Use driver to extract data from two different type of processes CLI and GUI.
NOTE: if ls or ps does not generate values, then use more ifconfig
Create a file for the following CLI programs: ls and ps, into ls.dat and ps.dat, now combine all of these into cli.dat.
Create a file for the following GUI programs gedit file and firefox into gedit.dat and firefox.dat, now combine all of these into gui.dat.
Use these two data sets to train the classifier model j4.8, make sure to add a class attribute in each as CLI and GUI as the classification values.
Please make a note of the confusion Matrix and use 10-fold cross-validation to test the model.
Now, sample to applications, one CLI and one GUI and test how the model performs.
Show the percentage of CLI and GUI generated, if above 75% then classify as such.
Use cat as the CLI and nano as the GUI.
To Extract Features use the driver provide for kernel version 4.4.0-34-generic, the following bash file shows how to install the driver
sudo rmmod taskxt
mv taskxt-4.4.0-34-generic.ko taskxt.ko
sudo insmod taskxt.ko "path=/tmp pname=ls srate=1 dura=10000"
sudo chmod -R 666 /dev/taskxt
sudo chown fiu:fiu /tmp/ls.dat
// map_count -> number of memory regions of a process
X// page_table_lock -> used to manage the page table entries
// hiwater_rss -> Max number of page frames ever owned by the process
// hiwater_vm -> Max number of pages appeared in memory region of process
// total_vm -> Size of process's address space in terms of number of pages
Y// shared_vm -> Number of pages in shared file memory mappings of process
// exec_vm -> number of pages in executable memory mappings of process
Y// nr_ptes -> number of pages tables of a process
// utime -> Tick count of a process that is executing in user mode
// stime -> Tick count of a process in the kernel mode
// nvcsw -> number of volunter context switches
// nivcsw -> number of in-volunter context switches
// min_flt -> Contains the minor page faults
X// alloc_lock.raw_lock.slock -> used to locl memory manager, files and file system etc.
// fs.count - > number of file usage (was count, now field called users)
X – features not available in 4.4.0-34 and 4.13.0-38
Y – X features plus features not available in 4.15.0
The ones in bold are not supported or have changed structure location for Ubuntu 16.04, so only 13 of the 15 features will be available, the other two are zeros and will be pruned by the classification algorithm.