Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting Conference Paper

abstract

• 2017 author(s). Recent work in OS fingerprinting [41], [42] has focused on overcoming random distortion in network and user features during Internet-scale SYN scans. These classification techniques work under an assumption that all parameters of the profiled network are known a-priori-the likelihood of packet loss, the popularity of each OS, the distribution of network delay, and the probability of user modification to each default TCP/IP header value. However, it is currently unclear how to obtain realistic versions of these parameters for the public Internet and/or customize them to a particular network being analyzed. To address this issue, we derive a non-parametric Expectation-Maximization (EM) estimator, which we call Faulds, for the unknown distributions involved in singleprobe OS fingerprinting and demonstrate its significantly higher robustness to noise compared to methods in prior work.We apply Faulds to a new scan of 67M webservers and discuss its findings.

name of conference

• Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

authors

• Loguinov, Dmitri

published proceedings

• CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY

author list (cited authors)

• Shamsi, Z., Cline, D., & Loguinov, D.

citation count

• 15

complete list of authors

• Shamsi, Zain||Cline, Daren BH||Loguinov, Dmitri

editor list (cited editors)

• Thuraisingham, B. M., Evans, D., Malkin, T., & Xu, D.

publication date

• October 2017

publisher

• Association for Computing Machinery (ACM)  Publisher

published in

• Proceedings of the ACM Conference on Computer and Communications Security  Journal

Digital Object Identifier (DOI)

• 10.1145/3133956.3133963

International Standard Book Number (ISBN) 13

• 9781450349468

start page

• 971

end page

• 982

URL

• https://doi.org/10.1145/3133956