Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

Logo poskytovatele

Varování

Publikace nespadá pod Filozofickou fakultu, ale pod Ústav výpočetní techniky. Oficiální stránka publikace je na webu muni.cz.
Autoři

LAŠTOVIČKA Martin HUSÁK Martin VELAN Petr JIRSÍK Tomáš ČELEDA Pavel

Rok publikování 2023
Druh Článek v odborném periodiku
Časopis / Zdroj Computer Networks
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Citace
www Published version on Elsevier ScienceDirect
Doi http://dx.doi.org/10.1016/j.comnet.2023.109782
Klíčová slova OS fingerprinting; network monitoring; network management; cybersecurity; machine learning; survey
Přiložené soubory
Popis Fingerprinting a host's operating system is a very common yet precarious task in network, asset, and vulnerability management. Estimating the operating system via network traffic analysis may leverage TCP/IP header parameters or complex analysis of hosts' behavior using machine learning. However, the existing approaches are becoming obsolete as network traffic evolves which makes the problem still open. This paper discusses various approaches to passive OS fingerprinting and their evolution in the past twenty years. We illustrate their usage, compare their results in an experiment, and list challenges faced by the current fingerprinting approaches. The hosts' differences in network stack settings were initially the most important information source for OS fingerprinting, which is now complemented by hosts' behavioral analysis and combined approaches backed by machine learning. The most impactful reasons for this evolution were the Internet-wide network traffic encryption and the general adoption of privacy-preserving concepts in application protocols. Other changes, such as the increasing proliferation of web applications on handheld devices, raised the need to identify these devices in the networks, for which we may use the techniques of OS fingerprinting.
Související projekty:

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.