Location
Huntsville (Ala.)
Start Date
6-7-2017
Presentation Type
Paper
Description
In this paper, we discuss a new approach on operating system (OS) fingerprinting using IPv6 packets and supervised machine learning techniques. OS fingerprinting tools are essential for the reconnaissance phase of penetration testing. While OS fingerprinting is traditionally performed by passive or active tools that use fingerprint databases, very little work has focused on using machine learning techniques. Moreover, significantly more work has focused on IPv4 than IPv6. We introduce a collaborative neural network system that uses a voting design to deliver accurate predictions. This method uses IPv6 features as well as data link features for OS fingerprinting. Our experiment shows that our approach is valid and we achieve an average accuracy of 86% over 100 sets of neural networks with a highest accuracy of 96%. Finally, we explore the impact of additional training for poor neural network accuracy, and we show that our system can achieve an average accuracy of 92%, which is a 6% improvement over the previous approach.
Recommended Citation
Ordorica, Adrian and Thompson, Dale R., "Operating System Fingerprinting Using IPv6 Packets and Machine Learning Techniques" (2017). National Cyber Summit. 12.
https://louis.uah.edu/cyber-summit/ncs2017/ncs2017papers/12
Operating System Fingerprinting Using IPv6 Packets and Machine Learning Techniques
Huntsville (Ala.)
In this paper, we discuss a new approach on operating system (OS) fingerprinting using IPv6 packets and supervised machine learning techniques. OS fingerprinting tools are essential for the reconnaissance phase of penetration testing. While OS fingerprinting is traditionally performed by passive or active tools that use fingerprint databases, very little work has focused on using machine learning techniques. Moreover, significantly more work has focused on IPv4 than IPv6. We introduce a collaborative neural network system that uses a voting design to deliver accurate predictions. This method uses IPv6 features as well as data link features for OS fingerprinting. Our experiment shows that our approach is valid and we achieve an average accuracy of 86% over 100 sets of neural networks with a highest accuracy of 96%. Finally, we explore the impact of additional training for poor neural network accuracy, and we show that our system can achieve an average accuracy of 92%, which is a 6% improvement over the previous approach.