dca_interface  6.3.4
Web Application Classification (WAC)

The WAC (Web Application Classification) module analyzes HTTP input data, and returns whether or not the data originated from a web application, and whether or not a user has performed a particular action in the application. The classification result consists of an application id and/or an action id.

The results can be used to block unwanted web content with a fine granularity.

Initialization

To use the WAC classification functions, the WAC classification package must first be initialized. To do this, create an instance of the dca_wac::WacClassification module using dca_wac::WacClassification::create().

Set up a connection to a WAC database using the database type DBT_Wac. Refer to Setting up a Database Connection for the steps required to do this.

Once a connection to the WAC database has been established, an instance of a dca_wac::WacClassifier must be created. Use dca_wac::WacClassification::createClassifier(), passing as parameter the newly created database connection object.

The WacClassifier classifies dca_wac::WacInputData objects and returns as result a dca_wac::WacClassificationResult object. Both classes can be created freely without the use of any other class or module.

Classification

The WAC classification takes as input a URL, raw HTTP web request data and also HTTP response data. At least one of these must be present for analysis. The data is set up as raw bytestream buffers and buffer lengths, stored in a dca_wac::WacInputData object. The functions dca_wac::WacInputData::setRequestData(), dca_wac::WacInputData::setUrl() and dca_wac::WacInputData::setResponse() are used to set the data. No data is copied (only pointers to the data are stored) so it is important that the data remains valid and unchanged for the lifetime of the WacInputData object.

The more input data the classification is provided, the more accurate the result will be, but the classification may take more time if more than one buffer is provided. On a high performance solution implementation we recommend to use a partial buffer of the client request with a length of e.g. 5k or 10k. Some actions may only be recognized if the request and/or reponse data is provided.

The result of the WAC classification is an application id and an action id. The resulting ids can be retrieved with a dca_wac::WacClassificationResult object as returned from the WAC classification. The category and tags related to the application can be retrieved from a dca_wac::WacApplication object, obtainable from dca_wac::WacCategoriesInfo using the application id.

Feedback mechanism

Enabling the Feedback option (see dca_wac::WacClassification::createClassifier()) some statistics of the number of matched applciation/action combinations are collected.

The Feedback option exists to help us to improve the quality of our classifications.

Uploading such information is done during the dca::UpdateModule::performUpdate() call.

To enable the Feedback option for a WacClassifier, the option enable_Feedback of the dca_wac::WacClassifierOptions must be set to true before creating a WacClassifier.

Note
enable_Feedback is by default disabled
The proxy settings (if any) used for upload will be taken from the dca::DbConnection associated with the dca::WacClassifier.
See also
Content and Engine Updates, and how to implement the required tasks
dca_wac::WacClassifierOptions

Enumeration

To enumerate all known applications, actions etc. you can use a dca_wac::WacCategoriesInfo object. This can obtained from the dca_wac::WacClassification::getCategoriesInfo() function.

We provide the following class structures:

Categories (dca_wac::WacCategories)

This is a container for dca_wac::WacCategory objects. It lists all supported categories of web application. Examples of categories would be "file sharing", "instant messaging", "social networking" etc.

Applications (dca_wac::WacApplications)

This is a container for dca_wac::WacApplication objects. It lists all supported web applications. Examples of web applications would be "Hotmail", "Facebook", "BitTorrent" etc. An application belongs to only one category.

The identified application is one of the possible results of the classification (dca_wac::WacClassificationResult::applicationId()).

Actions (dca_wac::WacActions)

This is a container for dca_wac::WacAction objects. An WacActions object can be obtained from a WacApplication object, in which case it lists all the actions supported by the application.

An WacActions object can be also obtained from a WacCategoriesInfo object. In this case, it contains the complete list of all supported actions.

An example of an action would be "Share" or "View/Download".

The identified action is also one of the possible results of the classification (dca_wac::WacClassificationResult::actionId()).

Tags (dca_wac::WacTags)

This is a container for dca_wac::WacTag objects. An WacTags object can be obtained from a WacApplication object, in which case it lists all the tags supported by the application.

An WacTags object can be also obtained from a WacCategoriesInfo object. In this case, it contains the complete list of all supported tags.

Tags are additional properties related to an application. Examples of tags would be "risk level 1", "allows file sharing", "high bandwidth" etc.

Locales (dca_wac::WacLocales)

This is a container for dca_wac::WacLocale objects. It lists all supported locales. Locales are used to provide language specific names and descriptions for the available categories, applications, tags and actions.

The default locale is "en_US". If you wish to use a different locale, the functions name() and description(), provided by the relevant objects, take an optional parameter where the locale can be specified. If the locale does not exist, or a localization for the particular string is not available, the default locale will be used.

See also
dca_wac::WacCategory, dca_wac::WacApplication, dca_wac::WacTag, dca_wac::WacAction, dca_wac::WacLocale

Example code

The following code demonstrates the WAC classification.

// assume we have a valid DcaInstance (myDca) and License (myLicense)
WacClassification myWacClassification;
myWacClassification = WacClassification::create( myDca, myLicense );
WacClassifierOptions creationOptions;
// enable Feedback mechanism
creationOptions.enable_Feedback = true;
// create classifier by using DbConnection and creationOptions
WacClassifier myWacClassifier;
myWacClassifier =
myWacClassification.createClassifier( myDbConnection, creationOptions );
// simulate a web request to the URL www.hotmail.com
char buffer[ ] = "http://www.hotmail.com?id=....";
// set up the input data of the classification
WacInputData myWacInputData;
myWacInputData.setUrl( buffer, sizeof(buffer) );
// start WAC classification
WacClassificationResult myResult;
FunctionResult myFR = myWacClassifier.classify( myWacInputData, myResult );
// got an error?
if( !myFR ) {
error( myFR );
return;
}
// check - did we get a match?
if( myResult == NullWacClassificationResult ) {
std::cout << "No match returned from WAC classification." << std::endl;
return;
}
// display results
std::cout << "Results returned from WAC Classification: " <<
"application: " << myResult.applicationId() <<
" action: " << myResult.actionId() << std::endl;
dca_wac::NullWacClassificationResult
const WacClassificationResult NullWacClassificationResult
Defines a constant unassigned WacClassificationResult you can use for checks. if ( myWacClassificatio...
Generated by   doxygen 1.8.18