Abstract | ||
---|---|---|
Recent work in OS fingerprinting has focused on overcoming random distortion in network and user features during Internet-scale SYN scans. These classification techniques work under an assumption that all parameters of the profiled network are known a-priori -- the likelihood of packet loss, the popularity of each OS, the distribution of network delay, and the probability of user modification to each default TCP/IP header value. However, it is currently unclear how to obtain realistic versions of these parameters for the public Internet and/or customize them to a particular network being analyzed. To address this issue, we derive a non-parametric Expectation-Maximization (EM) estimator, which we call Faulds, for the unknown distributions involved in single-probe OS fingerprinting and demonstrate its significantly higher robustness to noise compared to methods in prior work. We apply Faulds to a new scan of 67M webservers and discuss its findings.
|
Year | DOI | Venue |
---|---|---|
2017 | 10.1145/3133956.3133963 | CCS |
Field | DocType | ISBN |
Data mining,Network delay,Computer science,Computer security,Network security,Packet loss,Robustness (computer science),Nonparametric statistics,IP header,The Internet,Web server | Conference | 978-1-4503-4946-8 |
Citations | PageRank | References |
3 | 0.43 | 25 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Zain Shamsi | 1 | 11 | 1.61 |
Daren B. H. Cline | 2 | 16 | 5.02 |
Dmitri Loguinov | 3 | 1298 | 91.08 |