BrowserDetector

Note

The BrowserDetector is currently not supported in the command line interface nor is it used in the fingerprint generation of the other classes. Currently, this is only supported as a stand-alone API.

The BrowserDetector class is used as a supervised detector to isolate browser Flows from regular app traffic.

class browser_detector.BrowserDetector(before=10, after=10, random_state=42)[source]

Detector for browser application

classifier

Random forest classifier used for classifying individual datapoints

Type:sklearn.ensemble.RandomForestClassifier
before

Time frame in seconds to remove before detected browser

Type:float
after

Time frame in seconds to remove after detected browser

Type:float
BrowserDetector.__init__(before=10, after=10, random_state=42)[source]

Detector for browser application

Parameters:
  • before (float, default = 10) – Time frame in seconds to remove before detected browser
  • after (float, default = 10) – Time frame in seconds to remove after detected browser
  • random_state (int, RandomState instance or None, optional, default:) – None If int, random_state is the seed used by the random number generator; If RandomState instance, random_state is the random number generator; If None, the random number generator is the RandomState instance used by np.random

Browser Detection

We first need to browser_detector.BrowserDetector.fit() (train) the BrowserDetector with Flows from both browser and non-browser apps. Next, we can browser_detector.BrowserDetector.predict() whether new Flow’s are browser or non-browser flows. Or we can do both in a single step using the browser_detector.BrowserDetector.fit_predict() method.

BrowserDetector.fit(X, y)[source]

Fit the classifier with browser and non-browser traffic

Parameters:
  • X (array-like of shape=(n_samples, n_features)) – Flows to fit the classifier with
  • y (array-like of shape=(n_samples,)) – Array of labels, -1 for non-browser, 1 for browser
Returns:

result – Returns self for fit_predict method

Return type:

self

BrowserDetector.predict(X, y=None)[source]

Predict whether samples from X are browser: 1 or non_browser: -1

Parameters:
  • X (array-like of shape=(n_samples, n_features)) – Flows to predict with the classifier
  • y (ignored) –
Returns:

result – -1 if sample from X is not from browser, 1 if sample from X is from browser

Return type:

np.array of shape=(n_samples,)

BrowserDetector.fit_predict(X, y)[source]

Fit and predict the samples with the classifier as browser or non-browser traffic

Parameters:
  • X (array-like of shape=(n_samples, n_features)) – Flows to fit the classifier with
  • y (array-like of shape=(n_samples,)) – Array of labels, -1 for non-browser, 1 for browser
Returns:

result – -1 if sample from X is not from browser, 1 if sample from X is from browser

Return type:

np.array of shape=(n_samples,)

Feature extraction

The BrowserDetector uses several features from each Flow to determine whether a Flow was generated by a browser or non-browser app. The browser_detector.BrowserDetector.features() method extracts these features.

BrowserDetector.features(X)[source]

Returns flow features for determining whether flows are browser

Parameters:X (array-like of shape=(n_samples, n_features)) – Flows from which to extract features
Returns:result – Features for determining browser flows. Currently the features are [clusters’, length incoming’, length outgoing’, ratio incoming/outgoing’] where the ‘ indicates the derivative
Return type:np.array of shape=(n_samples, n_features)