All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Passive OS Fingerprinting Methods in the Jungle of Wireless Networks

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F18%3A00106883" target="_blank" >RIV/00216224:14610/18:00106883 - isvavai.cz</a>

  • Result on the web

    <a href="https://ieeexplore.ieee.org/document/8406262" target="_blank" >https://ieeexplore.ieee.org/document/8406262</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1109/NOMS.2018.8406262" target="_blank" >10.1109/NOMS.2018.8406262</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Passive OS Fingerprinting Methods in the Jungle of Wireless Networks

  • Original language description

    Operating system fingerprinting methods are well-known in the domain of static networks and managed environments. Yet few studies tackled this challenge in real networks, where users can bring and connect any device. We evaluate the performance of three OS fingerprinting methods on a large dataset collected from university wireless network. Our results show that method based on HTTP User-agents is the most accurate but can identify only low portion of the traffic. TCP/IP parameters method proved to be the opposite with high identification rate but low accuracy. We also implemented a new method based on detection of communication to OS-specific domains and its performance is comparable to the two established ones. After that, we discuss the impacts of traffic encryption and embracing new protocols such as IPv6 or HTTP/2.0 on OS fingerprinting. Our findings suggest that OS identification based on specific domain detection is viable and corresponds to the current directions of network traffic evolution, while methods based on TCP/IP parameters and User-agents will become ineffective in the future.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/VI20172020070" target="_blank" >VI20172020070: Research of Tools for Cyber Situational Awareness and Decision Support of CSIRT Teams in Protection of Critical Infrastructure</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2018

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium

  • ISBN

    9781538634165

  • ISSN

  • e-ISSN

  • Number of pages

    9

  • Pages from-to

  • Publisher name

    IEEE Xplore Digital Library

  • Place of publication

    Taipei, Taiwan

  • Event location

    Taipei, Taiwan

  • Event date

    Jan 1, 2018

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000541820800150

Similar results(10)

Towards Identification of Operating Systems from the Internet Traffic. IPFIX Monitoring with Fingerprinting and ClusteringNetwork-based HTTPS Client Identification Using SSL/TLS FingerprintingHTTPS Traffic Analysis and Client Identification Using Passive SSL/TLS Fingerprinting