netAI - Network Traffic based Application Identification

Overview

The Network Traffic based Application Identification (netAI) has been developed for identifying the end host applications that are responsible for traffic flows in the network. Unlike previous solutions that identify the application based on port numbers or packet payload (either through protocol decoding or signatures) netAI computes various payload independent features (e.g. packet length and packet inter-arrival time statistics) for a traffic flow and uses machine learning (ML) techniques. ML is a discipline of the wider area of Artificial Intelligence (AI). Before netAI can be used to classify a particular application it must be trained on a representative set of traffic flows of that application. netAI can be used offline (reading packet data from tracefiles) and online (live capturing on network interfaces). For more detailed information please look at the introduction or the documentation.

netAI  has been developed by members of the Centre for Adavanced Internet Architectures (CAIA), which is part of the Swinburne University of Technology in Melbourne, Autralia.

netAI has been developed in the Dynamic Self-learning Traffic Classification based on Flow Characteristics (DSTC) project. This project has been made possible in part by a grant from the Cisco University Research Program Fund at Community Foundation Silicon Valley.

Features

The following are the main features of netAI. netAI is still under development and we are adding more features to it.
  • Reading packet data from live network interfaces or tracefiles (tcpdump or Endance format)
  • Direct creation of WEKA data files (.arff files) from the packet data
  • Interim flow information export (while flows are still active), TCP and time-based flow timeouts
  • Flexible packet classification and filtering thanks to NetMate
  • New features can be easily added and used
  • Flexible selection of features to be used for classification
  • A large number of machine learning algorithms can be used thanks to WEKA
  • Feature extraction and ML based flow classification can be run on different machines - feature extractor supports data export via UDP or TCP

Authors

netAI has been developed by the following people:

Sebastian Zander (szander@swin.edu.au)
Nigel Williams (niwilliams@swin.edu.au)

License and Terms of Use

The netAI source code is made publically available under the terms and conditions of the GNU General Public License, which can be downloaded here.

  

 
C Swinburne | CRICOS number 00111D | Contact Us | Copyright and disclaimer | Privacy; | Feedback | Accessibility Information | - Smaller Font | + Larger Font
Last Updated: Tuesday 30-Aug-2011 16:11:00 EST | Maintained by: Sebastian Zander (szander@swin.edu.au) | Authorised by: Grenville Armitage ( garmitage@swin.edu.au)