Remote OS fingerprinting using BP neural network

Authors:
Wenwei Li;Dafang Zhang;Jinmin Yang
Affiliations:
College of Computer and Communication, Hunan University, Changsha, China;College of Computer and Communication, Hunan University, Changsha, China;School of Software, Hunan University, Changsha, China
Venue:
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
Year:
2005

Citing 2
Cited 0

Automated packet trace analysis of TCP implementations

SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Defeating TCP/IP stack fingerprinting

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9

Quantified Score

Hi-index	0.00

Visualization

Abstract

Remote OS fingerprinting is valuable in areas such as network security, Internet modeling, and end-to-end application design, etc. While current rule-based tools fail to detect the OS of remote host with high accuracy, for users may modify their TCP/IP parameters or employ stack “scrubbers”. In this paper, a BP neural network based classifier is proposed for accurately fingerprinting the OS of remote host. To avoid the shortages of traditional BP algorithm, the classifier is also enforced with Levenberg-Marquardt algorithm. Experimental results on packet traces collected at an access link of a website show that, rule-based tools can't identify as many as 10.6% of the hosts. While the BP neural network based classifier is far more accurate, it can successfully identify about 97.8% hosts in the experiment.