Go to IPCCC 2019 homepageIdentify OS from encrypted traffic with TCP/IP stack fingerprinting
Abstract: More and more security vulnerabilities are closely related to operating system (OS) information, but how to accurately identify OS versions on a real-world dynamic network in encrypted traffic is still a challenge. In this paper, we propose a comprehensive passive OS identification method based on encrypted traffic. It takes advantage of several features in TLS headers and TCP/IP headers. Moreover, we also consider flow statistic features for each session. We collect a large dataset of more than 2 million samples to evaluate the performance of our approach. According to the experimental results, the performance of the proposed method is preferable to the traditional method.
0 Replies
Loading