A theory of diagnosis from first principles
Artificial Intelligence
Artificial Intelligence
Focusing on probable diagnosis
Readings in model-based diagnosis
Artificial Intelligence: A Modern Approach
Artificial Intelligence: A Modern Approach
Automatic Evaluation of Intrusion Detection Systems
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Defeating TCP/IP stack fingerprinting
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Using Contextual Information for IDS Alarm Classification (Extended Abstract)
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Tetherway: a framework for tethering camouflage
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
| Hi-index | 0.00 |
The objective of operating system (OS) discovery is to find which OSs are running on computers in a given network. There are two existing strategies for OS discovery--active and passive--each having fundamental limitations. This paper discusses how the theory of diagnosis can be used to address, in a simple and elegant way, the problems associated with OS discovery. The problems are formalized in a logical framework and solutions are obtained through automated reasoning. The result of using such a knowledge-oriented approach is a natural unification of the active and passive methods of OS discovery in a hybrid approach. This paper also illustrates the benefits of the hybrid approach by comparing its accuracy with other existing OS discovery tools through a large-scale experiment.