|
netAI - Network Traffic based Application Identification |
|
netAI_CL {start|stop|status|restart} [-f <tracefile> | [ -i <interface> ] [-m <model> ] | [-t <trainingfile> ] [-A <attributes> ] [-C <classifier> ] [-c <classindex> ] [-o <outputfile> ] [-Y <output-attributes> ] [-l <logfile> |
|
This is a script which controls the three programs which together form the netAI package. The Network Traffic based Application Identification (netAI) tool has been developed for identifying the end host applications that are responsible for traffic flows in the network. Unlike previous solutions that identify the applications based on port numbers or packet payload information (either through protocol decoding or signatures) netAI computes a variety of payload independent features (e.g. packet length statistics) for a traffic flow and uses machine learning (ML) techniques to identify the application that generated the traffic flow. ML is a discipline of the wider area of Artificial Intelligence (AI). Before netAI can be used to classify a particular application it must be trained on a representative set of traffic flows. netAI can be used offline (reading packet data from trace files) and online (live capturing on network interfaces). For a more detailed introduction please have a look at the netAI documentation located at http://caia.swin.edu.au/urp/dstc/netai/netai-documentation.html. |
|
-f tracefile |
|
Classify instances from a previously captured trace file. Can be in tcpdump or ERF formats. |
|
-i interface |
|
Specify a live interface from which to classify flows. You must be superuser to perform this. |
|
-m model-file |
|
Load a saved Weka classifier model. You must still specify a training file (-t) with this option. |
|
-t training file |
|
ARFF file containing training data. |
|
-A used attributes |
|
Comma seperated list of the index of each attribute used in testing. The index of each attribute is its position in the instance data as exported from netmate (starting from 0). The class atribute should also be included. |
|
-C classifier |
|
The machine learning algorithm to use. e.g weka.classifiers.trees.J48. |
|
-Y output attributes |
|
Comma seperated list of attributes to be printed alongside prediction. By default only the prediction, probability source/destination IPs/ports are printed. |
|
-l logfile |
|
Log the output of netAI/NetMate |
|
netAI |
|
Script for running the classification program |
|
Weka.jar |
|
Version 3-4-4 of Weka Machine Learning software. This provides implementations of the algorithms and performs classification. |
|
netmate |
|
NetMate executable. See NetMate manual for usage. |
|
See the getting started document supplied with this software for a number of usage examples. |
|
Nigel Williams <niwilliams@swin.edu.au> |