DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING | DWIGHT LOOK COLLEGE OF ENGINEERING | TEXAS A&M UNIVERSITY

 

HOME

ABOUT

COURSES

PEOPLE

PROJECTS

PUBLICATIONS

CONTACT

LINKS

Remote OS fingerprinting/classification

Abstract

Determining the operating system of a remote host using interaction with its network stack is an important task in security, especially using low-overhead non-intrusive measurements. Volatility of observed features (e.g., retransmission timeouts affected by network jitter, TCP window size tweaked by end-users) and difficulty in differentiating between similar stacks leads to interesting questions in stochastic modeling, classification, and Internet characterization. Our initial investigation into these issues has uncovered new methodology and created several new techniques (Hershel, Hershel+, Plata) for solving this problem.

Journal Papers

 
bullet

Z. Shamsi, A. Nandwani, D. Leonard, and D. Loguinov, "Hershel: Single-Packet OS Fingerprinting,"  IEEE/ACM Transactions on Networking, vol. 24, no. 4, August 2016.

PDF

Conference Papers

 
bullet

Z. Shamsi and D. Loguinov, "Unsupervised Clustering Under Temporal Feature Volatility in Network Stack Fingerprinting," ACM SIGMETRICS, June 2016.

PDF, PPT
 
bullet

Z. Shamsi, A. Nandwani, D. Leonard, and D. Loguinov, "Hershel: Single-Packet OS Fingerprinting," ACM SIGMETRICS, June 2014.

PDF, PPT

Software

Hershel code and database

Hershel+ code and database


     Copyright 2002-2017 IRL at Texas A&M. All Rights Reserved.