Re: OS fingerprint extraction quality when scanning a large number of machines

[Michael Head <mrhead () us ibm com>]

(I originally replied just to Giorgio, but I noticed he sent a copy to the
list, so I'm following up here, too)

Giorgio wrote on 12/18/2008 12:21:53 PM:
> You gave me an idea with this mail. Do you think that if there's some
> machine learning
> way to relate differents fingerprints? In order to predict
> fingerprints, Nmap could actively learn
> from previous scans and give more accurate results to its end users,
> is that feasible?

Hello Giorgio,

Interesting idea... My understanding of machine learning leads me to
believe that there should be some underlying correlation between the data.
We may not be able to predict in exactly what ways the are related, but
there should be some reason to think there is a connection.

So to answer the question of whether it is feasible, I think it is
necessary to consider whether the results of the individual probes against
a class of operating system share enough common features and whether the
individual probes against a different class of operating systems have
enough distinguishing characteristics.

One thing I can think of to get started on figuring this out is to do some
data mining on the existing OS fingerprint database. Are there hidden
patterns connecting the fingerprints for most Windows machines? I think
data mining techniques can answer that question.

mike

> --
> Quiero ser el rayo de sol que cada día te despierta
> para hacerte respirar y vivir en me.
> "Favola -Moda".

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org