24,871 research outputs found
Applying Artificial Intelligence for Operating System Fingerprinting
Presented at the 4th XoveTIC Conference, A Coruña, Spain, 7â8 October 2021.[Abstract] In the field of computer security, the possibility of knowing which specific version of an operating system is running behind a machine can be useful, to assist in a penetration test or monitor the devices connected to a specific network. One of the most widespread tools that better provides this functionality is Nmap, which follows a rule-based approach for this process. In this context, applying machine learning techniques seems to be a good option for addressing this task. The present work explores the strengths of different machine learning algorithms to perform operating system fingerprinting, using for that, the Nmap reference database. Moreover, some optimizations were applied to the method which brought the best results, random forest, obtaining an accuracy higher than 96%.CITIC, as a research center accredited by the Galician University System, is funded by âConsellerĂa de Cultura, EducaciĂłn e Universidade from Xunta de Galiciaâ, supportedâ80% through ERDF, ERDF Operational Programme Galicia 2014â2020, and the remaining 20% by âSecretarĂa Xeral de Universidades (Grant ED431G 2019/01). This project was also supported by the âConsellerĂa de Cultura, EducaciĂłn e OrdenaciĂłn Universitariaâ via the Consolidation and Structuring of Competitive Research UnitsâCompetitive Reference Groups (ED431C 2018/49) and the COST Action 17124 DigForAsp, supported by COST (European Cooperation in Science and Technology, www.cost.eu, (accessed on 25 October 2021)).Xunta de Galicia; ED431G 2019/01Xunta de Galicia; ED431C 2018/4
Recommended from our members
Multi-aspect, robust, and memory exclusive guest os fingerprinting
Precise fingerprinting of an operating system (OS) is critical to many security and forensics applications in the cloud, such as virtual machine (VM) introspection, penetration testing, guest OS administration, kernel dump analysis, and memory forensics. The existing OS fingerprinting techniques primarily inspect network packets or CPU states, and they all fall short in precision and usability. As the physical memory of a VM always exists in all these applications, in this article, we present OS-Sommelier+, a multi-aspect, memory exclusive approach for precise and robust guest OS fingerprinting in the cloud. It works as follows: given a physical memory dump of a guest OS, OS-Sommelier+ first uses a code hash based approach from kernel code aspect to determine the guest OS version. If code hash approach fails, OS-Sommelier+ then uses a kernel data signature based approach from kernel data aspect to determine the version. We have implemented a prototype system, and tested it with a number of Linux kernels. Our evaluation results show that the code hash approach is faster but can only fingerprint the known kernels, and data signature approach complements the code signature approach and can fingerprint even unknown kernels
adF: A Novel System for Measuring Web Fingerprinting through Ads
This paper introduces adF, a novel system for analyzing the vulnerability of
different devices, Operating Systems (OSes), and browsers to web
fingerprinting. adF performs its measurements from code inserted in ads. We
have used our system in several ad campaigns that delivered 5,40 million ad
impressions. The collected data enable us to assess the vulnerability of
current desktop and mobile devices to web fingerprinting. Based on our results,
we estimate that 64% of desktop devices and 40% of mobile devices can be
uniquely fingerprinted with our web fingerprinting system. However, the
resilience to web fingerprinting varies significantly across browsers and
device types, with Chrome on desktops being the most vulnerable configuration.Comment: 12 pages, 2 figures, 4 tables; added keyword
The zombies strike back: Towards client-side beef detection
A web browser is an application that comes bundled with every consumer operating system, including both desktop and mobile platforms. A modern web browser is complex software that has access to system-level features, includes various plugins and requires the availability of an Internet connection. Like any multifaceted software products, web browsers are prone to numerous vulnerabilities. Exploitation of these vulnerabilities can result in destructive consequences ranging from identity theft to network infrastructure damage. BeEF, the Browser Exploitation Framework, allows taking advantage of these vulnerabilities to launch a diverse range of readily available attacks from within the browser context. Existing defensive approaches aimed at hardening network perimeters and detecting common threats based on traffic analysis have not been found successful in the context of BeEF detection. This paper presents a proof-of-concept approach to BeEF detection in its own operating environment â the web browser â based on global context monitoring, abstract syntax tree fingerprinting and real-time network traffic analysis
Xprobe2++: Low volume remote network information gathering tool
Active operating system fingerprinting is the process of actively determining a target network systemâs underlying operating system type and characteristics by probing the target system network stack with specifically crafted packets and analyzing received response. Identifying the underlying operating system of a network host is an important char-acteristic that can be used to complement network inven-tory processes, intrusion detection system discovery mech-anisms, security network scanners, vulnerability analysis systems and other security tools that need to evaluate vul-nerabilities on remote network systems. During recent years there was a number of publications featuring techniques that aim to confuse or defeat remote network fingerprinting probes. In this paper we present a new version Xprobe2, the net-work mapping and active operating system fingerprinting tool with improved probing process, which deals with most of the defeating techniques, discussed in recent literature
- âŠ