Nmap Development mailing list archives
Paper on SVM-based Nmap OS classification
From: David Fifield <david () bamsoftware com>
Date: Sun, 16 Jan 2011 00:19:40 -0800
Hi, I took a class in machine learning and did a project to experiment with an alternative OS matching algorithm. I implemented a support vector machine (http://en.wikipedia.org/wiki/Support_vector_machine) that had good performance on a simplified version of OS detection. This is similar to some previous research done by João Medeiros (http://seclists.org/nmap-dev/2008/q1/325), Zaid Aiman (http://seclists.org/nmap-dev/2008/q2/2), and some researchers at Core Security (http://www.coresecurity.com/files/attachments/Sarraute_EJS.pdf). What I implemented is too limited to be used for real, but I think something like this could be used for a next-generation OS detector, or for IPv6 OS detection. The nice thing about it for maintenance is that the most work you have to do is making sure your training samples are labeled correctly. I'm attaching a plain-text copy of the paper. My source code is at $ git clone http://www.bamsoftware.com/git/nmap-svm.git David Fifield
Attachment:
nmap-svm.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Paper on SVM-based Nmap OS classification David Fifield (Jan 16)