Resumo

GONZALEZ, Florencio J.; AGUIRRE-ANAYA, Eleazar; SALINAS-ROSALES, Moisés  e  MIYAJI, Atsuko. Identification of Static and Dynamic Security Controls Using Machine Learning. Comp. y Sist. [online]. 2023, vol.27, n.2, pp.581-592.  Epub 18-Set-2023. ISSN 2007-9737.  https://doi.org/10.13053/cys-27-2-4429.

During a network scanning, identifying the operating system (OS) running on each network attached host has been a research topic for a long time. Researchers have developed different approaches through network analysis using either passive or active techniques, such techniques are commonly called “OS fingerprinting”. According to best security practices, a set of security mechanisms should be applied to prevent OS fingerprinting by penetration testers. This article presents an experimental study to identify the parameters used by security controls to obfuscate their behavior on the network. A novel strategy is proposed to identify network devices despite static and dynamic obfuscation caused by security controls such as NAT, protocol scrubbers, or hardened systems. Targets were identified in virtual and native environments with a high degree of precisión, by means of a layered classification model integrated by K-means, KNN, Naive Bayes, SVM and ADA Boost classifiers.

Palavras-chave : OS obfuscation; OS fingerprinting; moving target defense identification; security architecture; machine learning.

        · texto em Inglês     · Inglês ( pdf )