Return to search

Generic Encrypted Traffic Identification using Network Grammar : A Case Study in Passive OS Fingerprinting / Generisk Krypterad Trafikidentifiering med Nätverksgrammatik : En fallstudie i passiv osfingeravtryck

The increase in cybercrime and cyber-warfare has spurred the cat-and-mouse game of finding and attacking vulnerable devices on government or private company networks. The devices attacked are often forgotten computers that run operating systems with known exploits. Finding these devices are crucial for both an attacker and defender since they may be the only weak link on the network. Device discovery on a network using probing or active fingerprinting methods results in extra traffic on the network, which may strain fragile networks and generates suspect traffic that may get flagged as intrusive. Using passive OS fingerprinting allows an actor to listen in and classify active devices on a network. This thesis shows the features that can be exploited for OS fingerprinting and discusses the importance of TLS payload and time-based features. We also present a data collection strategy that could be utilized for simulating multiple OSs and collecting new datasets. We found that the TLS attributes such as cipher suites play an important role in distinguishing between OS versions.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:liu-187821
Date January 2022
CreatorsRajala, Lukas, Scott, Kevin
PublisherLinköpings universitet, Institutionen för datavetenskap
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.002 seconds