Visible to the public Operating System Classification: A Minimalist Approach

Submitted by grigby1 on Wed, 08/11/2021 - 10:59am
TitleOperating System Classification: A Minimalist Approach
Publication TypeConference Paper
Year of Publication2020
AuthorsMILLAR, KYLE, CHENG, ADRIEL, CHEW, HONG GUNN, LIM, CHENG-CHEW
Conference Name2020 International Conference on Machine Learning and Cybernetics (ICMLC)
Date Publisheddec
Keywordsaffiliation graphs, composability, cybersecurity, human factors, iOS Security, IP networks, machine learning, Metrics, Network reconnaissance, Object recognition, Operating system classification, Operating systems, passive network reconnaissance, pubcrawl, resilience, Resiliency, social networking (online), wireless networks
AbstractOperating system (OS) classification is of growing importance to network administrators and cybersecurity analysts alike. The composition of OSs on a network allows for a better quality of device management to be achieved. Additionally, it can be used to identify devices that pose a security risk to the network. However, the sheer number and diversity of OSs that comprise modern networks have vastly increased this management complexity. We leverage insights from social networking theory to provide an encryption-invariant OS classification technique that is quick to train and widely deployable on various network configurations. In particular, we show how an affiliation graph can be used as an input to a machine learning classifier to predict the OS of a device using only the IP addresses for which the device communicates with.We examine the effectiveness of our approach through an empirical analysis of 498 devices on a university campus' wireless network. In particular, we show our methodology can classify different OS families (i.e., Apple, Windows, and Android OSs) with an accuracy of 99.3%. Furthermore, we extend this study by: 1) examining distinct OSs (e.g., iOS, OS X, and Windows 10); 2) investigating the interval of time required to make an accurate prediction; and, 3) determining the effectiveness of our approach after six months.
DOI10.1109/ICMLC51923.2020.9469571
Citation Keymillar_operating_2020
Groups: