| With the rapid development of the Internet,computer network criminal increasingly frequent which disrupted the normal Internet order seriously.Actually,attackers often use a variety of means to hide themselves in the process of network criminal which resulting in difficult to obtain evidence of the crime.However,host fingerprinting was used to accurately identity the target host,therefore,this paper focused on the practical problems faced by host fingerprinting.The main work of this paper is as follows: 1.Aiming at the key problems in passive host fingerprinting,a research framework of passive host fingerprinting is proposed.The framework defines the related concepts clearly in the research of the host fingerprinting and provides a brief introduction to the research framework which laying the foundation for the follow study.2.In order to solve the key problems proposed in the research framework,this paper studied clock-skew-based remote device fingerprinting in detail,first,the factors that affect the accuracy of the clock skew are analyzed,and then this paper proposed the discrete point and jump point detection methods,finally,the application scope of the method is given.3.Aiming at the problem that the characteristic acquisition is difficult to identify the target host,a framework of host fingerprinting based on multi-dimensional host fingerprint model is proposed.The method acquires the host characteristic from network traffic,and then uses the host fingerprint extraction function to construct the host fingerprint library and then identify the target host.Finally,the experiments show that this method has strong applicability,and the accuracy of host identity is 93.33%.4.The last,according to the framework of this paper,the prototype system is designed and completed,and the modular function is used to realize the specific function and improve the scalability and maintainability of the system in the actual environment. |
PDF Full Text Request