Classifying Network Protocol Implementation Versions: An OpenSSL Case Study

By Martin, Michael Rushanan, Stephen Checkoway, Matthew Green, and Rubin.

Abstract

A new technique is presented for identifying the implementation version number of software that is used for Internet communications. While many programs may exchange version numbers, oftentimes only a small subset of them send any information at all. Furthermore, they usually do not provide accurate details about which implementation is used. We use machine learning techniques to build a feature database and then apply this to network traffic to try to identify specific implementations on servers. We apply our technique to OpenSSL and report our results.

Material

Reference

@Techreport{MRCGR13,
	author =	{Paul D. Martin and Michael Rushanan and
			 Stephen Checkoway and Matthew Green and Aviel
			 D. Rubin},
	title =		{Classifying Network Protocol Implementation
			 Versions: An OpenSSL Case Study},
	institution =	{Johns Hopkins University},
	number = 	{13-01},
	year =		2013,
	month =		dec,
	url =           {https://www.cs.uic.edu/~s/papers/classifying2013},
}