View on GitHub

AppIdent

Enhance Statistical Protocol Identification, Bayesian network and Random forests classification of application protocols.

AppIdent

Enhance Statistical Protocol Identification, Bayesian network and Random forests classification of application protocols.

Build & Installation

Build in Visual Studio using
```
dotnet build AppIdent.sln
```

Run

Application identification process (evaluation) can be run using dotnet
```
dotnet run AppIdentCli -- <options>
```

Options:

-d --data-source  AppIdentDataSource serialized data source file path
-f --random-forest Use random forest classification.
-p --best-parameters BestParameters bin file.
-b --bayesian Use bayesian classification.
-e --epi Use EPI classification.
-r --ratio Trainnig to verification ratio.
-m --min-flows Minimum flows for training and classification.
-s --feature-selection Feature corelation trashold <0-1>.
-c --cross-validation-folds Cross validation folds (only RF)
-n --use-full-name Use application protocol full name including application name.

Basic Information

Training to Verification Ratio

Result Comparison

Bayesian Classifier

Training to Verification Ratio 0.1

Training to Verification Ratio 0.2

Training to Verification Ratio 0.5

Enhance Statistical Protocol Identification - ESPI

Random Forests

Training to Verification Ratio 0.1

Training to Verification Ratio 0.2

Binary data source

Annotated PCAP files

All data sets binary and PCAP files
Data sets are in Microsoft Network Monitor 3.4 (mnm, *.cap) format where process info table is stored

Netfox Detective

Data processing framework