def load_single(self, items): from flow import FlowRecord rec = FlowRecord() rec.start_time = items[0].strip() rec.duration = items[1].strip() rec.protocol = items[2].strip() rec.src_ip = items[3].strip() rec.src_port = items[4].strip() rec.bidirectional = items[5].strip() rec.dest_ip = items[6].strip() rec.dest_port = items[7].strip() rec.state = items[8].strip() rec.sTos = items[9].strip() rec.dTos = items[10].strip() rec.total_pckts = items[11].strip() rec.total_bytes = items[12].strip() rec.total_srcbytes = items[13].strip() rec.label = items[14].strip() return rec
def load_single(self, items): import socket, ipaddress from flow import FlowRecord rec = FlowRecord() import datetime start = (items['first']-datetime.datetime(1970,1,1)).total_seconds() end = (items['last']-datetime.datetime(1970,1,1)).total_seconds() rec.start_time = start rec.duration = -1 * ((start + items['msec_first']/1000.0) - (end + items['msec_last']/1000.0)) rec.protocol = items['prot'] rec.src_ip = str(items['srcip']) rec.src_port = items['srcport'] rec.dest_ip = str(items['dstip']) rec.dest_port = items['dstport'] rec.total_pckts = items['packets'] rec.total_bytes = items['bytes'] rec.label = "Unknown" return rec
def load_single(self, items, good, classify): import socket, ipaddress from flow import FlowRecord rec = FlowRecord() rec.start_time = items['start_time'] rec.duration = (items['start_time'] + items['start_msec']/1000.0) - (items['end_time'] + items['end_msec']/1000.0) rec.protocol = items['prot'] rec.src_ip = str(ipaddress.ip_address(items['src_ip'])) rec.src_port = items['src_port'] rec.dest_ip = str(ipaddress.ip_address(items['dst_ip'])) rec.dest_port = items['dst_port'] rec.total_pckts = items['packets'] rec.total_bytes = items['octets'] if classify: rec.label = items['description'] elif good: rec.label = 'non-malicous' else: rec.label = 'malicous' rec.tcp_flags = items['tcp_flags'] return rec
def load_single(self, items, good, classify): import socket, ipaddress from flow import FlowRecord rec = FlowRecord() rec.start_time = items['start_time'] rec.duration = (items['start_time'] + items['start_msec'] / 1000.0) - ( items['end_time'] + items['end_msec'] / 1000.0) rec.protocol = items['prot'] rec.src_ip = str(ipaddress.ip_address(items['src_ip'])) rec.src_port = items['src_port'] rec.dest_ip = str(ipaddress.ip_address(items['dst_ip'])) rec.dest_port = items['dst_port'] rec.total_pckts = items['packets'] rec.total_bytes = items['octets'] if classify: rec.label = items['description'] elif good: rec.label = 'non-malicous' else: rec.label = 'malicous' rec.tcp_flags = items['tcp_flags'] return rec
def load_single(self, items): import socket, ipaddress from flow import FlowRecord rec = FlowRecord() import datetime start = (items['first'] - datetime.datetime(1970, 1, 1)).total_seconds() end = (items['last'] - datetime.datetime(1970, 1, 1)).total_seconds() rec.start_time = start rec.duration = -1 * ((start + items['msec_first'] / 1000.0) - (end + items['msec_last'] / 1000.0)) rec.protocol = items['prot'] rec.src_ip = str(items['srcip']) rec.src_port = items['srcport'] rec.dest_ip = str(items['dstip']) rec.dest_port = items['dstport'] rec.total_pckts = items['packets'] rec.total_bytes = items['bytes'] rec.label = "Unknown" return rec
def get_flow_record(self): from flow import FlowRecord f = FlowRecord() f.start_time = self.start_time f.duration = self.last_time - self.start_time f.protocol = self.protocol.lower() f.src_port = self.src_port f.dest_port = self.dst_port f.src_ip = self.src_ip f.dest_ip = self.dst_ip f.bidirectional = "->" f.state = "" f.sTos = 0 f.dTos = 0 f.total_pckts = self.packets f.total_bytes = self.size f.total_srcbytes = self.size return f