Wavelets

math wavelets

Introduction

As packet signals are more or less rectangular wavelets could be the appropriate space to be transformed in order to build more effective classifiers.

Preparation

First, restore T2 into a pristine state by removing all unnecessary or older plugins from the plugin folder ~/.tranalyzer/plugins:

t2build -e -y 

Are you sure you want to empty the plugin folder '/home/wurst/.tranalyzer/plugins' (y/N)? yes
Plugin folder emptied

Then compile the core (tranalyzer2) and the following plugins:

t2build tranalyzer2 basicFlow tcpStates wavelet txtSink 

...
BUILD SUCCESSFUL

If you did not create a separate data and results directory yet, please do it now in another bash window, that facilitates your workflow:

mkdir ~/data ~/results

The sample PCAP used in this tutorial can be downloaded here: skypeu.pcap.

Please save it in your ~/data folder.

Now you are all set!

wavelet plugin

trafficmining-signal

wavelet

ls src/ 

define_global.h  dwt.c  dwt.h  Makefile.am  wavelet.c  wavelet.h  wavelet_types.h

vi src/define_global.h 

...
/* ========================================================================== */
/* ------------------------ USER CONFIGURATION FLAGS ------------------------ */
/* ========================================================================== */

#define WAVELET_IAT       0 // 0: pktLen, 1: IAT calc
#define WAVELET_SIG       0 // 1: print signal
#define WAVELET_PREC      0 // 0: float; 1: double
#define WAVELET_THRES     8 // Min number of packets for analysis
#define WAVELET_MAX_PKT  40 // Max number of selected packets

#define WAVELET_LEVEL     3 // Decomposition level
#define WAVELET_EXTMODE ZPD // Extension Mode: NON, SYM, ZPD
#define WAVELET_TYPE    DB3 // Mother Wavelet: DB1, DB2, DB3, DB4

/* +++++++++++++++++++++ ENV / RUNTIME - conf Variables +++++++++++++++++++++ */

/*         No env / runtime configuration flags available for wavelet         */

/* ========================================================================== */
/* ------------------------- DO NOT EDIT BELOW HERE ------------------------- */
/* ========================================================================== */
...

t2 -r ~/data/skypeu.pcap -w ~/results

tcol ~/results/skypeu_flows.txt

t2conf wavelet -D …

t2build wavelet

t2 -r ~/data/skypeu.pcap -w ~/results

tcol ~/results/skypeu_flows.txt

Conclusion

Don’t forget to reset the plugin configuration for the next tutorial.

t2conf wavelet --reset && t2build wavelet

Have fun!