Machine Learning to actively classify android applications
Given a PCAP file, this will create feature vectors based on given PCAPs and then will train a decision tree classifier which can classify PCAP files.
The apps are: FruitNinja, GoogleNews, Wikipedia, WeatherChannel, and Youtube. Sample PCAPs generated from the Android VM can be found in the Samples folder at https://github.com/sjcomeau43543/MLforAndroidApps.
scikit-learn==latest
pyshark==0.3.8
To create the features file from the PCAPs run...
python logFlows.py -d Samples/
To train and use a model run...
python classifyFlows.py -t traffic.csv -e SAMPLE.PCAP
where
traffic.csv was generated by logFlows.py SAMPLE.PCAP is the PCAP you want to classify
During our tests we got between 75-90% accuracy. For test logs look in Testing.
The mean accuracy will not be accurate if there are no test labels. For example: when giving a pcap file it will assume that the label is 0 rather than a number 1,2,3,4,5 which represent the app names. To get the accuracy we have been giving PCAPS from Samples/APPNAME/dump.pcap and then getting the label from the APPNAME directory. If you wanted to see accuracy for a specific file you would run python classifyFlows.py -t traffic.csv -e Samples/FruitNinja/dump_a1.pcap. Files can be found by cloning https://github.com/sjcomeau43543/MLforAndroidApps.