A Hybrid Approach to Operating System Discovery using Answer Set Programming

The goal of operating system (OS) discovery is to learn which OS is running on a distant computer. There are two main strategies for OS discovery: active and passive. Each of them has advantages as well as drawbacks. This paper discusses how answer set programming, a new logic programming paradigm, can be used to address, in a simple and elegant way, the problem of operating system discovery in computer networks by logically specifying the problem and providing solutions through automated reasoning. As a result of using such a knowledge representation framework, it is possible to unify the active and the passive methods to OS discovery in a single hybrid approach that has the advantages of both strategies while being much more versatile. Moreover, this paper presents a proof of concept prototype for hybrid operating system discovery.

[1]  Wolfgang Faber,et al.  The DLV system for knowledge representation and reasoning , 2002, TOCL.

[2]  Yvan Labiche,et al.  Context-Based Intrusion Detection Using Snort, Nessus and Bugtraq Databases , 2005, PST.

[3]  Danny De Schreye,et al.  Answer Set Planning , 1999 .

[4]  Greg Taleck,et al.  Ambiguity Resolution via Passive OS Fingerprinting , 2003, RAID.

[5]  Chitta Baral,et al.  Knowledge Representation, Reasoning and Declarative Problem Solving , 2003 .

[6]  François Gagnon,et al.  Automatic Evaluation of Intrusion Detection Systems , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[7]  Wolfgang Faber,et al.  A logic programming approach to knowledge-state planning: Semantics and complexity , 2004, TOCL.

[8]  Annie De Montigny-Leboeuf A Multi-Packet Signature Approach to Passive Operating System Detection , 2005 .

[9]  Chitta Baral,et al.  Reasoning agents in dynamic domains , 2000 .

[10]  Vladimir Lifschitz,et al.  Action Languages, Answer Sets, and Planning , 1999, The Logic Programming Paradigm.

[11]  R. Lippmann,et al.  Passive Operating System Identification From TCP / IP Packet Headers * , 2003 .

[12]  Ilkka Niemelä,et al.  The Smodels System , 2001, LPNMR.

[13]  Michael Gelfond,et al.  Logic programming and knowledge representation—The A-Prolog perspective , 2002 .

[14]  Hector J. Levesque,et al.  What Is Planning in the Presence of Sensing? , 1996, AAAI/IAAI, Vol. 2.

[15]  Victor W. Marek,et al.  The Logic Programming Paradigm: A 25-Year Perspective , 2011 .