Skip to main content

Fork of cybersectk, a library for Machine Learning CyberSec feature extraction. Original author: SumendraBSingh

Project description

cybersectk

This is a fork of cybersectk by SumendraBSingh, a Python library for Machine Learning CyberSec feature extraction.

Installation Instructions

This library is available through PyPi and can be installed using the following command:

pip install cybersectk

This will install all the necessary dependencies before installing the package itself.

If you are interested in developing for this library yourself, clone the repo, then run the following commands:

cd CyberSecTK
python -m venv env
source env/bin/activate
pip install -e .

This will move you into the freshly cloned repo, create a virtual environment so any changes you make won't affect the rest of your Python installation, actiavte that virutal environment, then install the CyberSecTK package in "editable" mode.

Modules

WLAN IOT

The wiot module extracts features from wireless DataLink layer header information

 from cybersectk.wiot import wiot
 wiot()

This module outputs a NumPy array, which can be passed directly to a TensorFlow or PyTorch training script.

NOTE: Ensure the file is in the same directory as the script, and don't forget specify the .pcap extension at the end of the file name.

TCP IOT

The iot module extracts features from TCP/IP packets.

from cybersectk.iot import iot
iot('path_to_your_pcap_file.pcap', **ip_filter)

This module outputs a NumPy array, which can be passed directly to a TensorFlow or PyTorch training script.

Iterating Through a Directory of PCAPs

We can use Python's built-in os library to iterate through a directory containing PCAP files and pass each file to the iot() function, using the ip_filter dictionary provided by CyberSecTK:

import os
from cybersectk.iot import iot

# Specify the directory path where the PCAP files are located
pcap_directory = '/path/to/pcap/files'

# Iterate through each file in the directory
for filename in os.listdir(pcap_directory):
    if filename.endswith('.pcap'):
        # Construct the full file path
        file_path = os.path.join(pcap_directory, filename)
        
        # Call the iot() function with the file path
        iot(file_path)

Filtering TCP PCAP Files

CyberSecTK allows you to filter specific TCP PCAP files using a Python dictionary named ip_filter. This dictionary should be defined in your script before calling the iot function.

The library uses tshark to extract the features from the given TCP pcap file. Make sure tshark is installed on your system.

The ip_filter dictionary uses keys to specify the type of device and values to specify the IP addresses to filter. The filtered pcap file will be saved with its filtered name inside the filtered_pcap directory.

Here are the available keys for the ip_filter dictionary:

  • TCP_Mobile
  • TCP_Outlet
  • TCP_Assistant
  • TCP_Camera
  • TCP_Miscellaneous

Here's an example of how to define the ip_filter dictionary:

ip_filter = {}
ip_filter['TCP_Miscellaneous'] = "'tcp && (ip.src==192.168.1.216) || (ip.src==192.168.1.46) || (ip.src==192.168.1.84) || (ip.src==192.168.1.91)'"

In this example, the TCP_Miscellaneous key is associated with a string that specifies a TCP filter for several IP addresses. You can replace these IP addresses with the ones you want to filter.

To use the ip_filter dictionary, pass it as an argument to the iot function:

from cybersectk.iot import iot
iot(**ip_filter)

MALEWARE

The malware module extracts features from system log files to identify malicious activity.

from cybersectk.malware import malware
malware()

This module outputs a NumPy array, which can be passed directly to a TensorFlow or PyTorch training script.

Note: Before running the feature extraction, please ensure that you have created a directory named log_files in the same working directory. Inside the log_files directory, add the non-malicious system log files with names like Good1.CSV, Good2.CSV, and so on. For infected log files, please refer to the sample dataset provided for better understanding.

You can download the sample dataset from the following link:

Sample Dataset

Feature Desrciptions

Each module extracts a different set of features. For detailed descriptions of the features extracted by each module, see the Feature Descriptions document.

Contributing

We welcome contributions to CyberSecTK! Please see out Contributing Guide for more information.

Project details


Release history Release notifications | RSS feed

This version

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cybersectk-1.0.tar.gz (8.8 kB view details)

Uploaded Source

Built Distribution

cybersectk-1.0-py3-none-any.whl (6.5 kB view details)

Uploaded Python 3

File details

Details for the file cybersectk-1.0.tar.gz.

File metadata

  • Download URL: cybersectk-1.0.tar.gz
  • Upload date:
  • Size: 8.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.18

File hashes

Hashes for cybersectk-1.0.tar.gz
Algorithm Hash digest
SHA256 e01ac887d5ee30ad13bad880d92eec893e80391e9279b07dc4ec0b33cc8cfed5
MD5 86da88346837eb37a3a80d8c00eae01b
BLAKE2b-256 e64ee5d033a4058664e23012c70fd72798514a3a487217112e1f1ffe9879efda

See more details on using hashes here.

File details

Details for the file cybersectk-1.0-py3-none-any.whl.

File metadata

  • Download URL: cybersectk-1.0-py3-none-any.whl
  • Upload date:
  • Size: 6.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.18

File hashes

Hashes for cybersectk-1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 fd902ee759cfe5182ebb7c8570c16e90cd8a6383a503d0fdbecfcc1db1414b58
MD5 61998075cdc8382879ca24c10c5d2ce4
BLAKE2b-256 6c13bc77615b3d9f420a4e1ea3aacb1a168ac2e0f5a88231090b3dcf7fce70f5

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page