Packet Inspection for Unauthorized OS Detection in Enterprises

Tyagi, Rohit; Paul, Tuhin; Manoj, B. S.; Thanudas, B.

doi:10.1109/msp.2015.86

Cited by 21 publications

(10 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The combination of TTL and window size fields is used to fingerprint devices using operating system vendor-specific values in their implementations for detection. Table 1 lists some commonly used and legacy operating systems and the window size/TTL pairs used for each [26].…”

Section: Device Characterizationmentioning

confidence: 99%

Trust and Risk Assessment in IoT Networks

Hemmes,

Fulton,

Dressler

et al. 2023

Comput. Networks Commun.

View full text Add to dashboard Cite

The Internet of Things (IoT) is a large-scale, heterogeneous ecosystem of connected devices encompassing a range of purposes and computing capabilities. As IoT systems grow ubiquitous, new approaches to security are needed. This work proposes a method of risk assessment for devices that combines the use of trust models based on dynamic behaviors with static capability profiles drawn from immutable device characteristics to determine the level of risk each device poses to network security. A risk-based approach allows security mechanisms and monitoring activities to be more efficiently allocated across IoT networks. Simultaneously, devices can be allowed a greater degree of functionality while ensuring system availability and security. This paper presents a methodology and architecture to integrate risk assessment into IoT networks. This allows additional tailoring of security control application and provides higher-level, more human-readable information for security analysts.

show abstract

Section: Device Characterizationmentioning

confidence: 99%

Trust and Risk Assessment in IoT Networks

Hemmes,

Fulton,

Dressler

et al. 2023

Comput. Networks Commun.

View full text Add to dashboard Cite

show abstract

“…The device fingerprint is expanded to improve the accuracy of network asset detection and traceability. Tyagi et al 14 proposed an operating system equipment asset detection method based on Euclidean distance, which is used to discover unauthorized abnormal equipment hosts in the system, which shortens the modeling time compared to other complex classifiers. Reference 15 used the C4.5 decision tree model to achieve passive detection of device fingerprints based on TCP/IP protocol stack with a shorter modeling time and higher accuracy, which improves the detection rate of fingerprints that are not accurately matched.…”

Section: Related Workmentioning

confidence: 99%

A detection method of lost assets based on feature optimization and active-passive detection

Yan

Cai

et al. 2022

International Conference on Computer Application and Information Security (ICCAIS 2021)

View full text Add to dashboard Cite

With the development of Internet technology, various network attacks have emerged one after another, seriously affecting the security of many key infrastructures such as finance, energy, and transportation. Therefore, the importance of network asset management is self-evident. How to judge the security of assets and detect lost assets has become an important research topic. This paper proposes a method for detecting lost assets based on feature optimization and activepassive detection. Firstly, it achieves the classification of abnormal traffic by extracting important features of the traffic data. And then, it detects the network assets using the combined active and passive detection method. The experiments show that this method can effectively detect the lost assets in the network and effectively provide an analysis basis for threat analysis and emergency response.

show abstract

“…is TCP/IP fingerprints can help people recognize different devices, including honeypots. Some common TCP/IP fingerprints are TCP FIN flag, TCP initial window, and ACK value [30]. After analysis, we finally decided to use average_received_bytes, average_received_ttl, average_received_ack_flags, average_received_push_flags, average_received_syn_flags, average_received_fin_flags, and average_received_window_size as the network-layer feature.…”

Section: Network-layer Featurementioning

confidence: 99%

Automatic Identification of Honeypot Server Using Machine Learning Techniques

Huang

Han

Zhang³

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

Traditional security strategies are powerless when facing novel attacks in the complex network environment, such as advanced persistent threat (APT). Compared with traditional security detection strategies, the honeypot system, especially on the Internet of things research area, is intended to be attacked and automatically monitor potential attacks by analyzing network packages or log files. The researcher can extract exactly threat actor tactics, techniques, and procedures from these data and then generate more effective defense strategies. But for normal security researchers, it is an urgent topic how to improve the honeypot mechanism which could not be recognized by attackers, and silently capture their behaviors. So, they need awesome intelligent techniques to automatically check remotely whether the server runs honeypot service or not. As the rapid progress in honeypot detection using machine learning technologies, the paper proposed a new automatic identification model based on random forest algorithm with three group features: application-layer feature, network-layer feature, and other system-layer feature. The experiment datasets are collected from public known platforms and designed to prove the effectiveness of the proposed model. The experiment results showed that the presented model achieved a high area under curve (AUC) value with 0.93 (area under the receiver operating characteristic curve), which is better than other machine learning algorithms.

show abstract

Packet Inspection for Unauthorized OS Detection in Enterprises

Cited by 21 publications

References 1 publication

Trust and Risk Assessment in IoT Networks

Trust and Risk Assessment in IoT Networks

A detection method of lost assets based on feature optimization and active-passive detection

Automatic Identification of Honeypot Server Using Machine Learning Techniques

Contact Info

Product

Resources

About