CSLab
/
scan_detector
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Source Code for network and port scanner, TRW algorithm, and reduction method implementations.
10 Commits
1 Branch
Tree: 68d9a881b1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '68d9a881b1'
${ noResults }
scan_detector/Programas/Last_work/Multiprocess/trw.py

trw.py 2.7KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. ##################################

  2. #   TRW sin reduccion           #

  3. #      Para Data Set de la Uni    #

  4. ################################

  5. 

  6. 

  7. 

  8. from silk import *

  9. startDate = "2018/08/14"

  10. endDate = "2018/08/15"

  11. p = 2

  12. 

  13. def Analisis():

  14.     counter = 0 # borrar luego

  15.     sampleHash={} #hash para contener los dip con el numero de conecciones y failed coneccciones

  16.     flow_counter = 0

  17.     for filename in FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/etc/silk/conf-v9/silk.conf", data_rootdir="/home/scratch/flow/rwflowpack/"):

  18.         for rec in silkfile_open(filename, READ):#reading the flow file

  19.             flow_counter += 1

  20.             if (':' in str(rec.sip)):

  21. 				continue

  22. 	    else:

  23.             	connection = [0] * 2 #Lista para contener los valores de conecciones failed y conecciones buenas

  24.             	sip = str(rec.sip) #Devuelve el ip en notacion punto-decimal

  25.             	flags = str(rec.tcpflags)

  26.             #print sip, flags

  27. 	    #counter +=1

  28.             	if 'A' in flags: ####arreglar

  29.                 	connection[1]=1 #good conections

  30.                 else:

  31.                 	connection [0] =1 #failed conections

  32.             	if sip in sampleHash:

  33. 	                sampleHash[sip][0]+= connection[0]

  34. 	                sampleHash[sip][1]+= connection[1]

  35.             	else:

  36.                 	sampleHash[sip] = [connection[0], connection[1]]

  37. 	    #print sampleHash

  38.     #print flow_counter

  39.     return sampleHash

  40. 

  41. sip_connections_list = Analisis()

  42. #print sip_connections_list

  43. sipList = {"sipList":[]}

  44. for sip in sip_connections_list:

  45.           if (sip_connections_list[sip][1] != 0) and ((sip_connections_list[sip][0] / sip_connections_list[sip][1])  < 1) : #si la cantidad de succesful

  46.                                 #b                #g                    #connections es mas que failed connections

  47.                       #not scanner, ignore

  48.                       continue

  49.           elif (sip_connections_list[sip][1] != 0) and ((sip_connections_list[sip][0] / sip_connections_list[sip][1])  < p): #mas failed que succesful, pero no llega al threshold

  50.                       #not scanner, ignore

  51.                       continue                          #se debe tener en cuenta que es suspicious pero no taaanto

  52.           elif (sip_connections_list[sip][1] == 0 and sip_connections_list[sip][0] > 10): #el ratio de failed a succesful llega al threshold pautado

  53.                             #scanner, oh oh

  54.                     hash = {sip:sip_connections_list[sip]}

  55.                     sipList["sipList"].append(hash)

  56.           else:

  57.                             #scanner, oh oh

  58.                     hash = {sip:sip_connections_list[sip]}

  59.                     sipList["sipList"].append(hash)

  60. 

  61. print sipList