Semi-supervised Fingerprinting of Protocol Messages

  • Jérôme François
  • Humberto Abdelnur
  • Radu State
  • Olivier Festor
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 85)


This paper addresses the fingerprinting of network devices using semi-supervised clustering. Semi-supervised clustering is a new technique that uses known and labeled data in order to assist a clustering process. We propose two different fingerprinting approaches. The first one is using behavioral features that are induced from a protocol state machine. The second one is relying on the underlying parse trees of messages. Both approaches are passive. We provide a performance analysis on the SIP protocol. Important application domains of our work consist in network intrusion detection and security assessment.


Session Initiation Protocol Label Data Unlabeled Data Semi Supervise Learning Device Type 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
  3. 3.
    Abdelnur, H., Avanesov, T., Rusinowitch, M., State, R.: Abusing SIP Authentication. In: Information Assurance and Security (2008)Google Scholar
  4. 4.
    Abdelnur, H., State, R., Festor, O.: Advanced Network Fingerprinting. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 372–389. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Baldi, P., Brunak, S., Chauvin, Y., Andersen, C.A., Nielsen, H.: Assessing the accuracy of prediction algorithms for classification: an overview. Bioinformatics 16(5), 412–424 (2000)CrossRefGoogle Scholar
  6. 6.
    Caballero, J., Venkataraman, S., Poosankam, P., Kang, M.G., Song, D., Blum, A.: FiG: Automatic Fingerprint Generation. In: Distributed System Security Conference (2007)Google Scholar
  7. 7.
    Crocker, D.H., Overell, P.: Augmented BNF for Syntax Specifications: ABNF (1997)Google Scholar
  8. 8.
    Debnath, R., Takahide, N., Takahashi, H.: A decision based one-against-one method for multi-class support vector machine. Pattern Anal. Appl. 7(2), 164–175 (2004)MathSciNetGoogle Scholar
  9. 9.
    Comer, D., Lin, J.C.: Probing TCP Implementations. In: USENIX Summer, pp. 245–255 (1994)Google Scholar
  10. 10.
    François, J., Abdelnur, H., State, R., Festor, O.: Advanced Fingerprinting For Inventory Management. Research Report RR-7044, INRIA (2009)Google Scholar
  11. 11.
    François, J., Abdelnur, H., State, R., Festor, O.: Behavioral and Temporal Fingerprinting. Research Report RR-6995, INRIA (2009)Google Scholar
  12. 12.
    Haffner, P., Sen, S., Spatscheck, O., Wang, D.: ACAS: automated construction of application signatures. In: MineNet. ACM, New York (2005)Google Scholar
  13. 13.
    Kim, H., Claffy, K., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.: Internet traffic classification demystified: myths, caveats, and the best practices. In: CoNEXT. ACM, New York (2008)Google Scholar
  14. 14.
    Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, USA (2009)Google Scholar
  15. 15.
    Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol (2002)Google Scholar
  16. 16.
    Scholz, H.: SIP Stack Fingerprinting and Stack Difference Attacks. Black Hat Briefings (2006)Google Scholar
  17. 17.
    Torsello, A., Hidovic-Rowe, D., Pelillo, M.: Polynomial-time metrics for attributed trees. IEEE Transactions on Pattern Analysis and Machine Intelligence 27(7) (2005)Google Scholar
  18. 18.
    Yan, H., Sripanidkulchai, K., Zhang, H., yin Shae, Z., Saha, D.: Incorporating Active Fingerprinting into SPIT Prevention Systems. In: Third Annual VoIP Security Workshop (2006)Google Scholar
  19. 19.
    Zhu, X., Ghahramani, Z.: Learning from labeled and unlabeled data with label propagation. Tech. rep. (2002),

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jérôme François
    • 1
  • Humberto Abdelnur
    • 2
  • Radu State
    • 3
  • Olivier Festor
    • 2
  1. 1.Reliability and TrustUniversity of Luxembourg 
  2. 2.INRIA Nancy-Grand EstFrance
  3. 3.University of Luxembourg 

Personalised recommendations