Paper on SVM-based Nmap OS classification

[David Fifield <david () bamsoftware com>]

Hi,

I took a class in machine learning and did a project to experiment with
an alternative OS matching algorithm. I implemented a support vector
machine (http://en.wikipedia.org/wiki/Support_vector_machine) that had
good performance on a simplified version of OS detection.

This is similar to some previous research done by João Medeiros
(http://seclists.org/nmap-dev/2008/q1/325), Zaid Aiman
(http://seclists.org/nmap-dev/2008/q2/2), and some researchers at Core
Security (http://www.coresecurity.com/files/attachments/Sarraute_EJS.pdf).

What I implemented is too limited to be used for real, but I think
something like this could be used for a next-generation OS detector, or
for IPv6 OS detection. The nice thing about it for maintenance is that
the most work you have to do is making sure your training samples are
labeled correctly.

I'm attaching a plain-text copy of the paper. My source code is at
$ git clone http://www.bamsoftware.com/git/nmap-svm.git

David Fifield

Attachment: nmap-svm.txt
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/