Top

Wireless Personal Communications

Published in:

11-02-2019

A Novel Data Mining Approach for Analysis and Pattern Recognition of Active Fingerprinting Components

Authors: Harshit Gujral, Sangeeta Mittal, Abhinav Sharma

Published in: Wireless Personal Communications | Issue 3/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Active fingerprinting is an effective penetration testing technique to know about vulnerability of hosts against security threats and network as a whole. Sometimes firewalls may block fingerprinting packets, hence making the probes infeasible. Measured Round Trip Time (RTTm) is a benign number that can be obtained from communication based on legitimate non malicious packets. In this paper, RTTm has been used along with other timers namely Smoothened Round-trip Time (SRTT), Round-trip Time Variance (RTTVar), Retransmission Time Out (RTO) and Scantime for pattern recognition and association analysis with the aid of cross-correlations. Experimental relationship among these timers are derived to back-up existing theoretical knowledge. A novel method to estimate IP-ID Sequence classes and network-traffic intensity based on these timers has been proposed. Results show that the model can be used to accurately derive (about 100% accuracy) active fingerprinting components IP-ID sequences and link traffic estimation. Analytical results obtained by this study can help in designing high-performance realistic networks and dynamic congestion control techniques.

previous article Capacity Improvement in 5G Networks Using Femtocell

next article Co-simulation Based Finite State Machine for Telematic and Data Compression Microservices in IoT

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Edge, C., Barker, W., Hunter, B., & Sullivan, G. (2010). Network scanning, intrusion detection, and intrusion prevention tools. In Enterprise mac security (pp. 485–504). Apress. https://doi.org/10.1007/978-1-4302-2731-1_17.

Aikat, J., Kaur, J., Smith, F. D., & Jeffay, K. (2003). Variability in TCP round-trip times. In Proceedings of the 3rd ACM SIGCOMM conference on internet measurement (pp. 279–284). ACM. https://doi.org/10.1145/948205.948241.

Im, S. Y., Shin, S. H., Ryu, K. Y., & Roh, B. H. (2016). Performance evaluation of network scanning tools with operation of firewall. In Ubiquitous and future networks (ICUFN), 2016 eighth international conference on (pp. 876–881). IEEE. https://doi.org/10.1109/ICUFN.2016.7537162.

Barnett, R. J., & Irwin, B. (2008). Towards a taxonomy of network scanning techniques. In Proceedings of the 2008 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries: Riding the wave of technology (pp. 1–7). ACM. https://doi.org/10.1145/1456659.1456660.

Lyon, G. F. (2009). Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure.

Beverly, R., & Berger, A. (2015). Server siblings: Identifying shared IPv4/IPv6 infrastructure via active fingerprinting. In J. Mirkovic, & Y. Liu (Eds.), Passive and active measurement. PAM 2015. Lecture Notes in Computer Science (Vol. 8995). Cham: Springer. https://doi.org/10.1007/978-3-319-15509-8_12.

Xu, Q., et al. (2016). Device fingerprinting in wireless networks: Challenges and opportunities. IEEE Communications Surveys & Tutorials, 18(1), 94–104. https://doi.org/10.1109/COMST.2015.2476338.MathSciNetCrossRef

Jirsík, T., & Čeleda, P. (2014). Identifying operating system using flow-based traffic fingerprinting. In Meeting of the European network of universities and companies in information and communication engineering (Vol. 8846, pp. 70–73). Cham: Springer. https://doi.org/10.1007/978-3-319-13488-8_7.

Ghiëtte, V., Blenn, N., & Doerr, C. (2016). Remote identification of port scan toolchains. In New technologies, mobility and security (NTMS), 2016 8th IFIP international conference on (pp. 1–5). IEEE. https://doi.org/10.1109/NTMS.2016.7792471.

10.

Qin, F., Shi, P., Du, J., Cheng, R., & Zhou, Y. (2017). Research on network scanning strategy based on information granularity. In Journal of physics: Conference series (Vol. 910, No. 1, pp. 012001). IOP Publishing.

11.

Shamsi, Z., et al. (2016). Hershel: Single-packet OS fingerprinting. IEEE/ACM Transactions on Networking (TON), 24(4), 2196–2209.CrossRef

12.

Jacobson, V. (1988). Congestion avoidance and control. ACM SIGCOMM Computer Communication Review, 18(4), 314–329.CrossRef

13.

Jain, R. (1989). A delay-based approach for congestion avoidance in interconnected heterogeneous computer networks. ACM SIGCOMM Computer Communication Review, 19(5), 56–71.CrossRef

14.

Brakmo, L. S., O’Malley, S. W., & Peterson, L. L. (1994). TCP Vegas: New techniques for congestion detection and avoidance (Vol. 24, No. 4, pp. 24–35). ACM.

15.

Wang, Z., & Crowcroft, J. (1991). A new congestion control scheme: Slow start and search (Tri-S). ACM SIGCOMM Computer Communication Review, 21(1), 32–43.CrossRef

16.

Biaz, S., & Vaidya, N. H. (2003). Is the round-trip time correlated with the number of packets in flight? In Proceedings of the 3rd ACM SIGCOMM conference on internet measurement (vol. 278). https://doi.org/10.1145/948205.948240.

17.

Padhye, J., Firoiu, V., Towsley, D., & Kurose, J. (1998). Modeling TCP throughput: A simple model and its empirical validation. ACM SIGCOMM Computer Communication Review, 28(4), 303–314.CrossRef

18.

Hengartner, U., Bolliger, J., & Gross, T. (2000). TCP Vegas revisited. In IEEE proceedings of the nineteenth annual joint conference of the IEEE computer and communications societies (INFOCOM 2000) (Vol. 3, pp. 1546–1555). IEEE.

19.

Andren, J., Hilding, M., & Veitch, D. (1998). Understanding end-to-end internet traffic dynamics. In IEEE Global telecommunications conference, 1998 (GLOBECOM 1998). The Bridge to Global Integration (Vol. 2, pp. 1118–1122). IEEE.

20.

Martin, J., Nilsson, A., & Rhee, I. (2003). Delay-based congestion avoidance for TCP. IEEE/ACM Transactions on Networking, 11(3), 356–369.CrossRef

21.

Martin, J., Nilsson, A., & Rhee, I. (2000). The incremental deployability of RTT-based congestion avoidance for high speed TCP Internet connections. ACM SIGMETRICS Performance Evaluation Review, 28(1), 134–144.CrossRef

22.

Morris, R. J. (1979). Fixing timeout intervals for lost packet detection in computer communication networks. In AFIPS conference proceedings.

23.

Velten, D, Hinden, R., & Sax, J. (1984). Reliable data protocol; RFC908. In ARPANET Working Group requests for comments, no. 908. Menlo Park, CA: SRI International.

24.

Sanghi, D., Subramaniam, M. C., Shankar, A. U., Gudmundsson, O., & Jalote, P. (1990). A TCP instrumentation and its use in evaluating roundtrip-time estimators (No. UMIACS-TR-90-38). Maryland Univ College Park Inst for Advanced Computer Studies.

25.

Postel, J. (1981). Transmission control protocol, RFC 793. Information Sciences Institute, University of Southern California.

26.

Karn, P., & Partridge, C. (1987). Improving round-trip time estimates in reliable transport protocols. ACM SIGCOMM Computer Communication Review, 17(5), 2–7. https://doi.org/10.1145/55483.55484.CrossRef

27.

Mills, D. (1983). Internet delay experiments; RFC889. ARPANET Working Group Requests for Comments (889).

28.

Allman, M., & Paxson, V. (1999). On estimating end-to-end network path properties. ACM SIGCOMM Computer Communication Review, 29(4), 263–274.CrossRef

29.

Gujral, H. (2017). (Newtein). GitHub Repository—RTT analysis. https://github.com/newtein/RTT_Analysis. Retrieved on December 20, 2017.

30.

Lyon, G. (1997). Nmap (Version: 7.01) [Software]. https://nmap.org/download.html. Retrieved on December 20, 2017.

31.

Paxson, V., & Allman, M. (2000). RFC 2988, Computing TCP’s retransmission Timer.

32.

Paxson, V., Allman, M., Chu, J., & Sargent, M. (2011). RFC 6298, Computing TCP’s retransmission Timer.

33.

Allman, M. (2000). A web server’s view of the transport layer. ACM SIGCOMM Computer Communication Review, 30(5), 10–20.CrossRef

34.

Jiang, H., & Dovrolis, C. (2002). Passive estimation of TCP round-trip times. ACM SIGCOMM Computer Communication Review, 32(3), 75–88.CrossRef

35.

Jaiswal, S., Iannaccone, G., Diot, C., Kurose, J., & Towsley, D. (2007). Measurement and classification of out-of-sequence packets in a tier-1 IP backbone. IEEE/ACM Transactions on Networking (ToN), 15(1), 54–66.CrossRef

36.

Prigent, G., Vichot, F., & Harrouet, F. (2010). IpMorph: Fingerprinting spoofing unification. Journal in Computer Virology, 6(4), 329–342. https://doi.org/10.1007/s11416-009-0134-4.CrossRef

37.

Veal, B., Li, K., & Lowenthal, D. (2005). New methods for passive estimation of TCP round-trip times. In International workshop on passive and active network measurement (Vol. 3431, pp. 121–134). Berlin, Heidelberg: Springer. https://doi.org/10.1007/978-3-540-31966-5_10.

38.

Pearson, K. (1895). Note on regression and inheritance in the case of two parents. Proceedings of the Royal Society of London, 58, 240–242. Retrieved from http://www.jstor.org/stable/115794.CrossRef

39.

Farmer, S. F., Halliday, D. M., Conway, B. A., Stephens, J. A., & Rosenberg, J. R. (1997). A review of recent applications of cross-correlation methodologies to human motor unit recording. Journal of Neuroscience Methods, 74(2), 175–187.CrossRef

40.

Bacia, K., Kim, S. A., & Schwille, P. (2006). Fluorescence cross-correlation spectroscopy in living cells. Nature Methods, 3(2), 83.CrossRef

41.

Cliff, A. D., & Ord, K. (1970). Spatial autocorrelation: A review of existing and new measures with applications. Economic Geography, 46(sup1), 269–292.CrossRef

42.

Kohno, T., Broido, A., & Claffy, K. C. (2005). Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing, 2(2), 93–108. https://doi.org/10.1109/TDSC.2005.26.CrossRef

43.

Crotti, M., Dusi, M., Gringoli, F., & Salgarelli, L. (2007). Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Computer Communication Review, 37(1), 5–16. https://doi.org/10.1145/1198255.1198257.CrossRef

44.

Spangler, R. (2003). Analysis of remote active operating system fingerprinting tools. Madison: University of Wisconsin.

45.

Geurts, P., Ernst, D., & Wehenkel, L. (2006). Extremely randomized trees. Machine Learning, 63(1), 3–42. https://doi.org/10.1007/s10994-006-6226-1.CrossRefMATH

46.

Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., et al. (2011). Scikit-learn: Machine learning in python. Journal of machine learning research, 12, 2825–2830.MathSciNetMATH

47.

Olshen, R. A., & Stone, C. J. (1984). Classification and regression trees. Belmont, CA: The Wadsworth and Brook.MATH

48.

Hastie, T., & Tibshirani, R., & Friedman, J. H. (2009). 10. Boosting and Additive Trees. In The elements of statistical learning (2nd ed., pp. 337–384). New York: Springer.

49.

Breiman, L., & Cutler, A. (2007). Random forests-classification description (p. 2). Berkeley: Department of Statistics.

Title: A Novel Data Mining Approach for Analysis and Pattern Recognition of Active Fingerprinting Components
Authors: Harshit Gujral
Sangeeta Mittal
Abhinav Sharma
Publication date: 11-02-2019
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 3/2019
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-019-06135-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2019

Flip Left-to-Right Approach Based Inverse Tree Interleavers for Unconventional Integrated OFDM-IDMA and SCFDMA-IDMA Systems

Meta-heuristic Ant Colony Optimization Based Unequal Clustering for Wireless Sensor Network

SANSync: An Accurate Time Synchronization Protocol for Wireless Sensor and Actuator Networks

AGCM: Active Queue Management-Based Green Cloud Model for Mobile Edge Computing

Compressive Sensing with Chaotic Sequences: An Application to Localization in Wireless Sensor Networks

Reliability-Intercept Gap Analysis of Underlay Cognitive Networks Under Artificial Noise and Primary Interference