marfcat submission v. SATE.4 Wireshark 1.2.9
============================================

These reports are about wireshark-1.2.9 using a small subset
of algorithms.

The system correctly does not report the fixed CVEs (currently,
the primary class), so most of the reports come up empty (no noise).

All example reports (one per configuration) validate with the schema
sate_2010.xsd and sate_2010.pathcheck.xsd.

The best (empty) reports are:

  report-noprepreprawfftcheb-wireshark-1.2.9-test.xml
  report-noprepreprawfftdiff-wireshark-1.2.9-test.xml

  report-noprepreprawffteucl-wireshark-1.2.9-test.xml
  report-noprepreprawffthamming-wireshark-1.2.9-test.xml

The below particular report shows Minkowski distance classifier
was not perhaps the best choice, as it mistakingly reported
a known CVE that was in fact fixed, this is an example of
machine learning red herring:

  report-noprepreprawfftmink-wireshark-1.2.9-test.xml

It is provided for illustrative purposes.

There is another report, which is very "noisy" and does not pass
the pathcheck (threshold problem I suppose) that I do not include
as it's uselessley noisy.

  report-noprepreprawfftcos-training-data.xml

Log files
---------

All the corresponding tool-specific *.log files are there for reference.

Files
-----

marfcat-nopreprep-raw-fft-cheb.log
marfcat-nopreprep-raw-fft-diff.log
marfcat-nopreprep-raw-fft-eucl.log
marfcat-nopreprep-raw-fft-hamming.log
marfcat-nopreprep-raw-fft-mink.log
marfcat--super-fast-wireshark.log (training log)
README.txt
report-noprepreprawfftcheb-wireshark-1.2.9-test.xml
report-noprepreprawfftdiff-wireshark-1.2.9-test.xml
report-noprepreprawffteucl-wireshark-1.2.9-test.xml
report-noprepreprawffthamming-wireshark-1.2.9-test.xml
report-noprepreprawfftmink-wireshark-1.2.9-test.xml

--
Serguei A. Mokhov
mokhov@cse.concordia.ca
