vrr/nfstream
2
0
Fork 0
mirror of https://github.com/nfstream/nfstream.git synced 2026-05-16 11:15:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
nfstream/docs/source/plugins.rst
aouinizied 0c9fd59856 Add pypy.
2019-11-26 02:59:09 +01:00

86 lines
2.5 KiB
ReStructuredText
Raw Blame History

##################
Extending nfstream
##################
nfstream is designed to be flexible and machine learning oriented. In the following section, we depict the use of NFPlugin
in both cases.
.. code-block:: python
from nfstream import NFPlugin
class my_awesome_plugin(NFPlugin):
def process(self, pkt, flow):
if pkt.length >= 666:
flow.my_awesome_plugin += 1
streamer_awesome = NFStreamer(source='devil.pcap', plugins=[my_awesome_plugin()])
for flow in streamer_awesome:
print(flow.my_awesome_plugin) # now you will see your dynamically created metric in generated flows
*******************
NFPlugin parameters
*******************
* ``name`` [default= ``class name`` ]
- Plugin name. Must be unique as it's dynamically created as a flow attribute.
* ``volatile`` [default=False]
- Volatile plugin is available only when flow is processed. At flow expiration level, plugin is automatically removed (will not appear as flow attribute).
* ``init_function`` [default=lambda packet:0]
- Function called at flow creation (First NFPacket as argument).
****************
NFPlugin methods
****************
* ``process(NFPacket, NFFlow)``
- Method called to update each NFFlow with its belonging NFPacket.
* ``giveup(NFFlow)`` [default=pass]
- Method called at flow expiration.
In the following, we want to run an early classification of flows based on a trained machine learning model than takes
as features the 3 first packets size of a flow.
**************************
Building required features
**************************
.. code-block:: python
from nfstream import NFPlugin
class feat_1(NFPlugin):
def process(self, pkt, flow):
if flow.packets == 1:
flow.feat_1 == pkt.length
class feat_2(NFPlugin):
def process(self, pkt, flow):
if flow.packets == 1:
flow.feat_2 == pkt.length
class feat_3(NFPlugin):
def process(self, pkt, flow):
if flow.packets == 3:
flow.feat_3 == pkt.length
****************************
Add trained model prediction
****************************
.. code-block:: python
trained_model = load_my_magic_model(path)
class model_prediction(NFPlugin):
def process(self, pkt, flow):
if flow.packets ==3:
flow.model_prediction = trained_model.predict_proba([flow.feat_1 , flow.feat_2 , flow.feat_3])
# optionally we can force nfstream to immediately expires the flow
flow.expiration_id = -1
Reference in a new issue View git blame Copy permalink