Using Neural Networks for Remote OS Identification

Using Neural Networks for Remote OS Identification

We present OS detection as an inference problem: given observations (the target host responses to a set of tests), we want to infer the OS type which most probably generated these observations. To perform this analysis, we have developed tools using neural networks and statistics machinery. We will present two working modules: one which uses DCE-RPC endpoints to distinguish Windows versions, and another which uses Nmap signatures to distinguish Windows, Linux, Solaris and BSD systems. We will explain the inner workings of the neural networks and the fine tuning of their parameters; and finally show (succesful) results.

Related information

Projects
Using neural networks for OS fingerprinting

 

Tuesday, November 15, 2005