Extract signatures from IoT event network traffic
Project description
Extraction of network signatures of IoT events
signature-extraction is a Python package which extracts network pattern signatures,
i.e. a sequence of network flows, from network traffic related to IoT (smart home) events.
Glossary
- (User) event: interaction with an IoT device that triggers a change in its state, and the associated network traffic.
- (Network) packet: unit of data transmitted over a network.
- (Network) 5-tuple: set of five values that uniquely identify a network flow: source IP address, source port, destination IP address, destination port, and layer 4 protocol.
- (Network) flow: time-ordered sequence of network packets having the same network 5-tuple.
- Flow Fingerprint: set of relevant packet features which identify a packet / flow. Includes part of, or all, the packet's 5-tuple, as well as other protocol-dependent features, e.g.:
- HTTP: method, URI
- DNS: query name, query type
- DHCP: message type
- CoAP: message type, method, URI
- Network pattern: sequence of flows / flow fingerprints that repeatedly occurs together, potentially indicating a specific user event.
- (Event) signature: network pattern that uniquely identifies a user event.
Features
This package is split into three main modules, each responsible for part of the pipeline:
pkt_extraction: read PCAP files and extract packets.flow_grouping: group packets per flow and generate the flow fingerprint.event_signature_extraction: extract an event signature from a set of flow fingerprints.
Translation to firewall
Additionally, flow fingerprints can be converted to configuration scripts for @fdekeers's smart-home-firewall, or to a YAML profile exhaustively describing such configuration.
Installation
From PyPI
pip install signature-extraction
From local source
Clone the repository and install the dependencies using pip.
git clone https://github.com/smart-home-network-security/signature-extraction.git
cd signature-extraction
pip install -r requirements.txt
pip install .
License
This project is licensed under the GPL-3.0 License -- see the LICENSE file for details.
Acknowledgements
This work is part of the Smart Home Network Security research project made by @fdekeers and UCLouvain.
It was partially authored by @remivanboxem during his internship at UCLouvain.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file signature_extraction-1.0.10.tar.gz.
File metadata
- Download URL: signature_extraction-1.0.10.tar.gz
- Upload date:
- Size: 39.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6e7d13b5874e3998fef8daa908382202dd81083e9fcdb4c65e2038661bc170d8
|
|
| MD5 |
703ff6995e50d87220461ef9ee05f03e
|
|
| BLAKE2b-256 |
a5ca9032fee55884eb357cf05e580e5a87e133733350fffa245a1267df223420
|
File details
Details for the file signature_extraction-1.0.10-py3-none-any.whl.
File metadata
- Download URL: signature_extraction-1.0.10-py3-none-any.whl
- Upload date:
- Size: 45.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a923e953170007e120cd96327e68095858dbe0d51e03688966547e0f17d55b93
|
|
| MD5 |
2f4fcd1f6d7ffa27a7e69e830e4f4dfd
|
|
| BLAKE2b-256 |
a2f4c34031febba85316182d5510c94e97881fbe7382392dfca5c1ff9eca4bc0
|
