Figure 3 - uploaded by Sujeet Shenoi
Content may be subject to copyright.
Source publication
This paper describes a novel tool for remotely "fingerprinting" computers used in criminal activity. The tool employs network scanning and machine identification techniques to acquire a fingerprint of a computer over the Internet. The fingerprint includes identifying information about the operating system, banners, enumerations and services. Once t...
Context in source publication
Context 1
... variations help differentiate between OS specific network protocol implementations. Figure 3 displays the database schema used in OS detection. The main table (Fingerprint) links each of the individual tests into a single fingerprint, which identifies the OS based on the test results. ...
Similar publications
![Fig. 2. Tor traffic layer [22].](profile/Mohamad-Amar-Irsyad-Mohd-Aminuddin-2/publication/327399393/figure/fig2/AS:666763205304320@1535980144096/Tor-traffic-layer-22_Q320.jpg)
Tor (The Onion Router) is an anonymity tool that is widely used worldwide. Tor protect its user privacy against surveillance and censorship using strong encryption and obfuscation techniques which makes it extremely difficult to monitor and identify users' activity on the Tor network. It also implements strong defense to protect the users against t...
Citations
This chapter addresses the identification of a remote operating system, across a computer network, with the aid of computational intelligence. Based on an introductory presentation of fundamental concepts of remote operating system detection, we present a survey on the use of computational intelligence in this area. This study points to new research directions that are developed in this work. Specifically, this work presents advances in (1) the algorithm used to extract distinguishable characteristics from reliable data and (2) the procedure used to minimize the amount of data necessary to classification. Considering a set of 16 operating systems, the results indicate that is possible to perform identification using only 25 network messages with high levels of accuracy, reaching a correct classification rate above 98%.
The process of remote characterization and identification of computers has many applications in network security and forensics. On network forensics, this process can be used together with intrusion detection systems to characterize suspicious machines of remote attackers. The characterization of remote computers is based on the analysis of network data originated from the remote machine. The classical approach is to exploit peculiar characteristics of different implementations of network protocols at each layer of the protocol stack, i.e. link, network, transport and application layers. Recent works show that the use of computational intelligence techniques can improve the identification performance when compared to classical classification algorithms and tools. This chapter presents some advances in this area and surveys the use of computational intelligence for remote identification of computers and its applications to network forensics.
