Scalable OS Fingerprinting: Classification Problems and Applications

Shamsi, Zain Sarfaraz

dc.contributor.advisor	Loguinov, Dmitri
dc.creator	Shamsi, Zain Sarfaraz
dc.date.accessioned	2017-08-21T14:35:56Z
dc.date.available	2019-05-01T06:09:07Z
dc.date.created	2017-05
dc.date.issued	2017-04-07
dc.date.submitted	May 2017
dc.identifier.uri	https://hdl.handle.net/1969.1/161371
dc.description.abstract	The Internet has become ubiquitous in our lives today. With its rapid adoption and widespread growth across the planet, it has drawn many research efforts that attempt to understand and characterize this complex system. One such direction tries to discover the types of devices that compose the Internet, which is the topic of this dissertation. To accomplish such a measurement, researchers have turned to a technique called OS fingerprinting, which is a method to determine the operating system (OS) of a remote host. However, because the Internet today has evolved into a massive public network, large-scale OS fingerprinting has become a challenging problem. Due to increasing security concerns, most networks today will block many of the probes used by traditional fingerprinting tools (e.g., Nmap), thus requiring a different approach. Consequently, this has given rise to single-probe techniques which offer low overhead and minimal intrusiveness, but in turn require more sophistication in their algorithms as they are limited in the amount of information that they receive and many parameters can inject noise in the measurement (e.g., network delay, packet loss). This dissertation focuses on understanding the performance of single-probe algorithms. We study existing methods, formalize current problems in the field and devise new algorithms to improve classification accuracy and automate construction of fingerprint databases. We apply our work to multiple Internet-wide scans and discover that besides general purpose machines, the Internet today has grown to include large numbers of publicly accessible peripheral devices (e.g., routers, printers, cameras) and cyber-physical systems (e.g., lighting controllers, medical sensors). We go on to recover empirical distributions of network delays and loss, as well as likelihoods of users re-configuring their devices. With our developed techniques and results, we show that single-probe algorithms are an effective approach for accomplishing wide-scale network measurements.	en
dc.format.mimetype	application/pdf
dc.language.iso	en
dc.subject	OS fingerprinting	en
dc.subject	Internet measurement	en
dc.subject	network security	en
dc.subject	classification	en
dc.title	Scalable OS Fingerprinting: Classification Problems and Applications	en
dc.type	Thesis	en
thesis.degree.department	Computer Science and Engineering	en
thesis.degree.discipline	Computer Science	en
thesis.degree.grantor	Texas A & M University	en
thesis.degree.name	Doctor of Philosophy	en
thesis.degree.level	Doctoral	en
dc.contributor.committeeMember	Bettati, Riccardo
dc.contributor.committeeMember	Reddy, Narasimha
dc.contributor.committeeMember	Stoleru, Radu
dc.type.material	text	en
dc.date.updated	2017-08-21T14:35:56Z
local.embargo.terms	2019-05-01
local.etdauthor.orcid	0000-0001-8100-289X

Files in this item

Name:: SHAMSI-DISSERTATION-2017.pdf
Size:: 1.205Mb
Format:: PDF

View/ Open

This item appears in the following Collection(s)

Electronic Theses, Dissertations, and Records of Study (2002– )
Texas A&M University Theses, Dissertations, and Records of Study (2002– )

Show simple item record