Towards Identification of Operating Systems from the Internet Traffic - IPFIX Monitoring with Fingerprinting and Clustering

Matoušek, Petr; Ryšavý, Ondřej; Gregr, Matej; Vymlátil, Martin

doi:10.5220/0005099500210027

Cited by 15 publications

(8 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The use of network flow technology proved to be determining factor for many works as it enables fingerprinting in large networks. Martin Vymlátil [22] implemented the export of TCP/IP features used for OS fingerprinting into a flow exporter and continued his work with Matoušek et al [23]. They use eight TCP/IP features known from tools and previous works and show the feasibility of continuous OS fingerprinting in large networks.…”

Section: Tcp/ip Methodsmentioning

confidence: 99%

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

et al. 2022

View full text Add to dashboard Cite

Section: Tcp/ip Methodsmentioning

confidence: 99%

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

et al. 2022

View full text Add to dashboard Cite

“…These tools might be misclassified as attack activities due to their probe packets; they negatively affect the network availability, they depend on a small database of IPv6 traffic, they do not support auto-detection of IPv6 mobile OS fingerprint classification and they have low accuracy (Elejla et al, 2017). And finally, they cannot determine the OS unless there is at least one open port in the host machine (Matoušek et al, 2014). Beck et al (2007) proposed a tool called osfinger6; it has built-in OS fingerprint active mechanisms for IPv6 neighbour discovery protocol (NDP) that use 156 probe packets (forged NS).…”

Section: Related Workmentioning

confidence: 99%

“…5 OS fingerprinting classifications allow the administrator to monitor and apply policies on OS types, versions and patch of the machines inside the network (Matoušek et al, 2014).…”

Section: Introductionmentioning

confidence: 99%

Desktop and mobile operating system fingerprinting based on IPv6 protocol using machine learning algorithms

Salah¹,

Alhawa²,

Zaghal³

2022

IJSN

View full text Add to dashboard Cite

Operating system (OS) fingerprinting tools are essential to network security because of their relationship to vulnerability scanning and penetrating testing. Although OS identification is traditionally performed by passive or active tools, more contributions have focused on IPv4 than IPv6. This paper proposes a new methodology based on machine learning algorithms to build classification models to identify IPv6 OS fingerprinting using a newly created dataset. Unlike other proposals that mainly depend on TCP and IP generic features; this work adds other features to improve the detection accuracy. It also considers OSes installed in mobiles (Android and iOS). The experimental results have shown that the algorithms achieved high and acceptable results in classifying OSes. KNN and DT achieved high accuracy of up to 99%. SVM and GNB achieved 81% and 75%, respectively. Moreover, KNN, RF and DT achieved the best recall, precision, and f-score with almost the same as the achieved accuracy.

show abstract

“…The TCP/IP and TLS methods use a Decision tree to classify the flows with labels corresponding to a specific minor version of the OS. To train the classifier, we use the methodology proposed by Husák et al [10] and further extended by Matoušek et al [21] for flow monitoring. We pair the TCP/IP parameters and User-Agents directly as they are present in the same flow.…”

Section: B Os Identificationmentioning

confidence: 99%

Using TLS Fingerprints for OS Identification in Encrypted Traffic

Laštovička

Špaček

Velan

et al. 2020

NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

Asset identification plays a vital role in situational awareness building. However, the current trends in communication encryption and the emerging new protocols turn the wellknown methods into a decline as they lose the necessary data to work correctly. In this paper, we examine the traffic patterns of the TLS protocol and its changes introduced in version 1.3. We train a machine learning model on TLS handshake parameters to identify the operating system of the client device and compare its results to well-known identification methods. We test the proposed method in a large wireless network. Our results show that precise operating system identification can be achieved in encrypted traffic of mobile devices and notebooks connected to the wireless network.

show abstract

Towards Identification of Operating Systems from the Internet Traffic - IPFIX Monitoring with Fingerprinting and Clustering

Cited by 15 publications

References 11 publications

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

Desktop and mobile operating system fingerprinting based on IPv6 protocol using machine learning algorithms

Using TLS Fingerprints for OS Identification in Encrypted Traffic

Contact Info

Product

Resources

About