OS Identification: SinFP with Machine Learning

Change

Operating system (OS) identification Nessus plugins 11936 and 132935 are being updated to use a new machine learning approach that uses models trained on TCP probe response information and a constantly updating training set to predict a host OS. This is implemented by converting a decision tree model into an include file used by the OS identification plugins to determine the OS.

For the initial release, the confidence level will be low to prevent overriding the majority of other OS fingerprint methods. This confidence level will be reevaluated at a later date and a release highlight will be posted if it is changed.

Impact

Customers should expect increased accuracy OS fingerprinting of hosts that once had no fingerprint or a low confidence level but should expect to see no or very few vulnerability plugins triggering off the new OS fingerprint.

The increase in accuracy will mean more visibility on the network inventory. For Tenable.io customers using Lumin, this will mean improved metrics for Assessment Maturity (AM) and Asset Criticality Rating (ACR) since those rely on correct OS identification. In turn, the Lumin Cyber Exposure Score (CES), which uses ACR, may be more accurate.

Please email any incorrect OS signatures to os-signatures@nessus.org.

Plugins

11936 - OS Identification

132935 - OS Identification: Probabilistic SinFP

Note that the plugin name for 132935 is being changed to "OS Identification: SinFP with Machine Learning" with this update.

Target Release Date

28 September 2020

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.