Remote Operating System (OS) Fingerprinting is a precursory step for launching attacks on the Internet. As a precaution against potential attacks, a remote machine can take a proactive counter-strategy to deceive fingerprinters. This is done by normalizing or mystifying the distinguishing behaviors in the packets. However, the unified modification causes significant performance degradation to benign clients. Using a game-theoretic approach, we propose a selective and dynamic mechanism for counter-fingerprinting. We first model and analyze the interaction between a fingerprinter and a target as a signaling game. We derive the Nash equilibrium strategy profiles based on the information gain analysis. Based on our game results, we design DeceiveGame, a mechanism to prevent or to significantly slow down fingerprinting attacks. Our game-theoretic approach appropriately distinguishes a fingerprinter from a benign client and mystifies packets to confuse the fingerprinter, while minimizing the side effects on benign clients. Our performance analysis shows that DeceiveGame can reduce the probability of success of the fingerprinter significantly, without deteriorating the overall performance of other clients.
[1]
Kathleen M. Nichols,et al.
Simulation Studies of Increased Initial TCP Window Size
,
1998,
RFC.
[2]
Ehab Al-Shaer,et al.
Random Host Mutation for Moving Target Defense
,
2012,
SecureComm.
[3]
Xinyuan Zhang,et al.
Delude Remote Operating System (OS) Scan by Honeyd
,
2009,
2009 Second International Workshop on Computer Science and Engineering.
[4]
Patrice Auffret.
SinFP, unification of active and passive operating system fingerprinting
,
2008,
Journal in Computer Virology.
[5]
Farnam Jahanian,et al.
Defeating TCP/IP Stack Fingerprinting
,
2000,
USENIX Security Symposium.
[6]
John T. Michalski.
Network security mechanisms utilising network address translation
,
2006,
Int. J. Crit. Infrastructures.
[7]
R. Gibbons.
Game theory for applied economists
,
1992
.
[8]
Fabrice Harrouet,et al.
IpMorph: fingerprinting spoofing unification
,
2010,
Journal in Computer Virology.