Automated packet trace analysis of TCP implementations
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Defeating TCP/IP stack fingerprinting
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Hi-index | 0.00 |
Remote OS fingerprinting is valuable in areas such as network security, Internet modeling, and end-to-end application design, etc. While current rule-based tools fail to detect the OS of remote host with high accuracy, for users may modify their TCP/IP parameters or employ stack “scrubbers”. In this paper, a BP neural network based classifier is proposed for accurately fingerprinting the OS of remote host. To avoid the shortages of traditional BP algorithm, the classifier is also enforced with Levenberg-Marquardt algorithm. Experimental results on packet traces collected at an access link of a website show that, rule-based tools can't identify as many as 10.6% of the hosts. While the BP neural network based classifier is far more accurate, it can successfully identify about 97.8% hosts in the experiment.