Operating System Fingerprinting Tool Based on Classical Machine Learning Algorithms

Operating System (OS) fingerprinting aims to identify the OS of a machine analysing its network traffic. Traditional OS fingerprinting tools use a rule-based approach to perform this task, analysing the traffic characteristics of the target machine and comparing these values against an OS signature database in order to obtain a result. The problem with this approach arises when there is no signature in the database that matches the values of the tests carried out. This situation can occur due to configuration changes, installation of hardening tools or the appearance of new OSs. In this sense, the application of Artificial Intelligence (AI) techniques to this task has shown to offer good results, while it can solve some of the problems exposed. In this context, this work proposes a new OS fingerprinting tool, modular and easily extensible, that bases its operation on the application of AI models. The tool is composed of different modules that implement the fingerprinting process: a capture module, capable of collecting and processing network traffic both actively and passively, an AI classifier module, which generates signatures from the traffic and identify their OS applying AI models, and one user interface, to interact with the user. The ML model which classifies the OSs was developed applying classical ML algorithms to the p0f OS signature database.