| Publisher | Massachusetts Institute of Technology | ||
|---|---|---|---|
| Format | 107.1KB PDF | Date added | 13 Jul 2004 |
| Topics | TCP - IP | ||
| Downloads | 162 | ||
Accurate operating system (OS) identification by passive network traffic analysis can continuously update less-frequent active network scans and help interpret alerts from intrusion detection systems. The most recent open-source passive OS identification tool (ettercap) rejects 70% of all packets and has a high 75-class error rate of 30% for non-rejected packets on unseen test data. New classifiers were developed using machine-learning approaches including cross-validation testing, grouping OS names into fewer classes, and evaluating alternate classifier types. Nearest neighbor and binary tree classifiers provide a low 9-class OS identification error rate of roughly 10% on unseen data without rejecting packets. This error rate drops to nearly zero when 10% of the packets are rejected.
Did you find this white paper useful?
15 out of 33 users found this white paper useful
Related white papers
Building Reliable IP Telephony Systems
Reliability is the most critical aspect of a business phone system. IP telephony systems will deliver differing service levels because their architecture is fundamentally different. Ironically, optimal architecture and design...
Cash In Your PBX -- Upgrade with Cisco. Gain significant new savings now
PBX systems and old telephony applications were just not built for today's business needs. They don't scale easily, struggle to support mobility, and are increasingly expensive to maintain. Now you...
IOS Tips and Tricks
There are a number of things you can do with Cisco's IOS to make your life easier. This white paper presents some ways that IOS commands can help streamline your...
Dell-Customized Mobility Solutions
The marketplace is overflowing with a multitude of mobility options for businesses of all types and sizes. From notebooks, netbooks, and handheld computers to WiFi, smartphones, and mobile broadband, there...
Decoupling Congestion Control From TCP for Multi-Hop Wireless Networks: Semi-TCP
TCP performs poorly in multihop wireless networks and even worse if end-to-end connectivity is often broken such as in challenged networks. Lots of research has been carried out but this...
Interactive Guide: Enterprise Mobility
Getting Started With Enterprise Mobility: A Guide to Sybase's Enterprise Mobility Platform. With the broadest portfolio of industry-leading products, an innovative mobility platform that provides a foundation for future growth,...
Webcast & Video: Special Report on MEAP featuring research from Gartner
Complimentary Webcast: Taking a Strategic Approach to Enterprise Mobility. Whether you're just getting started with mobility or have already rolled out multiple applications, taking a strategic approach to mobility is...
