nPrint: A Standard Data Representation for Network Traffic Analysis
Conventional detection and classification ("fingerprinting") problems involving network traffic commonly rely on either rule-based expert systems or machine learning models that are trained with manually engineered features derived from network traffic. Automated approaches in this area are typically tailored for specific problems. This paper presents nPrint, a standard, packet-based representation of network traffic that can be used as an input to train a variety of machine learning models without extensive feature engineering. We demonstrate that nPrint offers a suitable traffic representation for machine learning algorithms across three common network traffic classification problems: device fingerprinting, operating system fingerprinting, and application identification. We show that models trained with nPrint are at least as accurate as widely used tools, but in contrast do not rely on brittle, manually updated rules and features. Finally, we release nPrint as a publicly available software tool to encourage further use, testing, and extensions to the existing network traffic representation.
READ FULL TEXT