# OS Fingerprinting: New Techniques and a Study of Information Gain and   Obfuscation

**Authors:** Blake Anderson, David McGrew

arXiv: 1706.08003 · 2017-06-27

## TL;DR

This paper introduces a passive OS fingerprinting method using TLS, TCP/IP, and HTTP data, achieving high accuracy in identifying OS versions and detecting unpatched devices, while analyzing obfuscation challenges.

## Contribution

It presents a multi-session passive fingerprinting approach leveraging TLS data, demonstrating high accuracy and robustness against obfuscation techniques.

## Key findings

- Achieved 99.4% accuracy in OS major version identification
- Detected unpatched devices with over 98% accuracy
- Studied obfuscation effects, showing difficulty in manipulating TLS features

## Abstract

Passive operating system fingerprinting reveals valuable information to the defenders of heterogeneous private networks; at the same time, attackers can use fingerprinting to reconnoiter networks, so defenders need obfuscation techniques to foil them. We present an effective approach for passive fingerprinting that uses data features from TLS as well as the TCP/IP and HTTP protocols in a multi-session model, which is applicable whenever several sessions can be observed within a time window. In experiments on a real-world private network, our approach identified operating system major and minor versions with accuracies of 99.4% and 97.5%, respectively, and provided significant information gain. We also show that obfuscation strategies can often be defeated due to the difficulty of manipulating data features from all protocols, especially TLS, by studying how obfuscation affects our fingerprinting system. Because devices running unpatched operating systems on private networks create significant vulnerabilities, their detection is critical; our approach achieved over 98% accuracy at this important goal.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1706.08003/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/1706.08003/full.md

## References

27 references — full list in the complete paper: https://tomesphere.com/paper/1706.08003/full.md

---
Source: https://tomesphere.com/paper/1706.08003