FlowAntEater: network traffic automatic signature generator

In the areas of traffic classification, the payload signature-based classification method–deep packet inspection (DPI) shows the highest performance in terms of preciseness, reliability and practicality. The usual way, however, obtaining signatures for DPI is analyzing network traffic payload and find signatures by hand, which means inefficient and a heavy burden for researchers. Therefore, the research on network traffic automatic signatures generation (NTASG), which helps administrators and researcher find network signatures, becomes important. In this paper, a software framework on NTASG is proposed which uses the K-means cluster algorithm to purity the traffic flow and contains a systematic signatures management algorithm, sig-tree. Also, the feasibility of our design choices was proved via experimental evaluation on the campus traffic trace.