Chapter

Computational Intelligence in Security for Information Systems

Volume 63 of the series Advances in Intelligent and Soft Computing pp 1-8

A Data Mining Based Analysis of Nmap Operating System Fingerprint Database

  • João Paulo S. MedeirosAffiliated withLabSIN - Security Information Laboratory, Department of Computer Engineering and Automation – DCA, Federal University of Rio Grande do Norte – UFRN
  • , Agostinho M. BritoJr.Affiliated withLabSIN - Security Information Laboratory, Department of Computer Engineering and Automation – DCA, Federal University of Rio Grande do Norte – UFRN
  • , Paulo S. Motta PiresAffiliated withLabSIN - Security Information Laboratory, Department of Computer Engineering and Automation – DCA, Federal University of Rio Grande do Norte – UFRN

* Final gross prices may vary according to local VAT.

Get Access

Abstract

An Operating System (OS) fingerprint database is used by Nmap to identify OSes performing TCP/IP (Transmission Control Protocol/Internet Protocol) stack identification. Each entry in Nmap OS fingerprint database (nmap-os-db) represents an OS. Using data mining techniques, we propose three new forms of representation of nmap-os-db that can express how operating systems are similar among them according to their TCP/IP stack implementation. This approach can improve the capability of identifying devices running unknown OSes. Other applications are also presented.