Nettisa plugin

[SiskaPavel]

NetTiSA plugin contains features computed by stream-wise computation with take care on efficiency and required memory. The feature set contains following features:

• Mean - Computes mean of the payload lengths of packets

• Min - Minimal value from all packet payload lengths

• Max - Maximum value from all packet payload lengths

• Switching ratio - Represents a switching ratio between different values of the sequence of observation.

• Standard deviation - The standard deviation is measure of the variation of data from the mean.

• Root mean square - The measure of the magnitude of payload lengths of packets.

• Average dispersion - The average absolute difference between each payload length of packet and the mean value.

• Kurtosis - The kurtosis is the measure describing the extent to which the tails of a distribution differ from the tails of a normal distribution

• Mean of scaled times - The scaled times is defined as sequence ({st} = { t_1 - t_1, t_2 - t_1, \dots, t_n - t_1 }). We compute the mean of the value with same method as for feature \textit{Mean}.

• Mean of time differences - The time differences is defined as sequence ({dt} = { t_j - t_i | j = i + 1, i \in {1, 2, \dots, n - 1} }). We compute the mean of the value with same method as for feature \textit{Mean}.

• Min from time differences - Minimal value from all time differences, i.e., min space between packets.

• Max from time differences - Maximum value from all time differences, i.e., max space between packets.

• Time distribution - Describes the distribution of time differences between individual packets.

The NetTiSA flow increase the network telemetry by only 52 bytes compared to classical flow.

The implementation of the NetTiSA flow requires to store 15 floats for each IP flow, respectively biflow, that is 60 bytes in RAM memory for each flow. Furthermore, when new packet arrives it requires to perform 23 mathematical operations and 5 comparisons. Moreover, before exporting the flow plugin perform 20 additional mathematical operations.

[SiskaPavel]

[codecov-commenter]

Codecov Report

Patch coverage: 5.04% and project coverage change: -0.64 ⚠️

Comparison is base (ec147b4) 41.38% compared to head (c4e889c) 40.74%.

❗ Current head c4e889c differs from pull request most recent head d8e4048. Consider uploading reports for the commit d8e4048 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #161      +/-   ##
==========================================
- Coverage   41.38%   40.74%   -0.64%     
==========================================
  Files          86       88       +2     
  Lines        8377     8469      +92     
  Branches     1284     1292       +8     
==========================================
- Hits         3467     3451      -16     
- Misses       4146     4250     +104     
- Partials      764      768       +4     

Flag	Coverage Δ
tests	40.74% <5.04%> (-0.64%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
process/nettisa.hpp	0.00% <0.00%> (ø)
process/nettisa.cpp	12.50% <12.50%> (ø)

... and 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.