Home page logo

nmap-dev logo Nmap Development mailing list archives

Paper on SVM-based Nmap OS classification
From: David Fifield <david () bamsoftware com>
Date: Sun, 16 Jan 2011 00:19:40 -0800


I took a class in machine learning and did a project to experiment with
an alternative OS matching algorithm. I implemented a support vector
machine (http://en.wikipedia.org/wiki/Support_vector_machine) that had
good performance on a simplified version of OS detection.

This is similar to some previous research done by João Medeiros
(http://seclists.org/nmap-dev/2008/q1/325), Zaid Aiman
(http://seclists.org/nmap-dev/2008/q2/2), and some researchers at Core
Security (http://www.coresecurity.com/files/attachments/Sarraute_EJS.pdf).

What I implemented is too limited to be used for real, but I think
something like this could be used for a next-generation OS detector, or
for IPv6 OS detection. The nice thing about it for maintenance is that
the most work you have to do is making sure your training samples are
labeled correctly.

I'm attaching a plain-text copy of the paper. My source code is at
$ git clone http://www.bamsoftware.com/git/nmap-svm.git

David Fifield

Attachment: nmap-svm.txt

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Paper on SVM-based Nmap OS classification David Fifield (Jan 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]