The MUTRICS classifier

Project result: the open source Mutrics classifier

The main software outcome of the project is the Multilevel Traffic Classifier: The Mutrics classifier.

The software implements the Waterfall architecture for cascade classification of network traffic flows, introduced in:

Foremski P., Callegari C., Pagano M., "Waterfall: Rapid identification of IP flows using cascade classification", Communications in Computer and Information Science. Proceedings of the 21st International Conference on Computer Networks, CN2014, Springer-Verlag, 2014 (see Publications)

The software implements the following modules, which exploits many levels of traffic features:

dstip: quick classification by destination IP address
dnsclass: the DNS-Class algorithm (extended with quick unknown detection)
portsize: quick classification by port number and payload size
npkts: classification by payload sizes of 4 first packets, using random forest
port: classical, quick classification by the port number
stats: classification by statistics of packet sizes and inter-arrival times, using random forest
dpi: classification by DPI payload analysis, using random forest

The system is capable of classifying traffic in real-time, in under 10 seconds of flow life-time.

Source code

The software is available in form of Python source code. It needs training before usage, for example on the Brescia traffic dataset or on other datasets from the Datasets review page. Please use Flowcalc and ARFF tools in order to convert raw PCAP traces to ARFF files.

Source code repository on GitHub

MuTriCs: Multilevel Traffic Classification

The project

Project results

References