Visible to the public Biblio

Filters: Author is Cline, Daren B.H.  [Clear All Filters]
2018-01-10
Shamsi, Zain, Cline, Daren B.H., Loguinov, Dmitri.  2017.  Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :971–982.

Recent work in OS fingerprinting has focused on overcoming random distortion in network and user features during Internet-scale SYN scans. These classification techniques work under an assumption that all parameters of the profiled network are known a-priori – the likelihood of packet loss, the popularity of each OS, the distribution of network delay, and the probability of user modification to each default TCP/IP header value. However, it is currently unclear how to obtain realistic versions of these parameters for the public Internet and/or customize them to a particular network being analyzed. To address this issue, we derive a non-parametric Expectation-Maximization (EM) estimator, which we call Faulds, for the unknown distributions involved in single-probe OS fingerprinting and demonstrate its significantly higher robustness to noise compared to methods in prior work. We apply Faulds to a new scan of 67M webservers and discuss its findings.