def malware_train(line):
global malware_train_nb
if (mta.check_if_link_is_in_downloaded_file(line) is False):
pcap_file_name = mta.download_pcap([line])
for pcap in pcap_file_name:
if (pcap is not None):
if (check_if_already_trained(pcap) is False):
attacker = AttackerCalc(pcap=mta.get_folder_name() + "/" +
pcap)
ip_to_consider = attacker.compute_attacker()
flow_type = "malware"
filter_1.set_ip_whitelist_filter(ip_to_consider)
filter_2.set_ip_whitelist_filter(ip_to_consider)
filter_3.set_ip_whitelist_filter(ip_to_consider)
featuresCalc = FeaturesCalc(flow_type=flow_type,
min_window_size=5)
csv = CSV(file_name="features_" + flow_type,
folder_name="Features")
csv.create_empty_csv()
csv.add_row(featuresCalc.get_features_name())
argument = {
"features_calc": featuresCalc,
"packets": [],
'filter': [filter_1, filter_2, filter_3],
'csv_obj': csv
}
sniffer = Sniffer(iface_sniffer,
callback_prn=callback_sniffer,
callback_prn_kwargs=argument)
sniffer.start()
while (sniffer.get_started_flag() is False):
pass
try:
sender = Sender(iface_sender,
fast=False,
verbose=False,
time_to_wait=10)
sender.send(mta.get_folder_name() + "/" + pcap)
sniffer.stop()
except Exception as e:
print(e)
csv.close_csv()
env.set_csv(csv.get_folder_name() + "/" +
csv.get_current_file_name())
agent.train_agent(
steps=csv.get_number_of_rows() - 1,
log_interval=csv.get_number_of_rows() - 1,
verbose=2,
nb_max_episode_steps=csv.get_number_of_rows() - 1)
malware_train_nb -= 1
trained_file.write(pcap + "\n")
else:
print("\nPcap gia' utilizzato in passato. Saltato.\n")
else:
pass
else:
pass
def legitimate_features():
folder_name = "Pcaps_Legitimate"
flow_type = "legitimate"
if (self.featuresCalc.get_flow_type() == flow_type):
pass
else:
self.featuresCalc.set_flow_type(flow_type)
for filter in self.filters:
filter.set_ip_whitelist_filter([])
for pcap in glob.glob(folder_name + "/" + "*.pcap"):
if (self.single_csv):
csv = self.csv
else:
pcap_name = pcap.split("/")
pcap_name = pcap_name[len(pcap_name) - 1].replace(
".pcap", "")
csv = CSV(file_name=pcap_name,
folder_name="Legitimate_Features")
csv.create_empty_csv()
csv.add_row(self.featuresCalc.get_features_name())
array_of_pkts = []
filter_res = []
print("\nCalculation of features " + pcap + "\n")
try:
pkts = rdpcap(pcap)
except:
sys.exit()
for pkt in pkts:
for filter in self.filters:
if (filter.check_packet_filter(pkt)):
filter_res.append(True)
else:
filter_res.append(False)
if (True in filter_res):
array_of_pkts.append(pkt)
if (len(array_of_pkts) >=
self.featuresCalc.get_min_window_size()):
features = self.featuresCalc.compute_features(
array_of_pkts)
csv.add_row(features)
array_of_pkts.clear()
filter_res.clear()
def legitimate_train(line):
global legitimate_train_nb
if (check_if_already_trained(line) is False):
flow_type = "legitimate"
filter_1.set_ip_whitelist_filter([])
filter_2.set_ip_whitelist_filter([])
filter_3.set_ip_whitelist_filter([])
featuresCalc = FeaturesCalc(flow_type=flow_type, min_window_size=5)
csv = CSV(file_name="features_" + flow_type, folder_name="Features")
csv.create_empty_csv()
csv.add_row(featuresCalc.get_features_name())
argument = {
"features_calc": featuresCalc,
"packets": [],
'filter': [filter_1, filter_2, filter_3],
'csv_obj': csv
}
sniffer = Sniffer(iface_sniffer,
callback_prn=callback_sniffer,
callback_prn_kwargs=argument)
sniffer.start()
while (sniffer.get_started_flag() is False):
pass
try:
sender = Sender(iface_sender,
fast=False,
verbose=False,
time_to_wait=10)
sender.send(lg.get_folder_name() + "/" + line)
sniffer.stop()
except Exception as e:
print(e)
csv.close_csv()
env.set_csv(csv.get_folder_name() + "/" + csv.get_current_file_name())
agent.train_agent(steps=csv.get_number_of_rows() - 1,
log_interval=csv.get_number_of_rows() - 1,
verbose=2,
nb_max_episode_steps=csv.get_number_of_rows() - 1)
legitimate_train_nb -= 1
trained_file.write(line + "\n")
else:
print("\nPcap gia' utilizzato in passato. Saltato.\n")
def malware_features():
folder_name = "Pcaps_Malware"
flow_type = "malware"
if (self.featuresCalc.get_flow_type() == flow_type):
pass
else:
self.featuresCalc.set_flow_type(flow_type)
for pcap in glob.glob(folder_name + "/" + "*.pcap"):
if (self.single_csv):
csv = self.csv
else:
pcap_name = pcap.split("/")
pcap_name = pcap_name[len(pcap_name) - 1].replace(
".pcap", "")
csv = CSV(file_name=pcap_name,
folder_name="Malware_Features")
csv.create_empty_csv()
csv.add_row(self.featuresCalc.get_features_name())
array_of_pkts = []
print("\nCalcolo features di " + pcap + "\n")
attacker = AttackerCalc(pcap=pcap)
ip_to_consider = attacker.compute_attacker()
for filter in self.filters:
filter.set_ip_whitelist_filter(ip_to_consider)
pkts = rdpcap(pcap)
filter_res = []
for pkt in pkts:
for filter in self.filters:
if (filter.check_packet_filter(pkt)):
filter_res.append(True)
else:
filter_res.append(False)
if (True in filter_res):
array_of_pkts.append(pkt)
if (len(array_of_pkts) >=
self.featuresCalc.get_min_window_size()):
features = self.featuresCalc.compute_features(
array_of_pkts)
csv.add_row(features)
array_of_pkts.clear()
filter_res.clear()
class CreateFeaturesHandler():
def __init__(self, pkts_window_size=10, single_csv=True):
self.pkts_window_size = pkts_window_size
assert self.pkts_window_size >= 1, "Valore per la finestra non valido"
self.single_csv = single_csv
assert (self.single_csv is
True) or (self.single_csv is
False), "Valore non valido per il flag single_csv"
self.featuresCalc = FeaturesCalc(flow_type="malware",
min_window_size=pkts_window_size)
ip_to_ignore = ["127.0.0.1"]
self.filter_1 = PacketFilter(ip_whitelist_filter=[],
ip_blacklist_filter=ip_to_ignore,
TCP=True)
self.filter_2 = PacketFilter(ip_whitelist_filter=[],
ip_blacklist_filter=ip_to_ignore,
UDP=True)
self.filter_3 = PacketFilter(ip_whitelist_filter=[],
ip_blacklist_filter=ip_to_ignore,
ICMP=True)
self.filters = [self.filter_1, self.filter_2, self.filter_3]
if (self.single_csv):
self.csv = CSV(file_name="features")
self.csv.create_empty_csv()
self.csv.add_row(self.featuresCalc.get_features_name())
def compute_features(self):
def malware_features():
folder_name = "Pcaps_Malware"
flow_type = "malware"
if (self.featuresCalc.get_flow_type() == flow_type):
pass
else:
self.featuresCalc.set_flow_type(flow_type)
for pcap in glob.glob(folder_name + "/" + "*.pcap"):
if (self.single_csv):
csv = self.csv
else:
pcap_name = pcap.split("/")
pcap_name = pcap_name[len(pcap_name) - 1].replace(
".pcap", "")
csv = CSV(file_name=pcap_name,
folder_name="Malware_Features")
csv.create_empty_csv()
csv.add_row(self.featuresCalc.get_features_name())
array_of_pkts = []
print("\nCalcolo features di " + pcap + "\n")
attacker = AttackerCalc(pcap=pcap)
ip_to_consider = attacker.compute_attacker()
for filter in self.filters:
filter.set_ip_whitelist_filter(ip_to_consider)
pkts = rdpcap(pcap)
filter_res = []
for pkt in pkts:
for filter in self.filters:
if (filter.check_packet_filter(pkt)):
filter_res.append(True)
else:
filter_res.append(False)
if (True in filter_res):
array_of_pkts.append(pkt)
if (len(array_of_pkts) >=
self.featuresCalc.get_min_window_size()):
features = self.featuresCalc.compute_features(
array_of_pkts)
csv.add_row(features)
array_of_pkts.clear()
filter_res.clear()
def legitimate_features():
folder_name = "Pcaps_Legitimate"
flow_type = "legitimate"
if (self.featuresCalc.get_flow_type() == flow_type):
pass
else:
self.featuresCalc.set_flow_type(flow_type)
for filter in self.filters:
filter.set_ip_whitelist_filter([])
for pcap in glob.glob(folder_name + "/" + "*.pcap"):
if (self.single_csv):
csv = self.csv
else:
pcap_name = pcap.split("/")
pcap_name = pcap_name[len(pcap_name) - 1].replace(
".pcap", "")
csv = CSV(file_name=pcap_name,
folder_name="Legitimate_Features")
csv.create_empty_csv()
csv.add_row(self.featuresCalc.get_features_name())
array_of_pkts = []
filter_res = []
print("\nCalcolo features di " + pcap + "\n")
pkts = rdpcap(pcap)
for pkt in pkts:
for filter in self.filters:
if (filter.check_packet_filter(pkt)):
filter_res.append(True)
else:
filter_res.append(False)
if (True in filter_res):
array_of_pkts.append(pkt)
if (len(array_of_pkts) >=
self.featuresCalc.get_min_window_size()):
features = self.featuresCalc.compute_features(
array_of_pkts)
csv.add_row(features)
array_of_pkts.clear()
filter_res.clear()
malware_features()
legitimate_features()
