Benchmarks for the k-FP WF attack
The attack works on trace files containing direction of packets and timing of packets. In the feature extraction process there is the ability to fold in packet size features but this is currently not used.
To run first make sure all necessary libraries are installed (via requirements.txt)
Please make sure that the datasets are available to k-FP before running. Extract alexa, unmonitored and hidden services datasets in to a directory ../data/.
Following these steps for k-FP results:
- Run
python k-FP.py --dictionary --mon_type alexa(for Alexa dataset) orpython k-FP.py --dictionary --mon_type hs(for hidden services dataset) to extract and save features for each traffic instance. - For closed world results, run
python k-FP.py --RF_closedworld --mon_type alexaorpython k-FP.py --RF_closedworld --mon_type hs. - For open world results, first build distances that will be used for classification by running
python k-FP.py --distances --mon_type alexaorpython k-FP.py --distances --mon_type hs. - For open worl classification, run
python k-FP.py --distance_stats --mon_type alexa --knn 6orpython k-FP.py --distance_stats --mon_type hs --knn 6, where--knnis the number of neighbours used for final classification.
Training on 60% of monitored set and 5% of unmonitored set.
Alexa dataset - Accuracy 93-95%
HS dataset - Accuracy 83-86%
Results for knn == 1.
Alexa dataset - TPR = 92-96% FPR = .9-1.6%
HS dataset - TPR = 85-87% FPR = .04-.3%
The original code and datasets were lost in a drive failure. I have attempted to re-create them as faithfully as possible but there may be some issues. If you find any please report them to me.