Identificação Remota de Dispositivos IoT via Análise da Dinâmica Temporal de Números de Sequência do TCP
Resumo
Devido às suas restrições computacionais e configurações incorretas, os dispositivos da Internet das Coisas (IoT) são alvos fáceis de diversos ataques. Neste trabalho, propomos uma nova abordagem baseada nas transformações de padrões ordinais para a identificação remota de Sistemas Operacionais (SOs), uma etapa fundamental para identificar possíveis vulnerabilidades nesses dispositivos. Para isso, é analisado o comportamento dinâmico dos números iniciais de sequência (ISN) do cabeçalho do TCP. Verificamos a capacidade do método na detecção de similaridades e diferenças entre SOs clássicos e modernos, comparando com dispositivos da IoT. Os experimentos comprovam sua eficácia em reconhecer os SOs pelos seus diferentes padrões de geração de ISN, superando ferramentas consolidadas como o Nmap, bem como sendo capaz de classificá-los com uma acurácia de 100% em certos casos.
Palavras-chave:
Identificação Remota de Sistemas Operacionais, Internet das Coisas, Transformação de Padrões Ordinais, Segurança em Redes de Computadores
Referências
Bandt, C. and Pompe, B. (2002). Permutation entropy: A natural complexity measure for time series. Physical Review Letters, 88(17):174102.
Beck, F., Festor, O., and Chrisment, I. (2007). IPv6 Neighbor Discovery Protocol based OS fingerprinting. report, INRIA. Pages: 27.
Bertino, E. and Islam, N. (2017). Botnets and IoT Security. Computer, 50:76–79.
Borges, J. B., Medeiros, J. P. S., Barbosa, L. P. A., Ramos, H. S., and Loureiro, A. A. F. (2023). IoT Botnet Detection Based on Anomalies of Multiscale Time Series Dynamics. IEEE Transactions on Knowledge and Data Engineering, 35(12):12282–12294.
Borges, J. B., Ramos, H. S., and Loureiro, A. A. F. (2022). A classification strategy for internet of things data based on the class separability analysis of time series dynamics. ACM Transactions on Internet of Things, 3(3):23:1–23:30.
Borges, J. B., Ramos, H. S., Mini, R. A. F., Rosso, O. A., Frery, A. C., and Loureiro, A. A. F. (2019). Learning and distinguishing time series dynamics via ordinal patterns transition graphs. Applied Mathematics and Computation, 362(C):1–1.
Chagas, E. T. C., Borges, J. B., and Ramos, H. S. (2022). Uso de padrões ordinais na caracterização e análise de ataques de botnets em internet das coisas (iot). In Simpósio Brasileiro de Sistemas Multimídia e Web (WebMedia), page 133–137. SBC.
Eddy, W. (2022). Transmission Control Protocol (TCP). RFC 9293.
Fan, H., Kong, B., Li, G., Li, J., Zhang, J., An, Y., Wan, J., Zhang, Z., and Fan, J. (2022). A random forest-based operating system recognition algorithm for network security. In 2022 International Conference on Computer Engineering and Artificial Intelligence (ICCEAI), pages 539–550.
Feldman, D. P. and Crutchfield, J. P. (1998). Measures of statistical complexity: Why? Physics Letters A, 238(4–5):244–252.
Gont, F. and Bellovin, S. (2012). Defending against Seq. Number Attacks. RFC 6528.
Laštovička, M., Husák, M., Velan, P., Jirsík, T., and Čeleda, P. (2023). Passive operating system fingerprinting revisited: Evaluation and current challenges. Computer Networks, 229:109782.
Lyon, G. F. (2009). Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, Sunnyvale, CA, USA.
Medeiros, J. P. S., Brito, A. M., and Motta Pires, P. S. (2010). An effective tcp/ip fingerprinting technique based on strange attractors classification. In Data Privacy Management and Autonomous Spontaneous Security, pages 208–221, Berlin, Heidelberg. Springer Berlin Heidelberg.
Ordorica, A. (2017). Operating System Identification by IPv6 Communication using Machine Learning Ensembles. Graduate Theses and Dissertations.
Rosso, O. A., Larrondo, H. A., Martin, M. T., Plastino, A., and Fuentes, M. A. (2007). Distinguishing noise from chaos. Physical Review Letters, 99(15):154102.
Shamsi, Z., Nandwani, A., Leonard, D., and Loguinov, D. (2016). Hershel: Single-packet os fingerprinting. IEEE/ACM Transactions on Networking, 24(4):2196–2209.
Song, J., Cho, C., and Won, Y. (2019). Analysis of operating system identification via fingerprinting and machine learning. Computers & Electrical Engineering, 78:1–10.
Tan, E., Algar, S. D., Corrêa, D., Stemler, T., and Small, M. (2023). Network representations of attractors for change point detection. Communications Physics, 6(1):1–14.
Zanin, M. (2023). Continuous ordinal patterns: Creating a bridge between ordinal analysis and deep learning. Chaos: An Interdisciplinary Journal of Nonlinear Science, 33(3):033114.
Beck, F., Festor, O., and Chrisment, I. (2007). IPv6 Neighbor Discovery Protocol based OS fingerprinting. report, INRIA. Pages: 27.
Bertino, E. and Islam, N. (2017). Botnets and IoT Security. Computer, 50:76–79.
Borges, J. B., Medeiros, J. P. S., Barbosa, L. P. A., Ramos, H. S., and Loureiro, A. A. F. (2023). IoT Botnet Detection Based on Anomalies of Multiscale Time Series Dynamics. IEEE Transactions on Knowledge and Data Engineering, 35(12):12282–12294.
Borges, J. B., Ramos, H. S., and Loureiro, A. A. F. (2022). A classification strategy for internet of things data based on the class separability analysis of time series dynamics. ACM Transactions on Internet of Things, 3(3):23:1–23:30.
Borges, J. B., Ramos, H. S., Mini, R. A. F., Rosso, O. A., Frery, A. C., and Loureiro, A. A. F. (2019). Learning and distinguishing time series dynamics via ordinal patterns transition graphs. Applied Mathematics and Computation, 362(C):1–1.
Chagas, E. T. C., Borges, J. B., and Ramos, H. S. (2022). Uso de padrões ordinais na caracterização e análise de ataques de botnets em internet das coisas (iot). In Simpósio Brasileiro de Sistemas Multimídia e Web (WebMedia), page 133–137. SBC.
Eddy, W. (2022). Transmission Control Protocol (TCP). RFC 9293.
Fan, H., Kong, B., Li, G., Li, J., Zhang, J., An, Y., Wan, J., Zhang, Z., and Fan, J. (2022). A random forest-based operating system recognition algorithm for network security. In 2022 International Conference on Computer Engineering and Artificial Intelligence (ICCEAI), pages 539–550.
Feldman, D. P. and Crutchfield, J. P. (1998). Measures of statistical complexity: Why? Physics Letters A, 238(4–5):244–252.
Gont, F. and Bellovin, S. (2012). Defending against Seq. Number Attacks. RFC 6528.
Laštovička, M., Husák, M., Velan, P., Jirsík, T., and Čeleda, P. (2023). Passive operating system fingerprinting revisited: Evaluation and current challenges. Computer Networks, 229:109782.
Lyon, G. F. (2009). Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, Sunnyvale, CA, USA.
Medeiros, J. P. S., Brito, A. M., and Motta Pires, P. S. (2010). An effective tcp/ip fingerprinting technique based on strange attractors classification. In Data Privacy Management and Autonomous Spontaneous Security, pages 208–221, Berlin, Heidelberg. Springer Berlin Heidelberg.
Ordorica, A. (2017). Operating System Identification by IPv6 Communication using Machine Learning Ensembles. Graduate Theses and Dissertations.
Rosso, O. A., Larrondo, H. A., Martin, M. T., Plastino, A., and Fuentes, M. A. (2007). Distinguishing noise from chaos. Physical Review Letters, 99(15):154102.
Shamsi, Z., Nandwani, A., Leonard, D., and Loguinov, D. (2016). Hershel: Single-packet os fingerprinting. IEEE/ACM Transactions on Networking, 24(4):2196–2209.
Song, J., Cho, C., and Won, Y. (2019). Analysis of operating system identification via fingerprinting and machine learning. Computers & Electrical Engineering, 78:1–10.
Tan, E., Algar, S. D., Corrêa, D., Stemler, T., and Small, M. (2023). Network representations of attractors for change point detection. Communications Physics, 6(1):1–14.
Zanin, M. (2023). Continuous ordinal patterns: Creating a bridge between ordinal analysis and deep learning. Chaos: An Interdisciplinary Journal of Nonlinear Science, 33(3):033114.
Publicado
19/05/2025
Como Citar
OLIVEIRA, Manoel Anízio Azevedo de; BARBOSA, Luiz Paulo de Assis; LOUREIRO, Antonio Alfredo Ferreira; MEDEIROS, João Paulo de Souza; BORGES, João Batista.
Identificação Remota de Dispositivos IoT via Análise da Dinâmica Temporal de Números de Sequência do TCP. In: WORKSHOP DE COMPUTAÇÃO URBANA (COURB), 9. , 2025, Natal/RN.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 251-264.
ISSN 2595-2706.
DOI: https://doi.org/10.5753/courb.2025.9529.
