A game-theoretic approach for deceiving Remote Operating System Fingerprinting

• Published in: 2013 IEEE Conference on Communications and Network Security (CNS) pp. 73 - 81
• Main Authors: Rahman, Mohammad Ashiqur, Manshaei, Mohammad Hossein, Al-Shaer, Ehab
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2013
• Subjects: Conferences; Degradation; Fingerprint recognition; Games; IP networks; Probes; Security
• DOI: 10.1109/CNS.2013.6682694

Remote Operating System (OS) Fingerprinting is a precursory step for launching attacks on the Internet. As a precaution against potential attacks, a remote machine can take a proactive counter-strategy to deceive fingerprinters. This is done by normalizing or mystifying the distinguishing behaviors in the packets. However, the unified modification causes significant performance degradation to benign clients. Using a game-theoretic approach, we propose a selective and dynamic mechanism for counter-fingerprinting. We first model and analyze the interaction between a fingerprinter and a target as a signaling game. We derive the Nash equilibrium strategy profiles based on the information gain analysis. Based on our game results, we design DeceiveGame, a mechanism to prevent or to significantly slow down fingerprinting attacks. Our game-theoretic approach appropriately distinguishes a fingerprinter from a benign client and mystifies packets to confuse the fingerprinter, while minimizing the side effects on benign clients. Our performance analysis shows that DeceiveGame can reduce the probability of success of the fingerprinter significantly, without deteriorating the overall performance of other clients.