Unsupervised Clustering Under Temporal Feature Volatility in Network Stack Fingerprinting Academic Article

abstract

• 1993-2012 IEEE. Maintaining and updating signature databases are tedious tasks that normally require a large amount of user effort. The problem becomes harder when features can be distorted by observation noise, which we call volatility. To address this issue, we propose algorithms and models to automatically generate signatures in the presence of noise, with a focus on single-probe stack fingerprinting, which is a research area that aims to discover the operating system of remote hosts using their response to a TCP SYN packet. Armed with this framework, we construct a database with 420 network stacks, label the signatures, develop a robust classifier for this database, and fingerprint 66M visible webservers on the Internet. We compare the obtained results against Nmap and discover interesting limitations of its classification process that prevent correct operation when its auxiliary probes (e.g., TCP rainbow, TCP ACK, and UDP to a closed port) are blocked by firewalls.

authors

• Loguinov, Dmitri

published proceedings

• IEEE-ACM TRANSACTIONS ON NETWORKING

author list (cited authors)

• Shamsi, Z., & Loguinov, D.

citation count

• 1

complete list of authors

• Shamsi, Zain||Loguinov, Dmitri

publication date

• August 2017

publisher

• Institute of Electrical and Electronics Engineers (IEEE)  Publisher

published in

• IEEE/ACM Transactions on Networking  Journal

keywords

• Internet Measurement
• Os Fingerprinting

Digital Object Identifier (DOI)

• 10.1109/TNET.2017.2690641

start page

• 2430

end page

• 2443

volume

• 25

issue

• 4

URL

• http%3A%2F%2Fdx.doi.org%2F10.1109%2Ftnet.2017.2690641