Portal de Periódicos da CAPES

Capítulo de livro Produção Nacional Revisado por pares

BIBTEX RIS

An Effective TCP/IP Fingerprinting Technique Based on Strange Attractors Classification

2010; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-11207-2_16

1611-3349

João Paulo S. Medeiros, Agostinho M. Brito, Paulo S. Motta Pires,

Digital Media Forensic Detection

We propose a new technique to perform TCP/IP (Transmission Control Protocol/Internet Protocol) stack fingerprinting. Our technique relies on chaotic dynamics theory and artificial neural networks applied to TCP ISN (Initial Sequence Number) samples making possible to associate strange attractors to operating systems. We show that it is possible to recognize operating systems using only an open TCP port on the target machine. Also, we present results which shows that our technique cannot be fooled by Honeyd or affected by PAT (Port Address Translation) environments.