Frequent OS updates and traffic obfuscation in dynamic networks degrade the accuracy of OS fingerprinting. Method: This paper introduces Tabular Transformers—specifically TabTransformer and FT-Transformer—to fine-grained OS fingerprint classification for the first time, proposing an end-to-end deep learning framework. It leverages structured network traffic feature engineering and joint hierarchical modeling across three granularities: OS family, major version, and minor version. Contribution/Results: Experiments demonstrate that FT-Transformer consistently outperforms traditional machine learning methods and TabTransformer across three public datasets, achieving state-of-the-art accuracy in all three classification levels. The framework significantly enhances robustness against evolving OS variants and perturbed traffic. To ensure reproducibility, the authors release fully open-sourced, experimentally validated code. This work establishes a new paradigm for deep learning–driven OS fingerprinting, advancing both methodological rigor and practical applicability in network security and asset management.

Operating System (OS) fingerprinting is essential for network management and cybersecurity, enabling accurate device identification based on network traffic analysis. Traditional rule-based tools such as Nmap and p0f face challenges in dynamic environments due to frequent OS updates and obfuscation techniques. While Machine Learning (ML) approaches have been explored, Deep Learning (DL) models, particularly Transformer architectures, remain unexploited in this domain. This study investigates the application of Tabular Transformer architectures-specifically TabTransformer and FT-Transformer-for OS fingerprinting, leveraging structured network data from three publicly available datasets. Our experiments demonstrate that FT-Transformer generally outperforms traditional ML models, previous approaches and TabTransformer across multiple classification levels (OS family, major, and minor versions). The results establish a strong foundation for DL-based OS fingerprinting, improving accuracy and adaptability in complex network environments. Furthermore, we ensure the reproducibility of our research by providing an open-source implementation.