Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ipv6 machine learning

From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 21 Mar 2016 09:06:58 -0500
Tamim,

Thank you for your interest. In addition to the details that Mathias
provided, I'd like to point out some possible directions that research
could go in this area.

We do already have a logistic regression classifier for IPv6 fingerprints,
and it works well with our small set of classifications (just under 100 of
them), but we are starting to see some limitations. Specifically, the
classifications for Apple Mac OS X are not able to strongly match each
release of OS X separately, but they have lots of cross-matching between
versions. This is despite the fact that one feature in particular can
easily distinguish between versions: if the TCP_WSCALE feature is 5, for
instance, it means OS X 10.10 or 10.11.

Our thought at this point is to have a multi-stage classifier. The first
classifier would distinguish between major families of OS: Windows, OS X,
BSD, VxWorks, or others. The second stage would then determine within that
classification what the specific OS version is. We hope that this would
overcome the challenges of having so many different classifications: our
IPv4 OS fingerprint database is more complete and has over 1200 different
general classifications, and many more granular Fingerprint names.

We are open to other ideas on solving this problem. Last year, apart from
GSoC, Alex Geana worked with Mathias on adding new features to the
classifier and implementing imputation of missing features. The benefit of
the imputation work is hard to determine relative to the effort of
maintaining and running it, so it has not been integrated yet.

We are not machine learning experts, but we have a real-world problem, a
growing training corpus, and lots of domain-specific knowledge of what
works and what doesn't in classifying network stack fingerprints. We are
looking for an applicant with knowledge and experience with machine
learning techniques who can help us:

* choose an approach that works,
* measure the relative benefit of changes to the classifier,
* write code to implement these ideas, and
* clearly communicate the design and operation of his or her code so that
others can maintain and improve it.

Dan

On Fri, Mar 18, 2016 at 5:09 PM, Tamim Addari <tamim.tamim1382 () gmail com>
wrote:


Hi ,
I am Tamim and I am interested in ipv6 machine learning project .
I have the question , does nmap already uses logistic regression to
classify ipv6 ? Cause the page
https://nmap.org/book/osdetect-guess.html#osdetect-guess-ipv6 implies
seems to imply that it is already implemented.If  so then what would be the
project goal? If not so then I was wondering if there is a choice  between
logistic regression , support vector machine , decision trees etc other
techniques.
Thank you

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: