Classifying Network Protocol Implementation Versions: An OpenSSL Case Study

By Paul D. Martin, Michael Rushanan, Stephen Checkoway, Matthew Green, and Aviel D. Rubin.

Abstract

A new technique is presented for identifying the implementation version number of software that is used for Internet communications. While many programs may exchange version numbers, oftentimes only a small subset of them send any information at all. Furthermore, they usually do not provide accurate details about which implementation is used. We use machine learning techniques to build a feature database and then apply this to network traffic to try to identify specific implementations on servers. We apply our technique to OpenSSL and report our results.

Material

• Technical report here.
• Full version, local copy in PDF.

Reference

@Techreport{MRCGR13,
  author =      {Paul D. Martin and Michael Rushanan and Stephen Checkoway and
                 Matthew Green and Aviel D. Rubin},
  title =       {Classifying Network Protocol Implementation Versions: An OpenSSL
                 Case Study},
  institution = {Johns Hopkins University},
  number =      {13-01},
  year =        2013,
  month =       dec,
  url =         {https://checkoway.net/papers/classifying2013},
}