def malware_train(line): global malware_train_nb if (mta.check_if_link_is_in_downloaded_file(line) is False): pcap_file_name = mta.download_pcap([line]) for pcap in pcap_file_name: if (pcap is not None): if (check_if_already_trained(pcap) is False): attacker = AttackerCalc(pcap=mta.get_folder_name() + "/" + pcap) ip_to_consider = attacker.compute_attacker() flow_type = "malware" filter_1.set_ip_whitelist_filter(ip_to_consider) filter_2.set_ip_whitelist_filter(ip_to_consider) filter_3.set_ip_whitelist_filter(ip_to_consider) featuresCalc = FeaturesCalc(flow_type=flow_type, min_window_size=5) csv = CSV(file_name="features_" + flow_type, folder_name="Features") csv.create_empty_csv() csv.add_row(featuresCalc.get_features_name()) argument = { "features_calc": featuresCalc, "packets": [], 'filter': [filter_1, filter_2, filter_3], 'csv_obj': csv } sniffer = Sniffer(iface_sniffer, callback_prn=callback_sniffer, callback_prn_kwargs=argument) sniffer.start() while (sniffer.get_started_flag() is False): pass try: sender = Sender(iface_sender, fast=False, verbose=False, time_to_wait=10) sender.send(mta.get_folder_name() + "/" + pcap) sniffer.stop() except Exception as e: print(e) csv.close_csv() env.set_csv(csv.get_folder_name() + "/" + csv.get_current_file_name()) agent.train_agent( steps=csv.get_number_of_rows() - 1, log_interval=csv.get_number_of_rows() - 1, verbose=2, nb_max_episode_steps=csv.get_number_of_rows() - 1) malware_train_nb -= 1 trained_file.write(pcap + "\n") else: print("\nPcap gia' utilizzato in passato. Saltato.\n") else: pass else: pass
def legitimate_features(): folder_name = "Pcaps_Legitimate" flow_type = "legitimate" if (self.featuresCalc.get_flow_type() == flow_type): pass else: self.featuresCalc.set_flow_type(flow_type) for filter in self.filters: filter.set_ip_whitelist_filter([]) for pcap in glob.glob(folder_name + "/" + "*.pcap"): if (self.single_csv): csv = self.csv else: pcap_name = pcap.split("/") pcap_name = pcap_name[len(pcap_name) - 1].replace( ".pcap", "") csv = CSV(file_name=pcap_name, folder_name="Legitimate_Features") csv.create_empty_csv() csv.add_row(self.featuresCalc.get_features_name()) array_of_pkts = [] filter_res = [] print("\nCalculation of features " + pcap + "\n") try: pkts = rdpcap(pcap) except: sys.exit() for pkt in pkts: for filter in self.filters: if (filter.check_packet_filter(pkt)): filter_res.append(True) else: filter_res.append(False) if (True in filter_res): array_of_pkts.append(pkt) if (len(array_of_pkts) >= self.featuresCalc.get_min_window_size()): features = self.featuresCalc.compute_features( array_of_pkts) csv.add_row(features) array_of_pkts.clear() filter_res.clear()
def legitimate_train(line): global legitimate_train_nb if (check_if_already_trained(line) is False): flow_type = "legitimate" filter_1.set_ip_whitelist_filter([]) filter_2.set_ip_whitelist_filter([]) filter_3.set_ip_whitelist_filter([]) featuresCalc = FeaturesCalc(flow_type=flow_type, min_window_size=5) csv = CSV(file_name="features_" + flow_type, folder_name="Features") csv.create_empty_csv() csv.add_row(featuresCalc.get_features_name()) argument = { "features_calc": featuresCalc, "packets": [], 'filter': [filter_1, filter_2, filter_3], 'csv_obj': csv } sniffer = Sniffer(iface_sniffer, callback_prn=callback_sniffer, callback_prn_kwargs=argument) sniffer.start() while (sniffer.get_started_flag() is False): pass try: sender = Sender(iface_sender, fast=False, verbose=False, time_to_wait=10) sender.send(lg.get_folder_name() + "/" + line) sniffer.stop() except Exception as e: print(e) csv.close_csv() env.set_csv(csv.get_folder_name() + "/" + csv.get_current_file_name()) agent.train_agent(steps=csv.get_number_of_rows() - 1, log_interval=csv.get_number_of_rows() - 1, verbose=2, nb_max_episode_steps=csv.get_number_of_rows() - 1) legitimate_train_nb -= 1 trained_file.write(line + "\n") else: print("\nPcap gia' utilizzato in passato. Saltato.\n")
def malware_features(): folder_name = "Pcaps_Malware" flow_type = "malware" if (self.featuresCalc.get_flow_type() == flow_type): pass else: self.featuresCalc.set_flow_type(flow_type) for pcap in glob.glob(folder_name + "/" + "*.pcap"): if (self.single_csv): csv = self.csv else: pcap_name = pcap.split("/") pcap_name = pcap_name[len(pcap_name) - 1].replace( ".pcap", "") csv = CSV(file_name=pcap_name, folder_name="Malware_Features") csv.create_empty_csv() csv.add_row(self.featuresCalc.get_features_name()) array_of_pkts = [] print("\nCalcolo features di " + pcap + "\n") attacker = AttackerCalc(pcap=pcap) ip_to_consider = attacker.compute_attacker() for filter in self.filters: filter.set_ip_whitelist_filter(ip_to_consider) pkts = rdpcap(pcap) filter_res = [] for pkt in pkts: for filter in self.filters: if (filter.check_packet_filter(pkt)): filter_res.append(True) else: filter_res.append(False) if (True in filter_res): array_of_pkts.append(pkt) if (len(array_of_pkts) >= self.featuresCalc.get_min_window_size()): features = self.featuresCalc.compute_features( array_of_pkts) csv.add_row(features) array_of_pkts.clear() filter_res.clear()
class CreateFeaturesHandler(): def __init__(self, pkts_window_size=10, single_csv=True): self.pkts_window_size = pkts_window_size assert self.pkts_window_size >= 1, "Valore per la finestra non valido" self.single_csv = single_csv assert (self.single_csv is True) or (self.single_csv is False), "Valore non valido per il flag single_csv" self.featuresCalc = FeaturesCalc(flow_type="malware", min_window_size=pkts_window_size) ip_to_ignore = ["127.0.0.1"] self.filter_1 = PacketFilter(ip_whitelist_filter=[], ip_blacklist_filter=ip_to_ignore, TCP=True) self.filter_2 = PacketFilter(ip_whitelist_filter=[], ip_blacklist_filter=ip_to_ignore, UDP=True) self.filter_3 = PacketFilter(ip_whitelist_filter=[], ip_blacklist_filter=ip_to_ignore, ICMP=True) self.filters = [self.filter_1, self.filter_2, self.filter_3] if (self.single_csv): self.csv = CSV(file_name="features") self.csv.create_empty_csv() self.csv.add_row(self.featuresCalc.get_features_name()) def compute_features(self): def malware_features(): folder_name = "Pcaps_Malware" flow_type = "malware" if (self.featuresCalc.get_flow_type() == flow_type): pass else: self.featuresCalc.set_flow_type(flow_type) for pcap in glob.glob(folder_name + "/" + "*.pcap"): if (self.single_csv): csv = self.csv else: pcap_name = pcap.split("/") pcap_name = pcap_name[len(pcap_name) - 1].replace( ".pcap", "") csv = CSV(file_name=pcap_name, folder_name="Malware_Features") csv.create_empty_csv() csv.add_row(self.featuresCalc.get_features_name()) array_of_pkts = [] print("\nCalcolo features di " + pcap + "\n") attacker = AttackerCalc(pcap=pcap) ip_to_consider = attacker.compute_attacker() for filter in self.filters: filter.set_ip_whitelist_filter(ip_to_consider) pkts = rdpcap(pcap) filter_res = [] for pkt in pkts: for filter in self.filters: if (filter.check_packet_filter(pkt)): filter_res.append(True) else: filter_res.append(False) if (True in filter_res): array_of_pkts.append(pkt) if (len(array_of_pkts) >= self.featuresCalc.get_min_window_size()): features = self.featuresCalc.compute_features( array_of_pkts) csv.add_row(features) array_of_pkts.clear() filter_res.clear() def legitimate_features(): folder_name = "Pcaps_Legitimate" flow_type = "legitimate" if (self.featuresCalc.get_flow_type() == flow_type): pass else: self.featuresCalc.set_flow_type(flow_type) for filter in self.filters: filter.set_ip_whitelist_filter([]) for pcap in glob.glob(folder_name + "/" + "*.pcap"): if (self.single_csv): csv = self.csv else: pcap_name = pcap.split("/") pcap_name = pcap_name[len(pcap_name) - 1].replace( ".pcap", "") csv = CSV(file_name=pcap_name, folder_name="Legitimate_Features") csv.create_empty_csv() csv.add_row(self.featuresCalc.get_features_name()) array_of_pkts = [] filter_res = [] print("\nCalcolo features di " + pcap + "\n") pkts = rdpcap(pcap) for pkt in pkts: for filter in self.filters: if (filter.check_packet_filter(pkt)): filter_res.append(True) else: filter_res.append(False) if (True in filter_res): array_of_pkts.append(pkt) if (len(array_of_pkts) >= self.featuresCalc.get_min_window_size()): features = self.featuresCalc.compute_features( array_of_pkts) csv.add_row(features) array_of_pkts.clear() filter_res.clear() malware_features() legitimate_features()