Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting
| Title | Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Shamsi, Zain, Cline, Daren B.H., Loguinov, Dmitri |
| Conference Name | Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4946-8 |
| Keywords | Acoustic Fingerprints, composability, Human Behavior, internet measurement, Internet-scale Computing Security, Network security, pubcrawl, Resiliency, stack fingerprinting |
| Abstract | Recent work in OS fingerprinting has focused on overcoming random distortion in network and user features during Internet-scale SYN scans. These classification techniques work under an assumption that all parameters of the profiled network are known a-priori - the likelihood of packet loss, the popularity of each OS, the distribution of network delay, and the probability of user modification to each default TCP/IP header value. However, it is currently unclear how to obtain realistic versions of these parameters for the public Internet and/or customize them to a particular network being analyzed. To address this issue, we derive a non-parametric Expectation-Maximization (EM) estimator, which we call Faulds, for the unknown distributions involved in single-probe OS fingerprinting and demonstrate its significantly higher robustness to noise compared to methods in prior work. We apply Faulds to a new scan of 67M webservers and discuss its findings. |
| URL | http://doi.acm.org/10.1145/3133956.3133963 |
| DOI | 10.1145/3133956.3133963 |
| Citation Key | shamsi_faulds:_2017 |