{"title":"Improving accuracy of applications fingerprinting on local networks using NMAP-AMAP-ETTERCAP as a hybrid framework","authors":"W. Ghanem, B. Belaton","doi":"10.1109/ICCSCE.2013.6719998","DOIUrl":null,"url":null,"abstract":"The process of detecting running software on remote hosts, is generally known as fingerprinting. Fingerprinting process is performed as step before the attack stage on the remote host. There are two types of fingerprinting; active and passive fingerprinting. However, each type encountered limitation when implemented separately in networks, and their inability to provide accurate information about the host services/applications. The main objective of this paper is to propose possibility of enhancing the detection process of the host profiling, applications/ services fingerprinting and the methods of host identification. Herein, we perform network host profiling by identifying different services/ applications that were running on the host. More so, we exploit sophisticated process of application layer protocol payloads by active and passive fingerprinting tools. Besides, we attempt to add a layer of correctness into these tool results, by building a new database of signatures which is derived from these results. The new signature database can be tested either exactly or through approximate fuzzy matching. The experiment results give a better accurate output compare to the base tools alone.","PeriodicalId":319285,"journal":{"name":"2013 IEEE International Conference on Control System, Computing and Engineering","volume":"63 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE International Conference on Control System, Computing and Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCSCE.2013.6719998","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 15
Abstract
The process of detecting running software on remote hosts, is generally known as fingerprinting. Fingerprinting process is performed as step before the attack stage on the remote host. There are two types of fingerprinting; active and passive fingerprinting. However, each type encountered limitation when implemented separately in networks, and their inability to provide accurate information about the host services/applications. The main objective of this paper is to propose possibility of enhancing the detection process of the host profiling, applications/ services fingerprinting and the methods of host identification. Herein, we perform network host profiling by identifying different services/ applications that were running on the host. More so, we exploit sophisticated process of application layer protocol payloads by active and passive fingerprinting tools. Besides, we attempt to add a layer of correctness into these tool results, by building a new database of signatures which is derived from these results. The new signature database can be tested either exactly or through approximate fuzzy matching. The experiment results give a better accurate output compare to the base tools alone.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
