def __init__(self):
path = "../pcap2/packets.pcap" #the pcap, pcapng, or tsv file to process.
packet_limit = 5000 #the number of packets to process
# KitNET params:
maxAE = 10 #maximum size for any autoencoder in the ensemble layer
FMgrace = 5000 #the number of instances taken to learn the feature mapping (the ensemble's architecture)
ADgrace = 40000 #the number of instances used to train the anomaly detector (ensemble itself)
# Build Kitsune
self.kitsune = Kitsune(path, packet_limit, maxAE, FMgrace, ADgrace)
self.RMSE = []
i = 0
while True:
i += 1
if i % 1000 == 0:
print(i)
rmse = self.kitsune.proc_next_packet()
if rmse == -1:
break
self.RMSE.append(rmse)
print("Unzipping Sample Capture...")
import zipfile
with zipfile.ZipFile("mirai.zip", "r") as zip_ref:
zip_ref.extractall()
# File location
path = "mirai.pcap" #the pcap, pcapng, or tsv file to process.
packet_limit = np.Inf #the number of packets to process
# KitNET params:
maxAE = 10 #maximum size for any autoencoder in the ensemble layer
FMgrace = 5000 #the number of instances taken to learn the feature mapping (the ensemble's architecture)
ADgrace = 50000 #the number of instances used to train the anomaly detector (ensemble itself)
# Build Kitsune
K = Kitsune(path, False, packet_limit, maxAE, FMgrace, ADgrace)
print("Running Kitsune:")
RMSEs = []
i = 0
start = time.time()
# Here we process (train/execute) each individual packet.
# In this way, each observation is discarded after performing process() method.
while True:
i += 1
if i % 1000 == 0:
print(i)
rmse = K.proc_next_packet()
if rmse == -1:
break
RMSEs.append(rmse)
from matplotlib import pyplot as plt
except ImportError:
print("Will skip plotting; matplotlib is not available.")
matplotlib_is_available = False
# File location
path = "100000_packets_mirai.tsv" #the pcap, pcapng, or tsv file to process.
packet_limit = np.Inf #the number of packets to process
# KitNET params:
maxAE = 10 #maximum size for any autoencoder in the ensemble layer
FMgrace = 5000 #the number of instances taken to learn the feature mapping (the ensemble's architecture)
ADgrace = 50000 #the number of instances used to train the anomaly detector (ensemble itself)
# Build Kitsune
K = Kitsune(path, packet_limit, maxAE, FMgrace, ADgrace)
# Train Kitsune
print("Training Kitsune:")
RMSEs = []
i = 0
while True:
i += 1
if i % 1000 == 0:
print(i)
rmse, _ = K.proc_next_packet()
if rmse == -1:
break
RMSEs.append(rmse)
threshold = max(RMSEs[0:69999])
print("Benign pcap: ", benign_path)
print("Benign size: ", benign_size)
target_path = sys.argv[1] #the pcap, pcapng, or tsv file to process.
print("Target pcap: ", target_path)
packet_limit = np.Inf #the number of packets to process
# KitNET params:
maxAE = 10 #maximum size for any autoencoder in the ensemble layer
FMgrace = 10000 #the number of instances taken to learn the feature mapping (the ensemble's architecture)
ADgrace = 100000 #the number of instances used to train the anomaly detector (ensemble itself)
# Build Kitsune
K = Kitsune(benign_path, target_path, packet_limit, maxAE, FMgrace, ADgrace)
print("Running Kitsune:")
RMSEs = []
i = 0
start = time.time()
# Here we process (train/execute) each individual packet.
# In this way, each observation is discarded after performing process() method.
# parse attack packet numbers
attackPacketNumbers = []
with open(target_path.replace('.pcap', '.attacks.tsv'), 'r') as af:
while True:
attackPacketNumber = af.readline().strip().split('\t')[0]
if not attackPacketNumber: break