Browse > Article
http://dx.doi.org/10.7840/KICS.2011.36B.5.443

Research on OS fingerprinting Method for Real-time Traffic Analysis System  

Lee, Hyun-Shin (고려대학교 컴퓨터정보학과 네트워크관리연구실)
Kim, Myung-Sup (고려대학교 컴퓨터정보학과 네트워크관리연구실)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.36, no.5B, 2011 , pp. 443-450 More about this Journal
Abstract
The Internet has become an essential part in our modern life by providing useful information. So, the volume of Internet traffic has been increasing rapidly, which emphasizes the importance of network traffic analysis for effective network operation and management. Signature based analysis have been commonly used, but it is shown that the increase of signatures due to the increase of applications causes the performance degradation of real-time traffic analysis on high-speed network links. In this paper, we propose OS fingerprinting method for real-time traffic analysis. The previous problems can be solved by utilizing the OS information. The OS fingerprinting method for real-time traffic analysis, proposed in this paper, conducts under passive mode, and improves the limitation of a previous method such as low completeness and accuracy. In this paper, we enlarged an input data to improve completeness, and used the User-Agent field in HTTP packet to extract various OS signatures. Also, we changed an input data from packet to flow to improve accuracy.
Keywords
OS Fingerprinting; Traffic Identification; Real-time Traffic Analysis; Pre-Processing;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 J.Caballero, S. Venkataraman, P.Poosankam, M.G. Kang, D.Song, and A. Blum, "FiG : Automatic Fingerprint Generation", NDSS, February, 2007.
2 Jun-Sang Park, Sung-Ho Yoon, and Myung-Sup Kim, "Software Architecture for a Lightweight Payload Signature-based Traffic Classification System," Proc. of the Traffic Monitoring and Analysis (TMA) Workshop 2011, LNCS6613, Vienna, Austria, pp.136-149, Apr., 27, 2011.
3 Young J. Won, Byung-Chul Park, Hong-Taek Ju, Myung-Sup Kim, and James W. Hong, "A Hybrid Approach for Accurate Application Traffic Identification," IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services (E2EMON) 2006, Vancouver, Canada, pp.1-8, Apr., 3, 2006.
4 유재학, 박준상, 이한성, 임영희, 김명섭, 박대희, "다차원 데이터 큐브 모델에서의 네트워크 트래픽 분석", 2010년도 정보과학회 추계학술대회, 단국대, pp.100-105, Nov., 5, 2010.
5 "OS Fingerprinting", http://en.wikipedia.org/wiki/OS_Fingerprinting
6 오영석, 박준상, 윤성호, 박진완, 이상우, 김명섭, "멀티 레벨 기반의 응용 트래픽 분석 방법", 통신학회논문지 Vol.35 No.8, pp.1170-1178, Aug., 2010.
7 Chenjie Gu, Shunyi Zhuan, Yanfei Sun, Junrong Yan, "Multi-levels Traffic Classification Technique", ICFCC 2010 Vol1, Wuhan, pp.448-452, May., 21-24, 2010.
8 Li Jun, Zhang Shunyi, Lu Yanqing, Yan Junrong, "Hybrid Internet Traffic Classification Technique", Journal of Electronics Vol 26 No.1, China, pp.101-112, Jan., 2009.
9 "nmap", http://nmap.org
10 Greg Taleck, "Ambiguity Resolution via Passive OS Fingerprinting", RAID 2003, pp.192-206, 2003
11 "p0f", http://lcamtuf.coredump.cx/p0f.shtml
12 "SynFP", http://www.gomor.org/bin/view/Sinfp/WebHome
13 http://support.microsoft.com/kb/314053
14 박상훈, 박진완, 김명섭, "Flow 기반 실시간 트래픽 수집 및 분석 시스템", 정보처리학회 추계학술대회, 목포대학교, 전주, pp.1061, Nov., 9-10, 2007.
15 윤성호, 노현구, 김명섭, "TMA(Traffic Measurement Agent)를 이용한 인터넷 응용 트래픽 분류", 통신학회 하계종합학술발표회, 라마다플라자호텔, pp.618, Jul., 2-4, 2008.