-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmodules.json
182 lines (182 loc) · 6.76 KB
/
modules.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
{
"connectors":
{
"Tstat":
{
"DNS":
{
"class": "connectors.tstat_to_DNS.Tstat_To_DNS"
},
"NamedFlows":
{
"class": "connectors.tstat_to_named_flows.Tstat_To_Named_Flows"
},
"HTTP":
{
"class": "connectors.tstat_to_HTTP.Tstat_To_HTTP"
}
},
"Bro":
{
"DNS":
{
"class": "connectors.bro_to_DNS.Bro_To_DNS"
},
"HTTP":
{
"class": "connectors.bro_to_HTTP.Bro_To_HTTP"
},
"NamedFlows":
{
"class": "connectors.bro_to_named_flows.Bro_To_Named_Flows"
}
},
"Squid":
{
"HTTP":
{
"class": "connectors.squid_to_HTTP.Squid_To_HTTP"
},
"NamedFlows":
{
"class": "connectors.squid_to_named_flows.Squid_To_Named_Flows"
}
},
"Bind":
{
"DNS":
{
"class": "connectors.bind_to_DNS.Bind_To_DNS"
}
},
"PCAP":
{
"DNS":
{
"class": "connectors.PCAP_to_DNS.PCAP_To_DNS"
}
},
"TSTAT_PCAP":
{
"DNS":
{
"class": "connectors.PCAP_to_DNS.TSTAT_PCAP_To_DNS"
}
}
},
"algos":
{
"Remedy":
{
"class": "algos.remedy.Remedy_DNS_manipulations.RemedyDNSManipulations",
"input_type": "DNS",
"preferred_batch": "5d",
"parameters":
{
"min_resolutions":"Minimum number of observation to consider a domain. Default 50.",
"ASN_VIEW": "Path to an updated ASN view compatible with 'pyasn' python module."
},
"output_format":"A single CSV file reporting general per-resolver statistics, along with discovered manipulations",
"description": "REMeDy is a system that assists operators to identify the use of rogue DNS resolvers in their networks. REMeDy is a completely automatic and parameter-free system that evaluates the consistency of responses across the resolvers active in the network."
},
"WHAT":
{
"class": "algos.WHAT.WHAT",
"input_type": "NamedFlows",
"preferred_batch": "1d",
"parameters":
{
"CORES":"Core Domains to measure.",
"OW":"Observation Windows for training, in seconds. Default 10.",
"GAP":"Silent time for considering OW, in seconds. Default 10.",
"EW":"Evaluation Window for classification, in milliseconds. Default 50.",
"MINFREQ":"Minimum Frequency for a domain to remain in tha BoD. Default 0.05.",
"N_TOP":"Truncate output list after N_TOP entries. Default 50."
},
"output_format":"A single CSV file reporting the amount of traffic due to each core domain.",
"description": "WHAT is a system to uncover the overall traffic produced by specific web services. WHAT combines big data and machine learning approaches to process large volumes of network flow measurements and learn how to group traffic due to pre-defined services of interest."
},
"PAIN":
{
"class": "algos.pain.pain.Pain",
"input_type": "NamedFlows",
"preferred_batch": "5d",
"parameters":
{
"CORES":"Core Domains to measure.",
"GAP":"Silent time for considering EW in training, in seconds. Default 5.",
"MINFREQ":"Minimum Frequency for a domain to remain in tha BoD. Default 0.25.",
"EW":"Evaluation Window for classification, in milliseconds. Default 30.",
"N_CP":"Evaluation Window for classification, in milliseconds. Default 30."
},
"output_format":"A single CSV file reporting the an entry for each visit to a core domain, along with performance metrics.",
"description": "PAIN (PAssive INdicator) is an automatic system to observe the performance of web pages at ISPs. It leverages passive flow-level and DNS measurements which are still available in the network despite the deployment of HTTPS. With unsupervised learning, PAIN automatically creates a model from the timeline of requests issued by browsers to render web pages, and uses it to analyze the web performance in real-time."
},
"TrafficPerDomain":
{
"class": "algos.domain_traffic.DomainTraffic",
"input_type": "NamedFlows",
"preferred_batch": "1d",
"parameters":
{
"N_TOP":"Truncate output list after N_TOP entries. Default 50."
},
"output_format":"A single CSV file reporting the amount of traffic due to each domain.",
"description": "Account traffic per-destination hostname."
},
"ContactedResolvers":
{
"class": "algos.top_DNS_servers.TopDNSServers",
"input_type": "DNS",
"preferred_batch": "1d",
"parameters":
{
"N_TOP":"Truncate output list after N_TOP entries. Default 50."
},
"output_format":"A single CSV file reporting the amount of queries directed to each resolver.",
"description": "Study the traffic to DNS resolvers in the network."
},
"Print Dataset":
{
"class": "algos.save_Dataframe.SaveDataFrame",
"input_type": "*",
"preferred_batch": "*",
"output_format":"The dataframe in CSV format.",
"description": "Simply save the dataframe in local.",
"parameters":
{
"N":"Truncate output after N entries. Default: No limit."
}
}
},
"clustering":
{
"KMeans":
{
"class": "algos.clustering.KMeans.KMeans"
},
"BisectingKMeans":
{
"class": "algos.clustering.BisectingKMeans.BisectingKMeans"
},
"GaussianMixture":
{
"class": "algos.clustering.GaussianMixture.GaussianMixture"
},
"DBScan":
{
"class": "algos.clustering.DBScan.DBScan"
}
},
"anomaly_detection":
{
"Seasonal Hybrid ESD":
{
"class": "algos.anomaly_detection.S_H_ESD.S_H_ESD"
},
"Univiariate Anomaly Detection":
{
"class": "algos.anomaly_detection.univariate_anomalies.UnivariateAnomalies"
}
}
}