Resumen |
During a network scanning, identifying the operating system (OS) running on each network attached host has been a research topic for a long time. Researchers have developed different approaches through network analysis using either passive or active techniques, such techniques are commonly called “OS fingerprinting”. According to best security practices, a set of security mechanisms should be applied to prevent OS fingerprinting by penetration testers. This article presents an experimental study to identify the parameters used by security controls to obfuscate their behavior on the network. A novel strategy is proposed to identify network devices despite static and dynamic obfuscation caused by security controls such as NAT, protocol scrubbers, or hardened systems. Targets were identified in virtual and native environments with a high degree of precision, by means of a layered classification model integrated by K-means, KNN, Naive Bayes, SVM and ADA Boost classifiers. © 2023 Instituto Politecnico Nacional. All rights reserved. |