├── .gitignore
├── LICENSE
├── README.rst
├── data
    ├── http.csv
    ├── http.raw
    ├── incoming-floods.csv
    ├── incoming-floods.raw
    ├── mangle.sh
    ├── mangle_all.sh
    ├── masquerade.sh
    ├── nfs.csv
    ├── nfs.raw
    ├── small-flood.csv
    ├── small-flood.raw
    ├── smtp.csv
    ├── smtp.raw
    ├── test-samples-labels.txt
    ├── test-samples.csv
    ├── test-samples.raw
    ├── test-samples.txt
    ├── tivoli.csv
    └── tivoli.raw
├── machinelearning-netflow.ipynb
└── mangle.py


/.gitignore:
--------------------------------------------------------------------------------
1 | .ipynb_checkpoints
2 | data/sensible
3 | *.swp
4 | *.pyc
5 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 | GNU GENERAL PUBLIC LICENSE
  2 |                        Version 2, June 1991
  3 | 
  4 |  Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
  5 |  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  6 |  Everyone is permitted to copy and distribute verbatim copies
  7 |  of this license document, but changing it is not allowed.
  8 | 
  9 |                             Preamble
 10 | 
 11 |   The licenses for most software are designed to take away your
 12 | freedom to share and change it.  By contrast, the GNU General Public
 13 | License is intended to guarantee your freedom to share and change free
 14 | software--to make sure the software is free for all its users.  This
 15 | General Public License applies to most of the Free Software
 16 | Foundation's software and to any other program whose authors commit to
 17 | using it.  (Some other Free Software Foundation software is covered by
 18 | the GNU Lesser General Public License instead.)  You can apply it to
 19 | your programs, too.
 20 | 
 21 |   When we speak of free software, we are referring to freedom, not
 22 | price.  Our General Public Licenses are designed to make sure that you
 23 | have the freedom to distribute copies of free software (and charge for
 24 | this service if you wish), that you receive source code or can get it
 25 | if you want it, that you can change the software or use pieces of it
 26 | in new free programs; and that you know you can do these things.
 27 | 
 28 |   To protect your rights, we need to make restrictions that forbid
 29 | anyone to deny you these rights or to ask you to surrender the rights.
 30 | These restrictions translate to certain responsibilities for you if you
 31 | distribute copies of the software, or if you modify it.
 32 | 
 33 |   For example, if you distribute copies of such a program, whether
 34 | gratis or for a fee, you must give the recipients all the rights that
 35 | you have.  You must make sure that they, too, receive or can get the
 36 | source code.  And you must show them these terms so they know their
 37 | rights.
 38 | 
 39 |   We protect your rights with two steps: (1) copyright the software, and
 40 | (2) offer you this license which gives you legal permission to copy,
 41 | distribute and/or modify the software.
 42 | 
 43 |   Also, for each author's protection and ours, we want to make certain
 44 | that everyone understands that there is no warranty for this free
 45 | software.  If the software is modified by someone else and passed on, we
 46 | want its recipients to know that what they have is not the original, so
 47 | that any problems introduced by others will not reflect on the original
 48 | authors' reputations.
 49 | 
 50 |   Finally, any free program is threatened constantly by software
 51 | patents.  We wish to avoid the danger that redistributors of a free
 52 | program will individually obtain patent licenses, in effect making the
 53 | program proprietary.  To prevent this, we have made it clear that any
 54 | patent must be licensed for everyone's free use or not licensed at all.
 55 | 
 56 |   The precise terms and conditions for copying, distribution and
 57 | modification follow.
 58 | 
 59 |                     GNU GENERAL PUBLIC LICENSE
 60 |    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 61 | 
 62 |   0. This License applies to any program or other work which contains
 63 | a notice placed by the copyright holder saying it may be distributed
 64 | under the terms of this General Public License.  The "Program", below,
 65 | refers to any such program or work, and a "work based on the Program"
 66 | means either the Program or any derivative work under copyright law:
 67 | that is to say, a work containing the Program or a portion of it,
 68 | either verbatim or with modifications and/or translated into another
 69 | language.  (Hereinafter, translation is included without limitation in
 70 | the term "modification".)  Each licensee is addressed as "you".
 71 | 
 72 | Activities other than copying, distribution and modification are not
 73 | covered by this License; they are outside its scope.  The act of
 74 | running the Program is not restricted, and the output from the Program
 75 | is covered only if its contents constitute a work based on the
 76 | Program (independent of having been made by running the Program).
 77 | Whether that is true depends on what the Program does.
 78 | 
 79 |   1. You may copy and distribute verbatim copies of the Program's
 80 | source code as you receive it, in any medium, provided that you
 81 | conspicuously and appropriately publish on each copy an appropriate
 82 | copyright notice and disclaimer of warranty; keep intact all the
 83 | notices that refer to this License and to the absence of any warranty;
 84 | and give any other recipients of the Program a copy of this License
 85 | along with the Program.
 86 | 
 87 | You may charge a fee for the physical act of transferring a copy, and
 88 | you may at your option offer warranty protection in exchange for a fee.
 89 | 
 90 |   2. You may modify your copy or copies of the Program or any portion
 91 | of it, thus forming a work based on the Program, and copy and
 92 | distribute such modifications or work under the terms of Section 1
 93 | above, provided that you also meet all of these conditions:
 94 | 
 95 |     a) You must cause the modified files to carry prominent notices
 96 |     stating that you changed the files and the date of any change.
 97 | 
 98 |     b) You must cause any work that you distribute or publish, that in
 99 |     whole or in part contains or is derived from the Program or any
100 |     part thereof, to be licensed as a whole at no charge to all third
101 |     parties under the terms of this License.
102 | 
103 |     c) If the modified program normally reads commands interactively
104 |     when run, you must cause it, when started running for such
105 |     interactive use in the most ordinary way, to print or display an
106 |     announcement including an appropriate copyright notice and a
107 |     notice that there is no warranty (or else, saying that you provide
108 |     a warranty) and that users may redistribute the program under
109 |     these conditions, and telling the user how to view a copy of this
110 |     License.  (Exception: if the Program itself is interactive but
111 |     does not normally print such an announcement, your work based on
112 |     the Program is not required to print an announcement.)
113 | 
114 | These requirements apply to the modified work as a whole.  If
115 | identifiable sections of that work are not derived from the Program,
116 | and can be reasonably considered independent and separate works in
117 | themselves, then this License, and its terms, do not apply to those
118 | sections when you distribute them as separate works.  But when you
119 | distribute the same sections as part of a whole which is a work based
120 | on the Program, the distribution of the whole must be on the terms of
121 | this License, whose permissions for other licensees extend to the
122 | entire whole, and thus to each and every part regardless of who wrote it.
123 | 
124 | Thus, it is not the intent of this section to claim rights or contest
125 | your rights to work written entirely by you; rather, the intent is to
126 | exercise the right to control the distribution of derivative or
127 | collective works based on the Program.
128 | 
129 | In addition, mere aggregation of another work not based on the Program
130 | with the Program (or with a work based on the Program) on a volume of
131 | a storage or distribution medium does not bring the other work under
132 | the scope of this License.
133 | 
134 |   3. You may copy and distribute the Program (or a work based on it,
135 | under Section 2) in object code or executable form under the terms of
136 | Sections 1 and 2 above provided that you also do one of the following:
137 | 
138 |     a) Accompany it with the complete corresponding machine-readable
139 |     source code, which must be distributed under the terms of Sections
140 |     1 and 2 above on a medium customarily used for software interchange; or,
141 | 
142 |     b) Accompany it with a written offer, valid for at least three
143 |     years, to give any third party, for a charge no more than your
144 |     cost of physically performing source distribution, a complete
145 |     machine-readable copy of the corresponding source code, to be
146 |     distributed under the terms of Sections 1 and 2 above on a medium
147 |     customarily used for software interchange; or,
148 | 
149 |     c) Accompany it with the information you received as to the offer
150 |     to distribute corresponding source code.  (This alternative is
151 |     allowed only for noncommercial distribution and only if you
152 |     received the program in object code or executable form with such
153 |     an offer, in accord with Subsection b above.)
154 | 
155 | The source code for a work means the preferred form of the work for
156 | making modifications to it.  For an executable work, complete source
157 | code means all the source code for all modules it contains, plus any
158 | associated interface definition files, plus the scripts used to
159 | control compilation and installation of the executable.  However, as a
160 | special exception, the source code distributed need not include
161 | anything that is normally distributed (in either source or binary
162 | form) with the major components (compiler, kernel, and so on) of the
163 | operating system on which the executable runs, unless that component
164 | itself accompanies the executable.
165 | 
166 | If distribution of executable or object code is made by offering
167 | access to copy from a designated place, then offering equivalent
168 | access to copy the source code from the same place counts as
169 | distribution of the source code, even though third parties are not
170 | compelled to copy the source along with the object code.
171 | 
172 |   4. You may not copy, modify, sublicense, or distribute the Program
173 | except as expressly provided under this License.  Any attempt
174 | otherwise to copy, modify, sublicense or distribute the Program is
175 | void, and will automatically terminate your rights under this License.
176 | However, parties who have received copies, or rights, from you under
177 | this License will not have their licenses terminated so long as such
178 | parties remain in full compliance.
179 | 
180 |   5. You are not required to accept this License, since you have not
181 | signed it.  However, nothing else grants you permission to modify or
182 | distribute the Program or its derivative works.  These actions are
183 | prohibited by law if you do not accept this License.  Therefore, by
184 | modifying or distributing the Program (or any work based on the
185 | Program), you indicate your acceptance of this License to do so, and
186 | all its terms and conditions for copying, distributing or modifying
187 | the Program or works based on it.
188 | 
189 |   6. Each time you redistribute the Program (or any work based on the
190 | Program), the recipient automatically receives a license from the
191 | original licensor to copy, distribute or modify the Program subject to
192 | these terms and conditions.  You may not impose any further
193 | restrictions on the recipients' exercise of the rights granted herein.
194 | You are not responsible for enforcing compliance by third parties to
195 | this License.
196 | 
197 |   7. If, as a consequence of a court judgment or allegation of patent
198 | infringement or for any other reason (not limited to patent issues),
199 | conditions are imposed on you (whether by court order, agreement or
200 | otherwise) that contradict the conditions of this License, they do not
201 | excuse you from the conditions of this License.  If you cannot
202 | distribute so as to satisfy simultaneously your obligations under this
203 | License and any other pertinent obligations, then as a consequence you
204 | may not distribute the Program at all.  For example, if a patent
205 | license would not permit royalty-free redistribution of the Program by
206 | all those who receive copies directly or indirectly through you, then
207 | the only way you could satisfy both it and this License would be to
208 | refrain entirely from distribution of the Program.
209 | 
210 | If any portion of this section is held invalid or unenforceable under
211 | any particular circumstance, the balance of the section is intended to
212 | apply and the section as a whole is intended to apply in other
213 | circumstances.
214 | 
215 | It is not the purpose of this section to induce you to infringe any
216 | patents or other property right claims or to contest validity of any
217 | such claims; this section has the sole purpose of protecting the
218 | integrity of the free software distribution system, which is
219 | implemented by public license practices.  Many people have made
220 | generous contributions to the wide range of software distributed
221 | through that system in reliance on consistent application of that
222 | system; it is up to the author/donor to decide if he or she is willing
223 | to distribute software through any other system and a licensee cannot
224 | impose that choice.
225 | 
226 | This section is intended to make thoroughly clear what is believed to
227 | be a consequence of the rest of this License.
228 | 
229 |   8. If the distribution and/or use of the Program is restricted in
230 | certain countries either by patents or by copyrighted interfaces, the
231 | original copyright holder who places the Program under this License
232 | may add an explicit geographical distribution limitation excluding
233 | those countries, so that distribution is permitted only in or among
234 | countries not thus excluded.  In such case, this License incorporates
235 | the limitation as if written in the body of this License.
236 | 
237 |   9. The Free Software Foundation may publish revised and/or new versions
238 | of the General Public License from time to time.  Such new versions will
239 | be similar in spirit to the present version, but may differ in detail to
240 | address new problems or concerns.
241 | 
242 | Each version is given a distinguishing version number.  If the Program
243 | specifies a version number of this License which applies to it and "any
244 | later version", you have the option of following the terms and conditions
245 | either of that version or of any later version published by the Free
246 | Software Foundation.  If the Program does not specify a version number of
247 | this License, you may choose any version ever published by the Free Software
248 | Foundation.
249 | 
250 |   10. If you wish to incorporate parts of the Program into other free
251 | programs whose distribution conditions are different, write to the author
252 | to ask for permission.  For software which is copyrighted by the Free
253 | Software Foundation, write to the Free Software Foundation; we sometimes
254 | make exceptions for this.  Our decision will be guided by the two goals
255 | of preserving the free status of all derivatives of our free software and
256 | of promoting the sharing and reuse of software generally.
257 | 
258 |                             NO WARRANTY
259 | 
260 |   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268 | REPAIR OR CORRECTION.
269 | 
270 |   12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278 | POSSIBILITY OF SUCH DAMAGES.
279 | 
280 |                      END OF TERMS AND CONDITIONS
281 | 
282 |             How to Apply These Terms to Your New Programs
283 | 
284 |   If you develop a new program, and you want it to be of the greatest
285 | possible use to the public, the best way to achieve this is to make it
286 | free software which everyone can redistribute and change under these terms.
287 | 
288 |   To do so, attach the following notices to the program.  It is safest
289 | to attach them to the start of each source file to most effectively
290 | convey the exclusion of warranty; and each file should have at least
291 | the "copyright" line and a pointer to where the full notice is found.
292 | 
293 |     {description}
294 |     Copyright (C) {year}  {fullname}
295 | 
296 |     This program is free software; you can redistribute it and/or modify
297 |     it under the terms of the GNU General Public License as published by
298 |     the Free Software Foundation; either version 2 of the License, or
299 |     (at your option) any later version.
300 | 
301 |     This program is distributed in the hope that it will be useful,
302 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
303 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
304 |     GNU General Public License for more details.
305 | 
306 |     You should have received a copy of the GNU General Public License along
307 |     with this program; if not, write to the Free Software Foundation, Inc.,
308 |     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309 | 
310 | Also add information on how to contact you by electronic and paper mail.
311 | 
312 | If the program is interactive, make it output a short notice like this
313 | when it starts in an interactive mode:
314 | 
315 |     Gnomovision version 69, Copyright (C) year name of author
316 |     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317 |     This is free software, and you are welcome to redistribute it
318 |     under certain conditions; type `show c' for details.
319 | 
320 | The hypothetical commands `show w' and `show c' should show the appropriate
321 | parts of the General Public License.  Of course, the commands you use may
322 | be called something other than `show w' and `show c'; they could even be
323 | mouse-clicks or menu items--whatever suits your program.
324 | 
325 | You should also get your employer (if you work as a programmer) or your
326 | school, if any, to sign a "copyright disclaimer" for the program, if
327 | necessary.  Here is a sample; alter the names:
328 | 
329 |   Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330 |   `Gnomovision' (which makes passes at compilers) written by James Hacker.
331 | 
332 |   {signature of Ty Coon}, 1 April 1989
333 |   Ty Coon, President of Vice
334 | 
335 | This General Public License does not permit incorporating your program into
336 | proprietary programs.  If your program is a subroutine library, you may
337 | consider it more useful to permit linking proprietary applications with the
338 | library.  If this is what you want to do, use the GNU Lesser General
339 | Public License instead of this License.
340 | 
341 | 


--------------------------------------------------------------------------------
/README.rst:
--------------------------------------------------------------------------------
 1 | Use of machine learning for anomaly detection in netflow data
 2 | =============================================================
 3 | 
 4 | This notebook can be viewed on `github <https://github.com/eraclitux/machine-learning-netflow/blob/master/machinelearning-netflow.ipynb>`_.
 5 | 
 6 | A readable version of this ipython notebook can also be found `here <http://nbviewer.ipython.org/github/eraclitux/machine-learning-netflow/blob/master/machinelearning-netflow.ipynb>`_.
 7 | 
 8 | Notes
 9 | =====
10 | 
11 | I'm not a data scientist and I'm sure that this process contains errors and inaccuracies. One of I'm aware of is that I've used euclidean distance calculation on heterogeneous features. This is formally incorrect even if classification results are consistent.
12 | 
13 | If you find other errors feels free to report them with isses or pull requests.
14 | 
15 | I've no longer access to any netflow data collector. I'd like to develop a service (and open source it ;-)) that applies ml alghoritms to this data to automatically spot anomalies. If someone is interested and has a collector with ``nfdump`` installed, which I can have ssh access to, please contact me!
16 | 


--------------------------------------------------------------------------------
/data/http.csv:
--------------------------------------------------------------------------------
  1 | 2.904,1,35252,52.6M,12139,144.8M,1491
  2 | 0.112,1,5478,8.2M,48910,586.8M,1499
  3 | 0.035,1,1272,1.9M,36342,436.1M,1500
  4 | 0.932,1,7978,12.0M,8560,102.7M,1500
  5 | 0.270,1,1087,1.6M,4025,48.1M,1493
  6 | 1.550,9,6305,9.4M,4067,48.7M,1495
  7 | 0.455,1,1389,2.1M,3052,36.5M,1495
  8 | 1.880,2,5626,298383,2992,1.3M,53
  9 | 1.612,1,4791,7.0M,2972,34.9M,1468
 10 | 0.391,2,1157,1.7M,2959,35.3M,1489
 11 | 0.395,5,1133,1.5M,2868,30.3M,1321
 12 | 0.512,1,1435,2.1M,2802,33.6M,1496
 13 | 7.299,1,17235,25.9M,2361,28.3M,1499
 14 | 4.056,22,9388,13.9M,2314,27.4M,1479
 15 | 1.762,1,35126,52.6M,19935,238.7M,1496
 16 | 0.125,1,2065,3.1M,16520,197.9M,1497
 17 | 60.082,51,176176,263.6M,2932,35.1M,1496
 18 | 2.078,2,5734,298515,2759,1.1M,52
 19 | 2.306,1,3228,4.6M,1399,15.9M,1419
 20 | 7.741,1,47185,2.6M,6095,2.7M,55
 21 | 1.060,2,3390,186702,3198,1.4M,55
 22 | 0.779,1,2916,4.4M,3743,44.9M,1499
 23 | 3.811,1,13863,20.8M,3637,43.6M,1499
 24 | 2.725,2,35252,52.9M,12936,155.2M,1499
 25 | 0.830,1,3886,5.8M,4681,56.1M,1498
 26 | 4.184,1,11053,15.7M,2641,30.0M,1419
 27 | 1.098,5,2721,4.1M,2478,29.7M,1496
 28 | 9.230,1,18920,28.4M,2049,24.6M,1499
 29 | 0.138,2,3476,157692,25188,9.1M,45
 30 | 0.209,1,1422,2.1M,6803,81.4M,1495
 31 | 0.384,1,1219,1.8M,3174,37.7M,1483
 32 | 1.406,1,3617,5.4M,2572,30.8M,1495
 33 | 0.846,1,2114,3.2M,2498,29.9M,1498
 34 | 0.106,1,1160,1.7M,10943,131.1M,1497
 35 | 1.388,1,9860,14.8M,7103,85.2M,1499
 36 | 0.676,1,4164,2.4M,6159,28.4M,575
 37 | 0.127,1,2165,3.2M,17047,204.3M,1498
 38 | 1.611,1,8828,13.0M,5479,64.4M,1469
 39 | 0.432,1,1024,1.5M,2370,28.3M,1492
 40 | 4.115,1,17719,25.4M,4305,49.5M,1435
 41 | 0.256,1,1090,1.6M,4257,51.1M,1499
 42 | 4.115,1,17719,25.4M,4305,49.5M,1435
 43 | 5.312,2,21657,32.5M,4076,48.9M,1499
 44 | 4.442,1,35501,52.6M,7992,94.7M,1481
 45 | 0.333,2,1690,2.5M,5075,60.6M,1493
 46 | 1.166,1,3617,5.4M,3102,37.1M,1494
 47 | 1.639,1,4433,6.5M,2704,31.8M,1467
 48 | 8.222,1,20828,30.6M,2533,29.7M,1467
 49 | 2.225,2,5190,7.3M,2332,26.3M,1410
 50 | 0.369,1,1060,1.6M,2872,34.4M,1497
 51 | 1.064,1,1470,2.1M,1381,15.9M,1437
 52 | 1.280,1,1612,2.2M,1259,13.9M,1377
 53 | 0.313,1,3170,4.8M,10127,121.5M,1499
 54 | 3.461,1,9801,14.7M,2831,34.0M,1499
 55 | 1.561,1,3615,5.4M,2315,27.7M,1495
 56 | 3.240,2,30996,6.3M,9566,15.5M,202
 57 | 0.744,1,4992,7.5M,6709,80.5M,1498
 58 | 6.542,1,42612,2.3M,6513,2.8M,53
 59 | 2.309,2,35703,53.0M,15462,183.8M,1485
 60 | 1.224,4,10128,15.2M,8274,99.2M,1498
 61 | 48.080,1,83334,125.0M,1733,20.8M,1499
 62 | 13.170,2,20536,30.8M,1559,18.7M,1499
 63 | 30.079,2,100335,150.5M,3335,40.0M,1499
 64 | 11.006,3,38216,34.0M,3472,24.7M,889
 65 | 0.221,1,2346,3.5M,10615,127.2M,1498
 66 | 0.215,1,1875,2.8M,8720,104.4M,1497
 67 | 74.543,5,1.1M,1.7G,15234,182.8M,1499
 68 | 3.851,1,23493,35.2M,6100,73.2M,1499
 69 | 3.792,1,35464,52.6M,9352,111.0M,1484
 70 | 0.147,1,1436,2.2M,9768,117.1M,1497
 71 | 51.504,1,234020,350.0M,4543,54.4M,1495
 72 | 281.474,9,1.3M,2.0G,4691,56.2M,1498
 73 | 1.750,1,14423,21.6M,8241,98.8M,1498
 74 | 2.526,2,35498,52.8M,14053,167.2M,1487
 75 | 0.102,1,1527,2.3M,14970,179.2M,1496
 76 | 0.429,1,1938,2.9M,4517,54.0M,1494
 77 | 0.364,1,2186,3.1M,6005,68.2M,1418
 78 | 1.779,1,35413,52.9M,19906,237.7M,1492
 79 | 0.448,1,3198,4.8M,7138,85.5M,1497
 80 | 0.180,1,1112,1.7M,6177,73.9M,1495
 81 | 0.200,1,1036,1.6M,5180,62.0M,1497
 82 | 0.145,1,1554,83424,10717,4.6M,53
 83 | 1.420,1,4580,6.9M,3225,38.7M,1499
 84 | 0.417,1,1303,2.0M,3124,37.4M,1497
 85 | 0.530,1,2517,3.8M,4749,56.9M,1498
 86 | 0.759,1,1990,3.0M,2621,31.2M,1489
 87 | 0.759,1,1990,3.0M,2621,31.2M,1489
 88 | 0.214,1,1307,2.0M,6107,73.1M,1495
 89 | 14.902,2,43623,64.1M,2927,34.4M,1470
 90 | 2.056,1,35393,52.8M,17214,205.4M,1491
 91 | 0.086,1,3297,144724,38337,13.5M,43
 92 | 2.269,2,5908,314095,2603,1.1M,53
 93 | 0.236,1,1786,2.7M,7567,90.5M,1494
 94 | 0.816,1,4742,7.1M,5811,69.6M,1498
 95 | 0.063,1,1307,2.0M,20746,248.1M,1494
 96 | 0.128,1,1208,1.8M,9437,113.0M,1496
 97 | 3.066,2,35417,52.7M,11551,137.6M,1488
 98 | 1.317,1,4918,7.3M,3734,44.5M,1489
 99 | 0.359,1,1113,1.7M,3100,37.2M,1500
100 | 10.248,6,31688,47.3M,3092,37.0M,1493
101 | 1.595,1,3615,5.4M,2266,27.1M,1495
102 | 1.636,1,3620,5.4M,2212,26.5M,1495
103 | 43.932,14,172711,245.2M,3931,44.6M,1419
104 | 0.761,1,2237,3.4M,2939,35.2M,1498
105 | 1.511,86,4670,6.6M,3090,34.7M,1403
106 | 1.271,1,3609,5.4M,2839,34.0M,1497
107 | 5.323,1,12640,18.9M,2374,28.3M,1491
108 | 48.717,2,104708,154.0M,2149,25.3M,1471
109 | 0.883,1,1836,2.8M,2079,24.9M,1498
110 | 1.347,2,2432,3.6M,1805,21.6M,1496
111 | 0.547,1,3838,5.7M,7016,83.8M,1493
112 | 5.093,1,35545,52.6M,6979,82.7M,1481
113 | 0.838,5,4777,7.1M,5700,68.1M,1493
114 | 1.216,1,4369,6.4M,3592,42.3M,1471
115 | 2.082,2,7342,10.8M,3526,41.4M,1468
116 | 1.401,1,3615,5.4M,2580,30.9M,1495
117 | 3.004,1,7347,11.0M,2445,29.3M,1498
118 | 21.954,36,55987,79.1M,2550,28.8M,1413
119 | 72.677,106,139236,207.2M,1915,22.8M,1488
120 | 0.099,1,1300,1.9M,13131,157.2M,1496
121 | 1.741,140,7522,10.6M,4320,48.5M,1404
122 | 0.839,1,3968,5.7M,4729,54.4M,1438
123 | 0.097,1,1350,2.0M,13917,166.5M,1495
124 | 72.501,107,136962,204.0M,1889,22.5M,1489
125 | 69.404,136,139391,207.2M,2008,23.9M,1486
126 | 70.727,99,127206,189.4M,1798,21.4M,1488
127 | 112.626,9,738498,1.1G,6557,78.7M,1499
128 | 112.648,2,647812,488.1M,5750,34.7M,753
129 | 1.756,85,4670,6.6M,2659,29.9M,1403
130 | 31.221,7,80112,120.2M,2565,30.8M,1499
131 | 67.611,137,130590,194.0M,1931,23.0M,1485
132 | 0.541,1,5107,7.6M,9439,112.8M,1493
133 | 19.334,3,163844,241.1M,8474,99.8M,1471
134 | 8.532,24,30146,42.6M,3533,39.9M,1411
135 | 1.491,33,3210,4.4M,2152,23.8M,1384
136 | 49.323,3,154250,231.3M,3127,37.5M,1499
137 | 2.247,86,4669,6.6M,2077,23.3M,1404
138 | 0.420,1,1177,1.7M,2802,32.6M,1454
139 | 0.183,1,1354,1.9M,7398,83.1M,1403
140 | 4.096,2,22160,33.2M,5410,64.9M,1498
141 | 60.063,2,312186,459.1M,5197,61.1M,1470
142 | 1.209,2,9216,13.8M,7622,91.4M,1499
143 | 0.204,1,1298,1.9M,6362,76.3M,1498
144 | 68.746,135,139285,207.2M,2026,24.1M,1487
145 | 148.740,3,273368,406.8M,1837,21.9M,1487
146 | 0.120,1,1297,1.9M,10808,129.7M,1500
147 | 6.346,10,18643,1.1M,2937,1.4M,60
148 | 5.743,1,35211,52.8M,6131,73.5M,1498
149 | 0.688,3,2434,3.2M,3537,36.7M,1295
150 | 3.731,2,9789,14.6M,2623,31.3M,1491
151 | 1.558,1,12549,18.8M,8054,96.6M,1499
152 | 1.538,6,3731,5.5M,2425,28.8M,1484
153 | 0.027,1,1632,2.4M,60444,723.7M,1496
154 | 2.024,1,35218,52.7M,17400,208.4M,1497
155 | 0.618,1,8614,12.9M,13938,167.1M,1498
156 | 2.077,2,35259,52.8M,16975,203.3M,1496
157 | 3.824,6,8614,12.9M,2252,27.0M,1495
158 | 0.633,1,1126,1.7M,1778,21.3M,1496
159 | 1.391,2,2424,3.6M,1742,20.8M,1489
160 | 19.552,1,33750,48.9M,1726,20.0M,1449
161 | 8.128,1,11923,17.9M,1466,17.6M,1499
162 | 0.067,1,1004,1.5M,14985,178.7M,1490
163 | 10.823,1,25951,38.9M,2397,28.8M,1499
164 | 0.320,1,1462,2.2M,4568,54.7M,1495
165 | 0.323,1,1174,1.8M,3634,43.4M,1493
166 | 0.640,1,1089,1.6M,1701,20.3M,1494
167 | 75.086,128,127353,189.3M,1696,20.2M,1486
168 | 6.427,1,9183,13.3M,1428,16.6M,1449
169 | 454.656,11,3.0M,4.4G,6501,77.9M,1498
170 | 0.989,1,4002,6.0M,4046,48.4M,1495
171 | 165.180,4,421461,571.9M,2551,27.7M,1356
172 | 2.089,2,35407,52.8M,16949,202.2M,1490
173 | 


--------------------------------------------------------------------------------
/data/http.raw:
--------------------------------------------------------------------------------
  1 | # Http session medium
  2 | # Date first seen          Duration Proto       Dst IP Addr    Flows(%)     Packets(%)       Bytes(%)         pps      bps   bpp
  3 | 2015-02-26 14:01:11.476     2.904 any     XXX.XXX.XXX.XXX        1( 0.0)    35252( 0.0)   52.6 M( 0.0)    12139  144.8 M  1491
  4 | 2015-02-26 14:31:06.735     0.112 any        XXX.XXX.XXX.XXX        1( 0.0)     5478( 0.0)    8.2 M( 0.0)    48910  586.8 M  1499
  5 | 2015-02-26 14:30:31.336     0.035 any          XXX.XXX.XXX.XXX        1( 0.0)     1272( 0.0)    1.9 M( 0.0)    36342  436.1 M  1500
  6 | 2015-02-26 15:13:57.896     0.932 any     XXX.XXX.XXX.XXX        1( 0.0)     7978( 0.0)   12.0 M( 0.0)     8560  102.7 M  1500
  7 | 2015-02-26 15:03:12.146     0.270 any      XXX.XXX.XXX.XXX        1( 0.0)     1087( 0.0)    1.6 M( 0.0)     4025   48.1 M  1493
  8 | 2015-02-26 16:22:19.188     1.550 any        XXX.XXX.XXX.XXX        9( 0.0)     6305( 0.0)    9.4 M( 0.0)     4067   48.7 M  1495
  9 | 2015-02-26 16:52:32.908     0.455 any     XXX.XXX.XXX.XXX        1( 0.0)     1389( 0.0)    2.1 M( 0.0)     3052   36.5 M  1495
 10 | 2015-02-26 17:49:50.097     1.880 any     XXX.XXX.XXX.XXX        2( 0.0)     5626( 0.0)   298383( 0.0)     2992    1.3 M    53
 11 | 2015-02-26 17:30:01.821     1.612 any      XXX.XXX.XXX.XXX        1( 0.0)     4791( 0.0)    7.0 M( 0.0)     2972   34.9 M  1468
 12 | 2015-02-26 17:41:29.843     0.391 any        XXX.XXX.XXX.XXX        2( 0.0)     1157( 0.0)    1.7 M( 0.0)     2959   35.3 M  1489
 13 | 2015-02-26 17:48:59.415     0.395 any       XXX.XXX.XXX.XXX        5( 0.0)     1133( 0.0)    1.5 M( 0.0)     2868   30.3 M  1321
 14 | 2015-02-26 17:48:33.350     0.512 any      XXX.XXX.XXX.XXX        1( 0.0)     1435( 0.0)    2.1 M( 0.0)     2802   33.6 M  1496
 15 | 2015-02-26 17:41:51.474     7.299 any        XXX.XXX.XXX.XXX        1( 0.0)    17235( 0.0)   25.9 M( 0.0)     2361   28.3 M  1499
 16 | 2015-02-26 17:44:32.399     4.056 any         XXX.XXX.XXX.XXX       22( 0.0)     9388( 0.0)   13.9 M( 0.0)     2314   27.4 M  1479
 17 | 2015-02-27 00:20:23.528     1.762 any     XXX.XXX.XXX.XXX        1( 0.0)    35126( 0.0)   52.6 M( 0.0)    19935  238.7 M  1496
 18 | 2015-02-26 23:47:24.170     0.125 any        XXX.XXX.XXX.XXX        1( 0.0)     2065( 0.0)    3.1 M( 0.0)    16520  197.9 M  1497
 19 | 2015-02-27 00:19:56.308    60.082 any      XXX.XXX.XXX.XXX       51( 0.0)   176176( 0.1)  263.6 M( 0.1)     2932   35.1 M  1496
 20 | 2015-02-27 00:49:50.119     2.078 any     XXX.XXX.XXX.XXX        2( 0.0)     5734( 0.0)   298515( 0.0)     2759    1.1 M    52
 21 | 2015-02-27 00:21:31.038     2.306 any        XXX.XXX.XXX.XXX        1( 0.0)     3228( 0.0)    4.6 M( 0.0)     1399   15.9 M  1419
 22 | 2015-02-27 00:59:51.349     7.741 any       XXX.XXX.XXX.XXX        1( 0.0)    47185( 0.0)    2.6 M( 0.0)     6095    2.7 M    55
 23 | 2015-02-27 00:59:58.221     1.060 any       XXX.XXX.XXX.XXX        2( 0.0)     3390( 0.0)   186702( 0.0)     3198    1.4 M    55
 24 | 2015-02-26 23:43:23.103     0.779 any         XXX.XXX.XXX.XXX        1( 0.0)     2916( 0.0)    4.4 M( 0.0)     3743   44.9 M  1499
 25 | 2015-02-27 00:44:14.181     3.811 any       XXX.XXX.XXX.XXX        1( 0.0)    13863( 0.0)   20.8 M( 0.0)     3637   43.6 M  1499
 26 | 2015-02-27 08:38:11.453     2.725 any     XXX.XXX.XXX.XXX        2( 0.0)    35252( 0.0)   52.9 M( 0.0)    12936  155.2 M  1499
 27 | 2015-02-27 08:33:23.593     0.830 any      XXX.XXX.XXX.XXX        1( 0.0)     3886( 0.0)    5.8 M( 0.0)     4681   56.1 M  1498
 28 | 2015-02-27 08:39:32.281     4.184 any         XXX.XXX.XXX.XXX        1( 0.0)    11053( 0.0)   15.7 M( 0.0)     2641   30.0 M  1419
 29 | 2015-02-27 08:33:36.561     1.098 any        XXX.XXX.XXX.XXX        5( 0.0)     2721( 0.0)    4.1 M( 0.0)     2478   29.7 M  1496
 30 | 2015-02-27 08:07:47.750     9.230 any        XXX.XXX.XXX.XXX        1( 0.0)    18920( 0.0)   28.4 M( 0.0)     2049   24.6 M  1499
 31 | 2015-02-27 10:46:16.853     0.138 any     XXX.XXX.XXX.XXX        2( 0.0)     3476( 0.0)   157692( 0.0)    25188    9.1 M    45
 32 | 2015-02-27 10:38:35.551     0.209 any      XXX.XXX.XXX.XXX        1( 0.0)     1422( 0.0)    2.1 M( 0.0)     6803   81.4 M  1495
 33 | 2015-02-27 10:47:20.287     0.384 any           XXX.XXX.XXX.XXX        1( 0.0)     1219( 0.0)    1.8 M( 0.0)     3174   37.7 M  1483
 34 | 2015-02-27 10:34:07.719     1.406 any        XXX.XXX.XXX.XXX        1( 0.0)     3617( 0.0)    5.4 M( 0.0)     2572   30.8 M  1495
 35 | 2015-02-27 10:21:07.320     0.846 any      XXX.XXX.XXX.XXX        1( 0.0)     2114( 0.0)    3.2 M( 0.0)     2498   29.9 M  1498
 36 | 2015-02-27 10:59:29.831     0.106 any          XXX.XXX.XXX.XXX        1( 0.0)     1160( 0.0)    1.7 M( 0.0)    10943  131.1 M  1497
 37 | 2015-02-27 10:56:55.188     1.388 any      XXX.XXX.XXX.XXX        1( 0.0)     9860( 0.0)   14.8 M( 0.0)     7103   85.2 M  1499
 38 | 2015-02-27 11:28:08.679     0.676 any        XXX.XXX.XXX.XXX        1( 0.0)     4164( 0.0)    2.4 M( 0.0)     6159   28.4 M   575
 39 | 2015-02-27 15:14:50.649     0.127 any         XXX.XXX.XXX.XXX        1( 0.0)     2165( 0.0)    3.2 M( 0.0)    17047  204.3 M  1498
 40 | 2015-02-27 15:36:01.408     1.611 any      XXX.XXX.XXX.XXX        1( 0.0)     8828( 0.0)   13.0 M( 0.0)     5479   64.4 M  1469
 41 | 2015-02-27 14:33:52.662     0.432 any         XXX.XXX.XXX.XXX        1( 0.0)     1024( 0.0)    1.5 M( 0.0)     2370   28.3 M  1492
 42 | 2015-02-27 16:31:34.694     4.115 any        XXX.XXX.XXX.XXX        1( 0.0)    17719( 0.0)   25.4 M( 0.0)     4305   49.5 M  1435
 43 | 2015-02-27 16:20:50.287     0.256 any     XXX.XXX.XXX.XXX        1( 0.0)     1090( 0.0)    1.6 M( 0.0)     4257   51.1 M  1499
 44 | 2015-02-27 16:31:34.694     4.115 any        XXX.XXX.XXX.XXX        1( 0.0)    17719( 0.0)   25.4 M( 0.0)     4305   49.5 M  1435
 45 | 2015-02-27 17:09:24.310     5.312 any       XXX.XXX.XXX.XXX        2( 0.0)    21657( 0.0)   32.5 M( 0.0)     4076   48.9 M  1499
 46 | 2015-02-27 17:09:27.308     4.442 any     XXX.XXX.XXX.XXX        1( 0.0)    35501( 0.0)   52.6 M( 0.0)     7992   94.7 M  1481
 47 | 2015-02-27 17:14:35.285     0.333 any        XXX.XXX.XXX.XXX        2( 0.0)     1690( 0.0)    2.5 M( 0.0)     5075   60.6 M  1493
 48 | 2015-02-27 16:42:36.283     1.166 any       XXX.XXX.XXX.XXX        1( 0.0)     3617( 0.0)    5.4 M( 0.0)     3102   37.1 M  1494
 49 | 2015-02-27 17:15:07.258     1.639 any      XXX.XXX.XXX.XXX        1( 0.0)     4433( 0.0)    6.5 M( 0.0)     2704   31.8 M  1467
 50 | 2015-02-27 16:47:32.084     8.222 any       XXX.XXX.XXX.XXX        1( 0.0)    20828( 0.0)   30.6 M( 0.0)     2533   29.7 M  1467
 51 | 2015-02-27 16:00:16.498     2.225 any        XXX.XXX.XXX.XXX        2( 0.0)     5190( 0.0)    7.3 M( 0.0)     2332   26.3 M  1410
 52 | 2015-02-27 16:20:50.151     0.369 any     XXX.XXX.XXX.XXX        1( 0.0)     1060( 0.0)    1.6 M( 0.0)     2872   34.4 M  1497
 53 | 2015-02-27 17:16:57.599     1.064 any       XXX.XXX.XXX.XXX        1( 0.0)     1470( 0.0)    2.1 M( 0.0)     1381   15.9 M  1437
 54 | 2015-02-27 17:25:12.003     1.280 any          XXX.XXX.XXX.XXX        1( 0.0)     1612( 0.0)    2.2 M( 0.0)     1259   13.9 M  1377
 55 | 2015-03-02 08:11:53.012     0.313 any         XXX.XXX.XXX.XXX        1( 0.0)     3170( 0.0)    4.8 M( 0.0)    10127  121.5 M  1499
 56 | 2015-03-02 08:17:38.163     3.461 any      XXX.XXX.XXX.XXX        1( 0.0)     9801( 0.0)   14.7 M( 0.0)     2831   34.0 M  1499
 57 | 2015-03-02 08:40:28.930     1.561 any      XXX.XXX.XXX.XXX        1( 0.0)     3615( 0.0)    5.4 M( 0.0)     2315   27.7 M  1495
 58 | 2015-03-02 09:24:37.000     3.240 any        XXX.XXX.XXX.XXX        2( 0.0)    30996( 0.0)    6.3 M( 0.0)     9566   15.5 M   202
 59 | 2015-03-02 09:25:40.308     0.744 any        XXX.XXX.XXX.XXX        1( 0.0)     4992( 0.0)    7.5 M( 0.0)     6709   80.5 M  1498
 60 | 2015-03-02 00:29:50.859     6.542 any       XXX.XXX.XXX.XXX        1( 0.0)    42612( 0.0)    2.3 M( 0.0)     6513    2.8 M    53
 61 | 2015-03-02 00:11:20.283     2.309 any     XXX.XXX.XXX.XXX        2( 0.0)    35703( 0.0)   53.0 M( 0.0)    15462  183.8 M  1485
 62 | 2015-03-02 12:13:48.879     1.224 any        XXX.XXX.XXX.XXX        4( 0.0)    10128( 0.0)   15.2 M( 0.0)     8274   99.2 M  1498
 63 | 2015-03-02 11:20:43.071    48.080 any      XXX.XXX.XXX.XXX        1( 0.0)    83334( 0.0)  125.0 M( 0.1)     1733   20.8 M  1499
 64 | 2015-03-02 12:16:10.983    13.170 any         XXX.XXX.XXX.XXX        2( 0.0)    20536( 0.0)   30.8 M( 0.0)     1559   18.7 M  1499
 65 | 2015-03-02 14:37:14.580    30.079 any       XXX.XXX.XXX.XXX        2( 0.0)   100335( 0.0)  150.5 M( 0.1)     3335   40.0 M  1499
 66 | 2015-03-03 00:10:00.685    11.006 any       XXX.XXX.XXX.XXX        3( 0.0)    38216( 0.0)   34.0 M( 0.0)     3472   24.7 M   889
 67 | 2015-03-03 14:11:16.821     0.221 any        XXX.XXX.XXX.XXX        1( 0.0)     2346( 0.0)    3.5 M( 0.0)    10615  127.2 M  1498
 68 | 2015-03-03 03:19:09.858     0.215 any     XXX.XXX.XXX.XXX        1( 0.0)     1875( 0.0)    2.8 M( 0.0)     8720  104.4 M  1497
 69 | 2015-03-04 16:03:07.117    74.543 any      XXX.XXX.XXX.XXX        5( 0.0)    1.1 M( 0.5)    1.7 G( 0.9)    15234  182.8 M  1499
 70 | 2015-03-04 15:09:18.842     3.851 any         XXX.XXX.XXX.XXX        1( 0.0)    23493( 0.0)   35.2 M( 0.0)     6100   73.2 M  1499
 71 | 2015-03-04 16:09:07.177     3.792 any     XXX.XXX.XXX.XXX        1( 0.0)    35464( 0.0)   52.6 M( 0.0)     9352  111.0 M  1484
 72 | 2015-03-08 23:18:38.363     0.147 any         XXX.XXX.XXX.XXX        1( 0.0)     1436( 0.0)    2.2 M( 0.0)     9768  117.1 M  1497
 73 | 2015-03-09 00:02:22.975    51.504 any        XXX.XXX.XXX.XXX        1( 0.0)   234020( 0.1)  350.0 M( 0.2)     4543   54.4 M  1495
 74 | 2015-03-09 00:34:17.767   281.474 any       XXX.XXX.XXX.XXX        9( 0.0)    1.3 M( 0.6)    2.0 G( 1.0)     4691   56.2 M  1498
 75 | 2015-03-09 04:54:42.734     1.750 any       XXX.XXX.XXX.XXX        1( 0.0)    14423( 0.0)   21.6 M( 0.0)     8241   98.8 M  1498
 76 | 2015-03-09 05:27:51.607     2.526 any     XXX.XXX.XXX.XXX        2( 0.0)    35498( 0.0)   52.8 M( 0.1)    14053  167.2 M  1487
 77 | 2015-03-10 00:56:14.064     0.102 any     XXX.XXX.XXX.XXX        1( 0.0)     1527( 0.0)    2.3 M( 0.0)    14970  179.2 M  1496
 78 | 2015-03-10 02:10:46.614     0.429 any         XXX.XXX.XXX.XXX        1( 0.0)     1938( 0.0)    2.9 M( 0.0)     4517   54.0 M  1494
 79 | 2015-03-10 17:01:01.492     0.364 any     XXX.XXX.XXX.XXX        1( 0.0)     2186( 0.0)    3.1 M( 0.0)     6005   68.2 M  1418
 80 | 2015-03-10 17:47:55.634     1.779 any     XXX.XXX.XXX.XXX        1( 0.0)    35413( 0.0)   52.9 M( 0.0)    19906  237.7 M  1492
 81 | 2015-03-11 14:29:39.910     0.448 any      XXX.XXX.XXX.XXX        1( 0.0)     3198( 0.0)    4.8 M( 0.0)     7138   85.5 M  1497
 82 | 2015-03-11 13:25:34.198     0.180 any          XXX.XXX.XXX.XXX        1( 0.0)     1112( 0.0)    1.7 M( 0.0)     6177   73.9 M  1495
 83 | 2015-03-11 16:05:10.754     0.200 any          XXX.XXX.XXX.XXX        1( 0.0)     1036( 0.0)    1.6 M( 0.0)     5180   62.0 M  1497
 84 | 2015-03-11 23:05:27.753     0.145 any        XXX.XXX.XXX.XXX        1( 0.0)     1554( 0.0)    83424( 0.0)    10717    4.6 M    53
 85 | 2015-03-11 23:03:50.889     1.420 any          XXX.XXX.XXX.XXX        1( 0.0)     4580( 0.0)    6.9 M( 0.0)     3225   38.7 M  1499
 86 | 2015-03-11 23:09:00.527     0.417 any      XXX.XXX.XXX.XXX        1( 0.0)     1303( 0.0)    2.0 M( 0.0)     3124   37.4 M  1497
 87 | 2015-03-11 23:17:06.433     0.530 any        XXX.XXX.XXX.XXX        1( 0.0)     2517( 0.0)    3.8 M( 0.0)     4749   56.9 M  1498
 88 | 2015-03-11 23:21:24.498     0.759 any      XXX.XXX.XXX.XXX        1( 0.0)     1990( 0.0)    3.0 M( 0.0)     2621   31.2 M  1489
 89 | 2015-03-11 23:21:24.498     0.759 any      XXX.XXX.XXX.XXX        1( 0.0)     1990( 0.0)    3.0 M( 0.0)     2621   31.2 M  1489
 90 | 2015-03-11 22:56:28.311     0.214 any         XXX.XXX.XXX.XXX        1( 0.0)     1307( 0.0)    2.0 M( 0.0)     6107   73.1 M  1495
 91 | 2015-03-11 23:32:39.499    14.902 any      XXX.XXX.XXX.XXX        2( 0.0)    43623( 0.0)   64.1 M( 0.0)     2927   34.4 M  1470
 92 | 2015-03-11 23:17:19.432     2.056 any     XXX.XXX.XXX.XXX        1( 0.0)    35393( 0.0)   52.8 M( 0.0)    17214  205.4 M  1491
 93 | 2015-03-11 23:48:18.406     0.086 any     XXX.XXX.XXX.XXX        1( 0.0)     3297( 0.0)   144724( 0.0)    38337   13.5 M    43
 94 | 2015-03-11 23:49:48.557     2.269 any     XXX.XXX.XXX.XXX        2( 0.0)     5908( 0.0)   314095( 0.0)     2603    1.1 M    53
 95 | 2015-03-11 22:40:01.507     0.236 any      XXX.XXX.XXX.XXX        1( 0.0)     1786( 0.0)    2.7 M( 0.0)     7567   90.5 M  1494
 96 | 2015-03-11 23:51:12.219     0.816 any       XXX.XXX.XXX.XXX        1( 0.0)     4742( 0.0)    7.1 M( 0.0)     5811   69.6 M  1498
 97 | 2015-03-11 23:30:22.255     0.063 any         XXX.XXX.XXX.XXX        1( 0.0)     1307( 0.0)    2.0 M( 0.0)    20746  248.1 M  1494
 98 | 2015-03-12 00:29:59.193     0.128 any        XXX.XXX.XXX.XXX        1( 0.0)     1208( 0.0)    1.8 M( 0.0)     9437  113.0 M  1496
 99 | 2015-03-16 09:09:35.211     3.066 any     XXX.XXX.XXX.XXX        2( 0.0)    35417( 0.0)   52.7 M( 0.0)    11551  137.6 M  1488
100 | 2015-03-16 09:12:24.533     1.317 any         XXX.XXX.XXX.XXX        1( 0.0)     4918( 0.0)    7.3 M( 0.0)     3734   44.5 M  1489
101 | 2015-03-16 09:09:30.659     0.359 any      XXX.XXX.XXX.XXX        1( 0.0)     1113( 0.0)    1.7 M( 0.0)     3100   37.2 M  1500
102 | 2015-03-16 09:11:32.375    10.248 any       XXX.XXX.XXX.XXX        6( 0.0)    31688( 0.0)   47.3 M( 0.0)     3092   37.0 M  1493
103 | 2015-03-16 08:06:52.105     1.595 any       XXX.XXX.XXX.XXX        1( 0.0)     3615( 0.0)    5.4 M( 0.0)     2266   27.1 M  1495
104 | 2015-03-16 08:11:18.465     1.636 any       XXX.XXX.XXX.XXX        1( 0.0)     3620( 0.0)    5.4 M( 0.0)     2212   26.5 M  1495
105 | 2015-03-16 09:22:20.415    43.932 any      XXX.XXX.XXX.XXX       14( 0.0)   172711( 0.1)  245.2 M( 0.2)     3931   44.6 M  1419
106 | 2015-03-16 08:12:13.574     0.761 any         XXX.XXX.XXX.XXX        1( 0.0)     2237( 0.0)    3.4 M( 0.0)     2939   35.2 M  1498
107 | 2015-03-16 09:19:59.215     1.511 any         XXX.XXX.XXX.XXX       86( 0.0)     4670( 0.0)    6.6 M( 0.0)     3090   34.7 M  1403
108 | 2015-03-16 08:19:46.055     1.271 any       XXX.XXX.XXX.XXX        1( 0.0)     3609( 0.0)    5.4 M( 0.0)     2839   34.0 M  1497
109 | 2015-03-16 09:17:39.534     5.323 any       XXX.XXX.XXX.XXX        1( 0.0)    12640( 0.0)   18.9 M( 0.0)     2374   28.3 M  1491
110 | 2015-03-16 09:08:31.014    48.717 any         XXX.XXX.XXX.XXX        2( 0.0)   104708( 0.1)  154.0 M( 0.1)     2149   25.3 M  1471
111 | 2015-03-16 08:58:28.527     0.883 any         XXX.XXX.XXX.XXX        1( 0.0)     1836( 0.0)    2.8 M( 0.0)     2079   24.9 M  1498
112 | 2015-03-16 09:22:15.740     1.347 any         XXX.XXX.XXX.XXX        2( 0.0)     2432( 0.0)    3.6 M( 0.0)     1805   21.6 M  1496
113 | 2015-03-16 10:58:07.160     0.547 any      XXX.XXX.XXX.XXX        1( 0.0)     3838( 0.0)    5.7 M( 0.0)     7016   83.8 M  1493
114 | 2015-03-16 11:00:23.956     5.093 any     XXX.XXX.XXX.XXX        1( 0.0)    35545( 0.0)   52.6 M( 0.0)     6979   82.7 M  1481
115 | 2015-03-16 10:58:24.643     0.838 any       XXX.XXX.XXX.XXX        5( 0.0)     4777( 0.0)    7.1 M( 0.0)     5700   68.1 M  1493
116 | 2015-03-16 11:02:51.858     1.216 any      XXX.XXX.XXX.XXX        1( 0.0)     4369( 0.0)    6.4 M( 0.0)     3592   42.3 M  1471
117 | 2015-03-16 10:45:40.679     2.082 any      XXX.XXX.XXX.XXX        2( 0.0)     7342( 0.0)   10.8 M( 0.0)     3526   41.4 M  1468
118 | 2015-03-16 10:06:49.072     1.401 any      XXX.XXX.XXX.XXX        1( 0.0)     3615( 0.0)    5.4 M( 0.0)     2580   30.9 M  1495
119 | 2015-03-16 10:56:45.763     3.004 any        XXX.XXX.XXX.XXX        1( 0.0)     7347( 0.0)   11.0 M( 0.0)     2445   29.3 M  1498
120 | 2015-03-16 10:58:45.551    21.954 any      XXX.XXX.XXX.XXX       36( 0.0)    55987( 0.0)   79.1 M( 0.0)     2550   28.8 M  1413
121 | 2015-03-16 11:00:01.970    72.677 any      XXX.XXX.XXX.XXX      106( 0.0)   139236( 0.1)  207.2 M( 0.1)     1915   22.8 M  1488
122 | 2015-03-16 10:59:22.199     0.099 any         XXX.XXX.XXX.XXX        1( 0.0)     1300( 0.0)    1.9 M( 0.0)    13131  157.2 M  1496
123 | 2015-03-16 11:31:13.236     1.741 any      XXX.XXX.XXX.XXX      140( 0.0)     7522( 0.0)   10.6 M( 0.0)     4320   48.5 M  1404
124 | 2015-03-16 11:23:54.679     0.839 any      XXX.XXX.XXX.XXX        1( 0.0)     3968( 0.0)    5.7 M( 0.0)     4729   54.4 M  1438
125 | 2015-03-16 11:34:22.850     0.097 any         XXX.XXX.XXX.XXX        1( 0.0)     1350( 0.0)    2.0 M( 0.0)    13917  166.5 M  1495
126 | 2015-03-16 12:00:01.666    72.501 any      XXX.XXX.XXX.XXX      107( 0.0)   136962( 0.1)  204.0 M( 0.1)     1889   22.5 M  1489
127 | 2015-03-16 12:40:01.499    69.404 any      XXX.XXX.XXX.XXX      136( 0.0)   139391( 0.1)  207.2 M( 0.1)     2008   23.9 M  1486
128 | 2015-03-16 12:50:01.162    70.727 any      XXX.XXX.XXX.XXX       99( 0.0)   127206( 0.1)  189.4 M( 0.1)     1798   21.4 M  1488
129 | 2015-03-16 14:26:15.530   112.626 any       XXX.XXX.XXX.XXX        9( 0.0)   738498( 0.3)    1.1 G( 0.6)     6557   78.7 M  1499
130 | 2015-03-16 13:51:35.724   112.648 any      XXX.XXX.XXX.XXX        2( 0.0)   647812( 0.3)  488.1 M( 0.3)     5750   34.7 M   753
131 | 2015-03-16 14:25:10.555     1.756 any          XXX.XXX.XXX.XXX       85( 0.0)     4670( 0.0)    6.6 M( 0.0)     2659   29.9 M  1403
132 | 2015-03-16 15:10:54.768    31.221 any        XXX.XXX.XXX.XXX        7( 0.0)    80112( 0.0)  120.2 M( 0.1)     2565   30.8 M  1499
133 | 2015-03-16 15:10:02.048    67.611 any      XXX.XXX.XXX.XXX      137( 0.0)   130590( 0.1)  194.0 M( 0.1)     1931   23.0 M  1485
134 | 2015-03-16 17:17:06.373     0.541 any      XXX.XXX.XXX.XXX        1( 0.0)     5107( 0.0)    7.6 M( 0.0)     9439  112.8 M  1493
135 | 2015-03-16 17:25:23.348    19.334 any      XXX.XXX.XXX.XXX        3( 0.0)   163844( 0.1)  241.1 M( 0.1)     8474   99.8 M  1471
136 | 2015-03-16 17:24:02.553     8.532 any     XXX.XXX.XXX.XXX       24( 0.0)    30146( 0.0)   42.6 M( 0.0)     3533   39.9 M  1411
137 | 2015-03-16 17:24:57.596     1.491 any       XXX.XXX.XXX.XXX       33( 0.0)     3210( 0.0)    4.4 M( 0.0)     2152   23.8 M  1384
138 | 2015-03-16 17:35:02.312    49.323 any       XXX.XXX.XXX.XXX        3( 0.0)   154250( 0.0)  231.3 M( 0.1)     3127   37.5 M  1499
139 | 2015-03-16 17:38:35.656     2.247 any        XXX.XXX.XXX.XXX       86( 0.0)     4669( 0.0)    6.6 M( 0.0)     2077   23.3 M  1404
140 | 2015-03-16 17:35:25.062     0.420 any        XXX.XXX.XXX.XXX        1( 0.0)     1177( 0.0)    1.7 M( 0.0)     2802   32.6 M  1454
141 | 2015-03-17 00:05:10.892     0.183 any       XXX.XXX.XXX.XXX        1( 0.0)     1354( 0.0)    1.9 M( 0.0)     7398   83.1 M  1403
142 | 2015-03-17 00:05:03.123     4.096 any        XXX.XXX.XXX.XXX        2( 0.0)    22160( 0.0)   33.2 M( 0.0)     5410   64.9 M  1498
143 | 2015-03-17 00:06:11.286    60.063 any        XXX.XXX.XXX.XXX        2( 0.0)   312186( 0.1)  459.1 M( 0.2)     5197   61.1 M  1470
144 | 2015-03-17 15:16:03.686     1.209 any      XXX.XXX.XXX.XXX        2( 0.0)     9216( 0.0)   13.8 M( 0.0)     7622   91.4 M  1499
145 | 2015-03-17 15:12:33.906     0.204 any       XXX.XXX.XXX.XXX        1( 0.0)     1298( 0.0)    1.9 M( 0.0)     6362   76.3 M  1498
146 | 2015-03-17 15:20:02.018    68.746 any      XXX.XXX.XXX.XXX      135( 0.0)   139285( 0.1)  207.2 M( 0.1)     2026   24.1 M  1487
147 | 2015-03-17 15:20:31.134   148.740 any      XXX.XXX.XXX.XXX        3( 0.0)   273368( 0.1)  406.8 M( 0.2)     1837   21.9 M  1487
148 | 2015-03-18 08:34:02.334     0.120 any      XXX.XXX.XXX.XXX        1( 0.0)     1297( 0.0)    1.9 M( 0.0)    10808  129.7 M  1500
149 | 2015-03-18 08:59:48.695     6.346 any       XXX.XXX.XXX.XXX       10( 0.0)    18643( 0.0)    1.1 M( 0.0)     2937    1.4 M    60
150 | 2015-03-18 09:17:17.239     5.743 any     XXX.XXX.XXX.XXX        1( 0.0)    35211( 0.0)   52.8 M( 0.0)     6131   73.5 M  1498
151 | 2015-03-18 09:13:00.536     0.688 any      XXX.XXX.XXX.XXX        3( 0.0)     2434( 0.0)    3.2 M( 0.0)     3537   36.7 M  1295
152 | 2015-03-18 09:12:31.703     3.731 any      XXX.XXX.XXX.XXX        2( 0.0)     9789( 0.0)   14.6 M( 0.0)     2623   31.3 M  1491
153 | 2015-03-18 08:49:29.395     1.558 any        XXX.XXX.XXX.XXX        1( 0.0)    12549( 0.0)   18.8 M( 0.0)     8054   96.6 M  1499
154 | 2015-03-18 09:42:45.560     1.538 any        XXX.XXX.XXX.XXX        6( 0.0)     3731( 0.0)    5.5 M( 0.0)     2425   28.8 M  1484
155 | 2015-03-18 17:26:20.470     0.027 any           XXX.XXX.XXX.XXX        1( 0.0)     1632( 0.0)    2.4 M( 0.0)    60444  723.7 M  1496
156 | 2015-03-18 17:37:20.596     2.024 any     XXX.XXX.XXX.XXX        1( 0.0)    35218( 0.0)   52.7 M( 0.0)    17400  208.4 M  1497
157 | 2015-03-18 17:36:21.442     0.618 any      XXX.XXX.XXX.XXX        1( 0.0)     8614( 0.0)   12.9 M( 0.0)    13938  167.1 M  1498
158 | 2015-03-20 01:31:55.878     2.077 any     XXX.XXX.XXX.XXX        2( 0.0)    35259( 0.0)   52.8 M( 0.0)    16975  203.3 M  1496
159 | 2015-03-20 01:32:11.612     3.824 any       XXX.XXX.XXX.XXX        6( 0.0)     8614( 0.0)   12.9 M( 0.0)     2252   27.0 M  1495
160 | 2015-03-20 00:43:42.424     0.633 any      XXX.XXX.XXX.XXX        1( 0.0)     1126( 0.0)    1.7 M( 0.0)     1778   21.3 M  1496
161 | 2015-03-20 01:34:29.419     1.391 any        XXX.XXX.XXX.XXX        2( 0.0)     2424( 0.0)    3.6 M( 0.0)     1742   20.8 M  1489
162 | 2015-03-20 01:33:45.758    19.552 any       XXX.XXX.XXX.XXX        1( 0.0)    33750( 0.0)   48.9 M( 0.0)     1726   20.0 M  1449
163 | 2015-03-19 23:49:38.228     8.128 any         XXX.XXX.XXX.XXX        1( 0.0)    11923( 0.0)   17.9 M( 0.0)     1466   17.6 M  1499
164 | 2015-03-20 01:37:13.443     0.067 any         XXX.XXX.XXX.XXX        1( 0.0)     1004( 0.0)    1.5 M( 0.0)    14985  178.7 M  1490
165 | 2015-03-20 01:13:49.152    10.823 any        XXX.XXX.XXX.XXX        1( 0.0)    25951( 0.0)   38.9 M( 0.0)     2397   28.8 M  1499
166 | 2015-03-20 01:42:49.691     0.320 any        XXX.XXX.XXX.XXX        1( 0.0)     1462( 0.0)    2.2 M( 0.0)     4568   54.7 M  1495
167 | 2015-03-20 01:34:52.066     0.323 any        XXX.XXX.XXX.XXX        1( 0.0)     1174( 0.0)    1.8 M( 0.0)     3634   43.4 M  1493
168 | 2015-03-20 01:43:07.878     0.640 any      XXX.XXX.XXX.XXX        1( 0.0)     1089( 0.0)    1.6 M( 0.0)     1701   20.3 M  1494
169 | 2015-03-20 01:40:02.199    75.086 any      XXX.XXX.XXX.XXX      128( 0.0)   127353( 0.1)  189.3 M( 0.1)     1696   20.2 M  1486
170 | 2015-03-20 01:34:17.527     6.427 any      XXX.XXX.XXX.XXX        1( 0.0)     9183( 0.0)   13.3 M( 0.0)     1428   16.6 M  1449
171 | 2015-03-20 01:42:12.330   454.656 any       XXX.XXX.XXX.XXX       11( 0.0)    3.0 M( 1.6)    4.4 G( 3.0)     6501   77.9 M  1498
172 | 2015-03-20 01:49:26.105     0.989 any        XXX.XXX.XXX.XXX        1( 0.0)     4002( 0.0)    6.0 M( 0.0)     4046   48.4 M  1495
173 | 2015-03-20 01:47:10.326   165.180 any        XXX.XXX.XXX.XXX        4( 0.0)   421461( 0.2)  571.9 M( 0.4)     2551   27.7 M  1356
174 | 2015-03-20 01:58:59.005     2.089 any     XXX.XXX.XXX.XXX        2( 0.0)    35407( 0.0)   52.8 M( 0.0)    16949  202.2 M  1490
175 | 


--------------------------------------------------------------------------------
/data/incoming-floods.csv:
--------------------------------------------------------------------------------
 1 | 455.890,84760,20.1M,6.5G,44101,113.9M,322
 2 | 1239.924,81973,45.7M,19.9G,36891,128.3M,434
 3 | 2189.226,11455,12.1M,5.4G,5534,19.8M,447
 4 | 400.337,3.3M,40.9M,13.0G,102148,260.6M,318
 5 | 643.024,2.9M,44.1M,14.1G,68573,175.3M,319
 6 | 1128.218,1.1M,19.8M,6.4G,17544,45.1M,321
 7 | 1243.740,564131,10.9M,3.5G,8785,22.6M,321
 8 | 1538.259,288747,5.7M,1.8G,3711,9.6M,322
 9 | 715.518,227396,101.0M,32.2G,141217,359.6M,318
10 | 1272.092,174289,76.9M,24.5G,60418,153.9M,318
11 | 1681.015,41856,24.9M,7.9G,14807,37.7M,318
12 | 2508.325,24354,14.5M,4.6G,5762,14.7M,318
13 | 3348.784,10884,6.3M,2.0G,1877,4.8M,318
14 | 12774.883,895302,152.1M,45.0G,11903,28.2M,296
15 | 13074.179,1.3M,193.7M,42.4G,14817,26.0M,219
16 | 13665.163,976827,199.3M,31.4G,14586,18.4M,157
17 | 13974.893,729791,283.0M,58.9G,20247,33.7M,208
18 | 13941.727,1.3M,306.8M,48.4G,22005,27.8M,157
19 | 14569.988,823730,339.0M,33.5G,23265,18.4M,98
20 | 14874.604,529690,280.6M,29.5G,18867,15.8M,104
21 | 15156.911,388564,209.3M,20.2G,13810,10.6M,96
22 | 8857.464,278299,144.6M,15.5G,16325,14.0M,107
23 | 15409.312,227478,139.2M,12.9G,9033,6.7M,92
24 | 10673.743,185420,137.6M,12.3G,12889,9.2M,89
25 | 11635.157,131888,89.9M,9.1G,7729,6.3M,101
26 | 


--------------------------------------------------------------------------------
/data/incoming-floods.raw:
--------------------------------------------------------------------------------
 1 | # incoming floods
 2 | # XXX check either pps and bps orders, 2015-04-01 08:37:05.627 wasn't in top 10 bps flows but in top 10 pps.
 3 | 2015-03-05 17:16:32.311   455.890 any      XXX.XXX.XXX.XXX    84760( 0.9)   20.1 M( 5.8)    6.5 G( 2.4)    44101  113.9 M   322
 4 | 2015-03-05 17:04:13.055  1239.924 any       XXX.XXX.XXX.XXX    81973( 0.8)   45.7 M(13.2)   19.9 G( 7.5)    36891  128.3 M   434
 5 | 2015-03-05 16:52:44.011  2189.226 any       XXX.XXX.XXX.XXX    11455( 0.1)   12.1 M( 4.0)    5.4 G( 2.2)     5534   19.8 M   447
 6 | 2015-03-07 04:38:18.940   400.337 any      XXX.XXX.XXX.XXX    3.3 M(35.7)   40.9 M(25.9)   13.0 G(12.1)   102148  260.6 M   318
 7 | 2015-03-07 04:38:52.598   643.024 any      XXX.XXX.XXX.XXX    2.9 M(33.3)   44.1 M(28.6)   14.1 G(14.1)    68573  175.3 M   319
 8 | 2015-03-07 04:35:43.217  1128.218 any      XXX.XXX.XXX.XXX    1.1 M(14.1)   19.8 M(13.0)    6.4 G( 5.9)    17544   45.1 M   321
 9 | 2015-03-07 04:38:52.687  1243.740 any      XXX.XXX.XXX.XXX   564131( 7.4)   10.9 M( 7.9)    3.5 G( 3.9)     8785   22.6 M   321
10 | 2015-03-07 04:38:52.566  1538.259 any      XXX.XXX.XXX.XXX   288747( 3.7)    5.7 M( 4.4)    1.8 G( 1.9)     3711    9.6 M   322
11 | 2015-03-18 08:43:03.356   715.518 any        XXX.XXX.XXX.XXX   227396( 2.4)  101.0 M(32.2)   32.2 G(14.8)   141217  359.6 M   318
12 | 2015-03-18 08:38:39.347  1272.092 any        XXX.XXX.XXX.XXX   174289( 1.8)   76.9 M(23.4)   24.5 G( 9.4)    60418  153.9 M   318
13 | 2015-03-18 08:45:36.080  1681.015 any        XXX.XXX.XXX.XXX    41856( 0.4)   24.9 M(11.2)    7.9 G( 5.1)    14807   37.7 M   318
14 | 2015-03-18 08:42:06.568  2508.325 any        XXX.XXX.XXX.XXX    24354( 0.3)   14.5 M( 6.7)    4.6 G( 3.0)     5762   14.7 M   318
15 | 2015-03-18 08:43:17.484  3348.784 any        XXX.XXX.XXX.XXX    10884( 0.1)    6.3 M( 3.0)    2.0 G( 1.3)     1877    4.8 M   318
16 | 2015-04-01 08:37:04.924 12774.883 any        XXX.XXX.XXX.XXX   895302( 9.3)  152.1 M(47.3)   45.0 G(25.5)    11903   28.2 M   296
17 | 2015-04-01 08:37:05.627 13074.179 any        XXX.XXX.XXX.XXX    1.3 M(13.8)  193.7 M(54.1)   42.4 G(25.5)    14817   26.0 M   219
18 | 2015-04-01 08:37:12.059 13665.163 any        XXX.XXX.XXX.XXX   976827( 9.7)  199.3 M(50.2)   31.4 G(16.7)    14586   18.4 M   157
19 | 2016-04-01 08:37:04.827 13974.893 any        XXX.XXX.XXX.XXX   729791( 7.5)  283.0 M(60.3)   58.9 G(29.7)    20247   33.7 M   208
20 | 2015-04-01 08:42:38.068 13941.727 any        XXX.XXX.XXX.XXX    1.3 M(12.6)  306.8 M(60.0)   48.4 G(22.7)    22005   27.8 M   157
21 | 2015-04-01 08:37:09.731 14569.988 any        XXX.XXX.XXX.XXX   823730( 8.3)  339.0 M(63.5)   33.5 G(18.6)    23265   18.4 M    98
22 | 2015-04-01 08:37:05.166 14874.604 any        XXX.XXX.XXX.XXX   529690( 5.2)  280.6 M(51.2)   29.5 G(14.8)    18867   15.8 M   104
23 | 2015-04-01 08:37:16.843 15156.911 any        XXX.XXX.XXX.XXX   388564( 4.1)  209.3 M(41.6)   20.2 G(12.4)    13810   10.6 M    96
24 | 2015-04-01 10:27:16.913  8857.464 any        XXX.XXX.XXX.XXX   278299( 2.9)  144.6 M(33.0)   15.5 G(10.4)    16325   14.0 M   107
25 | 2015-04-01 08:43:10.412 15409.312 any        XXX.XXX.XXX.XXX   227478( 2.3)  139.2 M(31.8)   12.9 G( 8.5)     9033    6.7 M    92
26 | 2015-04-01 10:06:46.068 10673.743 any        XXX.XXX.XXX.XXX   185420( 1.9)  137.6 M(30.3)   12.3 G( 7.2)    12889    9.2 M    89
27 | 2015-04-01 09:55:56.456 11635.157 any        XXX.XXX.XXX.XXX   131888( 1.4)   89.9 M(26.5)    9.1 G( 6.2)     7729    6.3 M   101
28 | 


--------------------------------------------------------------------------------
/data/mangle.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | sed '/^#/d;s/(.[0-9].[0-9])//g;s/ M/M/g;s/ G/G/g;' $1 |  awk  '{print $3,$6,$7,$8,$9,$10,$11}' | sed 's/ /,/g'
4 | 


--------------------------------------------------------------------------------
/data/mangle_all.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | ./masquerade.sh
 4 | 
 5 | cat test-samples.txt | sed '/^;/d' |  cut -d'#' -f1 > test-samples.raw
 6 | cat test-samples.txt | sed '/^;/d' |  cut -d'#' -f2 | tr -s [:space:] > test-samples-labels.txt
 7 | 
 8 | for f in `ls *raw`; do
 9 | 	echo ${f%\.*}
10 | 	./mangle.sh $f > ${f%\.*}.csv
11 | done
12 | 


--------------------------------------------------------------------------------
/data/masquerade.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | for f in `ls ./sensible`; do
4 | 	sed 's/[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/XXX.XXX.XXX.XXX/g' ./sensible/$f > ./$f
5 | done
6 | 


--------------------------------------------------------------------------------
/data/nfs.csv:
--------------------------------------------------------------------------------
 1 | 285.118,16,14.5M,21.3G,50708,598.3M,1474
 2 | 360.581,25,17.4M,26.0G,48228,576.0M,1492
 3 | 287.990,31,15.4M,22.9G,53452,636.2M,1487
 4 | 843.189,19,17.4M,26.0G,20600,246.4M,1495
 5 | 4007.864,22,16.8M,25.1G,4183,50.2M,1498
 6 | 298.165,28,17.8M,26.7G,59746,716.0M,1497
 7 | 648.390,25,13.7M,20.4G,21177,252.0M,1487
 8 | 321.715,19,18.1M,26.8G,56251,667.0M,1482
 9 | 300.158,28,17.8M,26.6G,59200,708.8M,1496
10 | 288.943,13,7.8M,11.7G,26941,323.3M,1499
11 | 943.574,19,15.0M,22.6G,15945,191.3M,1499
12 | 1872.857,13,11.7M,17.2G,6260,73.5M,1468
13 | 289.963,15,15.4M,23.2G,53240,638.9M,1499
14 | 2814.572,15,14.4M,21.6G,5118,61.4M,1499
15 | 312.780,12,10.3M,15.5G,33042,396.5M,1499
16 | 328.350,12,11.9M,17.9G,36334,436.0M,1499
17 | 324.218,70,19.0M,28.5G,58582,703.0M,1499
18 | 361.339,25,15.6M,23.5G,43289,519.5M,1499
19 | 


--------------------------------------------------------------------------------
/data/nfs.raw:
--------------------------------------------------------------------------------
 1 | 2015-03-13 11:24:52.736   285.118 any        XXX.XXX.XXX.XXX       16( 0.0)   14.5 M( 6.2)   21.3 G(12.3)    50708  598.3 M  1474
 2 | 2015-03-13 12:28:58.164   360.581 any        XXX.XXX.XXX.XXX       25( 0.0)   17.4 M( 6.8)   26.0 G(11.8)    48228  576.0 M  1492
 3 | 2015-03-13 12:39:42.849   287.990 any        XXX.XXX.XXX.XXX       31( 0.0)   15.4 M( 5.5)   22.9 G( 8.9)    53452  636.2 M  1487
 4 | 2015-03-13 12:35:51.743   843.189 any        XXX.XXX.XXX.XXX       19( 0.0)   17.4 M( 6.5)   26.0 G(10.9)    20600  246.4 M  1495
 5 | 2015-03-13 11:47:57.362  4007.864 any        XXX.XXX.XXX.XXX       22( 0.0)   16.8 M( 5.1)   25.1 G(12.2)     4183   50.2 M  1498
 6 | 2015-03-13 12:54:45.235   298.165 any        XXX.XXX.XXX.XXX       28( 0.0)   17.8 M( 4.6)   26.7 G( 6.6)    59746  716.0 M  1497
 7 | 2015-03-13 12:54:04.325   648.390 any        XXX.XXX.XXX.XXX       25( 0.0)   13.7 M( 5.1)   20.4 G( 8.2)    21177  252.0 M  1487
 8 | 2015-03-13 13:19:33.655   321.715 any        XXX.XXX.XXX.XXX       19( 0.0)   18.1 M( 7.3)   26.8 G(12.2)    56251  667.0 M  1482
 9 | 2015-03-13 13:24:55.372   300.158 any        XXX.XXX.XXX.XXX       28( 0.0)   17.8 M( 5.6)   26.6 G( 9.6)    59200  708.8 M  1496
10 | 2015-03-05 17:09:44.991   288.943 any        XXX.XXX.XXX.XXX       13( 0.0)    7.8 M( 2.7)   11.7 G( 4.9)    26941  323.3 M  1499
11 | 2015-03-05 17:14:09.037   943.574 any        XXX.XXX.XXX.XXX       19( 0.0)   15.0 M( 5.0)   22.6 G( 9.0)    15945  191.3 M  1499
12 | 2015-03-16 10:33:23.852  1872.857 any        XXX.XXX.XXX.XXX       13( 0.0)   11.7 M( 4.3)   17.2 G( 8.5)     6260   73.5 M  1468
13 | 2015-03-16 11:29:41.850   289.963 any        XXX.XXX.XXX.XXX       15( 0.0)   15.4 M( 5.6)   23.2 G(11.6)    53240  638.9 M  1499
14 | 2015-03-16 16:42:33.914  2814.572 any        XXX.XXX.XXX.XXX       15( 0.0)   14.4 M( 4.7)   21.6 G( 8.3)     5118   61.4 M  1499
15 | 2015-03-16 23:49:16.806   312.780 any        XXX.XXX.XXX.XXX       12( 0.0)   10.3 M( 3.3)   15.5 G( 7.3)    33042  396.5 M  1499
16 | 2015-03-17 00:04:19.367   328.350 any        XXX.XXX.XXX.XXX       12( 0.0)   11.9 M( 4.9)   17.9 G( 8.3)    36334  436.0 M  1499
17 | 2015-04-01 01:14:30.080   324.218 any        XXX.XXX.XXX.XXX       70( 0.0)   19.0 M( 6.6)   28.5 G(10.8)    58582  703.0 M  1499
18 | 2015-04-01 01:18:26.175   361.339 any        XXX.XXX.XXX.XXX       25( 0.0)   15.6 M( 8.5)   23.5 G(13.8)    43289  519.5 M  1499
19 | 


--------------------------------------------------------------------------------
/data/small-flood.csv:
--------------------------------------------------------------------------------
 1 | 10.690,14744,549833,745.4M,51434,557.8M,1355
 2 | 10.791,14917,576606,782.0M,53433,579.8M,1356
 3 | 7.532,12389,496686,674.3M,65943,716.2M,1357
 4 | 10.141,19036,735305,998.3M,72508,787.6M,1357
 5 | 26.616,39097,1.6M,2.1G,59020,641.1M,1357
 6 | 11.534,21394,824529,1.1G,71486,776.3M,1357
 7 | 7.532,12389,496686,674.3M,65943,716.2M,1357
 8 | 41.271,59415,2.1M,2.9G,51385,558.4M,1358
 9 | 17.258,24475,885829,1.2G,51328,557.4M,1357
10 | 70.059,106660,3.5M,4.8G,50009,543.4M,1358
11 | 43.820,62243,2.1M,2.9G,48252,524.2M,1357
12 | 10.131,19440,733288,995.2M,72380,785.9M,1357
13 | 25.476,46992,1.6M,2.2G,62266,676.2M,1357
14 | 10.949,20243,863990,1.2G,78910,857.7M,1358
15 | 10.244,20339,834266,1.1G,81439,885.1M,1358
16 | 10.181,19775,819678,1.1G,80510,874.9M,1358
17 | 10.565,21198,855557,1.2G,80980,880.1M,1358
18 | 10.564,21002,848347,1.2G,80305,872.6M,1358
19 | 10.328,20391,794430,1.1G,76920,835.5M,1357
20 | 10.693,21088,820145,1.1G,76699,833.1M,1357
21 | 10.438,20269,836873,1.1G,80175,871.5M,1358
22 | 10.709,20631,851906,1.2G,79550,864.6M,1358
23 | 8.708,11834,479996,652.0M,55121,599.0M,1358
24 | 35.169,39417,1.6M,2.2G,46657,507.2M,1358
25 | 992.030,1208,12.7M,18.0G,12820,145.3M,1416
26 | 748.775,4209,11.3M,15.9G,15094,170.2M,1409
27 | 294.979,12,26.3M,2.1G,89178,55.6M,78
28 | 320.831,21,27.9M,2.2G,86893,54.2M,78
29 | 271.848,13,24.2M,1.9G,89053,55.6M,78
30 | 325.767,8,27.9M,2.2G,85522,53.4M,78
31 | 308.722,10,28.0M,2.2G,90616,56.5M,78
32 | 299.005,8,31.0M,2.4G,103794,64.8M,78
33 | 364.606,6,41.9M,3.3G,114838,71.7M,78
34 | 274.830,8,22.6M,1.8G,82293,51.4M,78
35 | 355.831,14,31.8M,2.5G,89466,55.8M,78
36 | 279.469,18,24.9M,1.9G,89194,55.7M,78
37 | 90.580,326,28.2M,38.4G,310832,3.4G,1364
38 | 417.876,24091,32.5M,44.9G,77655,858.9M,1382
39 | 927.580,16527,33.3M,46.2G,35917,398.3M,1386
40 | 1317.281,20547,63.7M,87.9G,48339,533.6M,1379
41 | 1492.574,20814,63.9M,88.3G,42812,473.1M,1381
42 | 1917.850,10699,36.3M,50.3G,18908,210.0M,1388
43 | 2217.944,20620,10.4M,15.5G,4671,56.1M,1500
44 | 2518.009,22236,172.1M,236.4G,68348,751.2M,1373
45 | 2590.572,15892,59.8M,83.0G,23094,256.3M,1387
46 | 3117.808,11260,36.6M,51.0G,11734,130.9M,1394
47 | 3409.487,20037,83.7M,115.8G,24558,271.7M,1382
48 | 3718.047,11690,40.3M,56.1G,10835,120.7M,1392
49 | 3770.427,12105,35.8M,49.9G,9498,105.9M,1393
50 | 4317.400,18066,76.1M,105.1G,17629,194.8M,1381
51 | 358.789,11694,13.8M,19.0G,38477,422.6M,1372
52 | 493.748,16236,11.8M,16.2G,23859,261.9M,1372
53 | 90.689,5232,1.7M,2.4G,19142,211.2M,1379
54 | 736.900,10146,13.7M,18.9G,18644,205.2M,1375
55 | 91.085,14153,609769,914.7M,6694,80.3M,1500
56 | 2500.739,6864,21.6M,29.7G,8655,95.1M,1372
57 | 90.248,8407,7.0M,9.6G,77391,848.2M,1369
58 | 90.800,10863,6.5M,8.9G,71939,787.5M,1368
59 | 90.705,12777,3.6M,5.0G,40143,441.4M,1374
60 | 653.575,23762,91.3M,125.6G,139753,1.5G,1374
61 | 91.027,16550,13.3M,18.2G,145970,1.6G,1370
62 | 517.172,10,20.4M,21.5G,39438,331.9M,1051
63 | 305.950,11,17.2M,18.1G,56376,474.5M,1051
64 | 


--------------------------------------------------------------------------------
/data/small-flood.raw:
--------------------------------------------------------------------------------
 1 | # small outgoing UDP floods
 2 | # Date first seen          Duration Proto       Dst IP Addr    Flows(%)     Packets(%)       Bytes(%)         pps      bps   bpp
 3 | 2015-02-25 00:04:02.830    10.690 any       XXX.XXX.XXX.XXX    14744( 0.2)   549833( 0.2)  745.4 M( 0.3)    51434  557.8 M  1355
 4 | 2015-02-25 00:11:28.730    10.791 any         XXX.XXX.XXX.XXX    14917( 0.2)   576606( 0.2)  782.0 M( 0.4)    53433  579.8 M  1356
 5 | 2015-02-24 23:56:34.958     7.532 any       XXX.XXX.XXX.XXX    12389( 0.2)   496686( 0.2)  674.3 M( 0.3)    65943  716.2 M  1357
 6 | 2015-02-26 11:30:30.402    10.141 any     XXX.XXX.XXX.XXX    19036( 0.2)   735305( 0.3)  998.3 M( 0.5)    72508  787.6 M  1357
 7 | 2015-02-26 12:32:02.926    26.616 any        XXX.XXX.XXX.XXX    39097( 0.4)    1.6 M( 0.6)    2.1 G( 1.1)    59020  641.1 M  1357
 8 | 2015-02-26 12:39:44.960    11.534 any      XXX.XXX.XXX.XXX    21394( 0.2)   824529( 0.3)    1.1 G( 0.6)    71486  776.3 M  1357
 9 | 2015-02-24 23:56:34.958     7.532 any       XXX.XXX.XXX.XXX    12389( 0.2)   496686( 0.2)  674.3 M( 0.3)    65943  716.2 M  1357
10 | 2015-02-26 15:21:03.236    41.271 any      XXX.XXX.XXX.XXX    59415( 0.6)    2.1 M( 0.8)    2.9 G( 1.4)    51385  558.4 M  1358
11 | 2015-02-26 15:19:17.267    17.258 any      XXX.XXX.XXX.XXX    24475( 0.2)   885829( 0.3)    1.2 G( 0.6)    51328  557.4 M  1357
12 | 2015-02-26 15:22:54.414    70.059 any      XXX.XXX.XXX.XXX   106660( 1.0)    3.5 M( 1.4)    4.8 G( 2.3)    50009  543.4 M  1358
13 | 2015-02-26 15:23:42.671    43.820 any        XXX.XXX.XXX.XXX    62243( 0.6)    2.1 M( 0.8)    2.9 G( 1.4)    48252  524.2 M  1357
14 | 2015-02-26 15:47:40.395    10.131 any       XXX.XXX.XXX.XXX    19440( 0.2)   733288( 0.3)  995.2 M( 0.5)    72380  785.9 M  1357
15 | 2015-02-26 15:44:43.050    25.476 any      XXX.XXX.XXX.XXX    46992( 0.4)    1.6 M( 0.6)    2.2 G( 1.1)    62266  676.2 M  1357
16 | 2015-02-27 00:20:40.571    10.949 any      XXX.XXX.XXX.XXX    20243( 0.3)   863990( 0.4)    1.2 G( 0.6)    78910  857.7 M  1358
17 | 2015-02-27 00:48:20.254    10.244 any     XXX.XXX.XXX.XXX    20339( 0.3)   834266( 0.4)    1.1 G( 0.5)    81439  885.1 M  1358
18 | 2015-02-27 00:46:06.315    10.181 any     XXX.XXX.XXX.XXX    19775( 0.3)   819678( 0.3)    1.1 G( 0.5)    80510  874.9 M  1358
19 | 2015-02-27 00:58:39.945    10.565 any         XXX.XXX.XXX.XXX    21198( 0.3)   855557( 0.4)    1.2 G( 0.6)    80980  880.1 M  1358
20 | 2015-02-27 00:59:13.932    10.564 any     XXX.XXX.XXX.XXX    21002( 0.3)   848347( 0.4)    1.2 G( 0.6)    80305  872.6 M  1358
21 | 2015-02-27 17:06:10.168    10.328 any      XXX.XXX.XXX.XXX    20391( 0.2)   794430( 0.3)    1.1 G( 0.5)    76920  835.5 M  1357
22 | 2015-02-27 17:15:33.829    10.693 any     XXX.XXX.XXX.XXX    21088( 0.2)   820145( 0.3)    1.1 G( 0.6)    76699  833.1 M  1357
23 | 2015-03-03 00:01:49.131    10.438 any       XXX.XXX.XXX.XXX    20269( 0.3)   836873( 0.4)    1.1 G( 0.6)    80175  871.5 M  1358
24 | 2015-03-03 00:17:30.860    10.709 any       XXX.XXX.XXX.XXX    20631( 0.3)   851906( 0.4)    1.2 G( 0.6)    79550  864.6 M  1358
25 | 2015-03-03 00:14:28.864     8.708 any        XXX.XXX.XXX.XXX    11834( 0.2)   479996( 0.2)  652.0 M( 0.3)    55121  599.0 M  1358
26 | 2015-03-03 00:14:47.396    35.169 any       XXX.XXX.XXX.XXX    39417( 0.6)    1.6 M( 0.7)    2.2 G( 1.1)    46657  507.2 M  1358
27 | 2015-03-09 16:42:38.468   992.030 any        XXX.XXX.XXX.XXX     1208( 0.0)   12.7 M( 4.4)   18.0 G( 7.5)    12820  145.3 M  1416
28 | 2015-03-09 16:56:41.717   748.775 any        XXX.XXX.XXX.XXX     4209( 0.0)   11.3 M( 3.8)   15.9 G( 6.6)    15094  170.2 M  1409
29 | 2015-03-10 16:44:24.556   294.979 any      XXX.XXX.XXX.XXX       12( 0.0)   26.3 M( 7.9)    2.1 G( 0.8)    89178   55.6 M    78
30 | 2015-03-10 16:59:05.206   320.831 any      XXX.XXX.XXX.XXX       21( 0.0)   27.9 M( 9.1)    2.2 G( 1.0)    86893   54.2 M    78
31 | 2015-03-10 17:04:17.008   271.848 any      XXX.XXX.XXX.XXX       13( 0.0)   24.2 M( 8.3)    1.9 G( 0.9)    89053   55.6 M    78
32 | 2015-03-10 17:08:44.769   325.767 any      XXX.XXX.XXX.XXX        8( 0.0)   27.9 M( 9.1)    2.2 G( 0.9)    85522   53.4 M    78
33 | 2015-03-10 17:13:50.064   308.722 any      XXX.XXX.XXX.XXX       10( 0.0)   28.0 M( 8.9)    2.2 G( 0.9)    90616   56.5 M    78
34 | 2015-03-10 17:24:20.141   299.005 any      XXX.XXX.XXX.XXX        8( 0.0)   31.0 M(10.3)    2.4 G( 1.1)   103794   64.8 M    78
35 | 2015-03-10 17:28:30.555   364.606 any      XXX.XXX.XXX.XXX        6( 0.0)   41.9 M(13.1)    3.3 G( 1.4)   114838   71.7 M    78
36 | 2015-03-10 17:44:42.648   274.830 any      XXX.XXX.XXX.XXX        8( 0.0)   22.6 M( 7.7)    1.8 G( 0.8)    82293   51.4 M    78
37 | 2015-03-10 17:53:58.498   355.831 any      XXX.XXX.XXX.XXX       14( 0.0)   31.8 M(10.6)    2.5 G( 1.1)    89466   55.8 M    78
38 | 2015-03-10 18:09:34.146   279.469 any      XXX.XXX.XXX.XXX       18( 0.0)   24.9 M( 8.3)    1.9 G( 0.8)    89194   55.7 M    78
39 | 2015-03-13 12:18:01.199    90.580 any       XXX.XXX.XXX.XXX      326( 0.0)   28.2 M(10.4)   38.4 G(16.0)   310832    3.4 G  1364
40 | 2015-03-13 12:18:01.201   417.876 any       XXX.XXX.XXX.XXX    24091( 0.2)   32.5 M(13.0)   44.9 G(20.7)    77655  858.9 M  1382
41 | 2015-03-13 12:18:01.198   927.580 any       XXX.XXX.XXX.XXX    16527( 0.2)   33.3 M(13.1)   46.2 G(20.9)    35917  398.3 M  1386
42 | 2015-03-13 12:18:01.209  1317.281 any       XXX.XXX.XXX.XXX    20547( 0.2)   63.7 M(23.1)   87.9 G(35.0)    48339  533.6 M  1379
43 | 2015-03-13 12:18:01.202  1492.574 any       XXX.XXX.XXX.XXX    20814( 0.2)   63.9 M(22.8)   88.3 G(34.3)    42812  473.1 M  1381
44 | 2015-03-13 12:18:01.211  1917.850 any       XXX.XXX.XXX.XXX    10699( 0.1)   36.3 M(13.5)   50.3 G(21.2)    18908  210.0 M  1388
45 | 2015-03-13 12:18:01.202  2217.944 any       XXX.XXX.XXX.XXX    20620( 0.2)   10.4 M( 3.2)   15.5 G( 7.6)     4671   56.1 M  1500
46 | 2015-03-13 12:18:01.202  2518.009 any       XXX.XXX.XXX.XXX    22236( 0.2)  172.1 M(44.2)  236.4 G(58.0)    68348  751.2 M  1373
47 | 2015-03-13 12:18:01.202  2590.572 any       XXX.XXX.XXX.XXX    15892( 0.2)   59.8 M(22.1)   83.0 G(33.4)    23094  256.3 M  1387
48 | 2015-03-13 12:18:01.244  3117.808 any       XXX.XXX.XXX.XXX    11260( 0.1)   36.6 M(15.2)   51.0 G(24.3)    11734  130.9 M  1394
49 | 2015-03-13 12:18:01.242  3409.487 any       XXX.XXX.XXX.XXX    20037( 0.2)   83.7 M(29.4)  115.8 G(42.6)    24558  271.7 M  1382
50 | 2015-03-13 12:18:01.207  3718.047 any       XXX.XXX.XXX.XXX    11690( 0.1)   40.3 M(14.6)   56.1 G(26.4)    10835  120.7 M  1392
51 | 2015-03-13 12:18:01.344  3770.427 any       XXX.XXX.XXX.XXX    12105( 0.1)   35.8 M(14.5)   49.9 G(22.8)     9498  105.9 M  1393
52 | 2015-03-13 12:18:01.285  4317.400 any       XXX.XXX.XXX.XXX    18066( 0.2)   76.1 M(24.2)  105.1 G(37.8)    17629  194.8 M  1381
53 | 2015-03-13 14:28:58.762   358.789 any      XXX.XXX.XXX.XXX    11694( 0.1)   13.8 M( 5.2)   19.0 G( 7.9)    38477  422.6 M  1372
54 | 2015-03-13 14:24:30.928   493.748 any      XXX.XXX.XXX.XXX    16236( 0.2)   11.8 M( 4.5)   16.2 G( 6.7)    23859  261.9 M  1372
55 | 2015-03-13 14:34:16.988    90.689 any       XXX.XXX.XXX.XXX     5232( 0.1)    1.7 M( 0.7)    2.4 G( 1.0)    19142  211.2 M  1379
56 | 2015-03-13 14:28:58.776   736.900 any      XXX.XXX.XXX.XXX    10146( 0.1)   13.7 M( 5.5)   18.9 G( 8.1)    18644  205.2 M  1375
57 | 2015-03-13 14:45:07.843    91.085 any     XXX.XXX.XXX.XXX    14153( 0.2)   609769( 0.2)  914.7 M( 0.4)     6694   80.3 M  1500
58 | 2015-03-13 14:00:48.930  2500.739 any       XXX.XXX.XXX.XXX     6864( 0.1)   21.6 M( 8.4)   29.7 G(12.4)     8655   95.1 M  1372
59 | 2015-03-13 14:50:50.427    90.248 any       XXX.XXX.XXX.XXX     8407( 0.1)    7.0 M( 2.9)    9.6 G( 4.3)    77391  848.2 M  1369
60 | 2015-03-13 14:50:31.140    90.800 any      XXX.XXX.XXX.XXX    10863( 0.1)    6.5 M( 2.7)    8.9 G( 4.0)    71939  787.5 M  1368
61 | 2015-03-13 14:51:08.221    90.705 any     XXX.XXX.XXX.XXX    12777( 0.1)    3.6 M( 1.5)    5.0 G( 2.3)    40143  441.4 M  1374
62 | 2015-03-13 12:18:01.203   653.575 any       XXX.XXX.XXX.XXX    23762( 0.2)   91.3 M(29.0)  125.6 G(41.5)   139753    1.5 G  1374
63 | 2015-03-13 14:30:05.904    91.027 any       XXX.XXX.XXX.XXX    16550( 0.2)   13.3 M( 5.0)   18.2 G( 7.6)   145970    1.6 G  1370
64 | 2015-03-24 12:54:54.010   517.172 any      XXX.XXX.XXX.XXX       10( 0.0)   20.4 M( 8.2)   21.5 G(11.8)    39438  331.9 M  1051
65 | 2015-03-24 12:53:44.170   305.950 any      XXX.XXX.XXX.XXX       11( 0.0)   17.2 M( 7.2)   18.1 G( 9.8)    56376  474.5 M  1051
66 | 


--------------------------------------------------------------------------------
/data/smtp.csv:
--------------------------------------------------------------------------------
 1 | 0.100,1,1003,1.5M,10030,119.8M,1492
 2 | 0.427,1,2246,3.4M,5259,62.8M,1492
 3 | 0.335,1,1645,2.5M,4910,58.9M,1498
 4 | 0.367,1,1226,1.8M,3340,40.0M,1495
 5 | 1.964,1,10555,15.0M,5374,60.9M,1416
 6 | 1.265,1,5837,8.6M,4614,54.2M,1467
 7 | 0.896,1,3712,5.6M,4142,49.6M,1497
 8 | 0.938,1,5416,8.1M,5773,69.2M,1498
 9 | 0.484,1,2377,3.6M,4911,58.8M,1496
10 | 0.293,1,1017,1.5M,3470,41.5M,1495
11 | 0.630,1,1628,2.3M,2584,29.3M,1418
12 | 0.408,2,1013,1.5M,2482,29.4M,1479
13 | 0.898,2,1506,78996,1677,703750,52
14 | 0.480,1,1435,2.1M,2989,35.7M,1491
15 | 0.281,1,1035,1.5M,3683,41.8M,1417
16 | 1.410,4,3302,176712,2341,1.0M,53
17 | 9.230,1,18920,28.4M,2049,24.6M,1499
18 | 0.768,1,1100,1.5M,1432,16.1M,1405
19 | 1.997,2,2826,155458,1415,622766,55
20 | 0.958,4,1252,66472,1306,555089,53
21 | 0.985,1,1242,1.5M,1260,12.4M,1233
22 | 0.448,1,1465,2.1M,3270,36.8M,1408
23 | 0.064,2,1184,1.7M,18500,218.2M,1474
24 | 0.220,1,2194,3.1M,9972,114.5M,1434
25 | 2.793,1,6801,10.2M,2435,29.1M,1496
26 | 2.972,3,18566,27.8M,6246,74.9M,1498
27 | 0.681,1,2703,4.0M,3969,47.5M,1496
28 | 0.938,1,3719,5.3M,3964,45.6M,1438
29 | 0.513,1,1918,2.8M,3738,43.9M,1466
30 | 0.553,1,1412,2.1M,2553,30.6M,1496
31 | 1.020,1,4362,6.2M,4276,48.5M,1417
32 | 0.574,1,2051,2.9M,3573,40.4M,1413
33 | 5.771,1,19433,29.1M,3367,40.4M,1498
34 | 1.216,1,3802,5.4M,3126,35.5M,1417
35 | 1.281,4,3266,171200,2549,1.1M,52
36 | 2.176,1,3792,207202,1742,761772,54
37 | 1.875,1,2900,4.3M,1546,18.5M,1491
38 | 1.966,1,2931,4.4M,1490,17.8M,1493
39 | 2.688,1,3945,5.6M,1467,16.6M,1415
40 | 1.384,1,1931,2.9M,1395,16.6M,1484
41 | 4.209,1,4821,7.2M,1145,13.7M,1494
42 | 1.216,1,5751,8.6M,4729,56.6M,1494
43 | 0.384,1,1231,1.6M,3205,33.8M,1318
44 | 0.384,1,1231,1.6M,3205,33.8M,1318
45 | 1.212,1,3386,5.1M,2793,33.4M,1494
46 | 3.520,1,7646,11.4M,2172,26.0M,1497
47 | 4.544,1,8611,12.9M,1895,22.7M,1497
48 | 14.949,1,27991,42.0M,1872,22.5M,1499
49 | 0.489,1,7688,11.5M,15721,188.6M,1499
50 | 1.580,1,4487,233756,2839,1.2M,52
51 | 0.705,1,4203,5.9M,5961,67.4M,1413
52 | 0.116,1,1104,1.7M,9517,113.9M,1496
53 | 0.585,1,1136,1.7M,1941,23.1M,1487
54 | 0.289,1,2745,3.9M,9498,107.4M,1413
55 | 0.356,1,1476,2.2M,4146,49.6M,1494
56 | 0.102,1,1376,2.0M,13490,160.7M,1489
57 | 1.004,2,11897,9.3M,11849,74.2M,782
58 | 3.215,1,17207,25.8M,5352,64.2M,1499
59 | 0.308,1,1433,2.1M,4652,55.6M,1492
60 | 0.576,1,1494,2.2M,2593,30.9M,1488
61 | 2.155,1,5517,8.3M,2560,30.6M,1496
62 | 2.474,1,6192,9.3M,2502,30.0M,1496
63 | 0.613,1,2762,3.9M,4505,51.1M,1418
64 | 11.776,1,36287,20.9M,3081,14.2M,575
65 | 1.940,1,5709,8.5M,2942,35.2M,1496
66 | 1.768,1,3965,5.9M,2242,26.8M,1494
67 | 0.925,1,2029,2.9M,2193,24.8M,1415
68 | 0.953,1,1948,2.9M,2044,24.4M,1491
69 | 0.895,1,3587,5.4M,4007,47.9M,1493
70 | 0.895,1,3587,5.4M,4007,47.9M,1493
71 | 1.680,1,5915,8.9M,3520,42.2M,1497
72 | 1.600,1,5192,7.8M,3245,38.8M,1495
73 | 0.464,1,1417,2.0M,3053,35.0M,1433
74 | 0.576,1,1125,1.7M,1953,23.2M,1485
75 | 0.932,1,1804,2.7M,1935,23.1M,1491
76 | 0.440,1,2407,3.6M,5470,65.2M,1489
77 | 0.530,1,2715,4.1M,5122,61.2M,1493
78 | 1.088,1,5904,8.8M,5426,65.0M,1498
79 | 1.067,2,3114,4.7M,2918,34.9M,1493
80 | 0.836,1,4969,7.0M,5943,67.4M,1418
81 | 1.209,8,4072,5.8M,3368,38.1M,1412
82 | 1.789,2,11708,17.5M,6544,78.4M,1498
83 | 0.640,1,5293,7.5M,8270,93.2M,1408
84 | 2.128,1,9760,14.6M,4586,55.0M,1497
85 | 0.448,1,1442,75288,3218,1.3M,52
86 | 1.115,1,2025,3.0M,1816,21.7M,1490
87 | 0.629,1,2684,4.0M,4267,50.9M,1491
88 | 1.117,1,2845,4.1M,2547,29.2M,1433
89 | 1.296,1,2681,4.0M,2068,24.7M,1493
90 | 0.946,1,2833,4.0M,2994,33.9M,1415
91 | 0.970,1,2836,4.0M,2923,33.1M,1414
92 | 1.197,1,2689,4.0M,2246,26.8M,1489
93 | 4.034,2,6568,9.8M,1628,19.5M,1493
94 | 


--------------------------------------------------------------------------------
/data/smtp.raw:
--------------------------------------------------------------------------------
 1 | # SMTP session
 2 | # Date first seen          Duration Proto       Dst IP Addr    Flows(%)     Packets(%)       Bytes(%)         pps      bps   bpp
 3 | 2015-02-26 15:41:44.411     0.100 any        XXX.XXX.XXX.XXX        1( 0.0)     1003( 0.0)    1.5 M( 0.0)    10030  119.8 M  1492
 4 | 2015-02-26 15:47:02.023     0.427 any      XXX.XXX.XXX.XXX        1( 0.0)     2246( 0.0)    3.4 M( 0.0)     5259   62.8 M  1492
 5 | 2015-02-26 15:23:06.945     0.335 any       XXX.XXX.XXX.XXX        1( 0.0)     1645( 0.0)    2.5 M( 0.0)     4910   58.9 M  1498
 6 | 2015-02-26 15:17:11.512     0.367 any      XXX.XXX.XXX.XXX        1( 0.0)     1226( 0.0)    1.8 M( 0.0)     3340   40.0 M  1495
 7 | 2015-02-26 16:07:00.799     1.964 any       XXX.XXX.XXX.XXX        1( 0.0)    10555( 0.0)   15.0 M( 0.0)     5374   60.9 M  1416
 8 | 2015-02-26 16:23:49.879     1.265 any      XXX.XXX.XXX.XXX        1( 0.0)     5837( 0.0)    8.6 M( 0.0)     4614   54.2 M  1467
 9 | 2015-02-26 16:21:47.164     0.896 any       XXX.XXX.XXX.XXX        1( 0.0)     3712( 0.0)    5.6 M( 0.0)     4142   49.6 M  1497
10 | 2015-02-26 16:07:11.495     0.938 any         XXX.XXX.XXX.XXX        1( 0.0)     5416( 0.0)    8.1 M( 0.0)     5773   69.2 M  1498
11 | 2015-02-26 17:44:14.958     0.484 any       XXX.XXX.XXX.XXX        1( 0.0)     2377( 0.0)    3.6 M( 0.0)     4911   58.8 M  1496
12 | 2015-02-26 17:25:50.832     0.293 any       XXX.XXX.XXX.XXX        1( 0.0)     1017( 0.0)    1.5 M( 0.0)     3470   41.5 M  1495
13 | 2015-02-26 17:44:37.025     0.630 any        XXX.XXX.XXX.XXX        1( 0.0)     1628( 0.0)    2.3 M( 0.0)     2584   29.3 M  1418
14 | 2015-02-26 17:43:31.627     0.408 any       XXX.XXX.XXX.XXX        2( 0.0)     1013( 0.0)    1.5 M( 0.0)     2482   29.4 M  1479
15 | 2015-02-27 00:47:39.043     0.898 any       XXX.XXX.XXX.XXX        2( 0.0)     1506( 0.0)    78996( 0.0)     1677   703750    52
16 | 2015-02-27 01:00:45.986     0.480 any       XXX.XXX.XXX.XXX        1( 0.0)     1435( 0.0)    2.1 M( 0.0)     2989   35.7 M  1491
17 | 2015-02-27 08:23:25.970     0.281 any        XXX.XXX.XXX.XXX        1( 0.0)     1035( 0.0)    1.5 M( 0.0)     3683   41.8 M  1417
18 | 2015-02-27 08:37:31.364     1.410 any       XXX.XXX.XXX.XXX        4( 0.0)     3302( 0.0)   176712( 0.0)     2341    1.0 M    53
19 | 2015-02-27 08:07:47.750     9.230 any        XXX.XXX.XXX.XXX        1( 0.0)    18920( 0.0)   28.4 M( 0.0)     2049   24.6 M  1499
20 | 2015-02-27 08:35:08.257     0.768 any         XXX.XXX.XXX.XXX        1( 0.0)     1100( 0.0)    1.5 M( 0.0)     1432   16.1 M  1405
21 | 2015-02-27 08:37:18.368     1.997 any     XXX.XXX.XXX.XXX        2( 0.0)     2826( 0.0)   155458( 0.0)     1415   622766    55
22 | 2015-02-27 08:37:39.482     0.958 any       XXX.XXX.XXX.XXX        4( 0.0)     1252( 0.0)    66472( 0.0)     1306   555089    53
23 | 2015-02-27 08:20:02.614     0.985 any         XXX.XXX.XXX.XXX        1( 0.0)     1242( 0.0)    1.5 M( 0.0)     1260   12.4 M  1233
24 | 2015-02-27 10:47:15.742     0.448 any       XXX.XXX.XXX.XXX        1( 0.0)     1465( 0.0)    2.1 M( 0.0)     3270   36.8 M  1408
25 | 2015-02-27 11:39:13.700     0.064 any       XXX.XXX.XXX.XXX        2( 0.0)     1184( 0.0)    1.7 M( 0.0)    18500  218.2 M  1474
26 | 2015-02-27 15:36:22.269     0.220 any      XXX.XXX.XXX.XXX        1( 0.0)     2194( 0.0)    3.1 M( 0.0)     9972  114.5 M  1434
27 | 2015-02-27 15:35:02.429     2.793 any       XXX.XXX.XXX.XXX        1( 0.0)     6801( 0.0)   10.2 M( 0.0)     2435   29.1 M  1496
28 | 2015-02-27 17:04:55.902     2.972 any        XXX.XXX.XXX.XXX        3( 0.0)    18566( 0.0)   27.8 M( 0.0)     6246   74.9 M  1498
29 | 2015-02-27 15:59:10.167     0.681 any       XXX.XXX.XXX.XXX        1( 0.0)     2703( 0.0)    4.0 M( 0.0)     3969   47.5 M  1496
30 | 2015-02-27 17:02:21.304     0.938 any        XXX.XXX.XXX.XXX        1( 0.0)     3719( 0.0)    5.3 M( 0.0)     3964   45.6 M  1438
31 | 2015-02-27 16:31:45.111     0.513 any         XXX.XXX.XXX.XXX        1( 0.0)     1918( 0.0)    2.8 M( 0.0)     3738   43.9 M  1466
32 | 2015-02-27 17:11:43.889     0.553 any        XXX.XXX.XXX.XXX        1( 0.0)     1412( 0.0)    2.1 M( 0.0)     2553   30.6 M  1496
33 | 2015-02-27 17:24:04.933     1.020 any       XXX.XXX.XXX.XXX        1( 0.0)     4362( 0.0)    6.2 M( 0.0)     4276   48.5 M  1417
34 | 2015-02-27 15:56:22.715     0.574 any        XXX.XXX.XXX.XXX        1( 0.0)     2051( 0.0)    2.9 M( 0.0)     3573   40.4 M  1413
35 | 2015-02-27 17:20:54.117     5.771 any      XXX.XXX.XXX.XXX        1( 0.0)    19433( 0.0)   29.1 M( 0.0)     3367   40.4 M  1498
36 | 2015-02-27 17:28:42.823     1.216 any        XXX.XXX.XXX.XXX        1( 0.0)     3802( 0.0)    5.4 M( 0.0)     3126   35.5 M  1417
37 | 2015-02-27 17:27:31.201     1.281 any       XXX.XXX.XXX.XXX        4( 0.0)     3266( 0.0)   171200( 0.0)     2549    1.1 M    52
38 | 2015-02-27 17:29:43.801     2.176 any      XXX.XXX.XXX.XXX        1( 0.0)     3792( 0.0)   207202( 0.0)     1742   761772    54
39 | 2015-02-27 17:18:20.616     1.875 any         XXX.XXX.XXX.XXX        1( 0.0)     2900( 0.0)    4.3 M( 0.0)     1546   18.5 M  1491
40 | 2015-02-27 17:25:34.945     1.966 any         XXX.XXX.XXX.XXX        1( 0.0)     2931( 0.0)    4.4 M( 0.0)     1490   17.8 M  1493
41 | 2015-02-27 17:26:13.751     2.688 any       XXX.XXX.XXX.XXX        1( 0.0)     3945( 0.0)    5.6 M( 0.0)     1467   16.6 M  1415
42 | 2015-02-27 17:27:50.877     1.384 any      XXX.XXX.XXX.XXX        1( 0.0)     1931( 0.0)    2.9 M( 0.0)     1395   16.6 M  1484
43 | 2015-02-27 16:57:17.570     4.209 any        XXX.XXX.XXX.XXX        1( 0.0)     4821( 0.0)    7.2 M( 0.0)     1145   13.7 M  1494
44 | 2015-03-02 08:50:23.974     1.216 any     XXX.XXX.XXX.XXX        1( 0.0)     5751( 0.0)    8.6 M( 0.0)     4729   56.6 M  1494
45 | 2015-03-02 08:52:48.016     0.384 any        XXX.XXX.XXX.XXX        1( 0.0)     1231( 0.0)    1.6 M( 0.0)     3205   33.8 M  1318
46 | 2015-03-02 08:52:48.016     0.384 any        XXX.XXX.XXX.XXX        1( 0.0)     1231( 0.0)    1.6 M( 0.0)     3205   33.8 M  1318
47 | 2015-03-02 08:51:25.752     1.212 any      XXX.XXX.XXX.XXX        1( 0.0)     3386( 0.0)    5.1 M( 0.0)     2793   33.4 M  1494
48 | 2015-03-02 08:52:02.593     3.520 any       XXX.XXX.XXX.XXX        1( 0.0)     7646( 0.0)   11.4 M( 0.0)     2172   26.0 M  1497
49 | 2015-03-02 08:51:56.767     4.544 any        XXX.XXX.XXX.XXX        1( 0.0)     8611( 0.0)   12.9 M( 0.0)     1895   22.7 M  1497
50 | 2015-03-02 08:24:29.967    14.949 any        XXX.XXX.XXX.XXX        1( 0.0)    27991( 0.0)   42.0 M( 0.0)     1872   22.5 M  1499
51 | 2015-03-02 09:26:22.277     0.489 any        XXX.XXX.XXX.XXX        1( 0.0)     7688( 0.0)   11.5 M( 0.0)    15721  188.6 M  1499
52 | 2015-03-02 09:24:18.718     1.580 any      XXX.XXX.XXX.XXX        1( 0.0)     4487( 0.0)   233756( 0.0)     2839    1.2 M    52
53 | 2015-03-02 11:50:20.790     0.705 any       XXX.XXX.XXX.XXX        1( 0.0)     4203( 0.0)    5.9 M( 0.0)     5961   67.4 M  1413
54 | 2015-03-03 14:41:03.659     0.116 any       XXX.XXX.XXX.XXX        1( 0.0)     1104( 0.0)    1.7 M( 0.0)     9517  113.9 M  1496
55 | 2015-03-03 14:56:17.963     0.585 any          XXX.XXX.XXX.XXX        1( 0.0)     1136( 0.0)    1.7 M( 0.0)     1941   23.1 M  1487
56 | 2015-03-04 16:21:22.866     0.289 any       XXX.XXX.XXX.XXX        1( 0.0)     2745( 0.0)    3.9 M( 0.0)     9498  107.4 M  1413
57 | 2015-03-04 16:27:51.461     0.356 any       XXX.XXX.XXX.XXX        1( 0.0)     1476( 0.0)    2.2 M( 0.0)     4146   49.6 M  1494
58 | 2015-03-10 17:07:13.064     0.102 any         XXX.XXX.XXX.XXX        1( 0.0)     1376( 0.0)    2.0 M( 0.0)    13490  160.7 M  1489
59 | 2015-03-10 18:10:59.797     1.004 any        XXX.XXX.XXX.XXX        2( 0.0)    11897( 0.0)    9.3 M( 0.0)    11849   74.2 M   782
60 | 2015-03-11 15:58:57.062     3.215 any        XXX.XXX.XXX.XXX        1( 0.0)    17207( 0.0)   25.8 M( 0.0)     5352   64.2 M  1499
61 | 2015-03-11 23:29:31.547     0.308 any         XXX.XXX.XXX.XXX        1( 0.0)     1433( 0.0)    2.1 M( 0.0)     4652   55.6 M  1492
62 | 2015-03-11 23:26:05.082     0.576 any      XXX.XXX.XXX.XXX        1( 0.0)     1494( 0.0)    2.2 M( 0.0)     2593   30.9 M  1488
63 | 2015-03-11 23:04:43.489     2.155 any       XXX.XXX.XXX.XXX        1( 0.0)     5517( 0.0)    8.3 M( 0.0)     2560   30.6 M  1496
64 | 2015-03-11 23:33:04.590     2.474 any       XXX.XXX.XXX.XXX        1( 0.0)     6192( 0.0)    9.3 M( 0.0)     2502   30.0 M  1496
65 | 2015-03-16 09:13:30.088     0.613 any       XXX.XXX.XXX.XXX        1( 0.0)     2762( 0.0)    3.9 M( 0.0)     4505   51.1 M  1418
66 | 2015-03-16 09:06:51.367    11.776 any         XXX.XXX.XXX.XXX        1( 0.0)    36287( 0.0)   20.9 M( 0.0)     3081   14.2 M   575
67 | 2015-03-16 09:07:22.375     1.940 any       XXX.XXX.XXX.XXX        1( 0.0)     5709( 0.0)    8.5 M( 0.0)     2942   35.2 M  1496
68 | 2015-03-16 09:13:39.037     1.768 any      XXX.XXX.XXX.XXX        1( 0.0)     3965( 0.0)    5.9 M( 0.0)     2242   26.8 M  1494
69 | 2015-03-16 09:13:48.733     0.925 any       XXX.XXX.XXX.XXX        1( 0.0)     2029( 0.0)    2.9 M( 0.0)     2193   24.8 M  1415
70 | 2015-03-16 09:13:13.474     0.953 any       XXX.XXX.XXX.XXX        1( 0.0)     1948( 0.0)    2.9 M( 0.0)     2044   24.4 M  1491
71 | 2015-03-16 09:22:06.454     0.895 any       XXX.XXX.XXX.XXX        1( 0.0)     3587( 0.0)    5.4 M( 0.0)     4007   47.9 M  1493
72 | 2015-03-16 09:22:06.454     0.895 any       XXX.XXX.XXX.XXX        1( 0.0)     3587( 0.0)    5.4 M( 0.0)     4007   47.9 M  1493
73 | 2015-03-16 09:21:00.607     1.680 any      XXX.XXX.XXX.XXX        1( 0.0)     5915( 0.0)    8.9 M( 0.0)     3520   42.2 M  1497
74 | 2015-03-16 09:20:27.898     1.600 any        XXX.XXX.XXX.XXX        1( 0.0)     5192( 0.0)    7.8 M( 0.0)     3245   38.8 M  1495
75 | 2015-03-16 09:22:30.712     0.464 any          XXX.XXX.XXX.XXX        1( 0.0)     1417( 0.0)    2.0 M( 0.0)     3053   35.0 M  1433
76 | 2015-03-16 09:21:42.794     0.576 any        XXX.XXX.XXX.XXX        1( 0.0)     1125( 0.0)    1.7 M( 0.0)     1953   23.2 M  1485
77 | 2015-03-16 08:13:44.667     0.932 any           XXX.XXX.XXX.XXX        1( 0.0)     1804( 0.0)    2.7 M( 0.0)     1935   23.1 M  1491
78 | 2015-03-16 10:50:55.930     0.440 any      XXX.XXX.XXX.XXX        1( 0.0)     2407( 0.0)    3.6 M( 0.0)     5470   65.2 M  1489
79 | 2015-03-16 10:59:46.729     0.530 any       XXX.XXX.XXX.XXX        1( 0.0)     2715( 0.0)    4.1 M( 0.0)     5122   61.2 M  1493
80 | 2015-03-16 14:26:26.049     1.088 any      XXX.XXX.XXX.XXX        1( 0.0)     5904( 0.0)    8.8 M( 0.0)     5426   65.0 M  1498
81 | 2015-03-16 17:32:38.709     1.067 any        XXX.XXX.XXX.XXX        2( 0.0)     3114( 0.0)    4.7 M( 0.0)     2918   34.9 M  1493
82 | 2015-03-17 14:47:32.079     0.836 any       XXX.XXX.XXX.XXX        1( 0.0)     4969( 0.0)    7.0 M( 0.0)     5943   67.4 M  1418
83 | 2015-03-17 15:20:04.878     1.209 any       XXX.XXX.XXX.XXX        8( 0.0)     4072( 0.0)    5.8 M( 0.0)     3368   38.1 M  1412
84 | 2015-03-18 09:35:16.616     1.789 any      XXX.XXX.XXX.XXX        2( 0.0)    11708( 0.0)   17.5 M( 0.0)     6544   78.4 M  1498
85 | 2015-03-18 17:39:02.872     0.640 any      XXX.XXX.XXX.XXX        1( 0.0)     5293( 0.0)    7.5 M( 0.0)     8270   93.2 M  1408
86 | 2015-03-18 16:46:21.346     2.128 any       XXX.XXX.XXX.XXX        1( 0.0)     9760( 0.0)   14.6 M( 0.0)     4586   55.0 M  1497
87 | 2015-03-18 17:39:05.819     0.448 any       XXX.XXX.XXX.XXX        1( 0.0)     1442( 0.0)    75288( 0.0)     3218    1.3 M    52
88 | 2015-03-20 01:30:07.809     1.115 any       XXX.XXX.XXX.XXX        1( 0.0)     2025( 0.0)    3.0 M( 0.0)     1816   21.7 M  1490
89 | 2015-03-20 01:39:06.943     0.629 any        XXX.XXX.XXX.XXX        1( 0.0)     2684( 0.0)    4.0 M( 0.0)     4267   50.9 M  1491
90 | 2015-03-20 01:39:06.851     1.117 any        XXX.XXX.XXX.XXX        1( 0.0)     2845( 0.0)    4.1 M( 0.0)     2547   29.2 M  1433
91 | 2015-03-20 01:39:07.858     1.296 any      XXX.XXX.XXX.XXX        1( 0.0)     2681( 0.0)    4.0 M( 0.0)     2068   24.7 M  1493
92 | 2015-03-20 01:39:09.117     0.946 any      XXX.XXX.XXX.XXX        1( 0.0)     2833( 0.0)    4.0 M( 0.0)     2994   33.9 M  1415
93 | 2015-03-20 01:39:06.769     0.970 any         XXX.XXX.XXX.XXX        1( 0.0)     2836( 0.0)    4.0 M( 0.0)     2923   33.1 M  1414
94 | 2015-03-20 01:46:57.325     1.197 any         XXX.XXX.XXX.XXX        1( 0.0)     2689( 0.0)    4.0 M( 0.0)     2246   26.8 M  1489
95 | 2015-03-20 01:55:08.700     4.034 any       XXX.XXX.XXX.XXX        2( 0.0)     6568( 0.0)    9.8 M( 0.0)     1628   19.5 M  1493
96 | 


--------------------------------------------------------------------------------
/data/test-samples-labels.txt:
--------------------------------------------------------------------------------
 1 |  concurrent https sessions
 2 |  https traffic
 3 |  high http traffic
 4 |  http traffic
 5 |  nfs
 6 |  port 2305
 7 |  this should be a massive smtp sending (MTA has ETRN)
 8 |  TCP 7022
 9 |  udp 8090
10 |  small outgoing udp flood
11 |  outgoing udp flood
12 | 


--------------------------------------------------------------------------------
/data/test-samples.csv:
--------------------------------------------------------------------------------
 1 | 387.262,13,2.5M,3.8G,6499,77.9M,1497
 2 | 328.155,59,3.1M,4.7G,9597,115.1M,1498
 3 | 202.630,22,1.8M,2.7G,8898,106.7M,1498
 4 | 15.477,10,117404,172.7M,7585,89.3M,1471
 5 | 242.550,12,13.5M,20.1G,55529,664.4M,1495
 6 | 81.326,3,1.4M,2.0G,16790,195.4M,1454
 7 | 305.083,44036,801745,417.9M,2627,11.0M,521
 8 | 297.278,504,1.5M,2.1G,4881,55.3M,1415
 9 | 289.856,9,34.8M,2.7G,120118,75.0M,78
10 | 249.729,41228,1.7M,2.3G,6793,73.8M,1358
11 | 275.588,396858,14.9M,20.2G,54037,587.4M,1358
12 | 


--------------------------------------------------------------------------------
/data/test-samples.raw:
--------------------------------------------------------------------------------
 1 | 2015-03-09 05:18:30.579   387.262 any       XXX.XXX.XXX.XXX       13( 0.0)    2.5 M( 2.2)    3.8 G( 4.6)     6499   77.9 M  1497 
 2 | 2015-03-10 01:59:06.179   328.155 any       XXX.XXX.XXX.XXX       59( 0.0)    3.1 M( 1.7)    4.7 G( 3.0)     9597  115.1 M  1498 
 3 | 2015-03-03 02:59:50.060   202.630 any       XXX.XXX.XXX.XXX       22( 0.0)    1.8 M( 1.2)    2.7 G( 2.3)     8898  106.7 M  1498 
 4 | 2015-03-04 05:09:30.969    15.477 any         XXX.XXX.XXX.XXX       10( 0.0)   117404( 0.1)  172.7 M( 0.2)     7585   89.3 M  1471 
 5 | 2015-03-10 17:14:52.652   242.550 any        XXX.XXX.XXX.XXX       12( 0.0)   13.5 M( 4.3)   20.1 G( 8.3)    55529  664.4 M  1495 
 6 | 2015-03-07 01:55:01.695    81.326 any       XXX.XXX.XXX.XXX        3( 0.0)    1.4 M( 0.8)    2.0 G( 1.6)    16790  195.4 M  1454 
 7 | 2015-03-10 17:09:50.900   305.083 any      XXX.XXX.XXX.XXX    44036( 0.4)   801745( 0.3)  417.9 M( 0.2)     2627   11.0 M   521 
 8 | 2015-03-10 02:09:57.208   297.278 any       XXX.XXX.XXX.XXX      504( 0.0)    1.5 M( 0.9)    2.1 G( 1.5)     4881   55.3 M  1415 
 9 | 2015-03-09 17:18:43.460   289.856 any        XXX.XXX.XXX.XXX        9( 0.0)   34.8 M(10.5)    2.7 G( 1.1)   120118   75.0 M    78 
10 | 2015-03-03 00:05:29.324   249.729 any       XXX.XXX.XXX.XXX    41228( 0.6)    1.7 M( 0.8)    2.3 G( 1.3)     6793   73.8 M  1358 
11 | 2015-02-27 08:34:09.931   275.588 any     XXX.XXX.XXX.XXX   396858( 4.2)   14.9 M( 8.1)   20.2 G(13.8)    54037  587.4 M  1358 
12 | 


--------------------------------------------------------------------------------
/data/test-samples.txt:
--------------------------------------------------------------------------------
 1 | ; Suspicious non DDoS samples to test kNN
 2 | ; Date first seen          Duration Proto       Dst IP Addr    Flows(%)     Packets(%)       Bytes(%)         pps      bps   bpp
 3 | 2015-03-09 05:18:30.579   387.262 any       XXX.XXX.XXX.XXX       13( 0.0)    2.5 M( 2.2)    3.8 G( 4.6)     6499   77.9 M  1497 # concurrent https sessions
 4 | 2015-03-10 01:59:06.179   328.155 any       XXX.XXX.XXX.XXX       59( 0.0)    3.1 M( 1.7)    4.7 G( 3.0)     9597  115.1 M  1498 # https traffic
 5 | 2015-03-03 02:59:50.060   202.630 any       XXX.XXX.XXX.XXX       22( 0.0)    1.8 M( 1.2)    2.7 G( 2.3)     8898  106.7 M  1498 # high http traffic
 6 | 2015-03-04 05:09:30.969    15.477 any         XXX.XXX.XXX.XXX       10( 0.0)   117404( 0.1)  172.7 M( 0.2)     7585   89.3 M  1471 # http traffic
 7 | 2015-03-10 17:14:52.652   242.550 any        XXX.XXX.XXX.XXX       12( 0.0)   13.5 M( 4.3)   20.1 G( 8.3)    55529  664.4 M  1495 # nfs
 8 | 2015-03-07 01:55:01.695    81.326 any       XXX.XXX.XXX.XXX        3( 0.0)    1.4 M( 0.8)    2.0 G( 1.6)    16790  195.4 M  1454 # port 2305
 9 | 2015-03-10 17:09:50.900   305.083 any      XXX.XXX.XXX.XXX    44036( 0.4)   801745( 0.3)  417.9 M( 0.2)     2627   11.0 M   521 # this should be a massive smtp sending (MTA has ETRN)
10 | 2015-03-10 02:09:57.208   297.278 any       XXX.XXX.XXX.XXX      504( 0.0)    1.5 M( 0.9)    2.1 G( 1.5)     4881   55.3 M  1415 # TCP 7022
11 | 2015-03-09 17:18:43.460   289.856 any        XXX.XXX.XXX.XXX        9( 0.0)   34.8 M(10.5)    2.7 G( 1.1)   120118   75.0 M    78 # udp 8090
12 | 2015-03-03 00:05:29.324   249.729 any       XXX.XXX.XXX.XXX    41228( 0.6)    1.7 M( 0.8)    2.3 G( 1.3)     6793   73.8 M  1358 # small outgoing udp flood
13 | 2015-02-27 08:34:09.931   275.588 any     XXX.XXX.XXX.XXX   396858( 4.2)   14.9 M( 8.1)   20.2 G(13.8)    54037  587.4 M  1358 # outgoing udp flood
14 | 


--------------------------------------------------------------------------------
/data/tivoli.csv:
--------------------------------------------------------------------------------
 1 | 1338.156,51,8.8M,13.1G,6560,78.3M,1491
 2 | 4295436.159,95,18.3M,26.3G,4,48899,1433
 3 | 853.998,498,8.0M,11.6G,9398,108.7M,1445
 4 | 2463.423,376,8.9M,12.6G,3611,41.0M,1419
 5 | 26138.833,485,9.7M,14.3G,372,4.4M,1470
 6 | 24296.920,144,15.0M,21.9G,619,7.2M,1454
 7 | 11601.122,70,12.2M,17.5G,1055,12.0M,1426
 8 | 5980.100,374,6.6M,9.5G,1109,12.8M,1436
 9 | 5307.820,46,4.1M,6.0G,776,9.1M,1465
10 | 3963.484,453,6.7M,9.8G,1688,19.9M,1469
11 | 233.455,12,381120,19.8M,1632,679342,52
12 | 4856.356,514,16.8M,24.1G,3463,39.7M,1431
13 | 3732.673,94,12.6M,18.2G,3362,39.0M,1450
14 | 1535.559,83,6.5M,9.3G,4225,48.3M,1427
15 | 4295405.298,125,12.0M,17.4G,2,32423,1444
16 | 331.583,447,1.0M,1.5G,3027,35.7M,1473
17 | 521.165,444,1.2M,1.6G,2242,24.9M,1390
18 | 848.822,404,1.4M,2.0G,1665,18.5M,1391
19 | 5037.152,874,12.6M,18.7G,2501,29.7M,1485
20 | 4743.344,67,10.4M,15.0G,2185,25.2M,1442
21 | 4819.019,69,3.9M,5.6G,808,9.3M,1442
22 | 4295255.132,499,10.8M,15.6G,2,29084,1452
23 | 331.470,22,589298,27.1M,1777,654258,46
24 | 584.940,495,921125,1.3G,1574,17.4M,1379
25 | 9514.765,496,12.7M,18.6G,1337,15.6M,1461
26 | 512.537,60,653445,956.0M,1274,14.9M,1463
27 | 398.564,33,494198,249.8M,1239,5.0M,505
28 | 4295399.353,79,8.4M,12.2G,1,22787,1463
29 | 4295404.104,76,7.6M,11.1G,1,20741,1459
30 | 457.897,416,1.5M,2.1G,3331,37.1M,1392
31 | 3664.340,537,5.2M,7.5G,1417,16.4M,1444
32 | 4886.535,77,6.0M,8.8G,1231,14.5M,1467
33 | 4295553.972,137,7.7M,11.4G,1,21140,1474
34 | 5794.840,72,14.0M,20.6G,2411,28.5M,1475
35 | 4011.985,380,7.6M,11.0G,1888,22.0M,1457
36 | 4295301.546,460,13.6M,19.7G,3,36678,1448
37 | 753.850,366,3.6M,4.9G,4729,52.2M,1380
38 | 4778.484,108,14.9M,21.6G,3110,36.2M,1456
39 | 2740.863,873,5.5M,7.9G,1993,23.2M,1453
40 | 812.578,275,10.4M,15.2G,12834,149.9M,1459
41 | 4295655.813,89,7.6M,10.7G,1,19976,1419
42 | 4295532.059,104,4.4M,6.4G,1,11902,1447
43 | 2799.168,896,11.3M,15.9G,4023,45.5M,1413
44 | 4295430.495,112,7.7M,11.1G,1,20659,1447
45 | 4295515.280,18,2.4M,3.4G,0,6368,1414
46 | 3276.858,463,12.2M,18.1G,3728,44.3M,1485
47 | 4295233.887,14,2.4M,3.3G,0,6234,1414
48 | 3083.791,467,13.3M,19.5G,4319,50.6M,1463
49 | 516.163,23,2.3M,3.3G,4508,51.0M,1414
50 | 4295091.545,470,10.1M,14.5G,2,27006,1442
51 | 4295316.227,100,24.8M,35.8G,5,66747,1442
52 | 5563.943,33,12.7M,18.0G,2273,25.9M,1422
53 | 4295263.947,42,8.0M,11.7G,1,21759,1461
54 | 4295394.708,20,3.2M,602.3M,0,1121,186
55 | 4295562.333,31,3.7M,5.4G,0,10053,1457
56 | 4295446.492,533,5.6M,8.2G,1,15204,1463
57 | 2730.019,457,8.8M,12.8G,3237,37.4M,1445
58 | 777.115,147,11.2M,15.9G,14466,163.2M,1410
59 | 2140.000,67,11.6M,16.4G,5421,61.4M,1415
60 | 4295476.121,1490,7.2M,10.4G,1,19419,1454
61 | 6359.502,1393,10.7M,15.5G,1681,19.5M,1452
62 | 4295361.885,83,12.3M,18.3G,2,34035,1482
63 | 1739.166,57,12.2M,18.2G,6993,83.9M,1499
64 | 4295429.731,2199,1.1M,61.1M,0,113,54
65 | 3556.166,111,16.8M,23.9G,4722,53.7M,1422
66 | 3650.171,39,16.2M,23.7G,4442,51.9M,1459
67 | 4736.237,445,12.0M,17.5G,2542,29.6M,1456
68 | 458.111,870,793493,1.2G,1732,20.5M,1477
69 | 1032.565,84,2.1M,3.0G,1985,23.2M,1460
70 | 8472.430,46,13.4M,19.9G,1585,18.8M,1484
71 | 4295404.366,176,5.8M,8.5G,1,15750,1460
72 | 4295511.924,36,19.5M,28.2G,4,52537,1447
73 | 


--------------------------------------------------------------------------------
/data/tivoli.raw:
--------------------------------------------------------------------------------
 1 | # Tivoli
 2 | # Date first seen          Duration Proto       Dst IP Addr    Flows(%)     Packets(%)       Bytes(%)         pps      bps   bpp
 3 | 2015-02-24 23:37:09.156  1338.156 any       XXX.XXX.XXX.XXX       51( 0.0)    8.8 M( 3.6)   13.1 G( 6.2)     6560   78.3 M  1491
 4 | 2015-01-06 06:49:21.791 4295436.159 any       XXX.XXX.XXX.XXX       95( 0.0)   18.3 M( 7.6)   26.3 G(12.5)        4    48899  1433
 5 | 2015-02-26 16:10:40.400   853.998 any        XXX.XXX.XXX.XXX      498( 0.0)    8.0 M( 2.6)   11.6 G( 4.7)     9398  108.7 M  1445
 6 | 2015-02-26 23:43:53.281  2463.423 any        XXX.XXX.XXX.XXX      376( 0.0)    8.9 M( 4.1)   12.6 G( 6.8)     3611   41.0 M  1419
 7 | 2015-02-26 17:09:17.874 26138.833 any       XXX.XXX.XXX.XXX      485( 0.0)    9.7 M( 4.5)   14.3 G( 7.7)      372    4.4 M  1470
 8 | 2015-02-26 17:39:59.785 24296.920 any       XXX.XXX.XXX.XXX      144( 0.0)   15.0 M( 6.9)   21.9 G(11.8)      619    7.2 M  1454
 9 | 2015-02-26 21:11:36.356 11601.122 any       XXX.XXX.XXX.XXX       70( 0.0)   12.2 M( 5.6)   17.5 G( 9.4)     1055   12.0 M  1426
10 | 2015-02-26 22:45:16.419  5980.100 any        XXX.XXX.XXX.XXX      374( 0.0)    6.6 M( 3.0)    9.5 G( 5.1)     1109   12.8 M  1436
11 | 2015-02-26 22:56:19.153  5307.820 any       XXX.XXX.XXX.XXX       46( 0.0)    4.1 M( 1.9)    6.0 G( 3.3)      776    9.1 M  1465
12 | 2015-02-26 23:43:53.281  3963.484 any        XXX.XXX.XXX.XXX      453( 0.0)    6.7 M( 2.8)    9.8 G( 4.6)     1688   19.9 M  1469
13 | 2015-02-27 00:44:05.587   233.455 any        XXX.XXX.XXX.XXX       12( 0.0)   381120( 0.2)   19.8 M( 0.0)     1632   679342    52
14 | 2015-02-26 23:43:53.281  4856.356 any        XXX.XXX.XXX.XXX      514( 0.0)   16.8 M( 7.5)   24.1 G(12.1)     3463   39.7 M  1431
15 | 2015-02-27 00:02:41.395  3732.673 any       XXX.XXX.XXX.XXX       94( 0.0)   12.6 M( 5.6)   18.2 G( 9.1)     3362   39.0 M  1450
16 | 2015-02-27 00:54:17.814  1535.559 any       XXX.XXX.XXX.XXX       83( 0.0)    6.5 M( 3.2)    9.3 G( 5.5)     4225   48.3 M  1427
17 | 2015-01-08 08:09:50.740 4295405.298 any       XXX.XXX.XXX.XXX      125( 0.0)   12.0 M( 6.0)   17.4 G(10.4)        2    32423  1444
18 | 2015-02-27 08:33:53.743   331.583 any        XXX.XXX.XXX.XXX      447( 0.0)    1.0 M( 0.5)    1.5 G( 1.0)     3027   35.7 M  1473
19 | 2015-02-27 08:30:37.572   521.165 any        XXX.XXX.XXX.XXX      444( 0.0)    1.2 M( 0.6)    1.6 G( 1.1)     2242   24.9 M  1390
20 | 2015-02-27 10:35:08.160   848.822 any        XXX.XXX.XXX.XXX      404( 0.0)    1.4 M( 0.6)    2.0 G( 1.2)     1665   18.5 M  1391
21 | 2015-02-27 16:05:50.208  5037.152 any       XXX.XXX.XXX.XXX      874( 0.0)   12.6 M( 5.0)   18.7 G( 8.8)     2501   29.7 M  1485
22 | 2015-02-27 16:10:33.715  4743.344 any       XXX.XXX.XXX.XXX       67( 0.0)   10.4 M( 4.1)   15.0 G( 7.0)     2185   25.2 M  1442
23 | 2015-02-27 16:09:38.165  4819.019 any       XXX.XXX.XXX.XXX       69( 0.0)    3.9 M( 1.5)    5.6 G( 2.6)      808    9.3 M  1442
24 | 2015-01-11 07:47:09.719 4295255.132 any       XXX.XXX.XXX.XXX      499( 0.0)   10.8 M( 5.3)   15.6 G( 9.4)        2    29084  1452
25 | 2015-03-02 00:48:42.435   331.470 any        XXX.XXX.XXX.XXX       22( 0.0)   589298( 0.3)   27.1 M( 0.0)     1777   654258    46
26 | 2015-03-02 00:44:41.479   584.940 any        XXX.XXX.XXX.XXX      495( 0.0)   921125( 0.5)    1.3 G( 0.8)     1574   17.4 M  1379
27 | 2015-03-01 22:16:20.482  9514.765 any        XXX.XXX.XXX.XXX      496( 0.0)   12.7 M( 6.3)   18.6 G(11.2)     1337   15.6 M  1461
28 | 2015-03-02 00:45:39.701   512.537 any       XXX.XXX.XXX.XXX       60( 0.0)   653445( 0.3)  956.0 M( 0.6)     1274   14.9 M  1463
29 | 2015-03-02 00:47:34.191   398.564 any      XXX.XXX.XXX.XXX       33( 0.0)   494198( 0.2)  249.8 M( 0.2)     1239    5.0 M   505
30 | 2015-01-11 07:24:57.691 4295399.353 any       XXX.XXX.XXX.XXX       79( 0.0)    8.4 M( 4.2)   12.2 G( 7.7)        1    22787  1463
31 | 2015-01-11 07:14:47.972 4295404.104 any       XXX.XXX.XXX.XXX       76( 0.0)    7.6 M( 3.5)   11.1 G( 6.6)        1    20741  1459
32 | 2015-03-02 12:12:08.427   457.897 any        XXX.XXX.XXX.XXX      416( 0.0)    1.5 M( 0.7)    2.1 G( 1.2)     3331   37.1 M  1392
33 | 2015-03-02 23:03:47.119  3664.340 any        XXX.XXX.XXX.XXX      537( 0.0)    5.2 M( 2.5)    7.5 G( 4.2)     1417   16.4 M  1444
34 | 2015-03-02 22:43:22.493  4886.535 any       XXX.XXX.XXX.XXX       77( 0.0)    6.0 M( 2.9)    8.8 G( 5.0)     1231   14.5 M  1467
35 | 2015-01-12 07:02:23.912 4295553.972 any       XXX.XXX.XXX.XXX      137( 0.0)    7.7 M( 3.4)   11.4 G( 5.8)        1    21140  1474
36 | 2015-03-02 22:43:22.493  5794.840 any       XXX.XXX.XXX.XXX       72( 0.0)   14.0 M( 6.0)   20.6 G(10.5)     2411   28.5 M  1475
37 | 2015-03-02 23:12:59.915  4011.985 any        XXX.XXX.XXX.XXX      380( 0.0)    7.6 M( 3.3)   11.0 G( 5.6)     1888   22.0 M  1457
38 | 2015-01-13 22:56:36.164 4295301.546 any       XXX.XXX.XXX.XXX      460( 0.0)   13.6 M( 5.8)   19.7 G(10.6)        3    36678  1448
39 | 2015-03-04 16:02:24.368   753.850 any        XXX.XXX.XXX.XXX      366( 0.0)    3.6 M( 1.4)    4.9 G( 2.4)     4729   52.2 M  1380
40 | 2015-03-08 22:50:18.187  4778.484 any       XXX.XXX.XXX.XXX      108( 0.0)   14.9 M( 6.6)   21.6 G(11.3)     3110   36.2 M  1456
41 | 2015-03-08 23:24:12.191  2740.863 any       XXX.XXX.XXX.XXX      873( 0.0)    5.5 M( 2.4)    7.9 G( 4.1)     1993   23.2 M  1453
42 | 2015-03-09 00:26:01.017   812.578 any        XXX.XXX.XXX.XXX      275( 0.0)   10.4 M( 4.5)   15.2 G( 7.5)    12834  149.9 M  1459
43 | 2015-01-18 07:25:19.816 4295655.813 any       XXX.XXX.XXX.XXX       89( 0.0)    7.6 M( 3.3)   10.7 G( 5.3)        1    19976  1419
44 | 2015-01-18 12:17:44.530 4295532.059 any       XXX.XXX.XXX.XXX      104( 0.0)    4.4 M( 3.5)    6.4 G( 6.6)        1    11902  1447
45 | 2015-03-09 16:12:51.651  2799.168 any       XXX.XXX.XXX.XXX      896( 0.0)   11.3 M( 3.9)   15.9 G( 6.6)     4023   45.5 M  1413
46 | 2015-01-19 08:59:15.305 4295430.495 any       XXX.XXX.XXX.XXX      112( 0.0)    7.7 M( 4.8)   11.1 G( 8.8)        1    20659  1447
47 | 2015-01-19 23:37:18.585 4295515.280 any       XXX.XXX.XXX.XXX       18( 0.0)    2.4 M( 0.7)    3.4 G( 1.3)        0     6368  1414
48 | 2015-03-10 16:10:12.208  3276.858 any       XXX.XXX.XXX.XXX      463( 0.0)   12.2 M( 4.0)   18.1 G( 8.4)     3728   44.3 M  1485
49 | 2015-01-20 00:06:02.568 4295233.887 any       XXX.XXX.XXX.XXX       14( 0.0)    2.4 M( 0.8)    3.3 G( 1.4)        0     6234  1414
50 | 2015-03-10 17:22:59.898  3083.791 any       XXX.XXX.XXX.XXX      467( 0.0)   13.3 M( 4.4)   19.5 G( 8.0)     4319   50.6 M  1463
51 | 2015-03-10 18:06:11.288   516.163 any       XXX.XXX.XXX.XXX       23( 0.0)    2.3 M( 0.8)    3.3 G( 1.4)     4508   51.0 M  1414
52 | 2015-01-20 06:05:02.018 4295091.545 any       XXX.XXX.XXX.XXX      470( 0.0)   10.1 M( 3.6)   14.5 G( 6.6)        2    27006  1442
53 | 2015-01-20 06:01:15.782 4295316.227 any       XXX.XXX.XXX.XXX      100( 0.0)   24.8 M( 8.8)   35.8 G(16.3)        5    66747  1442
54 | 2015-03-10 21:36:57.917  5563.943 any       XXX.XXX.XXX.XXX       33( 0.0)   12.7 M( 4.5)   18.0 G( 8.2)     2273   25.9 M  1422
55 | 2015-01-20 23:36:30.011 4295263.947 any       XXX.XXX.XXX.XXX       42( 0.0)    8.0 M( 2.8)   11.7 G( 5.2)        1    21759  1461
56 | 2015-01-20 23:34:55.714 4295394.708 any       XXX.XXX.XXX.XXX       20( 0.0)    3.2 M( 1.1)  602.3 M( 0.3)        0     1121   186
57 | 2015-01-20 23:32:09.162 4295562.333 any       XXX.XXX.XXX.XXX       31( 0.0)    3.7 M( 1.3)    5.4 G( 2.4)        0    10053  1457
58 | 2015-01-21 06:04:12.023 4295446.492 any        XXX.XXX.XXX.XXX      533( 0.0)    5.6 M( 2.2)    8.2 G( 3.8)        1    15204  1463
59 | 2015-03-11 22:44:26.446  2730.019 any        XXX.XXX.XXX.XXX      457( 0.0)    8.8 M( 3.5)   12.8 G( 6.2)     3237   37.4 M  1445
60 | 2015-03-11 23:21:58.632   777.115 any       XXX.XXX.XXX.XXX      147( 0.0)   11.2 M( 4.0)   15.9 G( 7.0)    14466  163.2 M  1410
61 | 2015-03-11 23:09:13.998  2140.000 any       XXX.XXX.XXX.XXX       67( 0.0)   11.6 M( 4.2)   16.4 G( 6.8)     5421   61.4 M  1415
62 | 2015-01-21 07:03:38.038 4295476.121 any       XXX.XXX.XXX.XXX     1490( 0.0)    7.2 M( 3.1)   10.4 G( 5.5)        1    19419  1454
63 | 2015-03-11 22:28:43.104  6359.502 any       XXX.XXX.XXX.XXX     1393( 0.0)   10.7 M( 4.6)   15.5 G( 8.1)     1681   19.5 M  1452
64 | 2015-01-26 00:20:28.677 4295361.885 any       XXX.XXX.XXX.XXX       83( 0.0)   12.3 M( 4.0)   18.3 G( 7.0)        2    34035  1482
65 | 2015-03-16 23:25:22.645  1739.166 any        XXX.XXX.XXX.XXX       57( 0.0)   12.2 M( 3.9)   18.2 G( 8.6)     6993   83.9 M  1499
66 | 2015-01-26 06:54:28.286 4295429.731 any      XXX.XXX.XXX.XXX     2199( 0.0)    1.1 M( 0.4)   61.1 M( 0.0)        0      113    54
67 | 2015-03-16 23:05:25.929  3556.166 any       XXX.XXX.XXX.XXX      111( 0.0)   16.8 M( 6.4)   23.9 G(10.1)     4722   53.7 M  1422
68 | 2015-03-16 23:03:38.318  3650.171 any       XXX.XXX.XXX.XXX       39( 0.0)   16.2 M( 6.2)   23.7 G(10.0)     4442   51.9 M  1459
69 | 2015-03-16 22:45:34.352  4736.237 any       XXX.XXX.XXX.XXX      445( 0.0)   12.0 M( 4.6)   17.5 G( 7.4)     2542   29.6 M  1456
70 | 2015-03-18 09:31:49.381   458.111 any       XXX.XXX.XXX.XXX      870( 0.0)   793493( 0.4)    1.2 G( 0.8)     1732   20.5 M  1477
71 | 2015-03-19 16:12:47.307  1032.565 any        XXX.XXX.XXX.XXX       84( 0.0)    2.1 M( 3.7)    3.0 G( 6.2)     1985   23.2 M  1460
72 | 2015-03-19 23:23:42.197  8472.430 any       XXX.XXX.XXX.XXX       46( 0.0)   13.4 M( 7.0)   19.9 G(12.7)     1585   18.8 M  1484
73 | 2016-01-29 08:49:54.087 4295404.366 any       XXX.XXX.XXX.XXX      176( 0.0)    5.8 M( 2.9)    8.5 G( 5.2)        1    15750  1460
74 | 2015-02-03 10:02:43.075 4295511.924 any       XXX.XXX.XXX.XXX       36( 0.0)   19.5 M(10.0)   28.2 G(16.5)        4    52537  1447
75 | 


--------------------------------------------------------------------------------
/mangle.py:
--------------------------------------------------------------------------------
 1 | import csv
 2 | import string
 3 | import numpy as np
 4 | 
 5 | conv = dict(zip('KMGT', (3, 6, 9, 12)))
 6 | # idea from http://stackoverflow.com/questions/9932656/formatting-kilo-mega-gig-data-in-numpy-record-array
 7 | def de_humanize(value):
 8 |     if value[-1] in conv:
 9 |         value = '{}e{}'.format(value[:-1], conv[value[-1]])
10 |     return float(value)
11 | 
12 | def parse_netflow_csv(path):
13 |     rows_array = []
14 |     with open(path, "rt", encoding="utf-8") as csvfile:
15 |         rows = csv.reader(csvfile, delimiter=',')
16 |         for row in rows:
17 |             row[0] = float(row[0])
18 |             for i in [1, 2, 3, 4, 5, 6]:
19 |                 row[i] = de_humanize(row[i])
20 |             rows_array.append(row)
21 |     return rows_array
22 | 
23 | def compose_dict(rows):
24 |     """Dict for a single label"""
25 |     length = len(rows)
26 |     data = {} 
27 |     data['duration'] = np.zeros((1, length))
28 |     data['flows']    = np.zeros((1, length))
29 |     data['packets']  = np.zeros((1, length))
30 |     data['bytes']    = np.zeros((1, length))
31 |     data['pps']      = np.zeros((1, length))
32 |     data['bps']      = np.zeros((1, length))
33 |     data['bpp']      = np.zeros((1, length))
34 |     for i in range(length):
35 |         data['duration'][0][i] = rows[i][0]
36 |         data['flows'][0][i] = rows[i][1]
37 |         data['packets'][0][i] = rows[i][2]
38 |         data['bytes'][0][i] = rows[i][3]
39 |         data['pps'][0][i] = rows[i][4]
40 |         data['bps'][0][i] = rows[i][5]
41 |         data['bpp'][0][i] = rows[i][6]
42 |     return data
43 | 
44 | def aggregate_netflow_csv(*paths):
45 |     """XXX"""
46 |     rows_array = []
47 |     labels_array = []
48 |     labels_dict ={}
49 |     numeric_labels_array = []
50 |     numeric_label = 0
51 |     for path in paths:
52 |         slabel = path.split("/")[-1]
53 |         label = slabel.rstrip(".csv")
54 |         numeric_label += 1
55 |         labels_dict[numeric_label] = label
56 |         with open(path, "rt", encoding="utf-8") as csvfile:
57 |             rows = csv.reader(csvfile, delimiter=',')
58 |             for row in rows:
59 |                 row[0] = float(row[0])
60 |                 for i in [1, 2, 3, 4, 5, 6]:
61 |                     row[i] = de_humanize(row[i])
62 |                 rows_array.append(row)
63 |                 labels_array.append(label)
64 |                 numeric_labels_array.append(numeric_label)
65 |     np_array = np.array(rows_array)
66 |     #print rows_array
67 |     #print np_array
68 |     return np_array, labels_array, numeric_labels_array, labels_dict
69 | 
70 | # vim: tabstop=4 softtabstop=4 shiftwidth=4 expandtab
71 | 


--------------------------------------------------------------------------------