Using Neural Networks to improve classical Operating System Fingerprinting techniques

Autores
Sarraute, Carlos; Burroni, Javier
Año de publicación
2008
Idioma
inglés
Tipo de recurso
artículo
Estado
versión publicada
Descripción
We present remote Operating System detection as an inference problem: given a set of observations (the target host responses to a set of tests), we want to infer the OS type which most probably generated these observations. Classical techniques used to perform this analysis present several limitations. To improve the analysis, we have developed tools using neural networks and Statistics tools. We present two working modules: one which uses DCE-RPC endpoints to distinguish Windows versions, and another which uses Nmap signatures to distinguish different version of Windows, Linux, Solaris, OpenBSD, FreeBSD and NetBSD systems. We explain the details of the topology and inner workings of the neural networks used, and the fine tuning of their parameters. Finally we show positive experimental results.
Sociedad Argentina de Informática e Investigación Operativa
Materia
Ciencias Informáticas
Neural networks
OS Fingerprinting
DCE-RPC endpoint mapper
Nivel de accesibilidad
acceso abierto
Condiciones de uso
http://creativecommons.org/licenses/by/4.0/
Repositorio
SEDICI (UNLP)
Institución
Universidad Nacional de La Plata
OAI Identificador
oai:sedici.unlp.edu.ar:10915/135408
Acceder
id SEDICI_0ff9696634f494b0acd4e250ee19fe33
oai_identifier_str oai:sedici.unlp.edu.ar:10915/135408
network_acronym_str SEDICI
repository_id_str 1329
network_name_str SEDICI (UNLP)
spelling Using Neural Networks to improve classical Operating System Fingerprinting techniquesSarraute, CarlosBurroni, JavierCiencias InformáticasNeural networksOS FingerprintingDCE-RPC endpoint mapperWe present remote Operating System detection as an inference problem: given a set of observations (the target host responses to a set of tests), we want to infer the OS type which most probably generated these observations. Classical techniques used to perform this analysis present several limitations. To improve the analysis, we have developed tools using neural networks and Statistics tools. We present two working modules: one which uses DCE-RPC endpoints to distinguish Windows versions, and another which uses Nmap signatures to distinguish different version of Windows, Linux, Solaris, OpenBSD, FreeBSD and NetBSD systems. We explain the details of the topology and inner workings of the neural networks used, and the fine tuning of their parameters. Finally we show positive experimental results.Sociedad Argentina de Informática e Investigación Operativa2008-06-26info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionArticulohttp://purl.org/coar/resource_type/c_6501info:ar-repo/semantics/articuloapplication/pdf35-47http://sedici.unlp.edu.ar/handle/10915/135408enginfo:eu-repo/semantics/altIdentifier/url/https://publicaciones.sadio.org.ar/index.php/EJS/article/view/98info:eu-repo/semantics/altIdentifier/issn/1514-6774info:eu-repo/semantics/openAccesshttp://creativecommons.org/licenses/by/4.0/Creative Commons Attribution 4.0 International (CC BY 4.0)reponame:SEDICI (UNLP)instname:Universidad Nacional de La Platainstacron:UNLP2025-10-22T17:14:58Zoai:sedici.unlp.edu.ar:10915/135408Institucionalhttp://sedici.unlp.edu.ar/Universidad públicaNo correspondehttp://sedici.unlp.edu.ar/oai/snrdalira@sedici.unlp.edu.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:13292025-10-22 17:14:58.709SEDICI (UNLP) - Universidad Nacional de La Platafalse
dc.title.none.fl_str_mv Using Neural Networks to improve classical Operating System Fingerprinting techniques
title Using Neural Networks to improve classical Operating System Fingerprinting techniques
spellingShingle Using Neural Networks to improve classical Operating System Fingerprinting techniques
Sarraute, Carlos
Ciencias Informáticas
Neural networks
OS Fingerprinting
DCE-RPC endpoint mapper
title_short Using Neural Networks to improve classical Operating System Fingerprinting techniques
title_full Using Neural Networks to improve classical Operating System Fingerprinting techniques
title_fullStr Using Neural Networks to improve classical Operating System Fingerprinting techniques
title_full_unstemmed Using Neural Networks to improve classical Operating System Fingerprinting techniques
title_sort Using Neural Networks to improve classical Operating System Fingerprinting techniques
dc.creator.none.fl_str_mv Sarraute, Carlos
Burroni, Javier
author Sarraute, Carlos
author_facet Sarraute, Carlos
Burroni, Javier
author_role author
author2 Burroni, Javier
author2_role author
dc.subject.none.fl_str_mv Ciencias Informáticas
Neural networks
OS Fingerprinting
DCE-RPC endpoint mapper
topic Ciencias Informáticas
Neural networks
OS Fingerprinting
DCE-RPC endpoint mapper
dc.description.none.fl_txt_mv We present remote Operating System detection as an inference problem: given a set of observations (the target host responses to a set of tests), we want to infer the OS type which most probably generated these observations. Classical techniques used to perform this analysis present several limitations. To improve the analysis, we have developed tools using neural networks and Statistics tools. We present two working modules: one which uses DCE-RPC endpoints to distinguish Windows versions, and another which uses Nmap signatures to distinguish different version of Windows, Linux, Solaris, OpenBSD, FreeBSD and NetBSD systems. We explain the details of the topology and inner workings of the neural networks used, and the fine tuning of their parameters. Finally we show positive experimental results.
Sociedad Argentina de Informática e Investigación Operativa
description We present remote Operating System detection as an inference problem: given a set of observations (the target host responses to a set of tests), we want to infer the OS type which most probably generated these observations. Classical techniques used to perform this analysis present several limitations. To improve the analysis, we have developed tools using neural networks and Statistics tools. We present two working modules: one which uses DCE-RPC endpoints to distinguish Windows versions, and another which uses Nmap signatures to distinguish different version of Windows, Linux, Solaris, OpenBSD, FreeBSD and NetBSD systems. We explain the details of the topology and inner workings of the neural networks used, and the fine tuning of their parameters. Finally we show positive experimental results.
publishDate 2008
dc.date.none.fl_str_mv 2008-06-26
dc.type.none.fl_str_mv info:eu-repo/semantics/article
info:eu-repo/semantics/publishedVersion
Articulo
http://purl.org/coar/resource_type/c_6501
info:ar-repo/semantics/articulo
format article
status_str publishedVersion
dc.identifier.none.fl_str_mv http://sedici.unlp.edu.ar/handle/10915/135408
url http://sedici.unlp.edu.ar/handle/10915/135408
dc.language.none.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv info:eu-repo/semantics/altIdentifier/url/https://publicaciones.sadio.org.ar/index.php/EJS/article/view/98
info:eu-repo/semantics/altIdentifier/issn/1514-6774
dc.rights.none.fl_str_mv info:eu-repo/semantics/openAccess
http://creativecommons.org/licenses/by/4.0/
Creative Commons Attribution 4.0 International (CC BY 4.0)
eu_rights_str_mv openAccess
rights_invalid_str_mv http://creativecommons.org/licenses/by/4.0/
Creative Commons Attribution 4.0 International (CC BY 4.0)
dc.format.none.fl_str_mv application/pdf
35-47
dc.source.none.fl_str_mv reponame:SEDICI (UNLP)
instname:Universidad Nacional de La Plata
instacron:UNLP
reponame_str SEDICI (UNLP)
collection SEDICI (UNLP)
instname_str Universidad Nacional de La Plata
instacron_str UNLP
institution UNLP
repository.name.fl_str_mv SEDICI (UNLP) - Universidad Nacional de La Plata
repository.mail.fl_str_mv alira@sedici.unlp.edu.ar
_version_ 1846783535988342784
score 12.982451

Publicaciones similares