Classification Features

TIE pre-processes traffic sources (live traffic from network interface, or traffic trace from file) then extracts some data to be provided to classifiers as classification features8).

At the moment, features available to classifiers are:

Always available
number of packets upstream/downstream
payload bytes upstream/downstrem
source/destination port
transport layer protocol
Available on demand
Feature option
Inter Packet Time between the first n packets -I
Packet Size of the first n packets -p
First n bytes of first packet
(in both directions in biflow mode)
Session payload stream of n bytes -S
see the User Manual and the Developer Manual for the details
