Advertisement

A Data Mining Based Analysis of Nmap Operating System Fingerprint Database

  • João Paulo S. Medeiros
  • Agostinho M. BritoJr.
  • Paulo S. Motta Pires
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 63)

Abstract

An Operating System (OS) fingerprint database is used by Nmap to identify OSes performing TCP/IP (Transmission Control Protocol/Internet Protocol) stack identification. Each entry in Nmap OS fingerprint database (nmap-os-db) represents an OS. Using data mining techniques, we propose three new forms of representation of nmap-os-db that can express how operating systems are similar among them according to their TCP/IP stack implementation. This approach can improve the capability of identifying devices running unknown OSes. Other applications are also presented.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Kohonen, T.: Self-organized formation of topologically correct feature maps. Biological Cybernetics 43(1), 59–69 (1982)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Fritzke, B.: A Growing Neural Gas Network Learns Topologies. Advances in Neural Information Processing Systems 7 (1995)Google Scholar
  3. 3.
    Hartigan, J., Wong, M.: A K-means Clustering Algorithm. JR Stat. Soc. Ser. C-Appl. Stat. 28, 100–108 (1979)zbMATHGoogle Scholar
  4. 4.
    Fyodor: Remote OS Detection via TCP/IP Fingerprinting. Phrack Magazine 8 (1998)Google Scholar
  5. 5.
    Fyodor: Nmap Network Scanning. Insecure.Com LLC (2008)Google Scholar
  6. 6.
    Han, J., Kamber, M.: Data mining: concepts and techniques, 2nd edn. Morgan Kaufmann, San Francisco (2006)Google Scholar
  7. 7.
    Kohonen, T.: Self-Organizing Maps, 3rd edn. Springer, Heidelberg (2001)zbMATHGoogle Scholar
  8. 8.
    Haykin, S.: Neural Networks: A Comprehensive Foundation. Prentice-Hall, Englewood Cliffs (1999)zbMATHGoogle Scholar
  9. 9.
    Apple Developer Connection: Open Source (2009), http://developer.apple.com/opensource/index.html
  10. 10.
    FreeBSD News: FreeBSD embedded systems (2008), http://www.freebsdnews.net/2008/07/24/freebsd-embedded-systems/
  11. 11.
    NetBSD Project: Products based on NetBSD (2009), http://www.netbsd.org/gallery/products.html
  12. 12.
    Martinetz, T., Schulten, K.: A Neural-Gas Network Learns Topologies. Artificial Neural Networks 1, 397–402 (1991)Google Scholar
  13. 13.
    Medeiros, J.P.S., Cunha, A.C., Brito, A.M., Pires, P.S.M.: Automating Security Tests for Industrial Automation Devices Using Neural Networks. In: Proc. IEEE Conference on Emerging Technologies & Factory Automation, pp. 772–775 (2007)Google Scholar
  14. 14.
    Medeiros, J.P.S., Cunha, A.C., Brito, A.M., Pires, P.S.M.: Application of Kohonen Maps to Improve Security Tests on Automation Devices. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    OpenBSD PF: The OpenBSD Packet Filter – OpenBSD 4.4 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • João Paulo S. Medeiros
    • 1
  • Agostinho M. BritoJr.
    • 1
  • Paulo S. Motta Pires
    • 1
  1. 1.LabSIN - Security Information Laboratory, Department of Computer Engineering and Automation – DCAFederal University of Rio Grande do Norte – UFRNNatalBrazil

Personalised recommendations