Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

TCP_WINDOW and TCP_MSS correlation as feature

From: Alexandru Geana <alex () alegen net>
Date: Mon, 11 May 2015 19:59:12 +0200
Hello devs,

During one IRC discussion, an idea was brought up to use the correlation
between TCP_WINDOW and TCP_MSS as a feature for the IPv6 logistic
regression model. Attached to this email I am sending two patches, one
for the nmap codebase and another for the ipv6tests folder which adds
this new feature.

While testing on scanme.nmap.org, I noticed that the novelty threshold
was too low (nmap had the top result with novelty at around 20.8), so
I set the FP_NOVELTY_THRESHOLD to 25.

Let me know what you think and if you find any problems with it.

Best regards,
Alexandru Geana
alegen.net

Attachment: ipv6tests.diff
Description:

Attachment: nmap.diff
Description:

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: