https://github.com/iitis/mutrics

The Multilevel Traffic Classifier
https://github.com/iitis/mutrics

Last synced: 10 months ago
JSON representation

The Multilevel Traffic Classifier

• Host: GitHub
• URL: https://github.com/iitis/mutrics
• Owner: iitis
• License: gpl-3.0
• Created: 2014-01-24T13:35:27.000Z (over 12 years ago)
• Default Branch: master
• Last Pushed: 2015-10-21T10:38:19.000Z (over 10 years ago)
• Last Synced: 2025-08-31T08:47:45.340Z (10 months ago)
• Language: Python
• Size: 637 KB
• Stars: 5
• Watchers: 3
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.markdown
  • License: LICENSE

Awesome Lists containing this project

README

          
About

=====

**mutrics**: open source network traffic classifier in Python, a reference

implementation of the Waterfall architecture.

The classifier takes as input ARFF files generated with [the Flowcalc

program](http://mutrics.iitis.pl/flowcalc). **mutrics** classifies network

traffic flows basing on many levels of traffic analysis and outputs the results

in either ARFF or TXT file format.

The classifier consists of many modules, which should be trained separately.

See respective directories for supportive scripts that train and test a

particular model.

For scientific works, please find and cite the following paper:  

> Foremski P., Callegari C., Pagano M., *"Waterfall: Rapid identification of IP flows using cascade classification"*

**Author**: Paweł Foremski   

**Copyright (C)** 2012-2013 [IITiS PAN Gliwice](http://www.iitis.pl/)  

**Licensed** under GNU GPL v3

This software package uses

[libshorttext](http://www.csie.ntu.edu.tw/~cjlin/libshorttext/), which is

included in the dnsclass repository, but may be licensed differently.

Classification modules

================

The following modules are available in the implementation:

* **dstip**: quick classification by destination IP address

* **dnsclass**: [the DNS-Class algorithm](http://mutrics.iitis.pl/dns-class)

* **portsize**: quick classification by port number and payload size

* **npkts**: classification by payload sizes of 4 first packets, using random forest

* **port**: classical, quick classification by the port number

* **stats**: classification by statistics of packet sizes and inter-arrival times, using random forest

* **dpi**: classification by DPI payload analysis, using random forest

Project information

================

Project realized at [The Institute of Theoretical and Applied Informatics of

the Polish Academy of Sciences](http://www.iitis.pl/), under grant nr

2011/01/N/ST6/07202 of the [Polish National Science

Centre](http://www.ncn.gov.pl/).

Project website: http://mutrics.iitis.pl/