A Detection system for abnormal network traffic in different application categories. Use custom nfstream, nDPI, Redis, Elasticsearch, logstash, Kibana, pyod and other technologies.
- redis running on port which has declared in ./config/config.ini
- elasticsearch running on port 9200
- kibana running on port 5601
- enter the dictionary
- run command: sudo python main.py (which must be root)
- Add a new app filter in ./lib/nDPI/, please refer to nDPI official documents for details.
- Replace the libndpi.so file in nfstream with a custom compiled file created in step 1.
- Add your app name to APP_LIST in main.py ,which must be consistent with the application_name detected by nfstream.
- Add your MODEL_FLAG_{APP} flag in main.py
- Add the MODEL_FLAG_{APP} flag to MODEL_LIST in main.py