Operating System (OS) fingerprinting is critical for network security, but conventional methods do not provide formal uncertainty quantification mechanisms. Conformal Prediction (CP) could be directly wrapped around existing methods to obtain prediction sets with guaranteed coverage. However, a direct application of CP would treat OS identification as a flat classification problem, ignoring the natural taxonomic structure of OSs and providing brittle point predictions. This work addresses these limitations by introducing and evaluating two distinct structured CP strategies: level-wise CP (L-CP), which calibrates each hierarchy level independently, and projection-based CP (P-CP), which ensures structural consistency by projecting leaf-level sets upwards. Our results demonstrate that, while both methods satisfy validity guarantees, they expose a fundamental trade-off between level-wise efficiency and structural consistency. L-CP yields tighter prediction sets suitable for human forensic analysis but suffers from taxonomic inconsistencies. Conversely, P-CP guarantees hierarchically consistent, nested sets ideal for automated policy enforcement, albeit at the cost of reduced efficiency at coarser levels.
翻译:操作系统(OS)指纹识别对网络安全至关重要,但传统方法缺乏正式的不确定性量化机制。保形预测(CP)可直接封装于现有方法之上,以获得具有保证覆盖率的预测集。然而,直接应用CP会将OS识别视为扁平分类问题,忽略了OS固有的分类学结构,并提供脆弱的点预测。本研究通过引入并评估两种不同的结构化CP策略来解决这些局限性:分层独立校准的层级保形预测(L-CP),以及通过将叶级预测集向上投影来确保结构一致性的基于投影的保形预测(P-CP)。实验结果表明,尽管两种方法均满足有效性保证,但它们揭示了层级效率与结构一致性之间的根本权衡。L-CP能产生更紧凑的预测集,适用于人工取证分析,但存在分类学不一致性。相反,P-CP能保证分层一致且嵌套的预测集,适用于自动化策略执行,尽管代价是较粗层级上的效率降低。