Advanced Network Fingerprinting

Humberto Abdelnur 1 Radu State 1 Olivier Festor 1
1 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Security assessment tasks and intrusion detection systems do rely on automated fingerprinting of devices and services. Most current fingerprinting approaches use a signature matching scheme, where a set of signatures are compared with traffic issued by an unknown entity. The entity is identified by finding the closest match with the stored signatures. These fingerprinting signatures are found mostly manually, requiring a laborious activity and needing advanced domain specific expertise. In this paper we describe a novel approach to automate this process and build flexible and efficient fingerprinting systems able to identify the source entity of messages in the network. We follow a passive approach without need to interact with the tested device. Application level traffic is captured passively and inherent structural features are used for the classification process. We describe and assess a new technique for the automated extraction of protocol fingerprints based on arborescent features extracted from the underlying grammar. We have successfully applied our technique to the Session Initiation Protocol (SIP) used in Voice over IP signalling.
Type de document :
Communication dans un congrès
Ari Trachtenberg. Recent Advances in Intrusion Detection, Sep 2008, Boston, United States. Springer Berlin / Heidelberg, Volume 5230/2008, pp.372-389, 2008, Computer Science. 〈10.1007/978-3-540-87403-4〉
Liste complète des métadonnées

Littérature citée [21 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00326054
Contributeur : Humberto Abdelnur <>
Soumis le : mercredi 1 octobre 2008 - 13:46:27
Dernière modification le : jeudi 11 janvier 2018 - 06:19:49
Document(s) archivé(s) le : vendredi 4 juin 2010 - 12:04:01

Fichier

Advanced_Network_Fingerprintin...
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Humberto Abdelnur, Radu State, Olivier Festor. Advanced Network Fingerprinting. Ari Trachtenberg. Recent Advances in Intrusion Detection, Sep 2008, Boston, United States. Springer Berlin / Heidelberg, Volume 5230/2008, pp.372-389, 2008, Computer Science. 〈10.1007/978-3-540-87403-4〉. 〈inria-00326054〉

Partager

Métriques

Consultations de la notice

231

Téléchargements de fichiers

950