Add files via upload

Author: lucadivit

CreateFeaturesHandler.py

@@ -0,0 +1,104 @@
+from scapy.all import *
+from FeaturesCalc import FeaturesCalc
+from CSV import CSV
+from PacketFilter import PacketFilter
+from AttackerCalc import AttackerCalc
+import glob
+
+class CreateFeaturesHandler():
+
+    def __init__(self, pkts_window_size=10, single_csv=True):
+        self.pkts_window_size = pkts_window_size
+        assert self.pkts_window_size >=1, "Valore per la finestra non valido"
+        self.single_csv = single_csv
+        assert (self.single_csv is True) or (self.single_csv is False), "Valore non valido per il flag single_csv"
+        self.featuresCalc = FeaturesCalc(flow_type="malware", min_window_size=pkts_window_size)
+        ip_to_ignore = ["127.0.0.1"]
+        self.filter_1 = PacketFilter(ip_whitelist_filter=[], ip_blacklist_filter=ip_to_ignore, TCP=True)
+        self.filter_2 = PacketFilter(ip_whitelist_filter=[], ip_blacklist_filter=ip_to_ignore, UDP=True)
+        self.filter_3 = PacketFilter(ip_whitelist_filter=[], ip_blacklist_filter=ip_to_ignore, ICMP=True)
+        self.filters = [self.filter_1, self.filter_2, self.filter_3]
+
+        if(self.single_csv):
+            self.csv = CSV(file_name="features")
+            self.csv.create_empty_csv()
+            self.csv.add_row(self.featuresCalc.get_features_name())
+
+    def compute_features(self):
+
+        def malware_features():
+            folder_name = "Pcaps_Malware"
+            flow_type = "malware"
+            if (self.featuresCalc.get_flow_type() == flow_type):
+                pass
+            else:
+                self.featuresCalc.set_flow_type(flow_type)
+            for pcap in glob.glob(folder_name + "/" + "*.pcap"):
+                if(self.single_csv):
+                    csv = self.csv
+                else:
+                    pcap_name = pcap.split("/")
+                    pcap_name = pcap_name[len(pcap_name)-1].replace(".pcap", "")
+                    csv = CSV(file_name=pcap_name, folder_name="Malware_Features")
+                    csv.create_empty_csv()
+                    csv.add_row(self.featuresCalc.get_features_name())
+                array_of_pkts = []
+                print("\nCalcolo features di " + pcap + "\n")
+                attacker = AttackerCalc(pcap=pcap)
+                ip_to_consider = attacker.compute_attacker()
+                for filter in self.filters:
+                    filter.set_ip_whitelist_filter(ip_to_consider)
+                pkts = rdpcap(pcap)
+                filter_res=[]
+                for pkt in pkts:
+                    for filter in self.filters:
+                        if(filter.check_packet_filter(pkt)):
+                            filter_res.append(True)
+                        else:
+                            filter_res.append(False)
+                    if(True in filter_res):
+                        array_of_pkts.append(pkt)
+                    if (len(array_of_pkts) >= self.featuresCalc.get_min_window_size()):
+                        features = self.featuresCalc.compute_features(array_of_pkts)
+                        csv.add_row(features)
+                        array_of_pkts.clear()
+                    filter_res.clear()
+
+        def legitimate_features():
+            folder_name = "Pcaps_Legitimate"
+            flow_type = "legitimate"
+            if (self.featuresCalc.get_flow_type() == flow_type):
+                pass
+            else:
+                self.featuresCalc.set_flow_type(flow_type)
+            for filter in self.filters:
+                filter.set_ip_whitelist_filter([])
+            for pcap in glob.glob(folder_name + "/" + "*.pcap"):
+                if(self.single_csv):
+                    csv = self.csv
+                else:
+                    pcap_name = pcap.split("/")
+                    pcap_name = pcap_name[len(pcap_name) - 1].replace(".pcap", "")
+                    csv = CSV(file_name=pcap_name, folder_name="Legitimate_Features")
+                    csv.create_empty_csv()
+                    csv.add_row(self.featuresCalc.get_features_name())
+                array_of_pkts = []
+                filter_res = []
+                print("\nCalcolo features di " + pcap + "\n")
+                pkts = rdpcap(pcap)
+                for pkt in pkts:
+                    for filter in self.filters:
+                        if(filter.check_packet_filter(pkt)):
+                            filter_res.append(True)
+                        else:
+                            filter_res.append(False)
+                    if(True in filter_res):
+                        array_of_pkts.append(pkt)
+                    if (len(array_of_pkts) >= self.featuresCalc.get_min_window_size()):
+                        features = self.featuresCalc.compute_features(array_of_pkts)
+                        csv.add_row(features)
+                        array_of_pkts.clear()
+                    filter_res.clear()
+
+        malware_features()
+        legitimate_features()

Main.py

@@ -1,71 +1,8 @@
-from scapy.all import *
-from FeaturesCalc import FeaturesCalc
-from CSV import CSV
-from PacketFilter import PacketFilter
-from AttackerCalc import AttackerCalc
-import glob
+from CreateFeaturesHandler import CreateFeaturesHandler
 
 def main():
-
-    pkts_window_size = 10
-    ip_to_ignore = ["127.0.0.1"]
-    featuresCalc = FeaturesCalc(flow_type="malware", min_window_size=pkts_window_size)
-    filter_1 = PacketFilter(ip_whitelist_filter=[], ip_blacklist_filter=ip_to_ignore, IPv4=True, TCP=True,
-                            UDP=False)
-    filter_2 = PacketFilter(ip_whitelist_filter=[], ip_blacklist_filter=ip_to_ignore, IPv4=True, TCP=False,
-                            UDP=True)
-    filter_3 = PacketFilter(ip_whitelist_filter=[], ip_blacklist_filter=ip_to_ignore, IPv4=True, TCP=False,
-                            UDP=False)
-    csv = CSV(file_name="features")
-    csv.create_empty_csv()
-    csv.add_row(featuresCalc.get_features_name())
-
-    def malware_features():
-        folder_name = "Pcaps_Malware"
-        flow_type = "malware"
-        if (featuresCalc.get_flow_type() == flow_type):
-            pass
-        else:
-            featuresCalc.set_flow_type(flow_type)
-        for pcap in glob.glob(folder_name + "/" + "*.pcap"):
-            array_of_pkts = []
-            attacker = AttackerCalc(pcap=pcap)
-            ip_to_consider = attacker.compute_attacker()
-            filter_1.set_ip_whitelist_filter(ip_to_consider)
-            filter_2.set_ip_whitelist_filter(ip_to_consider)
-            filter_3.set_ip_whitelist_filter(ip_to_consider)
-            pkts = rdpcap(pcap)
-            for pkt in pkts:
-                if ((filter_2.check_packet_filter(pkt) or filter_1.check_packet_filter(pkt) or filter_3.check_packet_filter(pkt)) is True):
-                    array_of_pkts.append(pkt)
-                if (len(array_of_pkts) >= featuresCalc.get_min_window_size()):
-                    features = featuresCalc.compute_features(array_of_pkts)
-                    csv.add_row(features)
-                    array_of_pkts.clear()
-
-    def legitimate_features():
-        folder_name = "Pcaps_Legitimate"
-        flow_type = "legitimate"
-        if (featuresCalc.get_flow_type() == flow_type):
-            pass
-        else:
-            featuresCalc.set_flow_type(flow_type)
-        filter_1.set_ip_whitelist_filter([])
-        filter_2.set_ip_whitelist_filter([])
-        filter_3.set_ip_whitelist_filter([])
-        for pcap in glob.glob(folder_name + "/" + "*.pcap"):
-            array_of_pkts = []
-            pkts = rdpcap(pcap)
-            for pkt in pkts:
-                if ((filter_2.check_packet_filter(pkt) or filter_1.check_packet_filter(pkt) or filter_3.check_packet_filter(pkt)) is True):
-                    array_of_pkts.append(pkt)
-                if (len(array_of_pkts) >= featuresCalc.get_min_window_size()):
-                    features = featuresCalc.compute_features(array_of_pkts)
-                    csv.add_row(features)
-                    array_of_pkts.clear()
-
-    malware_features()
-    legitimate_features()
+    cfh = CreateFeaturesHandler(single_csv=False)
+    cfh.compute_features()
 
 if __name__== "__main__":
     main()