Loading [a11y]/accessibility-menu.js
Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting | IEEE Journals & Magazine | IEEE Xplore

Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting


Abstract:

Recent work in OS fingerprinting has focused on overcoming random distortion in network and user features during Internet-scale SYN scans. These classification techniques...Show More

Abstract:

Recent work in OS fingerprinting has focused on overcoming random distortion in network and user features during Internet-scale SYN scans. These classification techniques work under an assumption that all parameters of the profiled network are known a-priori – the likelihood of packet loss, the popularity of each OS, the distribution of network delay, and the probability of user modification to each default TCP/IP header value. However, it is currently unclear how to obtain realistic versions of these parameters for the public Internet and/or customize them to a particular network being analyzed. To address this issue, we derive a non-parametric Expectation-Maximization (EM) estimator, which we call Faulds, for the unknown distributions involved in single-probe OS fingerprinting and demonstrate its significantly higher robustness to noise compared to methods in prior work. We apply Faulds to a new scan of 67M webservers and discuss its findings.
Published in: IEEE/ACM Transactions on Networking ( Volume: 29, Issue: 5, October 2021)
Page(s): 2339 - 2352
Date of Publication: 18 June 2021

ISSN Information:

References is not available for this document.

I. Introduction

The Internet is a fascinating conglomerate of highly heterogeneous devices, which differ in hardware capability, security awareness, software features, and daily usage. Measuring the amount, type, and behavior of these devices, as well the networks they connect to, has become an important topic [14], [15], [17], [20], [27], [30], [36], [45], [46]. To categorize the makeup of today’s networks, research in active OS fingerprinting, which is our topic in this paper, aims to determine the stack of remote hosts using their responses to external stimuli (i.e., TCP/IP probes) [4], [5], [7], [10], [18], [25], [26], [31], [33], [39], [44], [49], [53], [54], [58], [59], [60]. In addition to uncovering the operating system of computers, fingerprinting can expose household items (e.g., printers, cameras, TVs) and various cyber-physical systems (e.g., temperature monitors, lighting controllers), which are classes of devices that have enjoyed increased exploitation in recent years [2], [9].

References is not available for this document.

Contact IEEE to Subscribe

References

References is not available for this document.