Semi-Supervised Fingerprinting of Protocol Messages
This paper addresses the fingerprinting of network devices using semi-supervised clustering. Semi-supervised clustering is a new technique that uses known and labeled data in order to assist a clustering process. The authors propose two different fingerprinting approaches. The first one is using behavioral features that are induced from a protocol state machine. The second one is relying on the underlying parse trees of messages. Both approaches are passive. They provide a performance analysis on the SIP protocol. Important application domains of their work consist in network intrusion detection and security assessment.