All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Evaluation of passive OS fingerprinting methods using TCP/IP fields

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F23%3A10133572" target="_blank" >RIV/63839172:_____/23:10133572 - isvavai.cz</a>

  • Alternative codes found

    RIV/68407700:21240/23:00367557

  • Result on the web

    <a href="https://ieeexplore.ieee.org/document/10192974" target="_blank" >https://ieeexplore.ieee.org/document/10192974</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.23919/SpliTech58164.2023.10192974" target="_blank" >10.23919/SpliTech58164.2023.10192974</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Evaluation of passive OS fingerprinting methods using TCP/IP fields

  • Original language description

    An important part of network management is to keep knowledge about the connected devices. One of the tools that can provide such information in real-time is passive OS fingerprinting, in particular the method based on analyzing values of specific TCP/IP headers. The state-of-the-art approach is to use machine learning to create such OS classifier. In this paper, we focus on the evaluation of this approach from several perspectives. We took two existing public datasets and created a new one from our network and trained machine learning models to classify the 4 most common operation system families based on selected TCP/IP fields. We compare different models, discuss the need to round TTL values to avoid over-fitting, and test the transferability of models trained on data from different networks. Although TCP/IP-related characteristics of individual operating systems should be independent on where the device is located, our experiments show that a model trained in one network performs much worse in another one, making model creation and deployment more difficult in practice. A good solution may be to combine data from multiple networks. A model trained on a combination of all three datasets exhibited the best results on average across the datasets.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/VJ02010024" target="_blank" >VJ02010024: Flow-based Encrypted Traffic Analysis</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2023

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    2023 8th International Conference on Smart and Sustainable Technologies (SpliTech)

  • ISBN

    978-953-290-128-3

  • ISSN

  • e-ISSN

  • Number of pages

    4

  • Pages from-to

    530-533

  • Publisher name

    IEEE

  • Place of publication

    Neuveden

  • Event location

    Split/Bol, Croatia

  • Event date

    Jun 20, 2023

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

Passive Operating System Fingerprinting Revisited: Evaluation and Current ChallengesPassive OS Fingerprinting Methods in the Jungle of Wireless NetworksInvestigation on Operating Systems Identification by Means of Fractal Geometry and OS Pseudorandom Number Generators