Skip to Main content Skip to Navigation
Conference papers

Advanced Network Fingerprinting

Humberto Abdelnur 1 Radu State 1 Olivier Festor 1
1 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Security assessment tasks and intrusion detection systems do rely on automated fingerprinting of devices and services. Most current fingerprinting approaches use a signature matching scheme, where a set of signatures are compared with traffic issued by an unknown entity. The entity is identified by finding the closest match with the stored signatures. These fingerprinting signatures are found mostly manually, requiring a laborious activity and needing advanced domain specific expertise. In this paper we describe a novel approach to automate this process and build flexible and efficient fingerprinting systems able to identify the source entity of messages in the network. We follow a passive approach without need to interact with the tested device. Application level traffic is captured passively and inherent structural features are used for the classification process. We describe and assess a new technique for the automated extraction of protocol fingerprints based on arborescent features extracted from the underlying grammar. We have successfully applied our technique to the Session Initiation Protocol (SIP) used in Voice over IP signalling.
Document type :
Conference papers
Complete list of metadata

Cited literature [21 references]  Display  Hide  Download

https://hal.inria.fr/inria-00326054
Contributor : Humberto Abdelnur <>
Submitted on : Wednesday, October 1, 2008 - 1:46:27 PM
Last modification on : Friday, February 26, 2021 - 3:28:04 PM
Long-term archiving on: : Friday, June 4, 2010 - 12:04:01 PM

File

Advanced_Network_Fingerprintin...
Files produced by the author(s)

Identifiers

Collections

Citation

Humberto Abdelnur, Radu State, Olivier Festor. Advanced Network Fingerprinting. Recent Advances in Intrusion Detection, MIT, Sep 2008, Boston, United States. pp.372-389, ⟨10.1007/978-3-540-87403-4⟩. ⟨inria-00326054⟩

Share

Metrics

Record views

288

Files downloads

1593