def load_single(self, items):
import socket, ipaddress
from flow import FlowRecord
rec = FlowRecord()
import datetime
start = (items['first'] -
datetime.datetime(1970, 1, 1)).total_seconds()
end = (items['last'] - datetime.datetime(1970, 1, 1)).total_seconds()
rec.start_time = start
rec.duration = -1 * ((start + items['msec_first'] / 1000.0) -
(end + items['msec_last'] / 1000.0))
rec.protocol = items['prot']
rec.src_ip = str(items['srcip'])
rec.src_port = items['srcport']
rec.dest_ip = str(items['dstip'])
rec.dest_port = items['dstport']
rec.total_pckts = items['packets']
rec.total_bytes = items['bytes']
rec.label = "Unknown"
return rec
def load_single(self, items):
from flow import FlowRecord
rec = FlowRecord()
rec.start_time = items[0].strip()
rec.duration = items[1].strip()
rec.protocol = items[2].strip()
rec.src_ip = items[3].strip()
rec.src_port = items[4].strip()
rec.bidirectional = items[5].strip()
rec.dest_ip = items[6].strip()
rec.dest_port = items[7].strip()
rec.state = items[8].strip()
rec.sTos = items[9].strip()
rec.dTos = items[10].strip()
rec.total_pckts = items[11].strip()
rec.total_bytes = items[12].strip()
rec.total_srcbytes = items[13].strip()
rec.label = items[14].strip()
return rec
def load_single(self, items, good, classify):
import socket, ipaddress
from flow import FlowRecord
rec = FlowRecord()
rec.start_time = items['start_time']
rec.duration = (items['start_time'] + items['start_msec'] / 1000.0) - (
items['end_time'] + items['end_msec'] / 1000.0)
rec.protocol = items['prot']
rec.src_ip = str(ipaddress.ip_address(items['src_ip']))
rec.src_port = items['src_port']
rec.dest_ip = str(ipaddress.ip_address(items['dst_ip']))
rec.dest_port = items['dst_port']
rec.total_pckts = items['packets']
rec.total_bytes = items['octets']
if classify:
rec.label = items['description']
elif good:
rec.label = 'non-malicous'
else:
rec.label = 'malicous'
rec.tcp_flags = items['tcp_flags']
return rec
def load_single(self, items):
import socket, ipaddress
from flow import FlowRecord
rec = FlowRecord()
import datetime
start = (items['first']-datetime.datetime(1970,1,1)).total_seconds()
end = (items['last']-datetime.datetime(1970,1,1)).total_seconds()
rec.start_time = start
rec.duration = -1 * ((start + items['msec_first']/1000.0) - (end + items['msec_last']/1000.0))
rec.protocol = items['prot']
rec.src_ip = str(items['srcip'])
rec.src_port = items['srcport']
rec.dest_ip = str(items['dstip'])
rec.dest_port = items['dstport']
rec.total_pckts = items['packets']
rec.total_bytes = items['bytes']
rec.label = "Unknown"
return rec
def load_single(self, items, good, classify):
import socket, ipaddress
from flow import FlowRecord
rec = FlowRecord()
rec.start_time = items['start_time']
rec.duration = (items['start_time'] + items['start_msec']/1000.0) - (items['end_time'] + items['end_msec']/1000.0)
rec.protocol = items['prot']
rec.src_ip = str(ipaddress.ip_address(items['src_ip']))
rec.src_port = items['src_port']
rec.dest_ip = str(ipaddress.ip_address(items['dst_ip']))
rec.dest_port = items['dst_port']
rec.total_pckts = items['packets']
rec.total_bytes = items['octets']
if classify:
rec.label = items['description']
elif good:
rec.label = 'non-malicous'
else:
rec.label = 'malicous'
rec.tcp_flags = items['tcp_flags']
return rec
def load_single(self, items):
from flow import FlowRecord
rec = FlowRecord()
rec.start_time = items[0].strip()
rec.duration = items[1].strip()
rec.protocol = items[2].strip()
rec.src_ip = items[3].strip()
rec.src_port = items[4].strip()
rec.bidirectional = items[5].strip()
rec.dest_ip = items[6].strip()
rec.dest_port = items[7].strip()
rec.state = items[8].strip()
rec.sTos = items[9].strip()
rec.dTos = items[10].strip()
rec.total_pckts = items[11].strip()
rec.total_bytes = items[12].strip()
rec.total_srcbytes = items[13].strip()
rec.label = items[14].strip()
return rec
def get_flow_record(self):
from flow import FlowRecord
f = FlowRecord()
f.start_time = self.start_time
f.duration = self.last_time - self.start_time
f.protocol = self.protocol.lower()
f.src_port = self.src_port
f.dest_port = self.dst_port
f.src_ip = self.src_ip
f.dest_ip = self.dst_ip
f.bidirectional = "->"
f.state = ""
f.sTos = 0
f.dTos = 0
f.total_pckts = self.packets
f.total_bytes = self.size
f.total_srcbytes = self.size
return f
def get_flow_record(self):
from flow import FlowRecord
f = FlowRecord()
f.start_time = self.start_time
f.duration = self.last_time - self.start_time
f.protocol = self.protocol.lower()
f.src_port = self.src_port
f.dest_port = self.dst_port
f.src_ip = self.src_ip
f.dest_ip = self.dst_ip
f.bidirectional = "->"
f.state = ""
f.sTos = 0
f.dTos = 0
f.total_pckts = self.packets
f.total_bytes = self.size
f.total_srcbytes = self.size
return f
