Investigating the detection of multi-homed devices independent of operating systems

Abstract

Networks protected by firewalls and physical separation schemes are threatened by multi-homed devices. The purpose of this study is to detect multi-homed devices on a computer network. More specifically, the goal is to evaluate passive detection of multi-homed devices running various operating systems while communicating on a network. TCP timestamp data was used to estimate clock skews using linear regression and linear optimization methods. Analysis revealed that detection depends on the consistency of the estimated clock skew. Through vertical testing, it was also shown that clock skew consistency depends on the installed operating system. The linear programming and linear regression methods agree with one another when clock skews are consistent, indicating that linear regression is sufficient to identify multi-homed hosts in networks with low network delay. Further analysis showed inconsistencies of clock skew estimation on newer versions of OS X and free BSD 12.0; the clock skews from these operating systems prevented multi-homed fingerprinting using the proposed detection scheme.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2017
Accession Number
AD1046915

Entities

People

  • Javan A. Rhinehart

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Air Platforms
  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Computer Communications
  • Computer Network Security
  • Computer Networks
  • Computer Programming
  • Computers
  • Consistency
  • Department Of Defense
  • Detection
  • Gaussian Distributions
  • Linear Programming
  • Network Protocols
  • Networks
  • Operating Systems
  • Security Protocols
  • Software Defined Networks
  • Systems Engineering
  • Test Beds

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Integrated Circuit Design and Technology.
  • Organizational Psychology.