nfstream v6.5.3 releases: Flexible Network Data Analytics Framework

by do son · Published September 4, 2021 · Updated October 27, 2022

NFStream

NFStream is a Python framework providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real-world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data analytics framework for researchers providing data reproducibility across experiments.

NFStream is intended for network data research and forensics. Researchers and network data scientists can use this framework to build reliable datasets, train and evaluate network applied machine learning models. As with any packet monitoring tool, NFStream could potentially be misused. Do not run it on any network of which you are not the owner or the administrator.

Features

Performance: NFStream is designed to be fast: AF_PACKETV3/FANOUT on Linux, parallel processing, native C (using CFFI) for critical computation, and PyPy support.
Encrypted layer-7 visibility: NFStream deep packet inspection is based on nDPI. It allows NFStream to perform reliable encrypted applications identification and metadata fingerprinting (e.g. TLS, SSH, DHCP, HTTP).
Statistical features extraction: NFStream provides state of the art of flow-based statistical feature extraction. It includes both post-mortem statistical features (e.g. min, mean, stddev, and a max of packet size and inter-arrival time) and early flow features (e.g. sequence of first n packets sizes, inter-arrival times, and directions).
Flexibility: NFStream is easily extensible using NFPlugins. It allows to create a new feature within a few lines of Python.
Machine Learning oriented: NFStream aims to make Machine Learning Approaches for network traffic management reproducible and deployable. By using NFStream as a common framework, researchers ensure that models are trained using the same feature computation logic and thus, a fair comparison is possible. Moreover, trained models can be deployed and evaluated on a live network using NFPlugins.