Monitoring Network Traffic of Different OSes in Different IP Protocols

Abstract

Recently, the booming big data era has brought increasing attention on the network traffic classification problem. To cope with the problem, methods based on port, payload, behavior and machine learning have been proposed since 2000s. However, these methods rely on people's prior knowledge to classify and their accuracy is hardly to be convincing. To solve the problem above, we propose a method through connecting a switch on the host network to mirror the host's network traffic. In this way, network traffic of hosts under different operating systems and different IP protocol configurations can be monitored. We conducted experiments based on three weeks of data measured on a public network. Results show that the traffic of different IP protocols are independent. Comparison with Moore-set shows that our method can classify specific network traffic from different OSes under IPv4, IPv6 and dual stack protocols.