Analysis of operating system identification via fingerprinting and machine learning

•Machine learning used instead of rule-based system for OS identification.•OS fingerprinting based on network packets applied to machine learning.•KNN, ANN, and Decision Tree applied to determine based OS recognition rate.•Proposed model compared to NetworkMiner.•94% achieved for recognition rate. In operating system (OS) fingerprinting, the OS is identified using network packets and a rule-based matching method. However, this matching method has problems when the network packet information is insufficient or the OS is relatively new. This study compares the OS identification capabilities of several machine learning methods, specifically, K-nearest neighbors (K-NN), Decision Tree, and Artificial Neural Network (ANN), to that of a conventional commercial rule-based method. It is shown that the ANN correctly identifies operating systems with 94% probability, which is higher than the accuracy of the conventional rule-based method.