“…Over the last 20 years, these observations have led to a variety of methods [2], [3], [4], [6], [8], [16], [22], [25], [41], [42], [43], [45], [46], [50], [52], [53], [54] that perform classification using application-layer traffic, TCP/IP/UDP headers, ICMP packets, or some combination thereof. These algorithms are useful not only in network security (i.e., detection of outdated/unpatched hosts), but also market analysis [28] and Internet characterization [17], [23], [29], [31], [45].…”