DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING | DWIGHT LOOK COLLEGE OF ENGINEERING | TEXAS A&M UNIVERSITY

 

HOME

ABOUT

COURSES

PEOPLE

PROJECTS

PUBLICATIONS

CONTACT

Remote OS fingerprinting/classification

Abstract

Determining the operating system of a remote host using interaction with its network stack is an important task in security, especially using low-overhead non-intrusive measurements. Volatility of observed features (e.g., retransmission timeouts affected by network jitter, TCP window size tweaked by end-users) and difficulty in differentiating between similar stacks leads to interesting questions in stochastic modeling, classification, and Internet characterization. Our initial investigation into these issues has created new methodology and measurement techniques (Hershel, Hershel+, Plata, Faulds) for solving this problem. Below are the papers describing these findings.

Journal Papers

 
bullet

Z. Shamsi and D. Loguinov, "Unsupervised Clustering Under Temporal Feature Volatility in Network Stack Fingerprinting," IEEE/ACM Transactions on Networking, vol. 25, no. 4, August 2017.

PDF
 
bullet

Z. Shamsi, A. Nandwani, D. Leonard, and D. Loguinov, "Hershel: Single-Packet OS Fingerprinting,"  IEEE/ACM Transactions on Networking, vol. 24, no. 4, August 2016.

PDF

Conference Papers

 
bullet

Z. Shamsi, D.B.H. Cline, and D. Loguinov, "Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting," ACM CCS, October 2017.

PDF, PPT
 
bullet

Z. Shamsi and D. Loguinov, "Unsupervised Clustering Under Temporal Feature Volatility in Network Stack Fingerprinting," ACM SIGMETRICS, June 2016.

PDF, PPT
 
bullet

Z. Shamsi, A. Nandwani, D. Leonard, and D. Loguinov, "Hershel: Single-Packet OS Fingerprinting," ACM SIGMETRICS, June 2014.

PDF, PPT

Technical Reports

 
bullet

Z. Shamsi, D.B.H. Cline, and D. Loguinov, "Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting," Texas A&M Technical Report  2017-8-2, August 2017.

PDF

Software

Original Hershel code and database, latest version on github

Original Hershel+ code and database, latest version on github

Faulds on github


     Copyright © 2002-2020 IRL at Texas A&M. All Rights Reserved.