Machine Learning Techniques for Passive Network Inventory

Jérôme François 1, 2 Humberto Abdelnur 2 Radu State 3 Olivier Festor 2
1 SnT - Interdisciplinary Centre for Security Relaibility and Trust
2 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
3 SnT - Interdisciplinary Centre for Security, Reliability and Trust [Luxembourg]
Abstract : Being able to fingerprint devices and services, \ie remotely identify running code, is a powerful service for both security assessment and inventory management. This paper describes two novel fingerprinting techniques supported by isomorphic based distances which are adapted for measuring the similarity between two syntactic trees. The first method leverages the support vector machines paradigm and requires a learning stage. The second method operates in an unsupervised manner thanks to a new classification algorithm derived from the ROCK and QROCK algorithms. It provides an efficient and accurate classification. We highlight the use of such classification techniques for identifying the remote running applications. The approaches are validated through extensive experimentations on SIP (Session Initiation Protocol) for evaluating the impact of the different parameters and identifying the best configuration before applying the techniques to network traces collected by a real operator.
Keywords : fingerprinting inventory management syntactic tree SVM
Type de document :
Article dans une revue
IEEE Transactions on Network and Service Management, IEEE, 2010, 7 (4), pp.244 - 257. 〈10.1109/TNSM.2010.1012.0352〉
Liste complète des métadonnées

Littérature citée [28 références]  Voir  Masquer  Télécharger
https://hal.inria.fr/inria-00536147
Contributeur : Jérôme François <>
Soumis le : lundi 20 décembre 2010 - 13:42:55
Dernière modification le : jeudi 11 janvier 2018 - 06:19:49
Document(s) archivé(s) le : jeudi 30 juin 2011 - 13:36:53

Fichier

tnsm.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

INRIA | LORIA | UNIV-LORRAINE

Citation

Jérôme François, Humberto Abdelnur, Radu State, Olivier Festor. Machine Learning Techniques for Passive Network Inventory. IEEE Transactions on Network and Service Management, IEEE, 2010, 7 (4), pp.244 - 257. 〈10.1109/TNSM.2010.1012.0352〉. 〈inria-00536147〉

Exporter

BibTeX TEI DC DCterms EndNote

Partager

Métriques

Consultations de la notice

392

Téléchargements de fichiers

949

Contact


archive-ouverte@inria.fr