Machine Learning
Machine Learning
Artificial Intelligence: A Modern Approach
Artificial Intelligence: A Modern Approach
Protocol scrubbing: network security through transparent flow modification
IEEE/ACM Transactions on Networking (TON)
Defeating TCP/IP stack fingerprinting
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Understanding and preventing network device fingerprinting
Bell Labs Technical Journal - Information Technology/Network Security
On biases in estimating multi-valued attributes
IJCAI'95 Proceedings of the 14th international joint conference on Artificial intelligence - Volume 2
MitiBox: camouflage and deception for network scan mitigation
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
The limits of automatic OS fingerprint generation
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
OS-Sommelier: memory-only operating system fingerprinting in the cloud
Proceedings of the Third ACM Symposium on Cloud Computing
Hi-index | 0.00 |
Tools for active remote operating system fingerprinting generate many packets and are easily detected by host and network defensive devices such as IDS/NIDS. Since each additional packet increases the probability of detection, it is advantageous to minimize the number of probe packets. We make use of an information-theoretic measure of test quality to evaluate fingerprinting probes and use this evaluation to derive effective probe combinations that minimize probe packets. While the default configuration of Nmap's second generation operating system detection transmits 16 different probe packets, we demonstrate successful fingerprinting with one to three packets. Furthermore, these packets are valid TCP SYN packets to open ports, which are less likely to be detected as fingerprinting probes than malformed packets or packets that are not part of a valid TCP three-way handshake.