{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,10]],"date-time":"2024-09-10T17:51:12Z","timestamp":1725990672502},"reference-count":94,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2023,6,1]],"date-time":"2023-06-01T00:00:00Z","timestamp":1685577600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2023,6,1]],"date-time":"2023-06-01T00:00:00Z","timestamp":1685577600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2023,4,19]],"date-time":"2023-04-19T00:00:00Z","timestamp":1681862400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100008530","name":"European Regional Development Fund","doi-asserted-by":"publisher","award":["CZ.02.1.01\/0.0\/0.0\/16_019\/0000822"],"id":[{"id":"10.13039\/501100008530","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computer Networks"],"published-print":{"date-parts":[[2023,6]]},"DOI":"10.1016\/j.comnet.2023.109782","type":"journal-article","created":{"date-parts":[[2023,4,20]],"date-time":"2023-04-20T10:03:58Z","timestamp":1681985038000},"page":"109782","update-policy":"http:\/\/dx.doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":3,"special_numbering":"C","title":["Passive operating system fingerprinting revisited: Evaluation and current challenges"],"prefix":"10.1016","volume":"229","author":[{"ORCID":"http:\/\/orcid.org\/0000-0002-6604-6947","authenticated-orcid":false,"given":"Martin","family":"La\u0161tovi\u010dka","sequence":"first","affiliation":[]},{"given":"Martin","family":"Hus\u00e1k","sequence":"additional","affiliation":[]},{"given":"Petr","family":"Velan","sequence":"additional","affiliation":[]},{"given":"Tom\u00e1\u0161","family":"Jirs\u00edk","sequence":"additional","affiliation":[]},{"given":"Pavel","family":"\u010celeda","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.comnet.2023.109782_bib0001","doi-asserted-by":"crossref","unstructured":"R. Fielding, J. Reschke, Hypertext transfer protocol (HTTP\/1.1): semantics and content, RFC 7231 (Proposed Standard) (2014). URL http:\/\/www.ietf.org\/rfc\/rfc7231.txt.","DOI":"10.17487\/rfc7231"},{"issue":"4","key":"10.1016\/j.comnet.2023.109782_bib0002","doi-asserted-by":"crossref","first-page":"2037","DOI":"10.1109\/COMST.2014.2321898","article-title":"Flow monitoring explained: from packet capture to data analysis with NetFlow and IPFIX","volume":"16","author":"Hofstede","year":"2014","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"10.1016\/j.comnet.2023.109782_bib0003","volume":"62","author":"Kott","year":"2015"},{"key":"10.1016\/j.comnet.2023.109782_bib0004","series-title":"Proceedings of the 15th International Conference on Availability, Reliability and Security","article-title":"SoK: contemporary issues and challenges to enable cyber situational awareness for network security","author":"Hus\u00e1k","year":"2020"},{"key":"10.1016\/j.comnet.2023.109782_bib0005","series-title":"NOMS 2020 - 2020 IEEE\/IFIP Network Operations and Management Symposium","article-title":"Network monitoring and enumerating vulnerabilities in large heterogeneous networks","author":"La\u0161tovi\u010dka","year":"2020"},{"key":"10.1016\/j.comnet.2023.109782_bib0006","unstructured":"Titan H.Q., SpamTitan Passive OS fingerprinting, [cited 2020-09-17] (2018). URL https:\/\/www.manula.com\/manuals\/menlo-park-tech\/spamtitan-administrator-guide\/1\/en\/topic\/passive-os-fingerprinting."},{"key":"10.1016\/j.comnet.2023.109782_bib0007","unstructured":"J.M. Allen, OS and application fingerprinting techniques, SANS Institute InfoSec Reading Room (2007)."},{"key":"10.1016\/j.comnet.2023.109782_bib0008","series-title":"Computational Intelligence in Security for Information Systems","first-page":"68","article-title":"A qualitative survey of active TCP\/IP fingerprinting tools and techniques for operating systems identification","author":"Medeiros","year":"2011"},{"key":"10.1016\/j.comnet.2023.109782_bib0009","series-title":"Virtual Honeypots: From Botnet Tracking to Intrusion Detection","author":"Provos","year":"2007"},{"key":"10.1016\/j.comnet.2023.109782_bib0010","series-title":"Fingerprinting Techniques For _target-Oriented Investigations in Network forensics, Sicherheit 2014\u2013 Sicherheit","author":"Herrmann","year":"2014"},{"issue":"1","key":"10.1016\/j.comnet.2023.109782_bib0011","doi-asserted-by":"crossref","first-page":"298","DOI":"10.1109\/JIOT.2021.3099028","article-title":"Machine learning for the detection and identification of internet of things devices: a survey","volume":"9","author":"Liu","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.comnet.2023.109782_bib0012","doi-asserted-by":"crossref","DOI":"10.1109\/COMST.2021.3064259","article-title":"A survey on device behavior fingerprinting: data sources, techniques, application scenarios, and datasets","author":"S\u00e1nchez","year":"2021","journal-title":"IEEE Commun. Surv. Tutorials"},{"issue":"1","key":"10.1016\/j.comnet.2023.109782_bib0013","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1109\/COMST.2015.2476338","article-title":"Device fingerprinting in wireless networks: challenges and opportunities","volume":"18","author":"Xu","year":"2015","journal-title":"IEEE Commun. Surv. Tutorialss"},{"key":"10.1016\/j.comnet.2023.109782_bib0014","series-title":"2015 IEEE Conference on Communications and Network Security (CNS)","first-page":"317","article-title":"A deception based approach for defeating OS and service fingerprinting","author":"Albanese","year":"2015"},{"issue":"5","key":"10.1016\/j.comnet.2023.109782_bib0015","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1002\/nem.1901","article-title":"A survey of methods for encrypted traffic classification and analysis","volume":"25","author":"Velan","year":"2015","journal-title":"Int. J. Network Manage."},{"key":"10.1016\/j.comnet.2023.109782_bib0016","unstructured":"L. Spitzner, Passive fingerprinting, FOCUS on intrusion detection: passive fingerprinting (May 3, 2000) (2000) 1\u20134."},{"key":"10.1016\/j.comnet.2023.109782_bib0017","unstructured":"M. Zalewski, p0f v3, [cited 2022-03-02] (2012). URL http:\/\/lcamtuf.coredump.cx\/p0f3\/."},{"key":"10.1016\/j.comnet.2023.109782_bib0018","unstructured":"M. Beddoe, The Siphon project: the passive network mapping tool, [cited 2022-03-02] (2011). URL https:\/\/github.com\/unmarshal\/siphon."},{"key":"10.1016\/j.comnet.2023.109782_bib0019","unstructured":"R. Lippmann, D. Fried, K. Piwowarski, W. Streilein, Passive operating system identification from TCP\/IP packet headers, in: Workshop on Data Mining for Computer Security, 2003, p. 40."},{"key":"10.1016\/j.comnet.2023.109782_bib0020","series-title":"International Conference on Passive and Active Network Measurement","first-page":"186","article-title":"Profiling the end host","author":"Karagiannis","year":"2007"},{"key":"10.1016\/j.comnet.2023.109782_bib0021","article-title":"Passive OS detection by monitoring network flows","author":"Mossel","year":"2012","journal-title":"DLib Magazine"},{"key":"10.1016\/j.comnet.2023.109782_bib0022","series-title":"Detection of Operation Systems in Network Traffic Using IPFIX","author":"Vyml\u00e1til","year":"2014"},{"key":"10.1016\/j.comnet.2023.109782_bib0023","series-title":"2014 5th International Conference on Data Communication Networking (DCNET)","first-page":"1","article-title":"Towards identification of operating systems from the internet traffic: ipfix monitoring with fingerprinting and clustering","author":"Matou\u0161ek","year":"2014"},{"key":"10.1016\/j.comnet.2023.109782_bib0024","series-title":"Advances in Communication Networking","first-page":"70","article-title":"Identifying operating system using flow-based traffic fingerprinting","author":"Jirs\u00edk","year":"2014"},{"issue":"4","key":"10.1016\/j.comnet.2023.109782_bib0025","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1109\/MSP.2015.86","article-title":"Packet Inspection for Unauthorized OS Detection in Enterprises","volume":"13","author":"Tyagi","year":"2015","journal-title":"IEEE Secur Priv"},{"key":"10.1016\/j.comnet.2023.109782_bib0026","series-title":"IEEE EUROCON 2015 - International Conference on Computer as a Tool","first-page":"1","article-title":"TCP\/IP header classification for detecting spoofed DDoS attack in Cloud environment","author":"Osanaiye","year":"2015"},{"key":"10.1016\/j.comnet.2023.109782_bib0027","series-title":"NOMS 2018 - 2018 IEEE\/IFIP Network Operations and Management Symposium","first-page":"1","article-title":"Passive OS fingerprinting methods in the jungle of wireless networks","author":"La\u0161tovi\u010dka","year":"2018"},{"key":"10.1016\/j.comnet.2023.109782_bib0028","series-title":"NOMS 2018 - 2018 IEEE\/IFIP Network Operations and Management Symposium","article-title":"Passive OS fingerprinting prototype demonstration","author":"La\u0161tovi\u010dka","year":"2018"},{"issue":"1","key":"10.1016\/j.comnet.2023.109782_bib0029","doi-asserted-by":"crossref","first-page":"57","DOI":"10.7763\/IJCTE.2014.V6.837","article-title":"Improving operating system fingerprinting using machine learning techniques","volume":"6","author":"Al-Shehari","year":"2014","journal-title":"Int. J. Comput. Theory Eng."},{"key":"10.1016\/j.comnet.2023.109782_bib0030","series-title":"Proceedings of the Ninth ACM\/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS \u201913","first-page":"113","article-title":"K-p0F: a High-throughput kernel passive OS fingerprinter","author":"Barnes","year":"2013"},{"key":"10.1016\/j.comnet.2023.109782_bib0031","unstructured":"Ornaghi, Alberto and Valleri, Marco and Escobar, Emilio and Costamagna, Gianfranco and Koeppe, Alexander and Abdulkadir, Ali, Ettercap project, [cited 2022-03-02] (2001). URL https:\/\/www.ettercap-project.org\/."},{"key":"10.1016\/j.comnet.2023.109782_bib0032","unstructured":"A. Ornaghi, M. Valleri, E. Escobar, E. Milam, G. Costamagna, A. Koeppe, Ettercap, [cited 2022-03-02] (2011). URL https:\/\/github.com\/Ettercap\/ettercap."},{"key":"10.1016\/j.comnet.2023.109782_bib0033","unstructured":"NetGrab, Netsleuth, [cited 2020-09-04] (2012). URL http:\/\/netgrab.co.uk\/netsleuth\/."},{"key":"10.1016\/j.comnet.2023.109782_bib0034","unstructured":"E.B. Fjellsk\u00e5l, K. Wysocki, PRADS - passive real-time asset detection system, [cited 2022-03-02] (2009). URL https:\/\/github.com\/gamelinux\/prads."},{"key":"10.1016\/j.comnet.2023.109782_bib0035","unstructured":"E. Kollmann, Satori, [cited 2023-04-03] (2018). URL https:\/\/github.com\/xnih\/satori."},{"key":"10.1016\/j.comnet.2023.109782_bib0036","unstructured":"E. Hjelmvik, Networkminer, [cited 2022-03-02] (2007). URL https:\/\/www.netresec.com\/?page=Networkminer."},{"key":"10.1016\/j.comnet.2023.109782_bib0037","unstructured":"Juniper Networks, Inc., Configuring profiler options (NSM Procedure), [cited 2022-03-02] (2013). URL https:\/\/www.juniper.net\/documentation\/en_US\/nsm2012.2\/topics\/task\/configuration\/firewall-profiler-option-configuring-nsm.html."},{"key":"10.1016\/j.comnet.2023.109782_bib0038","unstructured":"Cisco Systems, Inc., User guide for cisco security manager 4.7, [cited 2020-09-17] (2009). URL https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/security_management\/cisco_security_manager\/security_manager\/4-7\/user\/guide\/CSMUserGuide\/ipsevact.html#100539."},{"key":"10.1016\/j.comnet.2023.109782_bib0039","unstructured":"Cisco Systems, Inc., Next-gen firewall, [cited 2022-03-03] (2006). URL https:\/\/meraki.cisco.com\/technologies\/next-gen-firewall."},{"key":"10.1016\/j.comnet.2023.109782_bib0040","unstructured":"AT&T Business, Asset discovery, [cited 2022-03-02] (2020). URL https:\/\/cybersecurity.att.com\/solutions\/asset-discovery-inventory."},{"key":"10.1016\/j.comnet.2023.109782_bib0041","unstructured":"AT&T Business, AlienVault OSSIM, [cited 2022-03-02] (2019). URL https:\/\/cybersecurity.att.com\/products\/ossim."},{"key":"10.1016\/j.comnet.2023.109782_bib0042","unstructured":"Inverse inc., Fingerbank, [cited 2022-03-02] (2014). URL https:\/\/fingerbank.org\/."},{"key":"10.1016\/j.comnet.2023.109782_bib0043","unstructured":"Inverse inc., Fingerbank Github, [cited 2022-03-02] (2014). URL https:\/\/github.com\/karottc\/fingerbank."},{"key":"10.1016\/j.comnet.2023.109782_bib0044","article-title":"HTTP fingerprinting and advanced assessment techniques","author":"Shah","year":"2003","journal-title":"BlackHat Asia"},{"key":"10.1016\/j.comnet.2023.109782_bib0045","series-title":"NOMS 2020 - 2020 IEEE\/IFIP Network Operations and Management Symposium","article-title":"Using TLS fingerprints for OS identification in encrypted traffic","author":"La\u0161tovi\u010dka","year":"2020"},{"key":"10.1016\/j.comnet.2023.109782_bib0046","series-title":"2015 10th International Conference on Availability, Reliability and Security","first-page":"389","article-title":"Network-based HTTPS client identification using SSL\/TLS fingerprinting","author":"Hus\u00e1k","year":"2015"},{"issue":"1","key":"10.1016\/j.comnet.2023.109782_bib0047","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1186\/s13635-016-0030-7","article-title":"HTTPS tra ffic analysis and client identification using passive SSL\/TLS fingerprinting","volume":"2016","author":"Hus\u00e1k","year":"2016","journal-title":"EURASIP J. Inf. Secur."},{"key":"10.1016\/j.comnet.2023.109782_bib0048","series-title":"Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference On","first-page":"243","article-title":"Passive OS fingerprinting by DNS traffic analysis","author":"Matsunaka","year":"2013"},{"key":"10.1016\/j.comnet.2023.109782_bib0049","unstructured":"D. Chang, Q. Zhang, X. Li, Study on OS fingerprinting and NAT\/Tethering based on DNS log analysis, in: IRTF & ISOC Workshop on Research and Applications of Internet Measurements (RAIM), 2015."},{"key":"10.1016\/j.comnet.2023.109782_bib0050","series-title":"2021 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus)","first-page":"72","article-title":"Determining OS and applications by DNS traffic analysis","author":"Voronov","year":"2021"},{"key":"10.1016\/j.comnet.2023.109782_bib0051","series-title":"Local Computer Networks Workshops (LCN Workshops), 2016 IEEE 41st Conference on","first-page":"112","article-title":"Operating system classification performance of TCP\/IP protocol headers","author":"Aksoy","year":"2016"},{"key":"10.1016\/j.comnet.2023.109782_bib0052","series-title":"2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC)","article-title":"Analyzing https encrypted traffic to identify user's operating system, browser and application","author":"Muehlstein","year":"2017"},{"key":"10.1016\/j.comnet.2023.109782_bib0053","series-title":"2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC)","first-page":"1","article-title":"Identify os from encrypted traffic with tcp\/ip stack fingerprinting","author":"Fan","year":"2019"},{"key":"10.1016\/j.comnet.2023.109782_bib0054","series-title":"2017 IEEE Congress on Evolutionary Computation (CEC)","first-page":"2502","article-title":"Operating system fingerprinting via automated network traffic analysis","author":"Aksoy","year":"2017"},{"issue":"2","key":"10.1016\/j.comnet.2023.109782_bib0055","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1109\/TDSC.2005.26","article-title":"Remote physical device fingerprinting","volume":"2","author":"Kohno","year":"2005","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10.1016\/j.comnet.2023.109782_bib0056","series-title":"2016 IEEE Global Communications Conference (GLOBECOM)","first-page":"1","article-title":"Fingerprinting OpenFlow controllers: the first step to attack an SDN control plane","author":"Azzouni","year":"2016"},{"key":"10.1016\/j.comnet.2023.109782_bib0057","series-title":"Digital Fingerprinting","first-page":"115","article-title":"Operating system fingerprinting","author":"Gurary","year":"2016"},{"issue":"6","key":"10.1016\/j.comnet.2023.109782_bib0058","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/MWC.2017.1800132","article-title":"Hybrid-augmented device fingerprinting for intrusion detection in industrial control system networks","volume":"25","author":"Shen","year":"2018","journal-title":"IEEE Wirel. Commun."},{"key":"10.1016\/j.comnet.2023.109782_bib0059","series-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201918","first-page":"1502","article-title":"Clock around the clock: timebased device fingerprinting","author":"Sanchez-Rola","year":"2018"},{"key":"10.1016\/j.comnet.2023.109782_bib0060","series-title":"International Workshop on Passive and Active Network Measurement","first-page":"158","article-title":"A robust classifier for passive TCP\/IP fingerprinting","author":"Beverly","year":"2004"},{"key":"10.1016\/j.comnet.2023.109782_bib0061","series-title":"FiG: Automatic fingerprint Generation","author":"Caballero","year":"2007"},{"key":"10.1016\/j.comnet.2023.109782_bib0062","series-title":"Advanced Network fingerprinting, in: International Workshop On Recent Advances in Intrusion Detection","first-page":"372","author":"Abdelnur","year":"2008"},{"key":"10.1016\/j.comnet.2023.109782_bib0063","series-title":"2009 Fourth International Conference on Frontier of Computer Science and Technology","first-page":"539","article-title":"Remote operation system detection base on machine learning","author":"Zhang","year":"2009"},{"issue":"2","key":"10.1016\/j.comnet.2023.109782_bib0064","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1002\/nem.751","article-title":"A hybrid approach to operating system discovery based on diagnosis","volume":"21","author":"Gagnon","year":"2011","journal-title":"Int. J. Network Manage."},{"key":"10.1016\/j.comnet.2023.109782_bib0065","series-title":"2012 IEEE Network Operations and Management Symposium","first-page":"860","article-title":"A hybrid approach to operating system discovery based on diagnosis theory","author":"Gagnon","year":"2012"},{"key":"10.1016\/j.comnet.2023.109782_bib0066","series-title":"2006 22nd Annual Computer Security Applications Conference (ACSAC\u201906)","first-page":"361","article-title":"Automatic evaluation of intrusion detection systems","author":"Massicotte","year":"2006"},{"key":"10.1016\/j.comnet.2023.109782_bib0067","series-title":"Proceedings of the 3rd ACM workshop on Artificial intelligence and security","first-page":"24","article-title":"The limits of automatic OS fingerprint generation","author":"Richardson","year":"2010"},{"key":"10.1016\/j.comnet.2023.109782_bib0068","series-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","first-page":"971","article-title":"Faulds: a non-parametric iterative classifier for Internet-wide OS fingerprinting","author":"Shamsi","year":"2017"},{"key":"10.1016\/j.comnet.2023.109782_bib0069","unstructured":"M. La\u0161tovi\u010dka, T. Jirs\u00edk, P. \u010celeda, S. \u0160pa\u010dek, D. Filakovsk\u00fd, PassiveOSFingerprint, [cited 2022-02-03] (2018). URL https:\/\/github.com\/CSIRT-MU\/PassiveOSFingerprint."},{"key":"10.1016\/j.comnet.2023.109782_bib0070","series-title":"2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC)","first-page":"542","article-title":"Machine learning fingerprinting methods in cyber security domain: which one to use?","author":"La\u0161tovi\u010dka","year":"2018"},{"key":"10.1016\/j.comnet.2023.109782_bib0071","unstructured":"M. La\u0161tovi\u010dka, S. \u0160pa\u010dek, P. Velan, P. \u010celeda, Dataset using TLS fingerprints for OS identification in encrypted traffic (2019). doi:10.5281\/zenodo.3461771. URL http:\/\/doi.org\/10.5281\/zenodo.3461771."},{"key":"10.1016\/j.comnet.2023.109782_bib0072","series-title":"2020 29th International Conference on Computer Communications and Networks (ICCCN)","first-page":"1","article-title":"Advanced passive operating system fingerprinting using machine learning and deep learning","author":"Hagos","year":"2020"},{"issue":"5","key":"10.1016\/j.comnet.2023.109782_bib0073","doi-asserted-by":"crossref","first-page":"3534","DOI":"10.1109\/JIOT.2020.3024293","article-title":"A machine-learning based tool for passive os fingerprinting with tcp variant as a novel feature","volume":"8","author":"Hagos","year":"2020","journal-title":"IEEE Internet Things Journal"},{"issue":"1","key":"10.1016\/j.comnet.2023.109782_bib0074","first-page":"51","article-title":"Applying artificial intelligence for operating system fingerprinting","volume":"7","author":"P\u00e9rez-Jove","year":"2021","journal-title":"Eng. Proc."},{"issue":"1","key":"10.1016\/j.comnet.2023.109782_bib0075","doi-asserted-by":"crossref","DOI":"10.1504\/IJSN.2022.122543","article-title":"Desktop and mobile operating system fingerprinting based on ipv6 protocol using machine learning algorithms","volume":"17","author":"Salah","year":"2022","journal-title":"Int. J. Secur. Netw."},{"issue":"5","key":"10.1016\/j.comnet.2023.109782_bib0076","doi-asserted-by":"crossref","first-page":"2339","DOI":"10.1109\/TNET.2021.3088333","article-title":"Faulds: a non-parametric iterative classifier for internet-wide os fingerprinting","volume":"29","author":"Shamsi","year":"2021","journal-title":"IEEE\/ACM Trans. Network."},{"key":"10.1016\/j.comnet.2023.109782_bib0077","doi-asserted-by":"crossref","unstructured":"K. Nichols, S. Blake, F. Baker, D.L. Black, RFC 2474: definition of the differentiated services field (DS Field) in the IPv4 and IPv6 Headers (Dec. 1998). URL https:\/\/tools.ietf.org\/html\/rfc2474.","DOI":"10.17487\/rfc2474"},{"key":"10.1016\/j.comnet.2023.109782_bib0078","doi-asserted-by":"crossref","unstructured":"K.K. Ramakrishnan, S. Floyd, D.L. Black, RFC 3168: the Addition of explicit congestion notification (ECN) to IP (Sep. 2001). URL https:\/\/tools.ietf.org\/html\/rfc3168.","DOI":"10.17487\/rfc3168"},{"key":"10.1016\/j.comnet.2023.109782_bib0079","doi-asserted-by":"crossref","unstructured":"G. Fairhurst, RFC 8436: update to IANA registration procedures for Pool 3 values in the differentiated services field codepoints (DSCP) registry (Aug. 2018). URL https:\/\/tools.ietf.org\/html\/rfc8436.","DOI":"10.17487\/RFC8436"},{"key":"10.1016\/j.comnet.2023.109782_bib0080","doi-asserted-by":"crossref","unstructured":"E. Rescorla, The transport layer security (TLS) protocol version 1.3, RFC 8446 (2018). URL https:\/\/tools.ietf.org\/html\/rfc8446.","DOI":"10.17487\/RFC8446"},{"key":"10.1016\/j.comnet.2023.109782_bib0081","doi-asserted-by":"crossref","unstructured":"D. Benjamin, RFC 8701: applying generate random extensions and sustain extensibility (GREASE) to TLS extensibility (Jan. 2020). URL https:\/\/tools.ietf.org\/html\/rfc8701.","DOI":"10.17487\/RFC8701"},{"key":"10.1016\/j.comnet.2023.109782_bib0082","unstructured":"Microsoft Documentation, W3C logging, [cited 2022-03-02] (2018). URL https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/http\/w3c-logging."},{"issue":"3","key":"10.1016\/j.comnet.2023.109782_bib0083","doi-asserted-by":"crossref","first-page":"2064","DOI":"10.1109\/COMST.2020.2989695","article-title":"Why are my flows different? A tutorial on flow exporters","volume":"22","author":"Vormayr","year":"2020","journal-title":"IEEE Commun. Surv. Tutorialss"},{"key":"10.1016\/j.comnet.2023.109782_bib0084","unstructured":"Google Inc., uap-python: a python implementation of the UA Parser, [cited 2022-03-02] (2015). URL https:\/\/github.com\/ua-parser\/uap-python."},{"key":"10.1016\/j.comnet.2023.109782_bib0085","unstructured":"M. La\u0161tovi\u010dka, M. Hus\u00e1k, P. Velan, T. Jirs\u00edk, P. \u010celeda, OS fingerprinting dataset, [cited 2022-03-02] (2021). URL https:\/\/is.muni.cz\/www\/lastovickam\/public\/Dataset_OS_Fingerprinting.zip."},{"key":"10.1016\/j.comnet.2023.109782_bib0086","unstructured":"Scikit-learn, Standard Scaler, [cited 2022-03-02] (2007). URL https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.preprocessing.StandardScaler.html."},{"key":"10.1016\/j.comnet.2023.109782_bib0087","unstructured":"Scikit-learn, Scikit-learn: machine learning in Python, [cited 2022-0302] (2007). URL https:\/\/scikit-learn.org\/stable\/index.html."},{"issue":"4","key":"10.1016\/j.comnet.2023.109782_bib0088","doi-asserted-by":"crossref","first-page":"427","DOI":"10.1016\/j.ipm.2009.03.002","article-title":"A systematic analysis of performance measures for classification tasks","volume":"45","author":"Sokolova","year":"2009","journal-title":"Inf. Process Manag."},{"key":"10.1016\/j.comnet.2023.109782_bib0089","article-title":"Nmap network scanning: the official Nmap project guide to network discovery and security scanning","author":"Lyon","year":"2008","journal-title":"Insecure. Com LLC (US)"},{"key":"10.1016\/j.comnet.2023.109782_bib0090","unstructured":"M. La\u0161tovi\u010dka, M. Hus\u00e1k, P. Velan, T. Jirs\u00edk, P. \u010celeda, Passive operating system fingerprinting revisited - network flows dataset (2023). 10.5281\/zenodo.7635138. URL 10.5281\/zenodo.7635138."},{"key":"10.1016\/j.comnet.2023.109782_bib0091","series-title":"2022 International Conference on Electrical, Computer and Energy Technologies (ICECET)","first-page":"1","article-title":"An Operating system identification method based on active learning","author":"Zhang","year":"2022"},{"key":"10.1016\/j.comnet.2023.109782_bib0092","series-title":"2014 IEEE International Workshop on Information Forensics and Security (WIFS)","article-title":"Malware detection using http user-agent discrepancy identification","author":"Grill","year":"2014"},{"key":"10.1016\/j.comnet.2023.109782_bib0093","article-title":"Device identification from network traffic measurements-A HTTP user agent based method","author":"Adhikari","year":"2012","journal-title":"Aalto Univ. School Electr. Eng."},{"key":"10.1016\/j.comnet.2023.109782_bib0094","series-title":"2019 IEEE 21st International Conference on High Performance Computing and Communications","article-title":"An analysis of anomalous user agent strings in network traffic","author":"Chen","year":"2019"}],"container-title":["Computer Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S138912862300227X?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S138912862300227X?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2024,5,20]],"date-time":"2024-05-20T19:13:45Z","timestamp":1716232425000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S138912862300227X"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6]]},"references-count":94,"alternative-id":["S138912862300227X"],"URL":"https:\/\/doi.org\/10.1016\/j.comnet.2023.109782","relation":{},"ISSN":["1389-1286"],"issn-type":[{"value":"1389-1286","type":"print"}],"subject":[],"published":{"date-parts":[[2023,6]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Passive operating system fingerprinting revisited: Evaluation and current challenges","name":"articletitle","label":"Article Title"},{"value":"Computer Networks","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.comnet.2023.109782","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2023 The Author(s). Published by Elsevier B.V.","name":"copyright","label":"Copyright"}],"article-number":"109782"}}  <script>parent.window.postMessage('ixistenz.url:https://api.crossref.org/works/10.1016%2FJ.COMNET.2023.109782', '*'); </script> <div id='browserdiffcontainer' style='position: fixed; right: 10px; top: 10vh; min-width: 60px;  border: 1px solid white; background: rgb(251, 189, 0);; opacity: 0.9; font-family: helvetica, arial, sans serif;  font-size: 12px; z-index: 20001; padding-bottom: 20px;'><div onclick="toggle('browserdiffcontainerlist'); return false;" style='background: rgb(151, 89, 0);; color: white; '><strong>&nbsp; <span class='glyphicon glyphicon-minus'></span> NODES</strong></div><div id='browserdiffcontainerlist' style='padding-left: 10px; padding-right: 5px; max-height: 50vh; overflow: auto; '><div><a href='#diffid127' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:127', '*');; return false;" style='text-decoration: none; '>admin </a> <a style='color: white;' href='#diffid127'><sup>1</sup></a></div><div><a href='#diffid123' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:123', '*');; return false;" style='text-decoration: none; '>INTERN </a> <a style='color: white;' href='#diffid123'><sup>22</sup></a></div><div><a href='#diffid115' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:115', '*');; return false;" style='text-decoration: none; '>Project </a> <a style='color: white;' href='#diffid115'><sup>4</sup></a></div></div></div>
<script>
function toggle( divname ) {
  var x = document.getElementById( divname );
  if (x.style.display === 'none') {
    x.style.display = 'block';
  } else {
    x.style.display = 'none';
  }
} </script>