Title :
Passive OS Fingerprinting by DNS Traffic Analysis
Author :
Matsunaka, Takashi ; Yamada, Akimasa ; Kubota, Ayumu
Author_Institution :
KDDI R&D Labs. Inc., Saitama, Japan
Abstract :
In this paper, we propose a new passive OS fingerprinting method which only requires DNS traffic analysis. The method utilizes characteristics on DNS queries specific to each OS, e.g. unique domain names, query patterns, time interval etc. The method can estimate the number of devices with each OS from the number of queries by utilizing the characteristics of the time interval patterns. The method considers the likelihood of irregular events that some queries are sent at less than regular time intervals, and some other queries are sent at more than regular time intervals. We analyze DNS traffic sent by each OS and extract the characteristics for OS fingerprinting. Then, we examine our estimation method by using DNS traffic in our intra-network. According to our examination, some results of our estimation method are close to the results of DHCP fingerprinting.
Keywords :
Internet; operating systems (computers); query processing; telecommunication traffic; DHCP fingerprinting; DNS queries; DNS traffic analysis; intranetwork; network traffic; operating systems; passive OS fingerprinting method; query patterns; time interval; time interval patterns; unique domain names; Androids; Estimation; Fingerprint recognition; Humanoid robots; IP networks; Monitoring; Servers; Passive OS fingerprinting: Traffic analysis;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-1-4673-5550-6
Electronic_ISBN :
1550-445X
DOI :
10.1109/AINA.2013.119
