An effective TCP/IP fingerprinting technique based on strange attractors classification

Authors:
João Paulo S. Medeiros;Agostinho M. Brito;Paulo S. Motta Pires
Affiliations:
LabSIN - Security Information Laboratory, Department of Computer Engineering and Automation – DCA, Federal University of Rio Grande do Norte – UFRN, Natal, RN, Brazil;LabSIN - Security Information Laboratory, Department of Computer Engineering and Automation – DCA, Federal University of Rio Grande do Norte – UFRN, Natal, RN, Brazil;LabSIN - Security Information Laboratory, Department of Computer Engineering and Automation – DCA, Federal University of Rio Grande do Norte – UFRN, Natal, RN, Brazil
Venue:
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Year:
2009

Citing 4
Cited 1

Self-Organizing Maps

Self-Organizing Maps
Virtual honeypots: from botnet tracking to intrusion detection

Virtual honeypots: from botnet tracking to intrusion detection
A new method for recognizing operating systems of automation devices

ETFA'09 Proceedings of the 14th IEEE international conference on Emerging technologies & factory automation
Application of kohonen maps to improve security tests on automation devices

CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security

A qualitative survey of active TCP/IP fingerprinting tools and techniques for operating systems identification

CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a new technique to perform TCP/IP (Transmission Control Protocol/Internet Protocol) stack fingerprinting. Our technique relies on chaotic dynamics theory and artificial neural networks applied to TCP ISN (Initial Sequence Number) samples making possible to associate strange attractors to operating systems. We show that it is possible to recognize operating systems using only an open TCP port on the target machine. Also, we present results which shows that our technique cannot be fooled by Honeyd or affected by PAT (Port Address Translation) environments.