Robert Beverly.
Proceedings of the 5th Passive and Active Measurement Workshop
(PAM 2004),
pp. 158-167,
Juan-les-Pins, France, April 2004
Using probabilistic learning, we develop a naive Bayesian classifier to passively infer a host's operating system from packet headers. We analyze traffic captured from an Internet exchange point and compare our classifier to rule-based inference tools. While the host operating system distribution is heavily skewed, we find operating systems that constitute a small fraction of the host count contribute a majority of total traffic. Finally as an application of our classifier, we count the number of hosts masquerading behind NAT devices and evaluate our results against prior techniques. We find a host count inflation factor due to NAT of approximately 9\% in our traces.
[Postscript(119KB)]
[PDF(134KB)]
[BibTeX]
[Presentation Slides]
[ Return to publications ]