Packet Café is built for easy-to-use automated network traffic analysis. This platform is configured to be modular and allow for a pipeline of tools that are triggered by different inputs and outputs.
Packet Café is an analysis platform that pipelines data through a configurable suite of open source tools to better visualize and dissect PCAP data with an eye toward more intuitive analysis of network traffic data. Packet Café accomplishes this in two ways. First, the PCAP is run through a rigorous analysis pipeline using industry standard tools such as Snort and Mercury, with the raw output being made available to the user for any style of analysis they want to perform. Next, the data is used to generate a dashboard view to allow for visual exploration of the supplied data. Currently, the supplied visualizations focus on answering questions regarding the distribution of IP addresses and ports communicating in an arbitrary PCAP file. We also are exploring ways to add further visualizations and refine our dashboarding capability.
NetworkML is the machine learning portion of our Poseidon project. The model in networkML classifies each device into a functional role via machine learning models trained on features derived from network traffic. “Functional role” refers to the authorized administrative purpose of the device on the network and includes roles such as printer, mail server, and others typically found in an IT environment. Our internal analysis suggests networkML can achieve accuracy, precision, recall, and F1 scores in the high 90s when trained on devices from your own network. Whether this performance can transfer from IT environment to IT environment is an active area of our research.