TY - GEN
T1 - Operating System Classification Performance of TCP/IP Protocol Headers
AU - Aksoy, Ahmet
AU - Gunes, Mehmet Hadi
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/7/2
Y1 - 2016/7/2
N2 - Identification of operating systems in a local network is an issue for both network management and security. Network practitioners rely on some classifier tools, but those tools' rules are generated by an expert. Hence, existing approaches need to be manually updated for each new operating system. In this paper, we analyze the TCP/IP packet headers to automate operating system classification. To this end, we measure the classification performance of each protocol, and determine the unique features between operating systems. We utilize a genetic algorithm to determine the relevant packet header features. Then, we use several machine learning algorithms to generate set of rules that can differentiate operating systems. Overall, with IP, ICMP, TCP, UDP, HTTP, DNS, SSL, SSH, and FTP, protocol header information, on average, operating system classification can be performed at a rate of 68.0%, 51.6%, 98.4%, 71.1%, 78.7%, 29.2%, 25.0%, 22.5%, and 14.0%, respectively. In general, feature extraction with genetic algorithm further improves the results, e.g. to an average of 99.1% for TCP.
AB - Identification of operating systems in a local network is an issue for both network management and security. Network practitioners rely on some classifier tools, but those tools' rules are generated by an expert. Hence, existing approaches need to be manually updated for each new operating system. In this paper, we analyze the TCP/IP packet headers to automate operating system classification. To this end, we measure the classification performance of each protocol, and determine the unique features between operating systems. We utilize a genetic algorithm to determine the relevant packet header features. Then, we use several machine learning algorithms to generate set of rules that can differentiate operating systems. Overall, with IP, ICMP, TCP, UDP, HTTP, DNS, SSL, SSH, and FTP, protocol header information, on average, operating system classification can be performed at a rate of 68.0%, 51.6%, 98.4%, 71.1%, 78.7%, 29.2%, 25.0%, 22.5%, and 14.0%, respectively. In general, feature extraction with genetic algorithm further improves the results, e.g. to an average of 99.1% for TCP.
KW - Genetic Algorithm
KW - Machine Learning
KW - OS Fingerprinting
UR - http://www.scopus.com/inward/record.url?scp=85017520990&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85017520990&partnerID=8YFLogxK
U2 - 10.1109/LCN.2016.036
DO - 10.1109/LCN.2016.036
M3 - Conference contribution
AN - SCOPUS:85017520990
T3 - Proceedings - Conference on Local Computer Networks, LCN
SP - 112
EP - 120
BT - Proceedings - 2016 IEEE 41st Conference on Local Computer Networks Workshops, LCN Workshops 2016
T2 - 41st IEEE Conference on Local Computer Networks Workshops, LCN Workshops 2016
Y2 - 7 November 2016 through 10 November 2016
ER -