Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F23%3A00130617" target="_blank" >RIV/00216224:14610/23:00130617 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.sciencedirect.com/science/article/pii/S138912862300227X" target="_blank" >https://www.sciencedirect.com/science/article/pii/S138912862300227X</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.comnet.2023.109782" target="_blank" >10.1016/j.comnet.2023.109782</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

Popis výsledku v původním jazyce

Fingerprinting a host's operating system is a very common yet precarious task in network, asset, and vulnerability management. Estimating the operating system via network traffic analysis may leverage TCP/IP header parameters or complex analysis of hosts' behavior using machine learning. However, the existing approaches are becoming obsolete as network traffic evolves which makes the problem still open. This paper discusses various approaches to passive OS fingerprinting and their evolution in the past twenty years. We illustrate their usage, compare their results in an experiment, and list challenges faced by the current fingerprinting approaches. The hosts' differences in network stack settings were initially the most important information source for OS fingerprinting, which is now complemented by hosts' behavioral analysis and combined approaches backed by machine learning. The most impactful reasons for this evolution were the Internet-wide network traffic encryption and the general adoption of privacy-preserving concepts in application protocols. Other changes, such as the increasing proliferation of web applications on handheld devices, raised the need to identify these devices in the networks, for which we may use the techniques of OS fingerprinting.

Název v anglickém jazyce

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

Popis výsledku anglicky

Fingerprinting a host's operating system is a very common yet precarious task in network, asset, and vulnerability management. Estimating the operating system via network traffic analysis may leverage TCP/IP header parameters or complex analysis of hosts' behavior using machine learning. However, the existing approaches are becoming obsolete as network traffic evolves which makes the problem still open. This paper discusses various approaches to passive OS fingerprinting and their evolution in the past twenty years. We illustrate their usage, compare their results in an experiment, and list challenges faced by the current fingerprinting approaches. The hosts' differences in network stack settings were initially the most important information source for OS fingerprinting, which is now complemented by hosts' behavioral analysis and combined approaches backed by machine learning. The most impactful reasons for this evolution were the Internet-wide network traffic encryption and the general adoption of privacy-preserving concepts in application protocols. Other changes, such as the increasing proliferation of web applications on handheld devices, raised the need to identify these devices in the networks, for which we may use the techniques of OS fingerprinting.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Computer Networks

ISSN

1389-1286

e-ISSN

1872-7069

Svazek periodika

229

Číslo periodika v rámci svazku

109782

Stát vydavatele periodika

NL - Nizozemsko

Počet stran výsledku

12

Strana od-do

1-12

Kód UT WoS článku

000987230300001

EID výsledku v databázi Scopus

2-s2.0-85153275882