Capturing and analyzing network traffic in real time is required for securing and maintaining large, sophisticated business network infrastructure. Operating System (OS) fingerprinting represents a tangibly effective approach for successful network management as well as strong security against a wide spectrum of cyberattacks. Security professionals have exploited OS fingerprinting mechanism since it provides useful information about the attacker machine including the type and the version of its OS. However, most of those mechanisms have not been utilized to provide sufficient analysis of the collected data to countermeasure cyberattacks. This paper proposes a comprehensive framework for passive OS fingerprinting to countermeasure attacks in network systems. First of all, a passive OS fingerprinting tool is integrated with efficient honeypot system to lure attackers in the system. Thereafter, the collected data from the attacker undergoes an efficient filtration algorithm to reduce the congestion in the network as well as make fast analysis. Finally, the filtered data is sent out to an analysis tool to grasp as much information as possible about the attacker in a short time. Experimental results demonstrate the effectiveness of our proposed framework in identifying the vulnerabilities in the network system as well as the ability to countermeasure attacks through identifying their OS, and thus, escalating their further actions.

Conference Title

IEEE 2022 ASU International Conference in Emerging Technologies for Sustainability and Intelligent Systems (ICETSIS)

Conference Country

Bahrain

Conference Date

June 22, 2022 - June 23, 2022

Conference Sponsor

IEEE