap.org/misc/defeat-nmap-osdetect.html. D. B. Berrueta "A Practical Approach for Defeating Nmap OS-Fingerprinting " 2003. {Online}. Available: http://nmap.org/misc/defeat-nmap-osdetect.html.
Cited by
13 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献