fet.pstats

Per flow features extraction.

fet.pstats.aggregate(df, window='5min')

Time aggregation of basic + pstats fields.

Parameters

  • df (pandas.DataFrame) – DataFrame with basic + pstats fields.

  • window (str, optional) – Aggregation time window. Defaults to “5min”.

fet.pstats.concatenate_ppi(fields)

Concatenate per packet information lists.

Parameters

fields (list) – List of string representations from ppi_pkt_* field.

Returns

Concatenated representation.

Return type

string

fet.pstats.contains_handshake(flags)

Determines if TCP handshake is present.

Parameters

flags (list) – List of packet flags (as integers).

Returns

True (contains handshake) or False (does not).

Return type

bool

fet.pstats.convert_directions(pkt_directions)

Convert directions from PPI_PKT_DIRECTIONS representation.

Parameters

pkt_directions (str) – PPI_PKT_DIRECTIONS.

Returns

Tuple containing:

  • directions (list): Converted list of directions: 1, -1 values.

  • forward (list): Indexes of forward packets.

  • backward (list): Indexes of backward packets.

Return type

tuple

fet.pstats.convert_flags(pkt_flags)

Convert flags from PPI_PKT_FLAGS representation.

Parameters

pkt_flags (str) – PPI_PKT_FLAGS.

Returns

List of packet flags (as integers).

Return type

list

fet.pstats.convert_lengths(pkt_lengths)

Convert lengths from PPI_PKT_LENGHTS representation.

Parameters

pkt_lengths (str) – PPI_PKT_LENGTHS.

Returns

List of packet lengths.

Return type

list

fet.pstats.convert_merged_lengths(lengths, directions)

Convert lengths to merged representation.

Merged representation sums lengths for consecutive packets which are in the same direction.

Parameters

  • lengths (list) – List of all packet lengths.

  • directions (list) – List of directions: 1, -1 values.

Returns

List with merged packet lengths.

Return type

list

fet.pstats.extract_features(df, inplace=False, min_packets=2)

Extracts per flow statistics.

Parameters

  • df (pandas.DataFrame) – Dataframe with basic and pstats values.

  • inplace (bool, optional) – Extract features within provided DataFrame or return new DataFrame. Defaults to False.

Returns

DataFrame is returned only if inplace=False, otherwise returns None.

Return type

pandas.DataFrame

fet.pstats.flags_stats(row)

Calculate flags statistics.

Parameters

row (dict) – Row within a dataframe.

Returns

Dictionary with statistics.

Return type

dict

fet.pstats.iat_stats(row)

Calculate inter arrival times statistics.

Parameters

row (dict) – Row within a dataframe.

Returns

Dictionary with statistics.

Return type

dict

fet.pstats.lengths_stats(row)

Calculate packet lengths statistics.

Parameters

row (dict) – Row within a dataframe.

Returns

Dictionary with statistics.

Return type

dict

fet.pstats.loop_flow_stats(row)

Calculate flow statistics of a single row - appliable over datafram.

Parameters

row (dict) – Row within a dataframe.

Returns

Dictionary with statistics.

Return type

dict

fet.pstats.prep_convert(df)

Applies conversions of default pstats columns.

Parameters

df (pandas.DataFrame) – Dataframe with basic and pstats values.

fet.pstats.swap_directions(df, swap, inplace=False)

Swap directional columns.

Parameters

  • df (pandas.DataFrame) – DataFrame with directional columns.

  • swap (pandas.Series) – Bool series of affected rows.

  • inplace (bool, optional) – Extract features within provided DataFrame or return new DataFrame. Defaults to False.

Returns

DataFrame is returned only if inplace=False, otherwise returns None.

Return type

pandas.DataFrame