Network Traffic based Application Identification (netAI) INSTALL

DESCRIPTION

The Network Traffic based Application Identification (netAI) tool has been developed for identifying the 
end host applications that are responsible for traffic flows in the network. Unlike previous solutions that 
identify the applications based on port numbers or packet payload information (either through protocol 
decoding or signatures) netAI computes a variety of payload independent features (e.g. packet length 
statistics) for a traffic flow and uses machine learning (ML) techniques to identify the application that 
generated the traffic flow. ML is a discipline of the wider area of Artificial Intelligence (AI). Before netAI 
can be used to classify a particular application it must be trained on a representative set of traffic flows. 
netAI can be used offline (reading packet data from tracefiles) and online (live capturing on network 
interfaces). For a more detailed introduction please have a look at the netAI documentation located at 
http://caia.swin.edu.au/urp/dstc/netai/netai-documentation.html. 

This document describes how to install netAI.

HOME

The official homepage for netAI is http://caia.swin.edu.au/urp/dstc/netai/. Please check this page for any 
software updates, FAQ etc. before contacting the developers.

The netAI package can be downloaded here: http://caia.swin.edu.au/urp/dstc/netai/netai-download.html

SUPPORTED PLATTFORMS

netAI has been successfully tested on Linux and FreeBSD. It may run under other UNIX operating systems 
as well. 

More specifically netAI consists of two parts. The first part deals with packet capturing, classification and 
the computation of various features. This part is based on NetMate and only runs on UNIX. The second 
part deals with the machine learning and outputting the results and should run on any operating system with 
Java support.

REQUIRED SOFTWARE PACKAGES

The following software packages need to be installed prior to netAI:
 
Weka version 3.4.4 (http:// www.cs.waikato.ac.nz/ml/weka/)
NetMate version 0.9.3 (http://sourceforge.net/projects/netmate-meter/)

In the following we provide some information on how to install these packages but for detailed information 
please refer to the documentation inside these packages. We recommend using the versions indicated above 
but it is likely that netAI also works with newer versions. We do not recommend using older versions as 
netAI has not been tested with these and is likely to not work.

Please not that both packages depend on a number of other software packages but on a recent Linux or 
FreeBSD installation most of them should have been installed by default. Please check the Weka or 
NetMate documentation for their dependencies.

INSTALLATION

1.	Download the netAI package
2.	Unpack the archive
    	tar -xvzf netAI-0.1.tar.gz
3.	Install netAI
	cd netAI-0.1
	./install.sh --prefix <install directory>


The install.sh will automatically download and install Weka, NetMate and netAI. If the required Weka and 
NetMate packages are not in the base netAI directory install.sh tries to download the packages using wget. 

The directory under which everything is installed is specified using the --prefix parameter. Please not that 
unlike with configure there IS NO = between prefix and the directory name! By default prefix is set to 
directory in which install.sh is executed. Weka is unzipped in this directory and NetMate and netAI are 
installed in this directory. The NetMate source code is extracted into a subdirectory called src.

Please not that install.sh downloads the Weka and NetMate package from a specific mirror server of 
sourceforge. If necessary the URLs can be changed at the top of the install.sh script. The Weka and 
NetMate packages are not automatically removed after the installation. 

If the automatic installation fails for any reason please follow the instructions below:

Getting and installing Weka

Download the Weka distribution from the Weka website and unzip the package. This will create a new 
directory, which contains the weka.jar file. The weak.jar file must be included in the netAI classpath. Weka 
has some issues with older versions of the JVM so using at least Java2 SE 1.5 is recommended.

Getting and installing NetMate

1.	Download the netmate-0.9.3.tar.gz and extract to a directory
2.	See the NetMate INSTALL file for dependencies (we only need the netmate application but not nmrsh 
	so libcurl is NOT required)
3.	Install NetMate using the following steps: 
	./configure --prefix=<install directory>
	make
	make install
       
By default (if --prefix is not specified) NetMate will install itself under /usr/local/. In this case it is usually 
required to run make install as superuser.

Installing netAI

1.	Download the netAI-01.tar.gz and extract to a directory
2.	Install netAI using the following steps: 
	./configure --prefix=<install directory> --with-weka=<weka directory> --with-
	netmate=<netmate install directory> --with-netmate-src=<netmate source directory>
	make
	make install

The weka directory is the directory that contains weka.jar and must be specified. The netmate directories 
only need to be specified if netmate is required – that means if netAI is supposed to work in online mode or 
on tcpdump files. Without netmate netAI can only be run on instances files previously generated by 
netmate. In case netmate is required both the install AND the source directory must be specified.

AUTHORS

Sebastian Zander (szander@swin.edu.au)
Nigel Williams (niwilliams@swin.edu.au)

ACKNOWLEDGEMENTS

This software has been developed with the support from Cisco Systems, Inc. under a University Research 
Program (URP) grant.

NetAI uses the WEKA (http://www.cs.waikato.ac.nz/ml/weka/) and NetMate 
(http://www.ip-measurement.org/tools/netmate/) software packages. 

COPYRIGHTS & LICENSE

netAI is released under the GNU public license (GPL) version 2. Please see the COPYING file included in 
the netAI package for details of this license.

Copyright 2005-2006 Swinburne University of Technology, Melbourne, Australia

netAI is free software; you can redistribute it and/or modify it under the terms of the GNU General Public 
License as published by the Free Software Foundation; either version 2 of the License, or (at your option) 
any later version.

netAI is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the 
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this software; if not, write 
to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA