Passive OS Fingerprinting Methods in the Jungle of Wireless Networks

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F18%3A00106883" target="_blank" >RIV/00216224:14610/18:00106883 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/8406262" target="_blank" >https://ieeexplore.ieee.org/document/8406262</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/NOMS.2018.8406262" target="_blank" >10.1109/NOMS.2018.8406262</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Passive OS Fingerprinting Methods in the Jungle of Wireless Networks

Popis výsledku v původním jazyce

Operating system fingerprinting methods are well-known in the domain of static networks and managed environments. Yet few studies tackled this challenge in real networks, where users can bring and connect any device. We evaluate the performance of three OS fingerprinting methods on a large dataset collected from university wireless network. Our results show that method based on HTTP User-agents is the most accurate but can identify only low portion of the traffic. TCP/IP parameters method proved to be the opposite with high identification rate but low accuracy. We also implemented a new method based on detection of communication to OS-specific domains and its performance is comparable to the two established ones. After that, we discuss the impacts of traffic encryption and embracing new protocols such as IPv6 or HTTP/2.0 on OS fingerprinting. Our findings suggest that OS identification based on specific domain detection is viable and corresponds to the current directions of network traffic evolution, while methods based on TCP/IP parameters and User-agents will become ineffective in the future.

Název v anglickém jazyce

Passive OS Fingerprinting Methods in the Jungle of Wireless Networks

Popis výsledku anglicky

Operating system fingerprinting methods are well-known in the domain of static networks and managed environments. Yet few studies tackled this challenge in real networks, where users can bring and connect any device. We evaluate the performance of three OS fingerprinting methods on a large dataset collected from university wireless network. Our results show that method based on HTTP User-agents is the most accurate but can identify only low portion of the traffic. TCP/IP parameters method proved to be the opposite with high identification rate but low accuracy. We also implemented a new method based on detection of communication to OS-specific domains and its performance is comparable to the two established ones. After that, we discuss the impacts of traffic encryption and embracing new protocols such as IPv6 or HTTP/2.0 on OS fingerprinting. Our findings suggest that OS identification based on specific domain detection is viable and corresponds to the current directions of network traffic evolution, while methods based on TCP/IP parameters and User-agents will become ineffective in the future.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VI20172020070" target="_blank" >VI20172020070: Výzkum nástrojů pro hodnocení kybernetické situace a podporu rozhodování CSIRT týmů při ochraně kritické infrastruktury</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium

ISBN

9781538634165

ISSN

—

e-ISSN

—

Počet stran výsledku

9

Strana od-do

—

Název nakladatele

IEEE Xplore Digital Library

Místo vydání

Taipei, Taiwan

Místo konání akce

Taipei, Taiwan

Datum konání akce

1. 1. 2018

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000541820800150