Fingerprinting Network Entities Based on Traffic Analysis in High-Speed Network Environment

<table class="algorithm-group"><tr><td><table class="algorithm" id="figbox1"><tr><td colspan="2">alert udp $EXTERNAL_NET any -&gt; $HOME_NET any</td></tr><tr><td colspan="2">(msg:<svg height="9.22724pt" id="M1" style="vertical-align:-0.04981995pt" version="1.1" viewbox="-0.0498162 -9.17742 7.47216 9.22724" width="7.47216pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,2.962,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g><g transform="matrix(.013,0,0,-0.013,5.159,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g></svg>snmp<span class="nowrap"><svg height="9.22724pt" id="M2" style="vertical-align:-0.04981995pt" version="1.1" viewbox="-0.0498162 -9.17742 4.5101 9.22724" width="4.5101pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g><g transform="matrix(.013,0,0,-0.013,2.197,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g></svg>;</span> content:<span class="nowrap"><svg height="11.439pt" id="M3" style="vertical-align:-2.15067pt" version="1.1" viewbox="-0.0498162 -9.28833 31.273 11.439" width="31.273pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,2.962,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g><g transform="matrix(.013,0,0,-0.013,5.159,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g><g transform="matrix(.013,0,0,-0.013,7.373,0)"><path d="M162 -163V703H101V-163H162Z"></path></g><g transform="matrix(.013,0,0,-0.013,10.792,0)"><path d="M285 378C315 398 338 416 353 432C373 451 384 474 384 503C384 579 325 635 236 635H235C182 635 136 610 108 579L65 516L85 496C110 533 150 575 205 575C258 575 300 543 300 481C300 407 232 369 141 339L147 310C163 315 188 321 211 321C268 321 338 284 338 192C338 94 288 40 217 40C160 40 119 68 93 91C85 98 77 97 69 91C60 84 47 71 46 58C44 46 48 35 62 22C75 10 116 -12 162 -12C234 -12 424 62 424 224C424 297 373 359 285 376V378Z"></path></g><g transform="matrix(.013,0,0,-0.013,17.032,0)"><path d="M241 635C89 635 35 457 35 312C35 153 89 -12 240 -12C390 -12 443 166 443 312C443 466 390 635 241 635ZM238 602C329 602 354 454 354 312C354 172 330 22 240 22C152 22 124 173 124 313S148 602 238 602Z"></path></g><g transform="matrix(.013,0,0,-0.013,23.272,0)"><path d="M162 -163V703H101V-163H162Z"></path></g><g transform="matrix(.013,0,0,-0.013,26.691,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g><g transform="matrix(.013,0,0,-0.013,28.888,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g></svg>;</span> offset:0; depth:1;</td></tr><tr><td colspan="2">byte_test:1,&lt;,0x80,1; content:<span class="nowrap"><svg height="11.439pt" id="M4" style="vertical-align:-2.15067pt" version="1.1" viewbox="-0.0498162 -9.28833 31.273 11.439" width="31.273pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,2.962,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g><g transform="matrix(.013,0,0,-0.013,5.159,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g><g transform="matrix(.013,0,0,-0.013,7.373,0)"><path d="M162 -163V703H101V-163H162Z"></path></g><g transform="matrix(.013,0,0,-0.013,10.792,0)"><path d="M241 635C89 635 35 457 35 312C35 153 89 -12 240 -12C390 -12 443 166 443 312C443 466 390 635 241 635ZM238 602C329 602 354 454 354 312C354 172 330 22 240 22C152 22 124 173 124 313S148 602 238 602Z"></path></g><g transform="matrix(.013,0,0,-0.013,17.032,0)"><path d="M412 140C382 77 369 73 315 73H129L270 222C362 320 402 379 402 466C402 571 322 635 234 635C177 635 130 609 99 576L42 495L64 475C90 514 133 568 201 568C274 568 318 519 318 435C318 349 255 267 193 193C144 135 87 78 32 23V0H405C417 45 427 89 440 131L412 140Z"></path></g><g transform="matrix(.013,0,0,-0.013,23.272,0)"><path d="M162 -163V703H101V-163H162Z"></path></g><g transform="matrix(.013,0,0,-0.013,26.69,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g><g transform="matrix(.013,0,0,-0.013,28.888,0)"><path d="M119 710L42 683C46 669 61 568 71 474L99 486C107 548 122 682 125 705L119 710Z"></path></g></svg>;</span> offset:2; depth:1;</td></tr><tr><td colspan="2">sid:70; rev:1;)</td></tr></table></td></tr></table>

Security and Communication Networks

figbox1

Box 1

Box 1: Fingerprinting Network Entities Based on Traffic Analysis in High-Speed Network Environment 