• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.5B
• /
• pp.443-450
• /
• 2011

The Internet has become an essential part in our modern life by providing useful information. So, the volume of Internet traffic has been increasing rapidly, which emphasizes the importance of network traffic analysis for effective network operation and management. Signature based analysis have been commonly used, but it is shown that the increase of signatures due to the increase of applications causes the performance degradation of real-time traffic analysis on high-speed network links. In this paper, we propose OS fingerprinting method for real-time traffic analysis. The previous problems can be solved by utilizing the OS information. The OS fingerprinting method for real-time traffic analysis, proposed in this paper, conducts under passive mode, and improves the limitation of a previous method such as low completeness and accuracy. In this paper, we enlarged an input data to improve completeness, and used the User-Agent field in HTTP packet to extract various OS signatures. Also, we changed an input data from packet to flow to improve accuracy.

• Journal of Information Processing Systems
• /
• v.14 no.3
• /
• pp.740-750
• /
• 2018

There are a great number of Internet-connected devices and their information can be acquired through an Internet-wide scanning tool. By associating device information with publicly known security vulnerabilities, security experts are able to determine whether a particular device is vulnerable. Currently, the identification of the device information and its related vulnerabilities is manually carried out. It is necessary to automate the process to identify a huge number of Internet-connected devices in order to analyze more than one hundred thousand security vulnerabilities. In this paper, we propose a method of automatically generating device information in the Common Platform Enumeration (CPE) format from banner text to discover potentially weak devices having the Common Vulnerabilities Exposures (CVE) vulnerability. We demonstrated that our proposed method can distinguish as much adequate CPE information as possible in the service banner.