Skip to Main content Skip to Navigation
Journal articles

Machine Learning Techniques for Passive Network Inventory

Abstract : Being able to fingerprint devices and services, \ie remotely identify running code, is a powerful service for both security assessment and inventory management. This paper describes two novel fingerprinting techniques supported by isomorphic based distances which are adapted for measuring the similarity between two syntactic trees. The first method leverages the support vector machines paradigm and requires a learning stage. The second method operates in an unsupervised manner thanks to a new classification algorithm derived from the ROCK and QROCK algorithms. It provides an efficient and accurate classification. We highlight the use of such classification techniques for identifying the remote running applications. The approaches are validated through extensive experimentations on SIP (Session Initiation Protocol) for evaluating the impact of the different parameters and identifying the best configuration before applying the techniques to network traces collected by a real operator.
Document type :
Journal articles
Complete list of metadata

Cited literature [28 references]  Display  Hide  Download

https://hal.inria.fr/inria-00536147
Contributor : Jérôme François Connect in order to contact the contributor
Submitted on : Monday, December 20, 2010 - 1:42:55 PM
Last modification on : Wednesday, February 2, 2022 - 3:51:30 PM
Long-term archiving on: : Thursday, June 30, 2011 - 1:36:53 PM

File

tnsm.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Jérôme François, Humberto Abdelnur, Radu State, Olivier Festor. Machine Learning Techniques for Passive Network Inventory. IEEE Transactions on Network and Service Management, IEEE, 2010, 7 (4), pp.244 - 257. ⟨10.1109/TNSM.2010.1012.0352⟩. ⟨inria-00536147⟩

Share

Metrics

Record views

422

Files downloads

1009