计算机科学 ›› 2016, Vol. 43 ›› Issue (8): 79-83.doi: 10.11896/j.issn.1002-137X.2016.08.016
易运晖,刘海峰,朱振显
YI Yun-hui, LIU Hai-feng and ZHU Zhen-xian
摘要: 操作系统识别是网络安全评估的关键技术之一,在网络安全威胁和风险日益加剧的形势下,其研究具有非常重要的意义。针对当前基于TCP/IP协议栈指纹库的操作系统识别技术难以辨识未知指纹所对应的操作系统的问题,提出了基于C4.5决策树模型的被动操作系统识别方法,并将它与其他分类算法进行了比较。通过实验测试验证了分类方法的有效性,并对其结果进行了分析。
[1] Schwartzenberg.Using Machine Learning Techniques for Ad-vanced Passive Operating System Fingerprinting[D].Ensch- chede:University of Twente,2010 [2] Jiao Jian.A method of identify OS based on TCP/IP fingerprint [J].International Journal of Computer Science and Network Security,2006,6(7B):77-82 [3] Fyodor.Remote OS Detection Via TCP/IP Stack Fingerprinting[EB/OL].(2014-06-23)[2014-08-21].http://insecure.org/nmap/nmap-fingerprinting-article.txt [4] Greenwald L G,Thomas T.Toward undetected operation system fingerprinting[J].Proceedings of the first conference on First USENIX Workshop on Offensive Technologies,2007,20(8):6-7 [5] Arkin O.A remote active OS fingerprinting tool using ICMP[J].USENIX&SAGE,2002,27(2):14-19 [6] Medeiros J,Brito A,Pires P.An Effective TCP/IP Fingerprin-ting Technique Based on Strange Attractors Classification[C]∥Proc.DPM/SETOP.2009:208-221 [7] Shamsi Z,Nandwani A,Leonard D.Hershel:Single-Packet OSFingerprinting[C]∥The ACM SIGMETRICS Conference 2014.Austin Texas,ACM Press,2014:1-12 [8] Liu Y,Xue Z,Wang Y J.Remete OS Indentification Based on TCP Options[J].China Information Security,2007(11):71-72(in Chinese) 刘英,薛质,王轶骏.基于TCP协议可选项的远程操作系统识别[J].信息安全与通信保密,2007(11):71-72 [9] Beverly R.A Robust Classifier for Passive TCP/IP Fingerprinting[C]∥Proceedings of the 5th Passive and Active Measurement (PAM) Workshop.Boston USA,Springer,2004:158-167 [10] Sarraute C,Burroni J.Using Neural Networks to Improve Classical Operation System Fingerprinting Techniques[J].Electronic Journal of SADIO,2008,8(1):35-47 [11] Zhou Tie-zheng,Li Yuan,Zhang Bo-feng,et al.Operation system recognition based on support vector machines[J].Journal of Tsinghua University(Science and Technology),2009,49(S2):2164-2168(in Chinese) 邹铁铮,李渊,张博峰,等.基于支持向量机的操作系统识别方法[J].清华大学学报(自然科学版),2009,49(S2):2164-2168 [12] Cheng Shu-bao,Hu Yong.Operating System Recognition based on Singular Value Decomposition and DAG_SVMS[J].China Information Security,2013(9):66-67(in Chinese) 程书宝,胡勇.基于奇异值分解和DAG_SVMS的操作系统类型识别[J].信息安全与通信保密,2013(9):66-67 [13] Shu G,Lee D.A formal methodology for network protocolfjngerprinting[J].IEEE Transactions on Parallel and Distributed Systems,2011,22(11):1813-1825 [14] Kohno T,Broido A,Claffy K C.Remote physical device fingerprinting[J].IEEE Transactions on Dependable and Secure Computing,2005,2(2):93-108 [15] Tom M.Mitchell.Machine Learning[M].增华军,张银奎,译.北京:机械工业出版社,2013 [16] Liu San-ming,Sun Zhi-xin,Liu Yu-xia.Research of P2P Traffic Identification Based on Decision Tree Ensemble[J].Computer Science,2011,8(12):26-29(in Chinese) 刘三民,孙知信,刘余霞.基于决策树集成的P2P流量识别研究[J].计算机科学,2011,38(12):26-29 |
No related articles found! |
|