Re: Nmap OS Database and Artificial Neural Networks

[Diman Todorov <diman.todorov () univie ac at>]

In your paper I cannot find benchmarks of the accuracy of your method.  
It would be interesting to compare it with the accuracy of the finger  
printing already built into Nmap. The performance of your neural  
network on real data is crucial to its application in practice.

If it performs reasonably well it could be used to give information  
about operating systems the engine has not seen yet. The things that I  
don't like about neural networks is that when your system makes a  
guess about a new OS it doesn't tell us an error probability. Its  
guess is also not tractable, we cannot say why a neural network has  
classified an OS as it has classified it.

Running security tests based on the result of the NN is theoretically  
possible in Nmap but not very interesting because Nmap doesn't have  
many security tests. And of the security tests coming with Nmap even  
fewer are OS specific. But again, the security tests in Nmap have  
access to the OS detection engine built into Nmap.

There are only two reasons why someone would want to use a NN: 1. if  
its guessing is better than the one in Nmap 2. if someone deals a lot  
with operating systems which have not been entered into the Nmap OS  
database.

cheers,
Diman

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org