Command line tool¶
When FlowPrint is installed, it can be used from the command line.
The __main__.py
file in the flowprint
module implements this command line tool.
The command line tool provides a quick and easy interface to convert .pcap
files into Flow objects and use these objects to create Fingerprint’s.
Once generated, the Fingerprint’s can be used for app recognition and unseen app detection.
The full command line usage is given in its help
page:
usage: flowprint.py [-h] [--fingerprint [FINGERPRINT] | --detection DETECTION | --recognition] [-b BATCH]
[-c CORRELATION] [-s SIMILARITY] [-w WINDOW] [-p PCAPS [PCAPS ...]]
[-r READ [READ ...]] [-o WRITE] [-l SPLIT] [-a RANDOM] [-t TRAIN [TRAIN ...]]
[-e TEST [TEST ...]]
Flowprint: Semi-Supervised Mobile-App
Fingerprinting on Encrypted Network Traffic
optional arguments:
-h, --help show this help message and exit
--fingerprint [FINGERPRINT] mode fingerprint generation [output to FILE] (optional)
--detection DETECTION mode unseen app detection with THRESHOLD
--recognition mode app recognition
FlowPrint parameters:
-b, --batch BATCH batch size in seconds (default = 300)
-c, --correlation CORRELATION cross-correlation threshold (default = 0.1)
-s, --similarity SIMILARITY similarity threshold (default = 0.9)
-w, --window WINDOW window size in seconds (default = 30)
Flow data input/output:
-p, --pcaps PCAPS [PCAPS ...] pcap(ng) files to run through FlowPrint
-r, --read READ [READ ...] read preprocessed data from given files
-o, --write WRITE write preprocessed data to given file
-l, --split SPLIT fraction of data to select for testing
-a, --random RANDOM random state to use for split (default = 42)
Train/test input:
-t, --train TRAIN [TRAIN ...] path to json training fingerprints
-e, --test TEST [TEST ...] path to json testing fingerprints
Examples¶
Transform .pcap
files into flows and store them in a file.
python3 -m flowprint --pcaps <data.pcap> --write <flows.p>
Extract fingerprints
from flows
, split them into training and testing, and store the fingerprints into a file.
python3 -m flowprint --read <flows.p> --fingerprint <fingerprints.json>
Use FlowPrint to recognize apps or detect previously unknown apps
python3 -m flowprint --train <fingerprints.train.json> --test <fingerprints.test.json> --recognition
python3 -m flowprint --train <fingerprints.train.json> --test <fingerprints.test.json> --detection 0.1