Skip to main content

Fork of cybersectk, a library for Machine Learning CyberSec feature extraction. Original author: SumendraBSingh

Project description

cybersectk

This is a fork of cybersectk by SumendraBSingh, a Python library for Machine Learning CyberSec feature extraction.

Installation Instructions

This library is available through PyPi and can be installed using the following command:

pip install cybersectk

This will install all the necessary dependencies before installing the package itself.

If you are interested in developing for this library yourself, clone the repo, then run the following commands:

cd CyberSecTK
python -m venv env
source env/bin/activate
pip install -e .

This will move you into the freshly cloned repo, create a virtual environment so any changes you make won't affect the rest of your Python installation, actiavte that virutal environment, then install the CyberSecTK package in "editable" mode.

Modules

WLAN IOT

The wiot module extracts features from wireless DataLink layer header information

 from cybersectk.wiot import wiot
 wiot()

This module outputs a NumPy array, which can be passed directly to a TensorFlow or PyTorch training script.

NOTE: Ensure the file is in the same directory as the script, and don't forget specify the .pcap extension at the end of the file name.

TCP IOT

The iot module extracts features from TCP/IP packets.

from cybersectk.iot import iot
iot('path_to_your_pcap_file.pcap', **ip_filter)

This module outputs a NumPy array, which can be passed directly to a TensorFlow or PyTorch training script.

Iterating Through a Directory of PCAPs

We can use Python's built-in os library to iterate through a directory containing PCAP files and pass each file to the iot() function, using the ip_filter dictionary provided by CyberSecTK:

import os
from cybersectk.iot import iot

# Specify the directory path where the PCAP files are located
pcap_directory = '/path/to/pcap/files'

# Iterate through each file in the directory
for filename in os.listdir(pcap_directory):
    if filename.endswith('.pcap'):
        # Construct the full file path
        file_path = os.path.join(pcap_directory, filename)
        
        # Call the iot() function with the file path
        iot(file_path)

Filtering TCP PCAP Files

CyberSecTK allows you to filter specific TCP PCAP files using a Python dictionary named ip_filter. This dictionary should be defined in your script before calling the iot function.

The library uses tshark to extract the features from the given TCP pcap file. Make sure tshark is installed on your system.

The ip_filter dictionary uses keys to specify the type of device and values to specify the IP addresses to filter. The filtered pcap file will be saved with its filtered name inside the filtered_pcap directory.

Here are the available keys for the ip_filter dictionary:

  • TCP_Mobile
  • TCP_Outlet
  • TCP_Assistant
  • TCP_Camera
  • TCP_Miscellaneous

Here's an example of how to define the ip_filter dictionary:

ip_filter = {}
ip_filter['TCP_Miscellaneous'] = "'tcp && (ip.src==192.168.1.216) || (ip.src==192.168.1.46) || (ip.src==192.168.1.84) || (ip.src==192.168.1.91)'"

In this example, the TCP_Miscellaneous key is associated with a string that specifies a TCP filter for several IP addresses. You can replace these IP addresses with the ones you want to filter.

To use the ip_filter dictionary, pass it as an argument to the iot function:

from cybersectk.iot import iot
iot(**ip_filter)

MALEWARE

The malware module extracts features from system log files to identify malicious activity.

from cybersectk.malware import malware
malware()

This module outputs a NumPy array, which can be passed directly to a TensorFlow or PyTorch training script.

Note: Before running the feature extraction, please ensure that you have created a directory named log_files in the same working directory. Inside the log_files directory, add the non-malicious system log files with names like Good1.CSV, Good2.CSV, and so on. For infected log files, please refer to the sample dataset provided for better understanding.

You can download the sample dataset from the following link:

Sample Dataset

Feature Desrciptions

Each module extracts a different set of features. For detailed descriptions of the features extracted by each module, see the Feature Descriptions document.

Contributing

We welcome contributions to CyberSecTK! Please see out Contributing Guide for more information.

Project details


Release history Release notifications | RSS feed

This version

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cybersectk-1.0.tar.gz (8.8 kB view hashes)

Uploaded Source

Built Distribution

cybersectk-1.0-py3-none-any.whl (6.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page