Date post: | 10-Jun-2015 |
Category: |
Engineering |
Upload: | brandon-niemczyk |
View: | 333 times |
Download: | 12 times |
PACUMEN“packet acumen”
WHO ARE WE?
PRASAD RAO - HPLABSBRANDON NIEMCZYK – HP DVLABS
WHAT IS PACUMEN ?
A tool to identify what applications are being used over an encrypted tunnel.
ACADEMIA HAS PRODUCED PAPERS…
Where’s the code?
PREVIOUS WORK
Results only.
Focus on one application at a time.
Results are difficult to interpret.
HOW DOES PACUMEN WORK?
PACUMEN learns by example.
HOW DOES PACUMEN WORK?
Train PACUMEN
Collect Example
Data
ClassifierClassify
new data
Provide new data from
network/pcap
10 Collect Training Data20 Build Classifier30 Get unknown data40 Classify unknown data50 GOTO 30
HOW DOES PACUMEN WORK?
A B A
SIZE ASIZE B
11
2CLASSIFY
IRRELEVANT SIZE 1 2 3
10 seconds
UPDATECONFIDENCE
HOW DOES PACUMEN WORK?
- Decision Trees
Multiple types of classifiers can be created.
- Mixed Gaussian Likelihood functions
DECISION TREESIs it a dog or a house cat?
Is it heavier than fifteen pounds?
Does it bark?
Probably a cat
Probably a dog
Probably a dog
MIXED GAUSSIANS
M =
DEMO TIME!
THANK YOUAny Questions?
PACUMEN - https://github.com/bniemczyk/pacumen.git
Prasad Rao – [email protected]
Brandon Niemczyk – [email protected]
Vib Chhabra – [email protected]