Project result: the open source Mutrics classifier
The main software outcome of the project is the Multilevel Traffic Classifier: The Mutrics classifier.
The software implements the Waterfall architecture for cascade classification of network traffic flows, introduced in:
Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification", Communications in Computer and Information Science. Proceedings of the 21st International Conference on Computer Networks, CN2014, Springer-Verlag, 2014 (see Publications)
The software implements the following modules, which exploits many levels of traffic features
- dstip: quick classification by destination IP address
- dnsclass: the DNS-Class algorithm (extended with quick unknown detection)
- portsize: quick classification by port number and payload size
- npkts: classification by payload sizes of 4 first packets, using random forest
- port: classical, quick classification by the port number
- stats: classification by statistics of packet sizes and inter-arrival times, using random forest
- dpi: classification by DPI payload analysis, using random forest
The system is capable of classifying traffic in real-time, in under 10 seconds of flow life-time.