BrowserDetector¶
Note
The BrowserDetector is currently not supported in the command line interface nor is it used in the fingerprint generation of the other classes. Currently, this is only supported as a stand-alone API.
The BrowserDetector class is used as a supervised detector to isolate browser Flows from regular app traffic.
-
class
browser_detector.
BrowserDetector
(before=10, after=10, random_state=42)[source]¶ Detector for browser application
-
classifier
¶ Random forest classifier used for classifying individual datapoints
Type: sklearn.ensemble.RandomForestClassifier
-
before
¶ Time frame in seconds to remove before detected browser
Type: float
-
after
¶ Time frame in seconds to remove after detected browser
Type: float
-
-
BrowserDetector.
__init__
(before=10, after=10, random_state=42)[source]¶ Detector for browser application
Parameters: - before (float, default = 10) – Time frame in seconds to remove before detected browser
- after (float, default = 10) – Time frame in seconds to remove after detected browser
- random_state (int, RandomState instance or None, optional, default:) – None If int, random_state is the seed used by the random number generator; If RandomState instance, random_state is the random number generator; If None, the random number generator is the RandomState instance used by np.random
Browser Detection¶
We first need to browser_detector.BrowserDetector.fit()
(train) the BrowserDetector with Flows from both browser and non-browser apps.
Next, we can browser_detector.BrowserDetector.predict()
whether new Flow’s are browser or non-browser flows.
Or we can do both in a single step using the browser_detector.BrowserDetector.fit_predict()
method.
-
BrowserDetector.
fit
(X, y)[source]¶ Fit the classifier with browser and non-browser traffic
Parameters: - X (array-like of shape=(n_samples, n_features)) – Flows to fit the classifier with
- y (array-like of shape=(n_samples,)) – Array of labels, -1 for non-browser, 1 for browser
Returns: result – Returns self for fit_predict method
Return type: self
-
BrowserDetector.
predict
(X, y=None)[source]¶ Predict whether samples from X are browser: 1 or non_browser: -1
Parameters: - X (array-like of shape=(n_samples, n_features)) – Flows to predict with the classifier
- y (ignored) –
Returns: result – -1 if sample from X is not from browser, 1 if sample from X is from browser
Return type: np.array of shape=(n_samples,)
-
BrowserDetector.
fit_predict
(X, y)[source]¶ Fit and predict the samples with the classifier as browser or non-browser traffic
Parameters: - X (array-like of shape=(n_samples, n_features)) – Flows to fit the classifier with
- y (array-like of shape=(n_samples,)) – Array of labels, -1 for non-browser, 1 for browser
Returns: result – -1 if sample from X is not from browser, 1 if sample from X is from browser
Return type: np.array of shape=(n_samples,)
Feature extraction¶
The BrowserDetector uses several features from each Flow to determine whether a Flow was generated by a browser or non-browser app.
The browser_detector.BrowserDetector.features()
method extracts these features.
-
BrowserDetector.
features
(X)[source]¶ Returns flow features for determining whether flows are browser
Parameters: X (array-like of shape=(n_samples, n_features)) – Flows from which to extract features Returns: result – Features for determining browser flows. Currently the features are [clusters’, length incoming’, length outgoing’, ratio incoming/outgoing’] where the ‘ indicates the derivative Return type: np.array of shape=(n_samples, n_features)