def setUp(self):
self.s = pyaiengine.StackLan()
self.dis = pyaiengine.PacketDispatcher()
self.dis.stack = self.s
self.s.tcp_flows = 2048
self.s.udp_flows = 1024
self.f = pyaiengine.FrequencyGroup()
def setUp(self):
self.s = pyaiengine.StackLan()
self.dis = pyaiengine.PacketDispatcher()
self.dis.stack = self.s
self.s.tcp_flows = 2048
self.s.udp_flows = 1024
self.called_callback = 0
self.ip_called_callback = 0
def threadHandler(netmask):
# Load an instance of a Network Stack on Lan Network
st = pyaiengine.StackLan()
st.tcp_flows = 327680
st.udp_flows = 163840
with pyaiengine.PacketDispatcher("re0") as pd:
pd.stack = st
pd.pcap_filter = netmask
pd.run()
st.stats_level = 5
f = open("statistics.log.%d" % os.getpid(), "w")
f.write(str(st))
f.close()
def __init__(self, pcap=None):
"""Class constructor initializing the ai engine parameters
:param pcap: pcap file as input for PacketDispatcher
:param st: load an instance of a Lan Network Stack
:param st.udp_flows: allocate the UDP flows in order to keep memory
:param pcap: input file
:param domains: holding main domain and sub domain names
"""
# Load an instance of a Lan Network Stack
self.st = pyaiengine.StackLan()
# Allocate the UDP flows in order to keep memory
# under control and avoid allocations during the execution
self.st.udp_flows = 163840
# input pcap file
self.pcap = pcap
self.domains = dict()
print(self.pcap)
name = name[:-4]
if (name.startswith("www.")):
name = name[4:]
if (name):
value = gib_detect_train.avg_transition_prob(name,
model_mat) > threshold
if (value == False):
print("WARNING:%s:%s Unknown malware detected" %
(flow.l7_protocol_name, name))
if __name__ == '__main__':
st = pyaiengine.StackLan()
dm = pyaiengine.DomainNameManager()
st.tcp_flows = 200000
st.udp_flows = 100000
d1 = pyaiengine.DomainName("Generic com", ".com")
d2 = pyaiengine.DomainName("Generic org", ".com")
d3 = pyaiengine.DomainName("Generic net", ".org")
d1.callback = random_callback_name
d2.callback = random_callback_name
d3.callback = random_callback_name
dm.add_domain_name(d1)
import sys
import os
sys.path.append("../src/")
import pyaiengine
def unknown_callback(flow):
print("Detecting unknown traffic on:", str(flow))
if __name__ == '__main__':
# Load an instance of a Network Stack on a Lan network
st1 = pyaiengine.StackLan()
st1.tcp_flows = 327680
st1.udp_flows = 163840
""" Generate two instances of the FrequencyGroup and LearnerEngine """
learn = pyaiengine.LearnerEngine()
freq = pyaiengine.FrequencyGroup()
""" Tell the stack that should store the payloads """
st1.enable_frequency_engine = True
""" Open the pcapfile and process """
with pyaiengine.PacketDispatcher("unknown_traffic.pcap") as pd:
pd.stack = st1
pd.run()
""" Use the method most suitable for your case """
freq.add_flows_by_destination_port(st1.tcp_flow_manager)
freq.compute()
