发帖
雷达卡
摘要翻译:
本文介绍了人工智能技术在信息安全领域的应用。远程操作系统(OS)检测问题,也称为操作系统指纹问题,是渗透测试过程中的一个关键步骤,因为攻击者(黑客或安全专家)需要知道目标主机的操作系统才能选择他将要使用的漏洞。操作系统检测是通过被动地嗅探网络数据包并主动地向目标主机发送测试数据包来完成的,以研究主机响应中揭示其操作系统信息的特定变化。最初的指纹实现是基于对TCP/IP协议栈实现之间差异的分析。下一代将分析集中在应用层数据上,如DCE、RPC端点信息。尽管分析了更多的信息,但仍使用“最佳拟合”算法的一些变化来解释这些新信息。我们的新方法包括分析在操作系统识别过程中收集的信息的组成,以识别关键元素及其关系。为了实现这种方法,我们开发了使用神经网络和统计学领域的技术的工具。这些工具已经成功地集成在一个商业软件中(核心影响)。
---
英文标题:
《Outrepasser les limites des techniques classiques de Prise d'Empreintes
grace aux Reseaux de Neurones》
---
作者:
Javier Burroni, Carlos Sarraute (CoreLabs, Core Security Technologies)
---
最新提交年份:
2010
---
分类信息:
一级分类:Computer Science 计算机科学
二级分类:Cryptography and Security 密码学与安全
分类描述:Covers all areas of cryptography and security including authentication, public key cryptosytems, proof-carrying code, etc. Roughly includes material in ACM Subject Classes D.4.6 and E.3.
涵盖密码学和安全的所有领域,包括认证、公钥密码系统、携带证明的代码等。大致包括ACM主题课程D.4.6和E.3中的材料。
--
一级分类:Computer Science 计算机科学
二级分类:Artificial Intelligence 人工智能
分类描述:Covers all areas of AI except Vision, Robotics, Machine Learning, Multiagent Systems, and Computation and Language (Natural Language Processing), which have separate subject areas. In particular, includes Expert Systems, Theorem Proving (although this may overlap with Logic in Computer Science), Knowledge Representation, Planning, and Uncertainty in AI. Roughly includes material in ACM Subject Classes I.2.0, I.2.1, I.2.3, I.2.4, I.2.8, and I.2.11.
涵盖了人工智能的所有领域,除了视觉、机器人、机器学习、多智能体系统以及计算和语言(自然语言处理),这些领域有独立的学科领域。特别地,包括专家系统,定理证明(尽管这可能与计算机科学中的逻辑重叠),知识表示,规划,和人工智能中的不确定性。大致包括ACM学科类I.2.0、I.2.1、I.2.3、I.2.4、I.2.8和I.2.11中的材料。
--
一级分类:Computer Science 计算机科学
二级分类:Neural and Evolutionary Computing 神经与进化计算
分类描述:Covers neural networks, connectionism, genetic algorithms, artificial life, adaptive behavior. Roughly includes some material in ACM Subject Class C.1.3, I.2.6, I.5.
涵盖神经网络,连接主义,遗传算法,人工生命,自适应行为。大致包括ACM学科类C.1.3、I.2.6、I.5中的一些材料。
--
---
英文摘要:
We present an application of Artificial Intelligence techniques to the field of Information Security. The problem of remote Operating System (OS) Detection, also called OS Fingerprinting, is a crucial step of the penetration testing process, since the attacker (hacker or security professional) needs to know the OS of the target host in order to choose the exploits that he will use. OS Detection is accomplished by passively sniffing network packets and actively sending test packets to the target host, to study specific variations in the host responses revealing information about its operating system. The first fingerprinting implementations were based on the analysis of differences between TCP/IP stack implementations. The next generation focused the analysis on application layer data such as the DCE RPC endpoint information. Even though more information was analyzed, some variation of the "best fit" algorithm was still used to interpret this new information. Our new approach involves an analysis of the composition of the information collected during the OS identification process to identify key elements and their relations. To implement this approach, we have developed tools using Neural Networks and techniques from the field of Statistics. These tools have been successfully integrated in a commercial software (Core Impact).
---
PDF链接:
https://arxiv.org/pdf/1006.2844
提升卡
置顶卡
沉默卡
变色卡
抢沙发
千斤顶
显身卡
京公网安备 11010802022788号
