{"title":"操作系统指纹通过自动网络流量分析","authors":"A. Aksoy, S. Louis, M. H. Gunes","doi":"10.1109/CEC.2017.7969609","DOIUrl":null,"url":null,"abstract":"Operating System (OS) detection significantly impacts network management and security. Current OS classification systems used by administrators use human-expert generated network signatures for classification. In this study, we investigate an automated approach for classifying host OS by analyzing the network packets generated by them without relying on human experts. While earlier approaches look for certain packets such as SYN packets, our approach is able to use any TCP/IP packet to determine the host systems' OS. We use genetic algorithms for feature subset selection in three machine learning algorithms (i.e., OneR, Random Forest and Decision Trees) to classify host OS by analyzing network packets. With the help of feature subset selection and machine learning, we can automatically detect the difference in network behaviors of OSs and also adapt to new OSs. Results show that the genetic algorithm significantly reduces the number of packet features to be analyzed while increasing the classification performance.","PeriodicalId":335123,"journal":{"name":"2017 IEEE Congress on Evolutionary Computation (CEC)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"Operating system fingerprinting via automated network traffic analysis\",\"authors\":\"A. Aksoy, S. Louis, M. H. Gunes\",\"doi\":\"10.1109/CEC.2017.7969609\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Operating System (OS) detection significantly impacts network management and security. Current OS classification systems used by administrators use human-expert generated network signatures for classification. In this study, we investigate an automated approach for classifying host OS by analyzing the network packets generated by them without relying on human experts. While earlier approaches look for certain packets such as SYN packets, our approach is able to use any TCP/IP packet to determine the host systems' OS. We use genetic algorithms for feature subset selection in three machine learning algorithms (i.e., OneR, Random Forest and Decision Trees) to classify host OS by analyzing network packets. With the help of feature subset selection and machine learning, we can automatically detect the difference in network behaviors of OSs and also adapt to new OSs. Results show that the genetic algorithm significantly reduces the number of packet features to be analyzed while increasing the classification performance.\",\"PeriodicalId\":335123,\"journal\":{\"name\":\"2017 IEEE Congress on Evolutionary Computation (CEC)\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE Congress on Evolutionary Computation (CEC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CEC.2017.7969609\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE Congress on Evolutionary Computation (CEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CEC.2017.7969609","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Operating system fingerprinting via automated network traffic analysis
Operating System (OS) detection significantly impacts network management and security. Current OS classification systems used by administrators use human-expert generated network signatures for classification. In this study, we investigate an automated approach for classifying host OS by analyzing the network packets generated by them without relying on human experts. While earlier approaches look for certain packets such as SYN packets, our approach is able to use any TCP/IP packet to determine the host systems' OS. We use genetic algorithms for feature subset selection in three machine learning algorithms (i.e., OneR, Random Forest and Decision Trees) to classify host OS by analyzing network packets. With the help of feature subset selection and machine learning, we can automatically detect the difference in network behaviors of OSs and also adapt to new OSs. Results show that the genetic algorithm significantly reduces the number of packet features to be analyzed while increasing the classification performance.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
