Passive Operating System Fingerprinting Revisited: Evaluation
and Current Challenges

J 2023

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

LAŠTOVIČKA, Martin, Martin HUSÁK, Petr VELAN, Tomáš JIRSÍK, Pavel ČELEDA et. al.

Základní údaje

Originální název

Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges

Autoři

LAŠTOVIČKA, Martin (203 Česká republika, garant, domácí), Martin HUSÁK (203 Česká republika, domácí), Petr VELAN (203 Česká republika, domácí), Tomáš JIRSÍK (203 Česká republika, domácí) a Pavel ČELEDA (203 Česká republika, domácí)

Vydání

Computer Networks, Netherlands, Elsevier, 2023, 1389-1286

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Nizozemské království

Utajení

není předmětem státního či obchodního tajemství

Odkazy

Published version on Elsevier ScienceDirect

Impakt faktor

Impact factor: 5.600 v roce 2022

Kód RIV

RIV/00216224:14610/23:00130617

Organizační jednotka

Ústav výpočetní techniky

DOI

http://dx.doi.org/10.1016/j.comnet.2023.109782

UT WoS

000987230300001

Klíčová slova anglicky

OS fingerprinting; network monitoring; network management; cybersecurity; machine learning; survey

Štítky

J-Q1, rivok

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 16. 3. 2024 14:14, doc. Ing. Pavel Čeleda, Ph.D.

Anotace

V originále

Fingerprinting a host's operating system is a very common yet precarious task in network, asset, and vulnerability management. Estimating the operating system via network traffic analysis may leverage TCP/IP header parameters or complex analysis of hosts' behavior using machine learning. However, the existing approaches are becoming obsolete as network traffic evolves which makes the problem still open. This paper discusses various approaches to passive OS fingerprinting and their evolution in the past twenty years. We illustrate their usage, compare their results in an experiment, and list challenges faced by the current fingerprinting approaches. The hosts' differences in network stack settings were initially the most important information source for OS fingerprinting, which is now complemented by hosts' behavioral analysis and combined approaches backed by machine learning. The most impactful reasons for this evolution were the Internet-wide network traffic encryption and the general adoption of privacy-preserving concepts in application protocols. Other changes, such as the increasing proliferation of web applications on handheld devices, raised the need to identify these devices in the networks, for which we may use the techniques of OS fingerprinting.

Návaznosti

EF16_019/0000822, projekt VaV

Název: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Přiložené soubory

1-s2.0-S138912862300227X-main.pdf

Vyhledat podobné dokumenty

Citovat

LAŠTOVIČKA, Martin, Martin HUSÁK, Petr VELAN, Tomáš JIRSÍK a Pavel ČELEDA. Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges. Computer Networks. Netherlands: Elsevier, 2023, roč. 229, č. 109782, s. 1-12. ISSN 1389-1286. Dostupné z: https://dx.doi.org/10.1016/j.comnet.2023.109782.

@article{2276417,
   author = {Laštovička, Martin and Husák, Martin and Velan, Petr and Jirsík, Tomáš and Čeleda, Pavel},
   article_location = {Netherlands},
   article_number = {109782},
   doi = {http://dx.doi.org/10.1016/j.comnet.2023.109782},
   keywords = {OS fingerprinting; network monitoring; network management; cybersecurity; machine learning; survey},
   language = {eng},
   issn = {1389-1286},
   journal = {Computer Networks},
   title = {Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges},
   url = {https://www.sciencedirect.com/science/article/pii/S138912862300227X},
   volume = {229},
   year = {2023}
}

TY  - JOUR
ID  - 2276417
AU  - Laštovička, Martin - Husák, Martin - Velan, Petr - Jirsík, Tomáš - Čeleda, Pavel
PY  - 2023
TI  - Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges
JF  - Computer Networks
VL  - 229
IS  - 109782
SP  - 1-12
EP  - 1-12
PB  - Elsevier
SN  - 13891286
KW  - OS fingerprinting
KW  - network monitoring
KW  - network management
KW  - cybersecurity
KW  - machine learning
KW  - survey
UR  - https://www.sciencedirect.com/science/article/pii/S138912862300227X
N2  - Fingerprinting a host's operating system is a very common yet precarious task in network, asset, and vulnerability management. Estimating the operating system via network traffic analysis may leverage TCP/IP header parameters or complex analysis of hosts' behavior using machine learning. However, the existing approaches are becoming obsolete as network traffic evolves which makes the problem still open. This paper discusses various approaches to passive OS fingerprinting and their evolution in the past twenty years. We illustrate their usage, compare their results in an experiment, and list challenges faced by the current fingerprinting approaches. The hosts' differences in network stack settings were initially the most important information source for OS fingerprinting, which is now complemented by hosts' behavioral analysis and combined approaches backed by machine learning. The most impactful reasons for this evolution were the Internet-wide network traffic encryption and the general adoption of privacy-preserving concepts in application protocols. Other changes, such as the increasing proliferation of web applications on handheld devices, raised the need to identify these devices in the networks, for which we may use the techniques of OS fingerprinting.
ER  -

LAŠTOVIČKA, Martin, Martin HUSÁK, Petr VELAN, Tomáš JIRSÍK a Pavel ČELEDA. Passive Operating System Fingerprinting Revisited: Evaluation and Current Challenges. \textit{Computer Networks}. Netherlands: Elsevier, 2023, roč.~229, č.~109782, s.~1-12. ISSN~1389-1286. Dostupné z: https://dx.doi.org/10.1016/j.comnet.2023.109782.

Podrobný výpis o publikaci