Research Of Host Operating System Identification Technology Based On Passive Monitoring

With the increasingly serious network security problems,more and more people pay more attention to the network security protection.As one of the most important technologies in the network security protection,the host operating system identification technology is of extremely important significance.The current host operating system identification technology has some deficiencies.First of all,the traditional active operating system identification technology often needs to construct a data packet to detect the remote host to be identified.With the popularization of network intrusion detection system,this detection method can be easily detected.Secondly,current operating system identification methods are all based on the fingerprint database identification method,which precisely matches the existing operating system fingerprints in the fingerprint database and gives the operating system type to be identified.But can not give fingerprint recognition of unknown operating system fingerprints that do not exist in the fingerprint database.And currently,the classification-based unknown fingerprinting technique is based on the complete fingerprints in the fingerprint database without being refined.Although the accuracy of the recognition is guaranteed,when the number of fingerprints in the fingerprint database is large,there is recognition efficiency Not high problem.Therefore,a method based on passive monitoring,efficient and recognizable unknown operating system has certain practical significance.This article is based on this as a starting point to conduct research.Aiming at the problem that the active operating system identification technology is easy to be detected by the intrusion detection system,the accuracy of the recognition is degraded and the unknown fingerprint that does not exist in the operating system fingerprint database can not be identified.Based on the TCP / IP passive operating system identification method,RIPPER algorithm is applied to host operating system identification to build a classification model for operating system identification,to predict the unknown operating system type,SVM is compared with the unknown operating system identification method of decision tree to verify that RIPPER algorithm has better recognition accuracy and efficiency in unknown operating system identification.Aiming to solve the problem of low recognition efficiency when using unknown fingerprints in the fingerprint database.In this paper,we propose a fingerprinting algorithm based on CHI algorithm to streamline fingerprinting in fingerprint database to generate a streamlined fingerprints with similar recognition accuracy and complete fingerprints,and to improve the efficiency of classification and recognition.Mainly based on SVM to preprocess the operating system fingerprinting vector to generate fingerprint eigenvectors,using CHI feature selection algorithm to fingerprint feature ranking,and use SVM to identify with similar operating system identification ability and the number of features as little as possible The smallest feature subset.Experiments show that compared with the feature subset of the complete fingerprint,the minimum feature subset has less accuracy and a higher recognition rate than the feature subset of the complete fingerprint.And perform inverse quantization on the smallest feature subset to generate reduced fingerprints.At last,the efficiency of reduced fingerprints is verified through experiments.