Operating system fingerprinting via automated network traffic analysis

Ahmet Aksoy, Sushil Louis, Mehmet Hadi Gunes

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    25 Scopus citations

    Abstract

    Operating System (OS) detection significantly impacts network management and security. Current OS classification systems used by administrators use human-expert generated network signatures for classification. In this study, we investigate an automated approach for classifying host OS by analyzing the network packets generated by them without relying on human experts. While earlier approaches look for certain packets such as SYN packets, our approach is able to use any TCP/IP packet to determine the host systems' OS. We use genetic algorithms for feature subset selection in three machine learning algorithms (i.e., OneR, Random Forest and Decision Trees) to classify host OS by analyzing network packets. With the help of feature subset selection and machine learning, we can automatically detect the difference in network behaviors of OSs and also adapt to new OSs. Results show that the genetic algorithm significantly reduces the number of packet features to be analyzed while increasing the classification performance.

    Original languageEnglish
    Title of host publication2017 IEEE Congress on Evolutionary Computation, CEC 2017 - Proceedings
    Pages2502-2509
    Number of pages8
    ISBN (Electronic)9781509046010
    DOIs
    StatePublished - 5 Jul 2017
    Event2017 IEEE Congress on Evolutionary Computation, CEC 2017 - Donostia-San Sebastian, Spain
    Duration: 5 Jun 20178 Jun 2017

    Publication series

    Name2017 IEEE Congress on Evolutionary Computation, CEC 2017 - Proceedings

    Conference

    Conference2017 IEEE Congress on Evolutionary Computation, CEC 2017
    Country/TerritorySpain
    CityDonostia-San Sebastian
    Period5/06/178/06/17

    Keywords

    • Genetic algorithm
    • Machine learning
    • OS classification

    Fingerprint

    Dive into the research topics of 'Operating system fingerprinting via automated network traffic analysis'. Together they form a unique fingerprint.

    Cite this