A Passive OS-Fingerprinting framework using Honeypot

Abstract

Capturing and analyzing network traffic in real time is required for securing and maintaining large, sophisticated business network infrastructure. Operating System (OS) fingerprinting represents a tangibly effective approach for successful network management as well as strong security against a wide spectrum of cyberattacks. Security professionals have exploited OS fingerprinting mechanism since it provides useful information about the attacker machine including the type and the version of its OS. However, most of those mechanisms have not been utilized to provide sufficient analysis of the collected data to countermeasure cyberattacks. This paper proposes a comprehensive framework for passive OS fingerprinting to counter-measure attacks in network systems. First of all, a passive OS fingerprinting tool is integrated with efficient honeypot system to lure attackers in the system. Thereafter, the collected data from the attacker undergoes an efficient filtration algorithm to reduce the congestion in the network as well as make fast analysis. Finally, the filtered data is sent out to an analysis tool to grasp as much information as possible about the attacker in a short time. Experimental results demonstrate the effectiveness of our proposed framework in identifying the vulnerabilities in the network system as well as the ability to countermeasure attacks through identifying their OS, and thus, escalating their further actions.