Advanced Network Fingerprinting

Authors:
Humberto J. Abdelnur;Radu State;Olivier Festor
Affiliations:
Centre de Recherche INRIA Nancy, Villers-les-Nancy, France;Centre de Recherche INRIA Nancy, Villers-les-Nancy, France;Centre de Recherche INRIA Nancy, Villers-les-Nancy, France
Venue:
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Year:
2008

Citing 11
Cited 1

On the Resemblance and Containment of Documents

SEQUENCES '97 Proceedings of the Compression and Complexity of Sequences 1997
Protocol scrubbing: network security through transparent flow modification

IEEE/ACM Transactions on Networking (TON)
ACAS: automated construction of application signatures

Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Unexpected means of protocol inference

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Replayer: automatic protocol replay by binary analysis

Proceedings of the 13th ACM conference on Computer and communications security
Probing TCP implementations

USTC'94 Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer 1994 Technical Conference - Volume 1
Revealing skype traffic: when randomness plays with you

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob?

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Discoverer: automatic protocol reverse engineering from network traces

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Catching the picospams

ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems

Automated Behavioral Fingerprinting

RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security assessment tasks and intrusion detection systems do rely on automated fingerprinting of devices and services. Most current fingerprinting approaches use a signature matching scheme, where a set of signatures are compared with traffic issued by an unknown entity. The entity is identified by finding the closest match with the stored signatures. These fingerprinting signatures are found mostly manually, requiring a laborious activity and needing advanced domain specific expertise. In this paper we describe a novel approach to automate this process and build flexible and efficient fingerprinting systems able to identify the source entity of messages in the network. We follow a passive approach without need to interact with the tested device. Application level traffic is captured passively and inherent structural features are used for the classification process. We describe and assess a new technique for the automated extraction of protocol fingerprints based on arborescent features extracted from the underlying grammar. We have successfully applied our technique to the Session Initiation Protocol (SIP) used in Voice over IP signalling.