--------------------------------------------- DIFFUSE v0.2.1 README (released 4th Feb 2011) --------------------------------------------- This document is part of DIFFUSE (http://www.caia.swin.edu.au/urp/diffuse). It gives an overview of DIFFUSE. OVERVIEW -------- DIFFUSE is an extension for IPFW providing machine learning based traffic classification based on statistical properties of traffic flows and distributed firewalling and traffic shaping (DIFFUSE de-couples flow classification from flow treatment, such as blocking or shaping. DIFFUSE has two main entities: classifier nodes and action nodes. Classifier nodes compute statistical features from flows identified by the IP addresses, port numbers and protocol, and classify flows based on local machine-learning rules. Action nodes perform actions (block, redirect, rate shape, etc.) on packets belonging to flows that have been previously classified by a local or remote classifier node. A classifier node consists of a classifier and an exporter. An action node consists of a collector and a firewall / packet shaper. The exporter forwards information about classified flows generated by the classifier to the collector. The collector then configures the firewall/shaper. The following picture outlines the overall architecture. +-----------------+ +----------------+ | Classifier Node | | Action Node | | | | | | +------------+ | Flow Info | +------------+ | | | Exporter |------------------>| Collector | | | +------------+ | | +------------+ | | ^ | | | | | | | | v | | +------------+ | | +------------+ | | | Classifier | | | | Firewall/ | | | +------------+ | | | Shaper | | | ^ | | +------------+ | | | | | | | +-------|---------+ +--------|-------- | Traffic measurement | Traffic manipulation | V <================== Network Traffic ===================> Classifier nodes and action nodes are logical entities. They can be located on different physically separated machines, but they can also be co-located on the same machine. DOCUMENTATION ------------- For more in-depth information on the design and use of DIFFUSE see this tech report: http://www.caia.swin.edu.au/tech-reports/CAIA-TR-101223A.pdf It is also included in the doc sub directory of the distribution. DIFFUSE is distributed as patch for FreeBSD 9.0-CURRENT. INSTALL.txt describes how to install DIFFUSE. GETTING_STARTED.txt in the doc sub directory provides a little tutorial on how to use DIFFUSE. BUILD_MODEL.txt in the doc sub-directory describes how to build classifier models. ChangeLog.txt contains a list of changes between versions and AUTHORS.txt contains the list of authors and contributors to the project. The models sub-directory contains the classifier models, example rules using the models and documentation. The example sub-directory contains a few example rulesets unrelated to particular models. CONTRIBUTIONS ------------- We welcome your feedback and contributions! If you have discovered a bug, have a request for a new feature, have produced a code patch or a new classifier model, please contact Sebastian Zander (szander@swin.edu.au). LICENSE ------- DIFFUSE is distributed under the FreeBSD license. Copyright (c) 2010-2011 Centre for Advanced Internet Architectures, Swinburne University of Technology. Author: Sebastian Zander (szander@swin.edu.au) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ACKNOWLEDGEMENTS ---------------- This work has been made possible in part by a grant from the Cisco University Research Program Fund at Community Foundation Silicon Valley for a project titled "Exploring the efficacy of distributed statistical traffic classification using modified open source packet filters". CONTACT ------- The DIFFUSE website is: http://www.caia.swin.edu.au/urp/diffuse If you have any questions or want to report any bugs please contact Sebastian Zander (szander@swin.edu.au). Centre for Advanced Internet Architectures Swinburne University of Technology Melbourne, Australia CRICOS number 00111D http://www.caia.swin.edu.au