24,871 research outputs found

    Applying Artificial Intelligence for Operating System Fingerprinting

    Get PDF
    Presented at the 4th XoveTIC Conference, A Coruña, Spain, 7–8 October 2021.[Abstract] In the field of computer security, the possibility of knowing which specific version of an operating system is running behind a machine can be useful, to assist in a penetration test or monitor the devices connected to a specific network. One of the most widespread tools that better provides this functionality is Nmap, which follows a rule-based approach for this process. In this context, applying machine learning techniques seems to be a good option for addressing this task. The present work explores the strengths of different machine learning algorithms to perform operating system fingerprinting, using for that, the Nmap reference database. Moreover, some optimizations were applied to the method which brought the best results, random forest, obtaining an accuracy higher than 96%.CITIC, as a research center accredited by the Galician University System, is funded by “ConsellerĂ­a de Cultura, EducaciĂłn e Universidade from Xunta de Galicia”, supported—80% through ERDF, ERDF Operational Programme Galicia 2014–2020, and the remaining 20% by “SecretarĂ­a Xeral de Universidades (Grant ED431G 2019/01). This project was also supported by the “ConsellerĂ­a de Cultura, EducaciĂłn e OrdenaciĂłn Universitaria” via the Consolidation and Structuring of Competitive Research Units–Competitive Reference Groups (ED431C 2018/49) and the COST Action 17124 DigForAsp, supported by COST (European Cooperation in Science and Technology, www.cost.eu, (accessed on 25 October 2021)).Xunta de Galicia; ED431G 2019/01Xunta de Galicia; ED431C 2018/4

    adF: A Novel System for Measuring Web Fingerprinting through Ads

    Full text link
    This paper introduces adF, a novel system for analyzing the vulnerability of different devices, Operating Systems (OSes), and browsers to web fingerprinting. adF performs its measurements from code inserted in ads. We have used our system in several ad campaigns that delivered 5,40 million ad impressions. The collected data enable us to assess the vulnerability of current desktop and mobile devices to web fingerprinting. Based on our results, we estimate that 64% of desktop devices and 40% of mobile devices can be uniquely fingerprinted with our web fingerprinting system. However, the resilience to web fingerprinting varies significantly across browsers and device types, with Chrome on desktops being the most vulnerable configuration.Comment: 12 pages, 2 figures, 4 tables; added keyword

    The zombies strike back: Towards client-side beef detection

    Get PDF
    A web browser is an application that comes bundled with every consumer operating system, including both desktop and mobile platforms. A modern web browser is complex software that has access to system-level features, includes various plugins and requires the availability of an Internet connection. Like any multifaceted software products, web browsers are prone to numerous vulnerabilities. Exploitation of these vulnerabilities can result in destructive consequences ranging from identity theft to network infrastructure damage. BeEF, the Browser Exploitation Framework, allows taking advantage of these vulnerabilities to launch a diverse range of readily available attacks from within the browser context. Existing defensive approaches aimed at hardening network perimeters and detecting common threats based on traffic analysis have not been found successful in the context of BeEF detection. This paper presents a proof-of-concept approach to BeEF detection in its own operating environment – the web browser – based on global context monitoring, abstract syntax tree fingerprinting and real-time network traffic analysis

    Xprobe2++: Low volume remote network information gathering tool

    Full text link
    Active operating system fingerprinting is the process of actively determining a target network system’s underlying operating system type and characteristics by probing the target system network stack with specifically crafted packets and analyzing received response. Identifying the underlying operating system of a network host is an important char-acteristic that can be used to complement network inven-tory processes, intrusion detection system discovery mech-anisms, security network scanners, vulnerability analysis systems and other security tools that need to evaluate vul-nerabilities on remote network systems. During recent years there was a number of publications featuring techniques that aim to confuse or defeat remote network fingerprinting probes. In this paper we present a new version Xprobe2, the net-work mapping and active operating system fingerprinting tool with improved probing process, which deals with most of the defeating techniques, discussed in recent literature
    • 

    corecore