World Wide Web

Stack (abstract data type)

Biology

Identification (biology)

Statistics

Computer security

Encryption

Operating system

The Internet

Computer science

Botany

Internet protocol suite

Computer network

Statistic

Mathematics

Cryptography

Session (web analytics)

More and more security vulnerabilities are closely related to operating system (OS) information, but how to accurately identify OS versions on a real-world dynamic network in encrypted traffic is still a challenge. In this paper, we propose a comprehensive passive OS identification method based on encrypted traffic. It takes advantage of several features in TLS headers and TCP/IP headers. Moreover, we also consider flow statistic features for each session. We collect a large dataset of more than 2 million samples to evaluate the performance of our approach. According to the experimental results, the performance of the proposed method is preferable to the traditional method.

Identify OS from encrypted traffic with TCP/IP stack fingerprinting