-
Notifications
You must be signed in to change notification settings - Fork 15
/
pacumen_classify_pcap.py
executable file
·60 lines (49 loc) · 1.3 KB
/
pacumen_classify_pcap.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/usr/bin/env python
import pacumen
import getopt
import sys
import scipy.sparse as sparse
import oneclasstree
import cPickle as pickle
import numpy
import matplotlib.pyplot as plt
def print_help():
print '''
run a classifier against a pcap and print the probability that it contains the classified protocol
usage: %s -C classifier <pcap files>
''' % (sys.argv[0])
options,remainder = getopt.getopt(sys.argv[1:], 'C:V')
classifier = None
visualize = False
for opt,arg in options:
if opt == '-C':
classifier = arg
elif opt == '-V':
visualize = True
if plt.get_backend().lower() == 'agg':
plt.switch_backend("Qt4Agg")
if classifier == None or len(remainder) < 1:
print_help()
exit()
try:
with open(classifier, 'rb') as f:
classifier = pickle.load(f)
assert hasattr(classifier, 'classify')
except:
print "could not load classifier"
print_help()
exit()
def _plot(eprobs):
print 'plotting'
probs = numpy.array([0.5, 0.5])
lst = [oneclasstree.bayesian(eprobs[:x,:])[1] for x in range(1, eprobs.shape[0]+1)]
plt.figure()
plt.plot(lst)
plt.show()
for pcap in remainder:
X = pacumen.make_feature_vectors_from_pcap(pcap)
eprobs = classifier.classify(X)
if visualize:
_plot(eprobs)
eprobs = oneclasstree.bayesian(eprobs)
print '%f %s' % (eprobs[1], pcap)