Hershel: single-packet os fingerprinting Conference Paper

abstract

• Traditional TCP/IP fingerprinting tools (e.g., nmap) are poorly suited for Internet-wide use due to the large amount of traffic and intrusive nature of the probes. This can be overcome by approaches that rely on a single SYN packet to elicit a vector of features from the remote server; however, these methods face difficult classification problems due to the high volatility of the features and severely limited amounts of information contained therein. Since these techniques have not been studied before, we first pioneer stochastic theory of single-packet OS fingerprinting, build a database of 116 OSes, design a classifier based on our models, evaluate its accuracy in simulations, and then perform OS classification of 37.8M hosts from an Internet-wide scan. Copyright 2014 ACM.

name of conference

• The 2014 ACM international conference on Measurement and modeling of computer systems

authors

• Loguinov, Dmitri

published proceedings

• ACM SIGMETRICS Performance Evaluation Review

author list (cited authors)

• Shamsi, Z., Nandwani, A., Leonard, D., & Loguinov, D.

citation count

• 26

complete list of authors

• Shamsi, Zain||Nandwani, Ankur||Leonard, Derek||Loguinov, Dmitri

editor list (cited editors)

• Sanghavi, S., Shakkottai, S., Lelarge, M., & Schroeder, B.

publication date

• January 2014

publisher

• Association for Computing Machinery (ACM)  Publisher

published in

• Performance Evaluation Review  Journal

Digital Object Identifier (DOI)

• 10.1145/2591971.2591972

International Standard Book Number (ISBN) 13

• 9781450327893

start page

• 195

end page

• 206

volume

• 42

issue

• 1

URL

• https://doi.org/10.1145/2591971