IETF Logo Mail Archive

Re: [Nmlrg] Machine Learning in network - solicitation for use cases

Sebastian Abt <sabt@sabt.net> Thu, 17 September 2015 19:47 UTC

Return-Path: <sabt@sabt.net>
X-Original-To: nmlrg@ietfa.amsl.com
Delivered-To: nmlrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3D821A8A90 for <nmlrg@ietfa.amsl.com>; Thu, 17 Sep 2015 12:47:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.61
X-Spam-Level:
X-Spam-Status: No, score=-1.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hko0yes0I5ZS for <nmlrg@ietfa.amsl.com>; Thu, 17 Sep 2015 12:47:00 -0700 (PDT)
Received: from sephina.sabt.net (mail.sabt.net [IPv6:2001:1a50:1::3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E2AA1A8A8F for <nmlrg@irtf.org>; Thu, 17 Sep 2015 12:47:00 -0700 (PDT)
Received: from [62.216.164.250] (helo=mbpro.fritz.box) by sephina.sabt.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <sabt@sabt.net>) id 1Zcf8x-000201-IC; Thu, 17 Sep 2015 21:46:55 +0200
Content-Type: multipart/signed; boundary="Apple-Mail=_19507A9A-2498-4E0C-BEE7-028E99659407"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Sebastian Abt <sabt@sabt.net>
In-Reply-To: <55F99621.4040409@inria.fr>
Date: Thu, 17 Sep 2015 21:46:54 +0200
Message-Id: <58CAA2E9-2742-4AF5-8D5E-11C411DD037D@sabt.net>
References: <5D36713D8A4E7348A7E10DF7437A4B927BB2962B@nkgeml512-mbx.china.huawei.com> <55F99621.4040409@inria.fr>
To: =?utf-8?Q?J=C3=A9r=C3=B4me_Fran=C3=A7ois?= <jerome.francois@inria.fr>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/nmlrg/qMiqOHVj6c7nActKRTqkkG3sjkM>
Cc: nmlrg@irtf.org, Sebastian Abt <sabt@sabt.net>
Subject: Re: [Nmlrg] Machine Learning in network - solicitation for use cases
X-BeenThere: nmlrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Machine Learning Research Group <nmlrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/nmlrg>, <mailto:nmlrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nmlrg/>
List-Post: <mailto:nmlrg@irtf.org>
List-Help: <mailto:nmlrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/nmlrg>, <mailto:nmlrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 19:47:01 -0000

> Am 16.09.2015 um 18:17 schrieb Jérôme François <jerome.francois@inria.fr>fr>:
> 
> I have experienced using ML for device fingerprinting meaning that by
> observing traffic pattern (message sequence and timing information) it
> is possible to automatically retrieve the precise types of device (name,
> version, series).
> It is particularily interesting to make network inventory as most of
> cases there are some unknwon devices on the network (user or old ones)
> and finally potentially identifying vulnerable devices from a security
> point of view.

Just to add to this fingerprinting: we also did some research on fingerprinting/recognising individuals in network traffic, which worked very well.  I also know that there’s work on ML-based web browser fingerprinting. 

In general, I find fingerprinting an interesting topic from both, a privacy-protection as well as a forensics (can we find evidence that a suspect was using a specific computer network?) perspective.

sebastian

v2.8.7 | Report a Bug | By Email