Installation of the classification modules in the CoMo architecture: 1- Add in the $COMO_DIR/modules/CMakeLists.txt file to the list of modules: feature class_svm class_bayes class_ports 2- add the source files feature.c class_svm.c class_bayes.c class_ports.c in the directory $COMO_DIR/modules 3- In $COMO_DIR apply the como.patch patch -p1 < como.patch 4- in $COMO_DIR: cmake -DCMAKE_INSTALL_PREFIX=$COMO_DIR $COMO_DIR -DCMAKE_BUILD_TYPE=release -DCMAKE_SHARED_LINKER_FLAGS=-pthread make make install 5-Here is an example of the part of the configuration file for the feature module (in $COMO_DIR/etc directory): module "feature" description "" filter "udp or tcp" hashsize "200000" #size of the hashtablem determine the execution efficiency args "num_received_packets=6" # number of packets received to emit a classification verdict args "flow_timeout=60" # idle flow expiration timeout args "interval=1" #flush interval args "classifiers=class_ports,class_bayes,class_svm" #list of classification algorithms, separated by "," args "classif_dir=$COMO_DIR/libexec/como-1.0" #directory containing the classification modules end The directory $classif_dir reported in the configuration file has to contain the directories with the classification models: models_svm/ models_bayes/ application_port_mapping_crl_reef/ (an example set of models is on the web site) with the svm and bayes models we achieved on CAIDA traces. For the port-based classifier, please download from www.caida.org Application_ports_Master.txt file and insert it in a directory named application_port_mapping_crl_reef/ (inside classif_dir). Application_ports_Master.txt is the port-application mapping file of coralreef software. -------------------------------------------------------------------------------- To create your own classifier, extending the existing files, please refer to the file classifier_example.c containing an example of the two required functions.