netAI 0.1 reviewDownload
netAI comes from Network Traffic based Application Identification and has been developed for identifying the end host applications th
netAI comes from Network Traffic based Application Identification and has been developed for identifying the end host applications that are responsible for traffic flows in the network.
Unlike previous solutions that identify the application based on port numbers or packet payload (either through protocol decoding or signatures) netAI computes various payload independent features (e.g. packet length and packet inter-arrival time statistics) for a traffic flow and uses machine learning (ML) techniques.
ML is a discipline of the wider area of Artificial Intelligence (AI). Before netAI can be used to classify a particular application it must be trained on a representative set of traffic flows of that application. netAI can be used offline (reading packet data from tracefiles) and online (live capturing on network interfaces).
Here are some key features of "netAI":
Reading packet data from live network interfaces or tracefiles (tcpdump or Endance format)
Direct creation of WEKA data files (.arff files) from the packet data
Interim flow information export (while flows are still active), TCP and time-based flow timeouts
Flexible packet classification and filtering thanks to NetMate
New features can be easily added and used
Flexible selection of features to be used for classification
A large number of machine learning algorithms can be used thanks to WEKA
Feature extraction and ML based flow classification can be run on different machines - feature extractor supports data export via UDP or TCP
netAI 0.1 search tags