Skip to main content
SpringerLink
Log in

An Effective TCP/IP Fingerprinting Technique Based on Strange Attractors Classification

  • Conference paper
Data Privacy Management and Autonomous Spontaneous Security (DPM 2009, SETOP 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5939))

Abstract

We propose a new technique to perform TCP/IP (Transmission Control Protocol/Internet Protocol) stack fingerprinting. Our technique relies on chaotic dynamics theory and artificial neural networks applied to TCP ISN (Initial Sequence Number) samples making possible to associate strange attractors to operating systems. We show that it is possible to recognize operating systems using only an open TCP port on the target machine. Also, we present results which shows that our technique cannot be fooled by Honeyd or affected by PAT (Port Address Translation) environments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Medeiros, J.P.S., Brito Jr., A.M., Pires, P.S.M.: A Data Mining Based Analysis of Nmap Operating System Fingerprint Database. In: Proceedings of the 2nd International Workshop on Computational Intelligence in Security for Information Systems (CISIS 2009). Advances in Intelligent and Soft Computing, vol. 63 (to be published, 2009)

    Google Scholar 

  2. Fyodor: Nmap (2009), http://www.nmap.org/

  3. Provos, N.: Honeyd (2008), http://www.honeyd.org/

  4. Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley, Reading (2008)

    Google Scholar 

  5. Auffret, P.: SinFP (2008), http://www.gomor.org/bin/view/Sinfp

  6. Zalewski, M.: Strange attractors and TCP/IP sequence number analysis (2001), http://lcamtuf.coredump.cx/oldtcp/tcpseq.html

  7. Veysset, F., Courtay, O., Heen, O., et al.: New tool and technique for remote operating system fingerprinting. Intranode Software Technologies (2002)

    Google Scholar 

  8. Baker, G.L., Gollub, J.P.: Chaotic Dynamics: An Introduction, 2nd edn. Cambridge University Press, Cambridge (1996)

    MATH  Google Scholar 

  9. Ott, E.: Chaos in Dynamical Systems, 2nd edn. Cambridge University Press, Cambridge (2002)

    MATH  Google Scholar 

  10. Alligood, K., Sauer, T., Yorke, J.: Chaos: an introduction to dynamical systems. Springer, Heidelberg (1997)

    Google Scholar 

  11. Kohonen, T.: Self-Organizing Maps, 3rd edn. Springer, Heidelberg (2001)

    MATH  Google Scholar 

  12. Postel, J.: RFC 793: Transmission control protocol. Technical report (1996)

    Google Scholar 

  13. Bellovin, S.: RFC 1948: Defending Against Sequence Number Attacks. Technical report (1996)

    Google Scholar 

  14. CERT: CERT advisory CA-2001-09 statistical weaknesses in TCP/IP initial sequence numbers (2001), http://www.cert.org/advisories/CA-2001-09.html

  15. OpenBSD: PF: The OpenBSD Packet Filter (2008), http://www.openbsd.org/faq/pf/

  16. Medeiros, J.P.S., Brito Jr., A.M., Pires, P.S.M.: A new method for recognizing operating systems of automation devices. In: Proc. IEEE Conference on Emerging Technologies and Factory Automation, ETFA 2009 (to be published, 2009)

    Google Scholar 

  17. Goerke, N., Kintzler, F., Eckmiller, R.: Self organized classification of chaotic domains from a nonlinear attractor. In: Proc. International Joint Conference on Neural Networks (IJCNN 2001), Washington, DC, July 2001, vol. 3 (2001)

    Google Scholar 

  18. Medeiros, J.P.S., Cunha, A.C., Brito Jr., A.M., Pires, P.S.M.: Application of Kohonen maps to improve security tests on automation devices. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, Springer, Heidelberg (2008)

    Google Scholar 

  19. Medeiros, J.P.S., Cunha, A.C., Brito Jr., A.M., Pires, P.S.M.: Automating security tests for industrial automation devices using neural networks. In: Proc. IEEE Conference on Emerging Technologies and Factory Automation (ETFA 2007), pp. 772–775 (2007)

    Google Scholar 

  20. Deza, E., Deza, M.M.: Dictionary of Distances. Elsevier Science, Amsterdam (2006)

    Google Scholar 

  21. NetBSD Project: Products based on NetBSD (2009), http://www.netbsd.org/gallery/products.html

Download references

Author information

Authors and Affiliations

  1. LabSIN - Security Information Laboratory, Department of Computer Engineering and Automation – DCA, Federal University of Rio Grande do Norte – UFRN, Natal, 59.078-970, RN, Brazil

    João Paulo S. Medeiros, Agostinho M. Brito Jr. & Paulo S. Motta Pires

Authors
  1. João Paulo S. Medeiros
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Agostinho M. Brito Jr.
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paulo S. Motta Pires
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TELECOM Bretagne, Campus de Rennes 2, rue de la Chataigneraie, 35512, Cesson Sevigne, Cedex, France

    Joaquin Garcia-Alfaro

  2. IIA-CSIC, Campus UAB, 08193, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. TELECOM Bretagne, 2 rue de la châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Nora Cuppens-Boulahia

  4. Institut Eurécom, 2229 Route des Crêtes - BP 193, 06904, Sophia Antipolis Cedex, France

    Yves Roudier

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Medeiros, J.P.S., Brito, A.M., Motta Pires, P.S. (2010). An Effective TCP/IP Fingerprinting Technique Based on Strange Attractors Classification. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2009 2009. Lecture Notes in Computer Science, vol 5939. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11207-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11207-2_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11206-5

  • Online ISBN: 978-3-642-11207-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation