METHOD AND SYSTEM FOR DETECTING OPERATING SYSTEMS RUNNING ON NODES IN COMMUNICATION NETWORK
First Claim
1. A method of detecting an operating system (OS) running on a node in a communication network, the method comprising:
- (a) responsive to obtaining an event to be analyzed with respect to a given node, generating a group of two or more OS profiles matching the event;
(b) generating a sufficient set of one or more events to be obtained in order to identify, among the matching OS profiles in the generated group, the OS profile uniquely characterizing the OS running on the given node, to yield the sufficient set of significant events;
(c) upon obtaining a significant event with respect to the given node, generating a new group of one or more matching OS profiles, wherein said new group is generated in accordance with said obtained significant event and at least, with one event previously analyzed with respect to the given node; and
(d) identifying the OS running on the given node with the help of said generated new group of one or more matching OS profiles.
1 Assignment
0 Petitions
Accused Products
Abstract
Fingerprinting operating systems running on nodes in a communication network. Responsive to obtaining an event to be analyzed with respect to a given node, generating a group of two or more OS profiles matching the event; generating a sufficient set of one or more significant events, i.e. events obtained in order to identify, among the matching OS profiles in the generated group, the OS profile uniquely characterizing the OS running on the given node; upon obtaining a significant event from the given node, generating a new group of one or more matching OS profiles, wherein said new group is generated in accordance with said obtained significant event and at least, with one event previously analyzed with respect to the given node; and identifying the OS running on the given node with the help of said generated new group of one or more matching OS profiles.
69 Citations
39 Claims
-
1. A method of detecting an operating system (OS) running on a node in a communication network, the method comprising:
-
(a) responsive to obtaining an event to be analyzed with respect to a given node, generating a group of two or more OS profiles matching the event; (b) generating a sufficient set of one or more events to be obtained in order to identify, among the matching OS profiles in the generated group, the OS profile uniquely characterizing the OS running on the given node, to yield the sufficient set of significant events; (c) upon obtaining a significant event with respect to the given node, generating a new group of one or more matching OS profiles, wherein said new group is generated in accordance with said obtained significant event and at least, with one event previously analyzed with respect to the given node; and (d) identifying the OS running on the given node with the help of said generated new group of one or more matching OS profiles. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 38, 39)
-
-
19. An OS detector operable to detect an operating system (OS) running on a node in a communication network, the OS detector comprises:
-
an OS profiles database accommodating OS profiles characterizing respective operating systems; an events interface configured to obtain events in a passive and/or in an active mode; and an analyzing and managing unit (A&
M unit) operatively coupled to the OS database and to the events interface, the A&
M unit operable;(a) responsive to obtaining an event to be analyzed with respect to a given node, to generate a group of two or more OS profiles matching the event; (b) to generate a sufficient set of one or more events to be obtained in order to identify, among the matching OS profiles in the generated group, the OS profile uniquely characterizing the OS running on the given node, to yield the sufficient set of significant events; (c) upon obtaining a significant event with respect to the given node, to generate a new group of one or more matching OS profiles, wherein said new group is generated in accordance with said obtained significant event and, at least, with one event previously analyzed with respect to the given node; and (d) to identify the OS running on the given node with the help of said generated new group of one or more matching OS profiles. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification