netAI comes from Network Traffic based Application Identification and has been developed for identifying the end host applications that are responsible for traffic flows in the network.
Unlike previous solutions that identify the application based on port numbers or packet payload (either through protocol decoding or signatures) netAI computes various payload independent features (e.g. packet length and packet inter-arrival time statistics) for a traffic flow and uses machine learning (ML) techniques.
ML is a discipline of the wider area of Artificial Intelligence (AI). Before netAI can be used to classify a particular application it must be trained on a representative set of traffic flows of that application. netAI can be used offline (reading packet data from tracefiles) and online (live capturing on network interfaces).
Here are some key features of "netAI":
· Reading packet data from live network interfaces or tracefiles (tcpdump or Endance format)
· Direct creation of WEKA data files (.arff files) from the packet data
· Interim flow information export (while flows are still active), TCP and time-based flow timeouts
· Flexible packet classification and filtering thanks to NetMate
· New features can be easily added and used
· Flexible selection of features to be used for classification
· A large number of machine learning algorithms can be used thanks to WEKA
· Feature extraction and ML based flow classification can be run on different machines - feature extractor supports data export via UDP or TCP