CICFlowMeter is a network traffic flow generator and analyser.
It can be used to generate bidirectional flows, where the first packet determines the forward (source to destination) and backward (destination to source) directions, hence more than 80 statistical network traffic features such as Duration, Number of packets, Number of bytes, Length of packets, etc. can be calculated separately in the forward and backward directions.
Additional functionalities include, selecting features from the list of existing features, adding new features, and controlling the duration of flow timeout. The output of the application is the CSV format file that has six columns labeled for each flow (FlowID, SourceIP, DestinationIP, SourcePort, DestinationPort, and Protocol) with more than 80 network traffic analysis features.
Note that TCP flows are usually terminated upon connection teardown (by FIN packet) while UDP flows are terminated by a flow timeout. The flow timeout value can be assigned arbitrarily by the individual scheme e.g., 600 seconds for both TCP and UDP.
Read more about CICFlowMeter in Github.
Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", in the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017.
Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, Characterization of Encrypted and VPN Traffic Using Time-Related Features", in Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP 2016), pp.s 407-414, Italy, 2016.
There are several ad blockers available for online users on computers and mobile devices. These ad blockers use Blacklists and Whitelists to see which links should be canceled and not displayed. A problem with this method is that one can easily avoid getting caught by using a different name in the URL. Furthermore, if the Blacklist is not updated it cannot block any new URLs.
To overcome this problem, we proposed to implement Artificial Intelligence to learn if the new URL is an ad. In particular, we used machine learning algorithms to make the classifier learn the patterns in ad URLs. The benefit of using this method is the ability to self-train the AI to detect new type of URLs, so that it is not necessary to wait for the Blacklist to update.
Our solution, CIC-AB, is a browser extension which communicates with a localhost server. The classifier training and classification of URLs are performed in the server to reduce complexity on the browser. The browser extension relays URLs to the server and blocks or allows network requests based on the server's reply.
Download CIC-AB for Windows :
Download CIC-AB for Linux:
Arash Habibi Lashkari, Amy Seo, Gerard Drapper Gil, Ali A. Ghorbani, "CIC-AB: An Online Ad Blocker for Browsers", UNB Research Expo, April 2017
