Other Matching Metrics

An entirely different type of metric, dubbed FuzzyCompare, was also developed. Fuzzy Compare works by comparing every (packet_type, duration) tuple in a print (L) to every other tuple in the other print, R. For each comparison it modifies the score based on a set of coefficients and the global uniqueness of the current duration value.

The interesting aspect about this algorithm is that the coefficients were actually brute-forced by another program to (a modification to duration-print-grader) to find the best possible combination of coefficients. This lead it to produce impressive results, but it couldn't be shown that the coefficients generated would generalize well to data sets with unknown inputs.

FuzzyCompare extended the notion of a fingerprint to include whether or not certain implementations make use of the various flag bits inside the 802.11 header. This really simplified down to tracking which implementations utilize power savings, as the rest of the flags were always unused. Tracking a few more bits seemed to give FuzzyCompare a significant advantage over the other algorithms which strictly analyzed the duration field. Such a hybrid technique will probably yield better real world results. The 802.11e QOS amendment looks like it will provide more bits for this type of analysis.