Loading [a11y]/accessibility-menu.js
Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE/ACM Transactions on Netw... >Volume: 29 Issue: 5

Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting

PDF
Zain Shamsi; Daren B. H. Cline; Dmitri Loguinov
All Authors

Abstract:

Recent work in OS fingerprinting has focused on overcoming random distortion in network and user features during Internet-scale SYN scans. These classification techniques...Show More

Metadata

Abstract:

Recent work in OS fingerprinting has focused on overcoming random distortion in network and user features during Internet-scale SYN scans. These classification techniques work under an assumption that all parameters of the profiled network are known a-priori – the likelihood of packet loss, the popularity of each OS, the distribution of network delay, and the probability of user modification to each default TCP/IP header value. However, it is currently unclear how to obtain realistic versions of these parameters for the public Internet and/or customize them to a particular network being analyzed. To address this issue, we derive a non-parametric Expectation-Maximization (EM) estimator, which we call Faulds, for the unknown distributions involved in single-probe OS fingerprinting and demonstrate its significantly higher robustness to noise compared to methods in prior work. We apply Faulds to a new scan of 67M webservers and discuss its findings.
Published in: IEEE/ACM Transactions on Networking ( Volume: 29, Issue: 5, October 2021)
Page(s): 2339 - 2352
Date of Publication: 18 June 2021

ISSN Information:

DOI: 10.1109/TNET.2021.3088333
References is not available for this document.
Contents

I. Introduction

The Internet is a fascinating conglomerate of highly heterogeneous devices, which differ in hardware capability, security awareness, software features, and daily usage. Measuring the amount, type, and behavior of these devices, as well the networks they connect to, has become an important topic [14], [15], [17], [20], [27], [30], [36], [45], [46]. To categorize the makeup of today’s networks, research in active OS fingerprinting, which is our topic in this paper, aims to determine the stack of remote hosts using their responses to external stimuli (i.e., TCP/IP probes) [4], [5], [7], [10], [18], [25], [26], [31], [33], [39], [44], [49], [53], [54], [58], [59], [60]. In addition to uncovering the operating system of computers, fingerprinting can expose household items (e.g., printers, cameras, TVs) and various cyber-physical systems (e.g., temperature monitors, lighting controllers), which are classes of devices that have enjoyed increased exploitation in recent years [2], [9].

References is not available for this document.

Contact IEEE to Subscribe
More Like This
Active Probing Based End To End Internet Path Metrics Estimation Tool

2006 International Conference on Advanced Computing and Communications

Published: 2006

A defense tool to prevent inappropriate website on internet

2019 International Conference on Intelligent Computing and its Emerging Applications (ICEA)

Published: 2019

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.