Abstract
Modern enterprise networks are complex and present countless security challenges. Understanding the nature of the systems that exist within a network environment is a vital step in securing such environments. Therefore, operating systems on the network must be identified, tracked, and continuously monitored. In this research, we consider the problem of detecting unauthorized operating systems on an enterprise network, which could exist because of the unintentional actions of an authorized user or the unauthorized actions of internal users or external attackers. We intend to utilize an artificial neural network-based classifier [ANN], which will be developed using the PyTorch and fastai deep learning libraries. Simulated network traffic has been generated through the implementation of two separate virtual network environments, and the generated traffic was passively collected and analyzed prior to traversing the network boundary. The performance evaluation of the neural network classifier will be analyzed using the collected data in this research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Spitzner, L.: Know Your Enemy: Passive Fingerprinting (2000). [Online]. Available:http://old.honeynet.org/papers/finger/
Aksoy, A., Louis, S., Hadi Gunes, M.: Operating System Fingerprinting via. IEEE, pp. 2502–2509 (2017)
Lippman, R., Fried, D., Piwowarski, K., Streilein, W.: Passive operating system identification from TCP/IP packet headers. In: Proceedings of the ICDM Workshop on Data Mining for Computer Security (2003)
Schwartzenberg, J.: Using Machine Learning Techniques for Advanced Passive Operating System Fingerprinting (2010)
Aksoy, A., Gunes, M.H.: Operating system classification performance of TCP/IP protocol headers. In: IEEE 41st Conference on Local Computer Networks Workshops (2016)
Mavrakis, A.C.: Passive asset discovery and operating system fingerprinting in industrial control system networks. Technische Univerisiteit Eindhoven University of Technology (2015)
Lastovicka, M., Dufka, A., Komarkova, J.: Machine learning fingerprinting methods in cyber security domain: which one to use?. IEEE, pp. 542–547 (2018)
Gagnon, F., Esfandiari, B., Bertossi, L.: A hybrid approach to operating system discovery using answer set programming. In: 200710th IFIP/IEEE International Symposium on Integrated Network Management, Munich, pp. 391-400 (2007). https://doi.org/10.1109/INM.2007.374804
Aksoy, A., Louis, S., Gunes, M.H.: Operating system fingerprinting via automated network traffic analysis. In: 2017 IEEE Congress on Evolutionary Computation (CEC), San Sebastian, pp. 2502–2509 (2017). https://doi.org/10.1109/CEC.2017.7969609
Tyagi, R., Paul, T., Manoj, B.S., Thanudas, B.: Packet Inspection for Unauthorized OS Detection in Enterprises. In: IEEE Security & Privacy 13(4), 60–65 (July-Aug. 2015). https://doi.org/10.1109/MSP.2015.86
De Montigny-Leboeuf, A.: A multi-packet signature approach to passive operating system detection. In: DRDC Ottawa TM 2005-018 (2005)
Treurniet, J.: An overview of passive information gathering techniques for network security. In: DRDC Ottawa TM 2004-073 (2005)
Gagnon, F.: A hybrid approach to operating system discovery based on diagnosis theory, Ph.D. dissertation. School of Computer Science, Carleton University, Ottawa, Ontario (2010). Accessed on: 29 May 2019. PDF
Barakat, C., Pratt, I. (eds.): PAM 2004. LNCS, vol. 3015. Springer, Heidelberg (2004). https://doi.org/10.1007/b96961
Vigna, G., Kruegel, C., Jonsson, E. (eds.): RAID 2003. LNCS, vol. 2820. Springer, Heidelberg (2003). https://doi.org/10.1007/b13476
Sarraute, C., Burroni, J.: Using neural networks to improve classical OS fingerprinting techniques. Electronic Journal of SADIO 8(1), 35–47 (2008). https://arxiv.org/abs/1006.1918
Medeiros, J.P.S., Brito, A.M., Jr., Motta Pires, P.S.: Using intelligent techniques to extend the applicability of operating system fingerprint databases. J. Info. Assura. Sec. 5, 554–560 (2010)
Greenwald, L.G., Thomas, T.J.: Toward undetected OS fingerprinting. In: WOOT ‘07 Proceedings of the first USENIX workshop on Offensive Technologies, Article No. 6 (2007)
Medeiros, J.P.S., Brito, A.M., Motta Pires, P.S.: An Effective TCP/IP Fingerprinting Technique Based on Strange Attractors Classification. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM/SETOP -2009. LNCS, vol. 5939, pp. 208–221. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11207-2_16
Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. In: IEEE Communications Surveys & Tutorials vol. 18, no. 2, pp. 1153–1176 (Second quarter 2016). https://doi.org/10.1109/COMST.2015.2494502
Matoušek, P., Ryšavý, O., Grégr, M., Vymlátil, M.: Towards identification of operating systems from the internet traffic: IPFIX monitoring with fingerprinting and clustering. In: 2014 5th International Conference on Data Communication Networking (DCNET), Vienna, pp. 1–7 (2014)
Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient Estimation of Word Representations in Vector Space. arXiv:1301.3781 [cs. LG]
Smith, L.N.: A disciplined approach to neural network hyper-paremeters: Part 1 -- learning rate, batch size, momentum, and weight decay. arXiv:1803.09820 [cs. LG]
Kupershtein, L., Martyniuk, T., Voitovych, O., Borusevych, A., Artur, B.: Remote host operation system type detection based on machine learning approach. In: International Scientific Symposium (2022)
Zhou, E., Khotanzad, A.: Fuzzy classifier design using genetic algorithms. Pattern Recognition 40(12), 3401–3414 (2007). ISSN 0031-3203, https://doi.org/10.1016/j.patcog.2007.03.028
Versaci, M., et al.: A fuzzy similarity-based approach to classify numerically simulated and experimentally detected carbon fiber-reinforced polymer plate defects. Sensors 22, 4232 (2022). https://doi.org/10.3390/s22114232
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hopkins, S., Kalaimannan, E., John, C. (2023). Passive Operating System Fingerprinting Analysis Using Artificial Intelligence Techniques. In: Daimi, K., Al Sadoon, A. (eds) Proceedings of the 2023 International Conference on Advances in Computing Research (ACR’23). ACR 2023. Lecture Notes in Networks and Systems, vol 700. Springer, Cham. https://doi.org/10.1007/978-3-031-33743-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-33743-7_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33742-0
Online ISBN: 978-3-031-33743-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)