We study the new problem of network protocol fingerprinting, which has been recognized as both a threat to cyberspace privacy and a useful technique for intrusion detection. This paper provides the first taxonomy of fingerprint matching and discovery problems based on a formal fingerprint model call Minutiae. The FSM based Minutiae model captures more structural characteristics of a protocol implementation than the traditional trace-based representation, and therefore enables rigid analysis and more accurate fingerprinting algorithms. We first introduce our formal model and classification of fingerprinting problems; then propose solution for each category of problem illustrated with examples. For all algorithms we also present analysis of their time complexity.
展开▼