Nmap Development mailing list archives

Re: OS fingerprint extraction quality when scanning a large number of machines

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 18 Dec 2008 21:34:15 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 18 Dec 2008 18:21:53 +0100
"Giorgio Zoppi" <giorgio.zoppi () gmail com> wrote:

2008/12/17 Michael Head <mrhead () us ibm com>:


You gave me an idea with this mail. Do you think that if there's some
machine learning
way to relate differents fingerprints? In order to predict
fingerprints, Nmap could actively learn
from previous scans and give more accurate results to its end users,
is that feasible?


Well machine learning (I think fingerprints are particularly well
suited for SVMs[1]) could be used to group fingerprints but without
human input as to what the OS or OS family is for a group, machine
learning isn't terribly useful.

The best way to improve fingerprint quality is to submit new
fingerprints and submit corrections.  David and others basically play
"human SVM" and add/fix fingerprints based on experience and good
judgement.

Brandon


[1] http://en.wikipedia.org/wiki/Support_vector_machine
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklKwd0ACgkQqaGPzAsl94Lc3QCeOf0VqrrQfkyP3ichPoWJdCtp
4zIAn1Xodn5CwzslpLZVv5fvNTsKoIS8
=9qG7
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: OS fingerprint extraction quality when scanning a large number of machines, (continued)
- - - Re: OS fingerprint extraction quality when scanning a large number of machines Michael Head (Dec 18)
    - Re: OS fingerprint extraction quality when scanning a large number of machines Rob Nicholls (Dec 18)
    - Re: OS fingerprint extraction quality when scanning a large number of machines David Fifield (Dec 18)
    - Re: OS fingerprint extraction quality when scanning a large number of machines Rob Nicholls (Dec 18)
    - Re: OS fingerprint extraction quality when scanning a large number of machines Brandon Enright (Dec 18)
    - Re: OS fingerprint extraction quality when scanning a large number of machines David Fifield (Dec 18)
    - Re: OS fingerprint extraction quality when scanning a large number of machines Brandon Enright (Dec 18)
    - Re: OS fingerprint extraction quality when scanning a large number of machines David Fifield (Dec 18)
- Re: OS fingerprint extraction quality when scanning a large number of machines Giorgio Zoppi (Dec 18)
  - Re: OS fingerprint extraction quality when scanning a large number of machines Michael Head (Dec 18)
  - Re: OS fingerprint extraction quality when scanning a large number of machines Brandon Enright (Dec 18)
- Re: OS fingerprint extraction quality -- solved in r11437 David Fifield (Dec 19)
  - Re: OS fingerprint extraction quality -- solved in r11437 Rob Nicholls (Dec 19)
    - Re: OS fingerprint extraction quality -- solved in r11437 Rob Nicholls (Dec 20)
  - Re: OS fingerprint extraction quality -- solved in r11437 Michael Head (Dec 19)