I. Introduction
The Internet is a fascinating conglomerate of highly heterogeneous devices, which differ in hardware capability, security awareness, software features, and daily usage. Measuring the amount, type, and behavior of these devices, as well the networks they connect to, has become an important topic [14], [15], [17], [20], [27], [30], [36], [45], [46]. To categorize the makeup of today’s networks, research in active OS fingerprinting, which is our topic in this paper, aims to determine the stack of remote hosts using their responses to external stimuli (i.e., TCP/IP probes) [4], [5], [7], [10], [18], [25], [26], [31], [33], [39], [44], [49], [53], [54], [58], [59], [60]. In addition to uncovering the operating system of computers, fingerprinting can expose household items (e.g., printers, cameras, TVs) and various cyber-physical systems (e.g., temperature monitors, lighting controllers), which are classes of devices that have enjoyed increased exploitation in recent years [2], [9].