Passive Fingerprinting Of Computer Network Reconnaissance Tools

Abstract

This thesis examines the feasibility of passively fingerprinting network reconnaissance tools. Detecting reconnaissance is a key early indication and warning of an adversary's impending attack or intelligence gathering effort against a network. Current network defense tools provide little capability to detect, and much less specifically identify, network reconnaissance. This thesis introduces a methodology for identifying a network reconnaissance tool?s unique fingerprint. The methodology confirmed the utility of previous research on visual fingerprints, produced characteristic summary tables, and introduced the application of TCP sequence number analysis to reconnaissance tool fingerprinting. We demonstrate the use of these methods to fingerprint network reconnaissance tools used in a real-world Cyber Defense Exercise scenario.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2009
Accession Number
ADA509167

Entities

People

  • Alexander J. Beecroft

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Electronic Warfare
  • Energy and Power Technologies
  • Weapons Technologies

DTIC Thesaurus Topics

  • Application Protocols
  • Computer Network Security
  • Computer Networks
  • Computer Program Documentation
  • Computer Programs
  • Computers
  • Cyber Defense Techniques
  • Cyberattacks
  • Cybersecurity
  • Cyberspace Operations
  • Graphical User Interface
  • Identification
  • Intelligence Collection
  • Network Protocols
  • Operating Systems
  • Port Scanners
  • Spreadsheet Software

Fields of Study

  • Computer science
  • History

Readers

  • Computer Networking
  • Cybersecurity.
  • Geospatial Intelligence and Artificial Intelligence Analytics

Technology Areas

  • Cyber