Name
Abstract | ||
|---|---|---|
Network protocol fingerprinting refers to the process of identifying a protocol implementation by their input and output behaviors. It has been regarded as both a potential threat to network security and also as a useful mechanism for network management. Existing protocol fingerprinting tools share common disadvantages such as being protocol-specific and difficult to automate. This paper proposes a formal methodology for fingerprinting experiments using which we can model a broad spectrum of fingerprinting problems and design-efficient algorithms. We present a formal behavioral model that specifies a protocol principal by its states and transitions, then identify a complete taxonomy of fingerprint matching and discovery problems is identified based on 1) whether the fingerprinting experiment is active or passive and 2) the information available about the specifications and implementations. Algorithms to solve the problems are discussed. In particular, for fingerprint matching algorithm, we propose an efficient PEFSM online separation algorithm for active experiment and concurrent passive testing for passive experiments. For fingerprint discovery problem, there are two cases: if the protocol specification is available as a nondeterministic PEFSM, we apply across verification and back-tracing technique for active and passive discovery, respectively; if no specification is available, we take the machine learning approach and discover the fingerprint by active testing. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1109/TPDS.2011.26 | IEEE Trans. Parallel Distrib. Syst. |
Keywords | Field | DocType |
network protocol fingerprinting,protocols,network security,existing protocol,network level security and protection,fingerprinting experiment,formal methodology,computer network security,fingerprint discovery problem,fingerprinting problem,protocol specification,active testing,active experiment,network management,concurrent passive testing,protocol implementation,fingerprint matching algorithm,telecommunication network management,machine learning approach,pefsm online separation algorithm,formal methods,protocol principal,back-tracing technique,protocol verification.,behavior modeling,indexing terms,network protocol,automata,spectrum,machine learning,algorithm design and analysis,algorithm design,formal method,data model,testing,taxonomy,fingerprint recognition,data models | Data mining,Algorithm design,Nondeterministic algorithm,Fingerprint recognition,Computer science,Network security,Formal methods,Network management,Blossom algorithm,Communications protocol,Distributed computing | Journal |
Volume | Issue | ISSN |
22 | 11 | 1045-9219 |
Citations | PageRank | References |
0 | 0.34 | 26 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Guoqiang Shu | 1 | 72 | 6.15 |
| David Lee | 2 | 195 | 21.40 |