Skip to Main content Skip to Navigation
New interface
Conference papers

Advanced Network Fingerprinting

Humberto Abdelnur 1 Radu State 1 Olivier Festor 1 
1 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Security assessment tasks and intrusion detection systems do rely on automated fingerprinting of devices and services. Most current fingerprinting approaches use a signature matching scheme, where a set of signatures are compared with traffic issued by an unknown entity. The entity is identified by finding the closest match with the stored signatures. These fingerprinting signatures are found mostly manually, requiring a laborious activity and needing advanced domain specific expertise. In this paper we describe a novel approach to automate this process and build flexible and efficient fingerprinting systems able to identify the source entity of messages in the network. We follow a passive approach without need to interact with the tested device. Application level traffic is captured passively and inherent structural features are used for the classification process. We describe and assess a new technique for the automated extraction of protocol fingerprints based on arborescent features extracted from the underlying grammar. We have successfully applied our technique to the Session Initiation Protocol (SIP) used in Voice over IP signalling.
Document type :
Conference papers
Complete list of metadata

Cited literature [21 references]  Display  Hide  Download
Contributor : Humberto Abdelnur Connect in order to contact the contributor
Submitted on : Wednesday, October 1, 2008 - 1:46:27 PM
Last modification on : Wednesday, February 2, 2022 - 3:51:41 PM
Long-term archiving on: : Friday, June 4, 2010 - 12:04:01 PM


Files produced by the author(s)




Humberto Abdelnur, Radu State, Olivier Festor. Advanced Network Fingerprinting. Recent Advances in Intrusion Detection, MIT, Sep 2008, Boston, United States. pp.372-389, ⟨10.1007/978-3-540-87403-4⟩. ⟨inria-00326054⟩



Record views


Files downloads