Security

Semi-Supervised Fingerprinting of Protocol Messages

Download Now Free registration required

Executive Summary

This paper addresses the fingerprinting of network devices using semi-supervised clustering. Semi-supervised clustering is a new technique that uses known and labeled data in order to assist a clustering process. The authors propose two different fingerprinting approaches. The first one is using behavioral features that are induced from a protocol state machine. The second one is relying on the underlying parse trees of messages. Both approaches are passive. They provide a performance analysis on the SIP protocol. Important application domains of their work consist in network intrusion detection and security assessment.

  • Format: PDF
  • Size: 201.8 KB