In [None]:
import psutil
import time
import os
import pandas as pd

# Function to monitor system processes
def monitor_system_processes():
    process_info = []
    for proc in psutil.process_iter(['pid', 'name', 'status', 'cpu_percent', 'memory_info']):
        process_info.append(proc.info)
    return process_info

# Function to monitor file changes (simulated for this example)
def monitor_file_system():
    monitored_files = []
    initial_files = set(os.listdir("/tmp"))  # Monitor a folder (sandboxed)
    while True:
        time.sleep(2)
        current_files = set(os.listdir("/tmp"))
        new_files = current_files - initial_files
        deleted_files = initial_files - current_files
        if new_files or deleted_files:
            monitored_files.append((new_files, deleted_files))
        initial_files = current_files
    return monitored_files

# Simulate network traffic monitoring (for simplicity, checking for outgoing connections)
def monitor_network_traffic():
    network_info = []
    for conn in psutil.net_connections(kind='inet'):
        network_info.append((conn.laddr, conn.raddr, conn.status))
    return network_info

# Example of gathering system data during the sandbox execution
def gather_data():
    processes = monitor_system_processes()
    file_changes = monitor_file_system()  # You can adjust this part for actual file monitoring
    network_traffic = monitor_network_traffic()
    
    return processes, file_changes, network_traffic

In [None]:
from sklearn.ensemble import RandomForestClassifier
from sklearn.model_selection import train_test_split
import pandas as pd

# Sample features for training (number of processes, number of file changes, etc.)
data = {
    'num_processes': [15, 50, 30, 100],
    'num_file_changes': [5, 200, 50, 500],
    'num_network_connections': [2, 10, 5, 50],
    'malicious': [0, 1, 0, 1]  # 0 = benign, 1 = malicious
}

df = pd.DataFrame(data)

# Features (system activities) and labels (malicious/benign)
X = df[['num_processes', 'num_file_changes', 'num_network_connections']]
y = df['malicious']

# Split the dataset into training and testing sets
X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.25, random_state=42)

# Train a Random Forest classifier
model = RandomForestClassifier(n_estimators=100, random_state=42)
model.fit(X_train, y_train)

# Evaluate the model
accuracy = model.score(X_test, y_test)
print(f"Model Accuracy: {accuracy * 100:.2f}%")

In [None]:
# Simulate system behavior from a malware sample
def classify_malware_behavior():
    # For this example, we're assuming we observe certain activities
    num_processes = 120  # For example, 120 processes started
    num_file_changes = 400  # 400 files were modified
    num_network_connections = 60  # 60 network connections made

    # Input feature vector
    new_data = [[num_processes, num_file_changes, num_network_connections]]

    # Use the trained model to predict if the behavior is malicious
    prediction = model.predict(new_data)

    if prediction == 1:
        print("Malicious behavior detected!")
    else:
        print("Benign behavior detected.")

# Classify the observed malware behavior
classify_malware_behavior()

In [None]:
def generate_report(malicious_behavior, processes, file_changes, network_traffic):
    report = f"Malware Behavior Report\n"
    report += f"------------------------\n"
    report += f"Classification: {'Malicious' if malicious_behavior == 1 else 'Benign'}\n\n"

    report += f"Observed Processes:\n"
    for proc in processes:
        report += f"- {proc['name']} (PID: {proc['pid']})\n"

    report += f"\nFile System Changes:\n"
    for new_files, deleted_files in file_changes:
        report += f"New Files: {new_files}, Deleted Files: {deleted_files}\n"

    report += f"\nNetwork Traffic:\n"
    for conn in network_traffic:
        report += f"Local Address: {conn[0]}, Remote Address: {conn[1]}, Status: {conn[2]}\n"

    return report

# Generate a report based on malware classification
processes = [{'pid': 123, 'name': 'malware.exe'}, {'pid': 124, 'name': 'malware_helper.exe'}]  # Simulated processes
file_changes = [('new_file.txt', ''), ('', 'old_file.txt')]  # Simulated file changes
network_traffic = [('192.168.0.1', '8.8.8.8', 'ESTABLISHED')]  # Simulated network traffic

report = generate_report(1, processes, file_changes, network_traffic)
print(report)

In [None]:
from flask import Flask, render_template, request

app = Flask(__name__)

@app.route("/")
def home():
    return render_template("index.html")

@app.route("/run_sandbox", methods=["POST"])
def run_sandbox():
    # Malware sample upload (for now, we're simulating the upload)
    uploaded_sample = request.files["malware_sample"]
    # Process and classify the malware behavior (for simplicity, we assume the sample is malware)
    classify_malware_behavior()

    # Simulate the sandbox report generation
    report = generate_report(1, processes, file_changes, network_traffic)
    return render_template("report.html", report=report)

if __name__ == "__main__":
    app.run(debug=True)