Ing. Matej Hulák

Publications

Evaluation of passive OS fingerprinting methods using TCP/IP fields

Authors
Hulák, M.; Bartoš, V.; Čejka, T.
Year
2023
Published
2023 8th International Conference on Smart and Sustainable Technologies (SpliTech). New Jersey: IEEE, 2023. ISBN 978-953-290-128-3.
Type
Proceedings paper
Annotation
An important part of network management is to keep knowledge about the connected devices. One of the tools that can provide such information in real-time is passive OS fingerprinting, in particular the method based on analyzing values of specific TCP/IP headers. The state-of-the-art approach is to use machine learning to create such OS classifier. In this paper, we focus on the evaluation of this approach from several perspectives. We took two existing public datasets and created a new one from our network and trained machine learning models to classify the 4 most common operation system families based on selected TCP/IP fields. We compare different models, discuss the need to round TTL values to avoid over-fitting, and test the transferability of models trained on data from different networks. Although TCP/IP-related characteristics of individual operating systems should be independent on where the device is located, our experiments show that a model trained in one network performs much worse in another one, making model creation and deployment more difficult in practice. A good solution may be to combine data from multiple networks. A model trained on a combination of all three datasets exhibited the best results on average across the datasets.

Classification of network traffic

Year
2022
Published
Proceedings of the 10th Prague Embedded Systems Workshop. Praha: CTU. Faculty of Information Technology, 2022. p. 52-58. ISBN 978-80-01-07015-4.
Type
Proceedings paper
Annotation
This paper describes the context of existing approaches to real-time net- work flow classification and focuses on the contributions of bachelor and master thesis of the author. The paper also proposes several research questions that are planned for the future Ph.D. study.

Classification of Network Traffic using Traffic Features

Year
2020
Published
Proceedings of the 8th Prague Embedded Systems Workshop. Praha: Czech Technical University in Prague, 2020. p. 17-18. ISBN 978-80-01-06772-7.
Type
Proceedings paper
Annotation
Computer networks are gradually becoming essential people’s needs. The amount of network traffic and network devices is increasing every day due to improvements and expansion of network infrastructure.The new trend of smart phones, watches, fridges and, in general, smart homes connect a high number of new devices into a network infrastructure. Therefore, the overall volume of network traffic grows, and also networks are getting more complex, which means they are harder to monitor. The main focus of our presentation is the monitoring technology for high speed networks that is able to analyze and classify network traffic automatically. Traffic classification is an essential functionality for various purposes, such as network security. Identification of types of network traffic is a part of the process of, e.g., forensic analysis. Therefore, the accurate and fast classification algorithm provides valuable information for network operators and security analysts. As a software prototype for our experiments, we use NEMEA system. We have developed NEMEA modules that contain the classification algorithms. These prototypes allow us to compare different algorithms in an experimental environment with offline data, and the same software module (with the best performance) can also be deployed in production for online analysis.