The Experts below are selected from a list of 2931 Experts worldwide ranked by ideXlab platform
Taras Panskyi - One of the best experts on this subject based on the ideXlab platform.
-
analysis of an Active Fingerprinting application of the transport layer of tcp ip stack for remote os detection
Eastern-European Journal of Enterprise Technologies, 2015Co-Authors: Volodymyr Mosorov, Sebastian Biedron, Taras PanskyiAbstract:Looking out for number of formed new operating systems and their quality we can clearly say that the cybercrime era is only just beginning. Developers are more interested in an early release of a new product than proper protection of the previously existing one, which implies a negligible "incorrect" implementation of TCP/IP stack. Future releases of the operating system usually have the same irregularities and frequently there are new irregularities in the behavior of the system on at the carried out standard scans. Summarizing, incensement of the interest in Active Fingerprinting of the transport layer of TCP/IP stack have been the objective of this paper. Out of all the layers of protocols, we can conclude that the TCP due to the many unused functionality in its construction constitutes quite large source on the basis of which the device can be clearly identified by the scan. In this paper a different tests have been presented, namely: Flag probing, Window size probing, Time of Retransmission, Options sequence, TCP Timestamp, TCP ISN, which allowed us to estimate and analyze the reaction of different systems on them.
-
comparison overview of an Active Fingerprinting application of the second and the third layer of tcp ip stack
Eastern-European Journal of Enterprise Technologies, 2015Co-Authors: Volodymyr Mosorov, Sebastian Biedron, Taras PanskyiAbstract:Nowadays, computer networks have become as popular as telephone networks fifteen years ago and by the year they are playing ever more important functions in human life. Not only they have created huge opportunities in many areas of life, facilitating communications or obtaining information, but also have provided online entertainment as well. The invention, originally developed for military purposes in one of the darkest periods of human civilization, has become the greatest discovery of the twentieth century, connecting millions of people around the world into one big community. Whatever the differences in size or devices used, a computer network can be defined as a combination of terminal devices, transmission medium, intermediate communication devices and network software (network area). Currently, anyone can build their own network or join the largest of them - the Internet - via a local Internet provider. Unfortunately, the Internet is not only a virtually unlimited source of information, entertainment, communication, and work. Alongside its positive aspects and conveniences it poses numerous risks to uninformed users. This publication aims to cast light on the aspects of the method of sampling operating systems security of network computers, i.e. Active Fingerprinting of the data link layer and Internet TCP/IP stack layer.
Volodymyr Mosorov - One of the best experts on this subject based on the ideXlab platform.
-
analysis of an Active Fingerprinting application of the transport layer of tcp ip stack for remote os detection
Eastern-European Journal of Enterprise Technologies, 2015Co-Authors: Volodymyr Mosorov, Sebastian Biedron, Taras PanskyiAbstract:Looking out for number of formed new operating systems and their quality we can clearly say that the cybercrime era is only just beginning. Developers are more interested in an early release of a new product than proper protection of the previously existing one, which implies a negligible "incorrect" implementation of TCP/IP stack. Future releases of the operating system usually have the same irregularities and frequently there are new irregularities in the behavior of the system on at the carried out standard scans. Summarizing, incensement of the interest in Active Fingerprinting of the transport layer of TCP/IP stack have been the objective of this paper. Out of all the layers of protocols, we can conclude that the TCP due to the many unused functionality in its construction constitutes quite large source on the basis of which the device can be clearly identified by the scan. In this paper a different tests have been presented, namely: Flag probing, Window size probing, Time of Retransmission, Options sequence, TCP Timestamp, TCP ISN, which allowed us to estimate and analyze the reaction of different systems on them.
-
comparison overview of an Active Fingerprinting application of the second and the third layer of tcp ip stack
Eastern-European Journal of Enterprise Technologies, 2015Co-Authors: Volodymyr Mosorov, Sebastian Biedron, Taras PanskyiAbstract:Nowadays, computer networks have become as popular as telephone networks fifteen years ago and by the year they are playing ever more important functions in human life. Not only they have created huge opportunities in many areas of life, facilitating communications or obtaining information, but also have provided online entertainment as well. The invention, originally developed for military purposes in one of the darkest periods of human civilization, has become the greatest discovery of the twentieth century, connecting millions of people around the world into one big community. Whatever the differences in size or devices used, a computer network can be defined as a combination of terminal devices, transmission medium, intermediate communication devices and network software (network area). Currently, anyone can build their own network or join the largest of them - the Internet - via a local Internet provider. Unfortunately, the Internet is not only a virtually unlimited source of information, entertainment, communication, and work. Alongside its positive aspects and conveniences it poses numerous risks to uninformed users. This publication aims to cast light on the aspects of the method of sampling operating systems security of network computers, i.e. Active Fingerprinting of the data link layer and Internet TCP/IP stack layer.
Sebastian Biedron - One of the best experts on this subject based on the ideXlab platform.
-
analysis of an Active Fingerprinting application of the transport layer of tcp ip stack for remote os detection
Eastern-European Journal of Enterprise Technologies, 2015Co-Authors: Volodymyr Mosorov, Sebastian Biedron, Taras PanskyiAbstract:Looking out for number of formed new operating systems and their quality we can clearly say that the cybercrime era is only just beginning. Developers are more interested in an early release of a new product than proper protection of the previously existing one, which implies a negligible "incorrect" implementation of TCP/IP stack. Future releases of the operating system usually have the same irregularities and frequently there are new irregularities in the behavior of the system on at the carried out standard scans. Summarizing, incensement of the interest in Active Fingerprinting of the transport layer of TCP/IP stack have been the objective of this paper. Out of all the layers of protocols, we can conclude that the TCP due to the many unused functionality in its construction constitutes quite large source on the basis of which the device can be clearly identified by the scan. In this paper a different tests have been presented, namely: Flag probing, Window size probing, Time of Retransmission, Options sequence, TCP Timestamp, TCP ISN, which allowed us to estimate and analyze the reaction of different systems on them.
-
comparison overview of an Active Fingerprinting application of the second and the third layer of tcp ip stack
Eastern-European Journal of Enterprise Technologies, 2015Co-Authors: Volodymyr Mosorov, Sebastian Biedron, Taras PanskyiAbstract:Nowadays, computer networks have become as popular as telephone networks fifteen years ago and by the year they are playing ever more important functions in human life. Not only they have created huge opportunities in many areas of life, facilitating communications or obtaining information, but also have provided online entertainment as well. The invention, originally developed for military purposes in one of the darkest periods of human civilization, has become the greatest discovery of the twentieth century, connecting millions of people around the world into one big community. Whatever the differences in size or devices used, a computer network can be defined as a combination of terminal devices, transmission medium, intermediate communication devices and network software (network area). Currently, anyone can build their own network or join the largest of them - the Internet - via a local Internet provider. Unfortunately, the Internet is not only a virtually unlimited source of information, entertainment, communication, and work. Alongside its positive aspects and conveniences it poses numerous risks to uninformed users. This publication aims to cast light on the aspects of the method of sampling operating systems security of network computers, i.e. Active Fingerprinting of the data link layer and Internet TCP/IP stack layer.
Patrice Auffret - One of the best experts on this subject based on the ideXlab platform.
-
SinFP, unification of Active and passive operating system Fingerprinting
Journal in Computer Virology, 2010Co-Authors: Patrice AuffretAbstract:The ubiquity of firewalls using Network Address Translation and Port Address Translation ( NAT / PAT ), stateful inspection, and packet normalization technologies is taking its toll on today’s approaches to operating system Fingerprinting. Hence, SinFP was developed attempting to address the limitations of current tools. SinFP implements new methods, like the usage of signatures acquired by Active Fingerprinting when performing passive Fingerprinting. Furthermore, SinFP is the first tool to perform operating system Fingerprinting on IPv6 (both Active and passive modes). Thanks to its signature matching algorithm, it is almost superfluous to add new signatures to its current database. In addition, its heuristic matching algorithm makes it highly resilient against signatures that have been modified by intermediate routing and/or filtering devices in-between, and against TCP/IP customization methods. This document presents an in-depth explanation of techniques implemented by SinFP tool.
Hagos, Desta Haileselassie - One of the best experts on this subject based on the ideXlab platform.
-
A Machine Learning-based Tool for Passive OS Fingerprinting with TCP Variant as a Novel Feature
'Institute of Electrical and Electronics Engineers (IEEE)', 2021Co-Authors: Hagos, Desta Haileselassie, Yazidi Anis, Kure Øivind, Engelstad PaalAbstract:With the emergence of Internet of Things (IoT), securing and managing large, complex enterprise network infrastructure requires capturing and analyzing network traffic traces in real time. An accurate passive operating system (OS) Fingerprinting plays a critical role in effective network management and cybersecurity protection. Passive Fingerprinting does not send probes that introduce extra load to the network and hence it has a clear advantage over Active Fingerprinting since it also reduces the risk of triggering false alarms. This article proposes and evaluates an advanced classification approach to passive OS Fingerprinting by leveraging state-of-the-art classical machine learning and deep learning techniques. Our controlled experiments on benchmark data, emulated, and realistic traffic is performed using two approaches. Through an Oracle-based machine learning approach, we found that the underlying TCP variant is an important feature for predicting the remote OS. Based on this observation, we develop a sophisticated tool for OS Fingerprinting that first predicts the TCP flavor using passive traffic traces and then uses this prediction as an input feature for another machine learning algorithm for predicting the remote OS from passive measurements. This article takes the passive Fingerprinting problem one step further by introducing the underlying predicted TCP variant as a distinguishing feature. In terms of accuracy, we empirically demonstrate that accurately predicting the TCP variant has the potential to boost the evaluation performance from 84% to 94% on average across all our validation scenarios and across different types of traffic sources. We also demonstrate a practical example of this potential, by increasing the performance to 91.2% and 95.3% on average using a tool for loss-based and delay-based TCP variants prediction in an emulated setting. To the best of our knowledge, this is the first study that explores the potential for using the knowledge of the TCP variant to significantly boost the accuracy of passive OS Fingerprinting
-
Advanced passive operating system Fingerprinting using machine learning and deep learning
'Institute of Electrical and Electronics Engineers (IEEE)', 2020Co-Authors: Hagos, Desta Haileselassie, Løland Martin, Yazidi Anis, Kure Øivind, Engelstad, Paal E.Abstract:Securing and managing large, complex enterprise network infrastructure requires capturing and analyzing network traffic traces in real-time. An accurate passive Operating System (OS) Fingerprinting plays a critical role in effective network management and cybersecurity protection. Passive Fingerprinting doesn't send probes that introduce extra load to the network and hence it has a clear advantage over Active Fingerprinting since it also reduces the risk of triggering false alarms. This paper proposes and evaluates an advanced classification approach to passive OS Fingerprinting by leveraging state-of-the-art classical machine learning and deep learning techniques. Our controlled experiments on benchmark data, emulated and realistic traffic is performed using two approaches. Through an Oracle-based machine learning approach, we found that the underlying TCP variant is an important feature for predicting the remote OS. Based on this observation, we develop a sophisticated tool for OS Fingerprinting that first predicts the TCP flavor using passive traffic traces and then uses this prediction as an input feature for another machine learning algorithm for predicting the remote OS from passive measurements. This paper takes the passive Fingerprinting problem one step further by introducing the underlying predicted TCP variant as a distinguishing feature. In terms of accuracy, we empirically demonstrate that accurately predicting the TCP variant has the potential to boost the evaluation performance from 84% to 94% on average across all our validation scenarios and across different types of traffic sources. We also demonstrate a practical example of this potential, by increasing the performance to 91.3% on average using a tool for TCP variant prediction in an emulated setting. To the best of our knowledge, this is the first study that explores the potential for using the knowledge of the TCP variant to significantly boost the accuracy of passive OS Fingerprinting
