Abstract: A system and method for inferring an operating system version for a device based on communications security data. A method includes identifying a plurality of sequences in communications security data sent by the device; determining an operating system type of an operating system used by the device based on the identified plurality of sequences; applying a version-identifying model to the identified plurality of sequences, wherein the version-identifying model is a machine learning model trained to output a version identifier, wherein the applied version-identifying model is associated with the determined operating system type; and determining the operating system version of the device based on the output of the version-identifying model.

Abstract: A system and method for inferring device operating systems. A method includes applying a sequence-based model to an option-types sequence in order to output a plurality of first features, wherein each of the first features is a value representing a probability that the options-type sequence is associated with a respective operating system; applying a distribution dissimilarity model to metadata field distribution data extracted from the headers of the packets sent by the device in order to output a plurality of second features, wherein the plurality of second features includes a plurality of distances, wherein each distance is based on a difference between a distribution of values of each metadata field indicated in the metadata field distribution data; and applying an operating system inference model to the plurality of first features and the plurality of second features in order to output an inferred operating system for the device.