# Streamlined Security with Python Case Study

## Proposed Resolution

## Scenario 1: Automating the Login Process

## Task



In [14]:
# Define lists of approved users and their corresponding assigned devices
approved_users = ["vanessa", "kevin", "maria", "tamara"]
approved_devices = ["245ahw", "fkdjs238", "9hfks12", "sdfhksd2"]

# Function to validate login credentials based on username and device ID
def login(username, device_id):
    # Check if the username exists in the approved users list
    if username in approved_users:
        print("The user", username, "is approved.")

        # Retrieve the index of the username in the approved users list
        ind = approved_users.index(username)

        # Check if the provided device ID matches the assigned device for this user
        if device_id == approved_devices[ind]:
            print(device_id, "is the assigned device for", username)
        else:
            # Handle the case where the device ID does not match
            print(device_id, "is not their assigned device.")
    else:
        # Handle the case where the username is not approved
        print("The username", username, "is not approved to access the system.")

# Test cases to validate the login function
login("vanessa", "245ahw")  # Valid user and correct device ID
login("tamara", "fkdjs238")  # Valid user and correct device ID
login("tom", "309jrt8srt")  # Invalid user
login("nate", "342dfsf")   # Invalid user
login("Tamara", "sdfhksd2")  # Valid device ID but incorrect username capitalization
login("maria", "teqi4")     # Valid user but incorrect device ID


The user vanessa is approved.
245ahw is the assigned device for vanessa
The user tamara is approved.
fkdjs238 is not their assigned device.
The username tom is not approved to access the system.
The username nate is not approved to access the system.
The username Tamara is not approved to access the system.
The user maria is approved.
teqi4 is not their assigned device.


## Scenario 2: Analyzing Login Activities

## Task

In [15]:
# Model 1: # Define lists for approved users and their login activity
usernames = ["vanessa", "kevin", "maria", "tamara"]  # Approved usernames
current_day_logins = [10, 8, 4, 7]  # Number of logins recorded for each user on the current day
average_day_logins = [5, 6, 9, 3]  # Average number of daily logins for each user

# Function to analyze login activity for a specific user
def analyze_logins(username, current_day, average_day):
    # Check if the username exists in the list of approved usernames
    if username in usernames:
        print("The user", username, "is approved.")

        # Get the index of the username to match their login records
        ind = usernames.index(username)

        # Validate the current day's login count against the stored record
        if current_day_logins[ind] == current_day:
            print("The user has logged in", current_day, "times today.")
        else:
            # Handle mismatch in current day login count
            print("The current day login record for", username, "is not valid.")

        # Validate the average daily login count against the stored record
        if average_day_logins[ind] == average_day:
            print("The user's average login count is", average_day, "per day.")
        else:
            # Handle mismatch in average daily login count
            print("The average day login record for", username, "is not valid.")
    else:
        # Handle the case where the username is not on the approved list
        print("The username", username, "is not approved to access the system.")

# Test the function with different scenarios
analyze_logins("vanessa", 10, 5)   # Approved user but incorrect login records
analyze_logins("kevin", 8, 6)     # Approved user but incorrect login records
analyze_logins("maria", 4, 1)     # Approved user but incorrect login records
analyze_logins("Maria", 3, 9)     # Unapproved user due to case sensitivity
analyze_logins("tamara", 7, 3)    # Approved user but incorrect login records

The user vanessa is approved.
The user has logged in 10 times today.
The user's average login count is 5 per day.
The user kevin is approved.
The user has logged in 8 times today.
The user's average login count is 6 per day.
The user maria is approved.
The user has logged in 4 times today.
The average day login record for maria is not valid.
The username Maria is not approved to access the system.
The user tamara is approved.
The user has logged in 7 times today.
The user's average login count is 3 per day.


In [16]:
# Install the necessary package if not already installed
# pip install ipywidgets

# Display the widget for data list
from ipywidgets import widgets, Layout
from IPython.display import display

# Define the data lists
usernames = ["vanessa", "kevin", "maria", "tamara"]
current_day_logins = [10, 8, 4, 7]
average_day_logins = [5, 6, 9, 3]

# Define the dropdown widget for usernames
username_widget = widgets.Dropdown(
    options=usernames,
    description='Username:',
    layout=Layout(width='40%')
)

# Output widget for displaying details
output = widgets.Output()

# Display the widget and output area
display(username_widget, output)

# Define the update function to display login details
def update_login_details(change):
    output.clear_output()  # Clear the previous output
    username = change['new']  # Get the selected username
    if username in usernames:
        ind = usernames.index(username)  # Find the index of the username
        current_day = current_day_logins[ind]
        average_day = average_day_logins[ind]
        with output:
            print(f"Username: {username}")
            print(f"Current Day Logins: {current_day}")
            print(f"Average Day Logins: {average_day}")
    else:
        with output:
            print("Please select a valid username.")

# Attach the update function to the username widget
username_widget.observe(update_login_details, names='value')

Dropdown(description='Username:', layout=Layout(width='40%'), options=('vanessa', 'kevin', 'maria', 'tamara'),…

Output()

In [4]:
# Model 2: Lists of approved users, current day logins, and average day logins
usernames = ["vanessa", "kevin", "maria", "tamara"]
current_day_logins = [10, 8, 4, 7]
average_day_logins = [5, 6, 9, 3]

# Define a function to analyze login activity with detailed checks
def analyze_logins(username, current_day, average_day):
    # Verify if the username is present in the list of approved usernames
    if username in usernames:
        print("The user", username, "is approved.")

        # Retrieve the index of the username in the list
        ind = usernames.index(username)

        # Display the username
        print(f"Username: {username}")

        # Validate and display current day login count
        if current_day == current_day_logins[ind]:
            print(f"Current Day Logins: {current_day}")
        else:
            # Exit early if the provided current day login count is invalid
            print(f"Current day login record for {username} does not match. Expected: {current_day_logins[ind]}, Provided: {current_day}")
            return

        # Display the average day login count for the user
        print(f"Average Day Logins: {average_day_logins[ind]}")

        # Ensure the provided average day login count matches the record
        if average_day == average_day_logins[ind]:
            # Calculate and display the login ratio (current day logins / average day logins)
            login_ratio = current_day / average_day
            print(f"Login Ratio: {login_ratio:.2f}")

            # Flag the account if the login ratio exceeds 3, indicating higher than normal activity
            if login_ratio > 3:
                print("This account has MORE login activity than normal.")
    else:
        # Display a message if the username is not on the approved list
        print("The username", username, "is not approved to access the system.")

# Test the function with various inputs
analyze_logins("kevin", 8, 6)          # Valid case with matching logins
analyze_logins("maria", 4, 9)          # Valid case with normal activity
analyze_logins("tamara", 7, 3)         # High activity case, ratio > 3
analyze_logins("Tamara", 8, 3)         # Invalid due to case sensitivity in username
analyze_logins("tamara", 7, 3)         # Valid case with normal activity
analyze_logins("tamara", 1, 2)         # Valid case with low activity

The user kevin is approved.
Username: kevin
Current Day Logins: 8
Average Day Logins: 6
Login Ratio: 1.33
The user maria is approved.
Username: maria
Current Day Logins: 4
Average Day Logins: 1
Login Ratio: 4.00
This account has MORE login activity than normal.
The user tamara is approved.
Username: tamara
Current Day Logins: 7
Average Day Logins: 3
Login Ratio: 2.33
The username Tamara is not approved to access the system.
The user tamara is approved.
Username: tamara
Current Day Logins: 7
Average Day Logins: 3
The user tamara is approved.
Username: tamara
Current day login record for tamara does not match. Expected: 7, Provided: 1


In [17]:
# Import necessary modules for creating interactive widgets
from ipywidgets import Dropdown, Button, Output, VBox
from IPython.display import display

# Define lists of approved usernames, current day logins, and average day logins
usernames = ["vanessa", "kevin", "maria", "tamara"]
current_day_logins = [10, 8, 4, 7]
average_day_logins = [5, 6, 9, 3]

# Create a dropdown menu for selecting a username from the approved list
username_dropdown = Dropdown(
    options=usernames,  # Populate dropdown with approved usernames
    description='Username:',  # Label for the dropdown
)

# Create a button to trigger the analysis process
run_button = Button(
    description='Analyze Logins',  # Text displayed on the button
    button_style='',  # Optional styling ('success', 'info', 'warning', 'danger', etc.)
    icon='check',  # Optional icon displayed on the button
)

# Create an output area to display results and messages
output_area = Output()

# Define a function to analyze and display login details for the selected username
def display_login_details(username):
    with output_area:
        output_area.clear_output()  # Clear any previous output in the area
        if username in usernames:
            # Retrieve index and corresponding login data for the selected username
            ind = usernames.index(username)
            current_day = current_day_logins[ind]
            average_day = average_day_logins[ind]
            login_ratio = current_day / average_day if average_day else 0  # Handle zero division

            # Display the retrieved login details
            print(f"Username: {username}")
            print(f"Current Day Logins: {current_day}")
            print(f"Average Day Logins: {average_day}")

            # Display the login ratio if average day logins is not zero
            if average_day:
                print(f"Login Ratio: {login_ratio:.2f}")

                # Flag high login activity if the ratio exceeds 3
                if login_ratio > 3:
                    print("This account has more login activity than normal.")
            else:
                # Handle cases where average day logins is zero
                print("Cannot calculate login ratio due to zero average day logins.")
        else:
            # Display an error if the username is not found in the approved list
            print("Username not found in the approved list.")

# Define an event handler for the button to trigger the analysis process
def on_run_button_clicked(b):
    display_login_details(username_dropdown.value)

# Attach the event handler to the "Analyze Logins" button
run_button.on_click(on_run_button_clicked)

# Display the interactive widgets (dropdown, button, and output area) in a vertical layout
display(VBox([username_dropdown, run_button, output_area]))

VBox(children=(Dropdown(description='Username:', options=('vanessa', 'kevin', 'maria', 'tamara'), value='vanes…

## Scenario 3: Finding Patterns Using Regular Expressions

## Task 3



In [7]:
import re

In [20]:
# Malware signature extraction
data = "The malware signature is 0x9ACDAB and needs analysis."
# Regular expression to match the hexadecimal malware signature
hex_signatures = re.findall(r"\b0x[a-fA-F0-9]+\b", data)
print("Found Malware Signatures:", hex_signatures)  # ['0x9ACDAB']

Found Malware Signatures: ['0x9ACDAB']


In [23]:
# Define a string `devices` containing multiple device IDs, each represented by a sequence of alphanumeric characters
devices = "9x482kt 6oa6m6u 253be78 r15u9q5 ac742a1 x3463ac g07h55q 41j1u2e i4l56nq r262c36 ii286fq zh86b2l ii286fq r151dm4 r15xk9h 1270t3o 2j33krk 081qc9t zh86b2l r159r1u 42dr56i 67bv8fy"

# Define a regular expression pattern `target_pattern` to match device IDs starting with "r15" followed by one or more alphanumeric characters
target_pattern = r"r15\w+"

# Use the `re.findall()` function to search for all device IDs in `devices` that match the specified pattern
# The function returns a list of all matching device IDs
device_ids = (re.findall(target_pattern, devices))
print("Device IDs starting with 'r15':", device_ids)  # List of matching device IDs

Device IDs starting with 'r15': ['r15u9q5', 'r151dm4', 'r15xk9h', 'r159r1u']


In [24]:
# Define a string `log_file` that contains multiple login attempt entries
# Each entry includes a username, date, time, and an IP address
log_file = "daquino 22024-11-08 7:02:35 192.168.168.144 \rjensen 2024-11-20 0:59:26 192.168.213.128 \cjackson 2025-01-05 19:36:42 192.168.247.153 \iuduike 2024-11-15 6:46:40 192.168.22.115 \jrafael 2024-12-01 22:40:01 192.168.148.115 \smartell 2024-11-25 19:30:32 192.168.190.178 \asundara 2024-12-10 18:38:07 192.168.96.200 \arutley 2025-01-12 17:00:59 1923.1689.3.24 \dkot 2024-12-20 10:52:00 1921.168.1283.75 \aestrada 2024-11-30 19:28:12 1924.1680.27.57 \abernard 2025-01-18 23:38:46 19245.168.2345.49 \alevitsk 2024-11-05 12:09:10 192.16874.1390.176 \jclark 2024-11-12 10:48:02 192.168.174.117 \eraab 2024-11-22 6:03:41 192.168.152.148 \yappiah 2025-01-09 10:37:22 192.168.103.10654"

# Define a regular expression pattern `pattern` to match valid IP addresses of the format xxx.xxx.xxx.xxx
# This pattern specifically matches four groups of three digits separated by periods
# Note: The provided pattern may match invalid IP formats if octets exceed three digits (e.g., 1923.1689.3.24)
pattern = r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"

# Use the `re.findall()` function to extract all substrings from `log_file` that match the IP address pattern
# The function returns a list of all matched IP-like substrings
valid_ip_addresses = (re.findall(pattern, log_file))
print("Valid IP addresses found:", valid_ip_addresses)

Valid IP addresses found: ['192.168.168.144', '192.168.213.128', '192.168.247.153', '192.168.22.115', '192.168.148.115', '192.168.190.178', '192.168.96.200', '192.168.174.117', '192.168.152.148', '192.168.103.106']


In [25]:
# Define `log_file` as a string containing login attempts, where each record includes:
# a username, date, login time, and an associated IP address
log_file = "daquino 22024-11-08 7:02:35 192.168.168.144 \rjensen 2024-11-20 0:59:26 192.168.213.128 \cjackson 2025-01-05 19:36:42 192.168.247.153 \iuduike 2024-11-15 6:46:40 192.168.22.115 \jrafael 2024-12-01 22:40:01 192.168.148.115 \smartell 2024-11-25 19:30:32 192.168.190.178 \asundara 2024-12-10 18:38:07 192.168.96.200 \arutley 2025-01-12 17:00:59 1923.1689.3.24 \dkot 2024-12-20 10:52:00 1921.168.1283.75 \aestrada 2024-11-30 19:28:12 1924.1680.27.57 \abernard 2025-01-18 23:38:46 19245.168.2345.49 \alevitsk 2024-11-05 12:09:10 192.16874.1390.176 \jclark 2024-11-12 10:48:02 192.168.174.117 \eraab 2024-11-22 6:03:41 192.168.152.148 \yappiah 2025-01-09 10:37:22 192.168.103.10654"

# Define `pattern` as a regular expression to identify valid IPv4 addresses
# The pattern matches four groups of 1 to 3 digits separated by dots
pattern = r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"

# Use `re.findall()` to extract all valid IPv4 addresses from `log_file`
# The result is stored in `valid_ip_addresses`
valid_ip_addresses = re.findall(pattern, log_file)

# Define `flagged_addresses` as a list of IP addresses identified for unusual activity
flagged_addresses = ["192.168.247.153", "192.168.22.115", "1924.1680.27.57", "192.168.152.148"]

# Iterate through each `address` in `valid_ip_addresses`
for address in valid_ip_addresses:

    # Check if the `address` is in the `flagged_addresses` list
    # If it is flagged, display a message indicating that further analysis is required
    # If the `address` is not flagged, display a message indicating no further analysis is needed
    if address in flagged_addresses:
        print(f"The IP address {address} has been flagged for further analysis.")
    else:
        print(f"The IP address {address} does not require further analysis.")

The IP address 192.168.168.144 does not require further analysis.
The IP address 192.168.213.128 does not require further analysis.
The IP address 192.168.247.153 has been flagged for further analysis.
The IP address 192.168.22.115 has been flagged for further analysis.
The IP address 192.168.148.115 does not require further analysis.
The IP address 192.168.190.178 does not require further analysis.
The IP address 192.168.96.200 does not require further analysis.
The IP address 192.168.174.117 does not require further analysis.
The IP address 192.168.152.148 has been flagged for further analysis.
The IP address 192.168.103.106 does not require further analysis.
