- Install opam (https://opam.ocaml.org/doc/Install.html)
- Initalize OPAM in any directory of your choice (usually your home directory):
opam init
- List the available compiler versions:
opam switch
- Install OCaml:
opam switch x.y.z
Current latest one:
opam switch 4.02.3
- Add our custom opam repository:
opam remote add por-dev [email protected]:johanmazel/por-dev.git
or
opam remote add por-dev https://github.com/johanmazel/por-dev.git
- Update package list:
opam update
- Install our libraries:
opam install ocaml-nac_lib
Note: You will probably need to install dependancies such as the GNU Scientific Library.
On debian:
sudo apt-get install libgsl-dev
- Additional information (https://opam.ocaml.org/doc/Usage.html)
opam install itv-tree
make
ctx mode: classify anomalies annotated in an xml file and located in a network trace using:
- anomaly_taxonomy: a description of network anomalies (e.g. http://www.fukuda-lab.org/mawilab/classification/taxonomy_v1.23.zip to uncompress)
- trace.dump: PCAP traffic trace containing anomalies network traffic
- admd.xml: a XML file that describes occurring anomalies (http://admd.sourceforge.net/)
./nac.native ctx taxonomy_v1.23/anomaly_taxonomy trace.dump admd.xml
ctmx mode: classify anomalies annotated in a "anomalous/suspicious" xml file and a "notice" XML file, and, located in a network trace using:
- anomaly_taxonomy
- trace.dump
- anomalous_suspicious_admd.xml
- notice_admd.xml
./nac.native ctmx taxonomy_v1.23/anomaly_taxonomy trace.dump anomalous_suspicious_admd.xml notice_admd.xml
ct mode: classify anomalies in a network trace using:
- anomaly_taxonomy
- trace.dump
./nac.native ctmx taxonomy_v1.23/anomaly_taxonomy trace.dump