AppIdent
Enhance Statistical Protocol Identification, Bayesian network and Random forests classification of application protocols.
Build & Installation
- Build in Visual Studio using
dotnet build AppIdent.sln
Run
- Application identification process (evaluation) can be run using
dotnet
dotnet run AppIdentCli -- <options>
- Options:
-d --data-source AppIdentDataSource serialized data source file path -f --random-forest Use random forest classification. -p --best-parameters BestParameters bin file. -b --bayesian Use bayesian classification. -e --epi Use EPI classification. -r --ratio Trainnig to verification ratio. -m --min-flows Minimum flows for training and classification. -s --feature-selection Feature corelation trashold <0-1>. -c --cross-validation-folds Cross validation folds (only RF) -n --use-full-name Use application protocol full name including application name.
Basic Information
Training to Verification Ratio
Result Comparison
Bayesian Classifier
Training to Verification Ratio 0.1
Training to Verification Ratio 0.2
Training to Verification Ratio 0.5
Enhance Statistical Protocol Identification - ESPI
Random Forests
Training to Verification Ratio 0.1
Training to Verification Ratio 0.2
Binary data source
Annotated PCAP files
- All data sets binary and PCAP files
- Data sets are in Microsoft Network Monitor 3.4 (mnm, *.cap) format where process info table is stored