In [1]:
# START
#   Set FOLDER = "test_files"

#   Open "baseline.txt" for writing

#   For each file NAME in the list of files in FOLDER:
#     Set PATH = FOLDER + NAME
#     If PATH is a file:
#       Open the file in binary mode
#       Read all the bytes into DATA
#       Compute H = SHA256 hash of DATA
#       Write a line "NAME: H" into "baseline.txt"

#   Close "baseline.txt"
# END



import os
import hashlib

# START
FOLDER = "test_files"

# Open "baseline.txt" for writing
baseline = open("baseline.txt", "w")

# For each file NAME in the list of files in FOLDER:
for file_name in os.listdir(FOLDER):
    path = FOLDER + "/" + file_name   # you used string concatenation, keeping it

    # If PATH is a file:
    if os.path.isfile(path):
        # Open the file in binary mode
        file = open(path, "rb")

        # Read all the bytes into DATA
        data = file.read()

        # Compute H = SHA256 hash of DATA
        h = hashlib.sha256(data).hexdigest()

        # Write a line "NAME: H" into "baseline.txt"
        baseline.write(file_name + ": " + h + "\n")

        # Close the file
        file.close()

# Close "baseline.txt"
baseline.close()
# END

print("Baseline file created successfully.")

    

#  Section 1: File Integrity Checker
# Discussion Points:

# Why use file hashes instead of timestamps or file sizes?

# Hashes detect even the smallest change in file content, while timestamps and sizes can be spoofed or remain unchanged.


# How might malware evade integrity checking?

# By modifying files stealthily, using rootkits to hide changes, or restoring timestamps after tampering.


# What if a legitimate system update changes many hashes?

# You should update the baseline hashes after verifying the update source and integrity, possibly using digital signatures.

FileNotFoundError: [WinError 3] The system cannot find the path specified: 'test_files'

In [2]:
# START
#   Set FOLDER = "test_files"

#   Open "baseline.txt"
#   For each line in "baseline.txt":
#     Split line into NAME and HASH
#     Store in baseline_map[NAME] = HASH

#   Get current_files = list of files in FOLDER

#   For each NAME in current_files:
#     Set PATH = join(FOLDER, NAME)
#     If PATH is a file:
#       Open PATH and read its bytes
#       Compute CURRENT_HASH = SHA256(bytes)

#       If NAME not in baseline_map:
#         Print "NEW file: NAME"
#       Else if baseline_map[NAME] != CURRENT_HASH:
#         Print "MODIFIED file: NAME"

#   For each NAME in baseline_map:
#     If NAME not in current_files:
#       Print "MISSING file: NAME"
# END


    
    
import os
import hashlib

# START
FOLDER = "test_files"

# Open "baseline.txt"
f = open("baseline.txt", "r")

# Create a map to store name → hash
baseline_map = {}

# For each line in "baseline.txt":
for line in f:
    # Split line into NAME and HASH (e.g., "file.txt: abcd1234...")
    parts = line.strip().split(": ")
    if len(parts) == 2:
        name, hash_value = parts
        baseline_map[name] = hash_value

f.close()

# Get current_files = list of files in FOLDER
current_files = os.listdir(FOLDER)

# For each NAME in current_files:
for name in current_files:
    path = FOLDER + "/" + name  # keeping your style with string concatenation

    # If PATH is a file:
    if os.path.isfile(path):
        # Open PATH and read its bytes
        file = open(path, "rb")
        data = file.read()
        file.close()

        # Compute CURRENT_HASH = SHA256(bytes)
        current_hash = hashlib.sha256(data).hexdigest()

        # Compare with baseline
        if name not in baseline_map:
            print("NEW file:", name)
        elif baseline_map[name] != current_hash:
            print("MODIFIED file:", name)

# For each NAME in baseline_map:
for name in baseline_map:
    if name not in current_files:
        print("MISSING file:", name)

# END


# Section 2: Detecting Suspicious File Changes
# Discussion Points:

# How does this complement antivirus scanning?

# It adds a layer of behavioural detection by identifying unexpected changes, even if the malware signature is unknown.


# Limitations if a rootkit hides file access at the kernel level?

# The system may not detect changes because the rootkit intercepts and falsifies file access results.


# How to extend the system to restore modified files?

# Integrate with a secure backup system that automatically restores files when unauthorized changes are detected.





FileNotFoundError: [WinError 3] The system cannot find the path specified: 'test_files'

In [3]:
# START
#   Set FOLDER = "test_files"
#   Set SIGNATURES = ["eval(", "base64.b64decode", "socket.connect", "exec(", "import os"]

#   For each file NAME in the list of files in FOLDER:
#     Set PATH = FOLDER + NAME
#     If PATH is a file:
#       Try to open PATH as a text file and read its content into TEXT
#       If the file can't be read as text (e.g. it's binary), skip it

#       For each PATTERN in SIGNATURES:
#         If PATTERN is found in TEXT:
#           Print "Suspicious pattern PATTERN found in NAME"
# END




import os

# START
folder = "test_files"
signatures = ["eval(", "base64.b64decode", "socket.connect", "exec(", "import os"]

# For each file NAME in the list of files in FOLDER:
for name in os.listdir(folder):
    path = folder + "/" + name   # you like string concatenation — keeping it

    # If PATH is a file:
    if os.path.isfile(path):
        try:
            # Try to open PATH as a text file and read its content
            with open(path, "r", encoding="utf-8") as f:
                text = f.read()
        except Exception:
            # Skip if it can't be read as text (binary, permission issue, etc.)
            continue

        # For each PATTERN in SIGNATURES:
        for pattern in signatures:
            # If PATTERN is found in TEXT:
            if pattern in text:
                print(f"Suspicious pattern {pattern} found in {name}")
# END


# Section 3: Signature-Based Malware Detection
# Discussion Points:

# Why is signature-based detection ineffective against polymorphic/metamorphic viruses?

# These viruses change their code structure or encrypt themselves to avoid matching known signatures.


# Can attackers include harmless “signature-looking” strings?

# Yes, this can trigger false positives and reduce trust in detection systems.


# How do heuristic and behavioural scanners improve this?

# They analyze actions and patterns rather than static code, making them effective against unknown or modified malware.

FileNotFoundError: [WinError 3] The system cannot find the path specified: 'test_files'

In [4]:
# START
#   Set HOSTS = N  (total number of simulated hosts, e.g. 200)
#   Set infected = set containing only host 0  (start with one infected host)
#   Set STEPS = T  (number of time steps to run, e.g. 15)
#   Set TRIES_PER_INFECTED = R  (how many times each infected host tries to infect others per step)
#   Set SUCCESS_PROB = p  (chance of successful infection, between 0 and 1)

#   For each step from 1 to STEPS:
#     Create an empty set called new_infected

#     For each host in infected:
#       Repeat TRIES_PER_INFECTED times:
#         Pick a random target host between 0 and HOSTS - 1
#         If target is not already infected and not in new_infected:
#           Pick a random number r between 0 and 1
#           If r < SUCCESS_PROB:
#             Add target to new_infected

#     Add all new_infected hosts to infected
#     Print "Step", step, "infected count =", number of infected hosts

#     If number of infected hosts equals HOSTS:
#       Print "All hosts infected. Stop."
#       Break the loop
# END
import random

# Parameters (tweak these)
hosts = 200                 # total number of hosts (N)
infected = set([0])         # start with host 0 infected
steps = 15                  # number of time steps (T)
tries_per_infected = 3      # tries per infected host per step (R)
success = 0.05              # success probability p (0 <= p <= 1)

for step in range(1, steps + 1):
    new_infected = set()

    # For each host in infected:
    for host in list(infected):   # list() to snapshot current infected set
        # Repeat TRIES_PER_INFECTED times:
        for _ in range(tries_per_infected):
            # Pick a random target host between 0 and HOSTS - 1
            target = random.randrange(0, hosts)

            # If target is not already infected and not in new_infected:
            if (target not in infected) and (target not in new_infected):
                # Pick a random number r between 0 and 1
                r = random.random()
                # If r < SUCCESS_PROB:
                if r < success:
                    # Add target to new_infected
                    new_infected.add(target)

    # Add all new_infected hosts to infected
    infected.update(new_infected)

    # Print progress
    print("Step", step, "infected count =", len(infected))

    # If all hosts infected, stop early
    if len(infected) >= hosts:
        print("All hosts infected. Stop.")
        break


# Section 4: Worm Propagation Simulation
# Discussion Points:

# Effect of doubling attempts per host on infection curve?

# The infection rate accelerates, potentially overwhelming systems faster.


# Why use local subnet propagation?

# It’s faster and more likely to find vulnerable hosts due to proximity and similar configurations.


# Most effective containment strategy?

# Depends on context, but rate limiting and anomaly detection are generally effective in early containment.





Step 1 infected count = 1
Step 2 infected count = 1
Step 3 infected count = 2
Step 4 infected count = 2
Step 5 infected count = 2
Step 6 infected count = 2
Step 7 infected count = 2
Step 8 infected count = 2
Step 9 infected count = 2
Step 10 infected count = 2
Step 11 infected count = 3
Step 12 infected count = 3
Step 13 infected count = 3
Step 14 infected count = 3
Step 15 infected count = 4


In [5]:
# START
#   Set CHECK_INTERVAL_SECONDS = 2
#   Set THRESHOLD = 50  (if connections go above this, we show a warning)

#   Loop forever:
#     Get CURRENT_ACTIVE_CONNECTIONS (this can be a real or simulated number)
#     Print "Active connections:", CURRENT_ACTIVE_CONNECTIONS

#     If CURRENT_ACTIVE_CONNECTIONS > THRESHOLD:
#       Print "ALERT: high number of connections — possible infection"

#     Wait for CHECK_INTERVAL_SECONDS seconds
# END

        
import time
import random

# keep your original variable names
check_int_sec = 2        # CHECK_INTERVAL_SECONDS
threshhold = 50          # THRESHOLD (note: you spelled it 'threshhold' — kept it)
# start value (will be overwritten each iteration by simulated value)
active_connections = 0

try:
    # Loop forever
    while True:
        # Get CURRENT_ACTIVE_CONNECTIONS (simulated here)
        active_connections = random.randint(0, 100)

        # Print status
        print("Active connections:", active_connections)

        # Alert if above threshold
        if active_connections > threshhold:
            print("ALERT: high number of connections — possible infection")

        # Wait for CHECK_INTERVAL_SECONDS seconds
        time.sleep(check_int_sec)

except KeyboardInterrupt:
    print("\nStopped by user.")

# Section 5: Countermeasure Design Challenge
# Discussion Points:

# Which defence layer fails first in real-world outbreaks?

# Often user awareness or endpoint protection fails first due to phishing or unpatched systems.


# How can AI systems detect abnormal patterns safely?

# By training on diverse, labeled datasets and continuously updating models to adapt to new threats.


# Balancing detection sensitivity and false positives?

# Use tiered alerting, context-aware rules, and feedback loops to refine detection without overwhelming analysts.

Active connections: 34
Active connections: 69
ALERT: high number of connections — possible infection
Active connections: 98
ALERT: high number of connections — possible infection
Active connections: 0
Active connections: 88
ALERT: high number of connections — possible infection
Active connections: 82
ALERT: high number of connections — possible infection
Active connections: 59
ALERT: high number of connections — possible infection

Stopped by user.
