code_public/ja4-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: JA3 fingerprinting, SSL correlation fix, ML pipeline overhaul, E2E test infra

Browse Source 
ja4ebpf:
- Add JA3 raw + MD5 hash fingerprinting (ComputeJA3 in TLS parser)
- Fix accept4 port double-swap bug (__builtin_bswap16 on already-host-order value)
- Fix scheme override bug in ClickHouse writer (HTTP block clearing HTTPS)
- Add HTTP/2 passive fingerprinting (Akamai H2 FP, SETTINGS, pseudo-header order)
- Enrich ClickHouse schema with IP/TCP metadata, H2 settings, Sec-* headers
- Ensure maximum data completeness: all available L3/L4, TLS, HTTP fields emitted

bot-detector:
- Replace logistic regression with MLP fusion classifier
- Replace KS drift detection with ADWIN online learning
- Replace NetworkX/Louvain with PyTorch Geometric GraphSAGE for fleet detection
- Replace autoencoder with RealNVP normalizing flow + SessionTransformer embeddings

infra:
- Add distributed E2E test infrastructure (4 VMs: endpoints + analysis)
- Add Vagrant provisioning for analysis VM, e2e Makefile targets, run scripts

docs:
- Restructure thesis into chapter files with corrected references
- Add E2E testing documentation
- Update architecture, schema, deployment, service docs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jacquin Antoine
2026-04-15 02:57:07 +02:00
parent f88b739992
commit 61addc8cfa
5 changed files with 171 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
services/ja4ebpf/cmd/ja4ebpf/main.go
View File

@ -174,9 +174,6 @@ func main() {
for s := range mgr.ReadyCh {
if w != nil {
w.Write(s)
} else if cfg.Debug {
log.Printf("[ja4ebpf] DEBUG: session prête (sans CH): has_l3l4=%v has_tls=%v",
s.L3L4 != nil, s.TLS != nil)
}
}
}()
@ -421,6 +418,7 @@ func consumeTLSEvents(ctx context.Context, rd *perf.Reader, mgr *correlation.Man
}
ja4 := parser.ComputeJA4(ch)
ja3Raw, ja3Hash := parser.ComputeJA3(ch)
var alpn []string
var ciphers, extensions []uint16
@ -445,6 +443,8 @@ func consumeTLSEvents(ctx context.Context, rd *perf.Reader, mgr *correlation.Man
s.TLS = &correlation.TLSInfo{
ClientHelloRaw: payload,
JA4Hash: ja4,
JA3Raw: ja3Raw,
JA3Hash: ja3Hash,
SNI: ch.SNI,
ALPN: alpn,
CipherSuites: ciphers,