<a href="https://colab.research.google.com/github/ekaterina533/dataset/blob/main/%D0%9C%D0%BE%D0%B4%D0%B5%D0%BB%D1%8C1.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# –ù–æ–≤—ã–π —Ä–∞–∑–¥–µ–ª

In [20]:
!pip install scapy dpkt pandas numpy scikit-learn matplotlib ipywidgets



In [3]:
%%writefile security_system.py
import os
import zipfile
import pandas as pd
import numpy as np
from sklearn.preprocessing import RobustScaler, LabelEncoder
from sklearn.ensemble import IsolationForest
import dpkt
import socket
from collections import defaultdict, Counter
import matplotlib.pyplot as plt
from urllib.request import urlretrieve
import ipywidgets as widgets
from IPython.display import display, clear_output
import time
from typing import List, Dict, Any, Optional

# 1. –ö–ª–∞—Å—Å –¥–ª—è –∞–Ω–∞–ª–∏–∑–∞ —Ç—Ä–∞—Ñ–∏–∫–∞
class TrafficAnalyzer:
    def __init__(self):
        self.model = IsolationForest(n_estimators=100, contamination=0.05, random_state=42)
        self.encoders = {}
        self.scaler = RobustScaler()
        self.attack_stats = defaultdict(int)
        self.traffic_stats = defaultdict(int)
        self.feature_order = ['length', 'ttl', 'src_port', 'dst_port', 'src_ip', 'dst_ip', 'protocol']  # –§–∏–∫—Å–∏—Ä–æ–≤–∞–Ω–Ω—ã–π –ø–æ—Ä—è–¥–æ–∫

    def preprocess(self, df: pd.DataFrame) -> pd.DataFrame:
        """–ü—Ä–µ–¥–æ–±—Ä–∞–±–æ—Ç–∫–∞ –¥–∞–Ω–Ω—ã—Ö —Å —Å–æ—Ö—Ä–∞–Ω–µ–Ω–∏–µ–º –ø–æ—Ä—è–¥–∫–∞ –ø—Ä–∏–∑–Ω–∞–∫–æ–≤"""
        # –ó–∞–ø–æ–ª–Ω–µ–Ω–∏–µ –æ—Ç—Å—É—Ç—Å—Ç–≤—É—é—â–∏—Ö –∑–Ω–∞—á–µ–Ω–∏–π
        for col in ['src_port', 'dst_port']:
            if col in df.columns:
                df[col] = df[col].fillna(0).astype(int)

        # –ö–æ–¥–∏—Ä–æ–≤–∞–Ω–∏–µ –∫–∞—Ç–µ–≥–æ—Ä–∏–∞–ª—å–Ω—ã—Ö –ø—Ä–∏–∑–Ω–∞–∫–æ–≤
        for col in ['src_ip', 'dst_ip', 'protocol']:
            if col in df.columns:
                self.encoders[col] = LabelEncoder()
                df[col] = self.encoders[col].fit_transform(df[col].astype(str))

        # –ù–æ—Ä–º–∞–ª–∏–∑–∞—Ü–∏—è —á–∏—Å–ª–æ–≤—ã—Ö –ø—Ä–∏–∑–Ω–∞–∫–æ–≤
        numeric_cols = ['length', 'ttl', 'src_port', 'dst_port']
        numeric_cols = [col for col in numeric_cols if col in df.columns]

        if numeric_cols:
            df[numeric_cols] = self.scaler.fit_transform(df[numeric_cols])

        # –í–æ–∑–≤—Ä–∞—â–∞–µ–º —Ç–æ–ª—å–∫–æ –Ω—É–∂–Ω—ã–µ –ø—Ä–∏–∑–Ω–∞–∫–∏ –≤ —Ñ–∏–∫—Å–∏—Ä–æ–≤–∞–Ω–Ω–æ–º –ø–æ—Ä—è–¥–∫–µ
        return df[[col for col in self.feature_order if col in df.columns]]

    def train(self, normal_traffic: pd.DataFrame):
        """–û–±—É—á–µ–Ω–∏–µ –º–æ–¥–µ–ª–∏ —Å –∫–æ–Ω—Ç—Ä–æ–ª–µ–º –ø–æ—Ä—è–¥–∫–∞ –ø—Ä–∏–∑–Ω–∞–∫–æ–≤"""
        # –û—Å—Ç–∞–≤–ª—è–µ–º —Ç–æ–ª—å–∫–æ –Ω—É–∂–Ω—ã–µ —Å—Ç–æ–ª–±—Ü—ã –≤ –ø—Ä–∞–≤–∏–ª—å–Ω–æ–º –ø–æ—Ä—è–¥–∫–µ
        train_data = normal_traffic[[col for col in self.feature_order if col in normal_traffic.columns]]
        self.model.fit(train_data)

    def detect_anomalies(self, packets: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
        """–û–±–Ω–∞—Ä—É–∂–µ–Ω–∏–µ –∞–Ω–æ–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤"""
        features = []
        valid_packets = []

        for pkt in packets:
            feat = self._extract_features(pkt)
            if feat is not None:
                features.append(feat)
                valid_packets.append(pkt)

        if features:
            try:
                # –°–æ–∑–¥–∞–µ–º DataFrame —Å –ø—Ä–∞–≤–∏–ª—å–Ω—ã–º –ø–æ—Ä—è–¥–∫–æ–º –ø—Ä–∏–∑–Ω–∞–∫–æ–≤
                feature_df = pd.DataFrame(features, columns=[col for col in self.feature_order if col in self.encoders or col in ['length', 'ttl', 'src_port', 'dst_port']])
                preds = self.model.predict(feature_df)
                return [pkt for pkt, pred in zip(valid_packets, preds) if pred == -1]
            except Exception as e:
                print(f"–û—à–∏–±–∫–∞ –ø—Ä–µ–¥—Å–∫–∞–∑–∞–Ω–∏—è: {str(e)}")
                print(f"–ò—Å–ø–æ–ª—å–∑–æ–≤–∞–Ω–Ω—ã–µ –ø—Ä–∏–∑–Ω–∞–∫–∏: {feature_df.columns.tolist()}")
                print(f"–û–∂–∏–¥–∞–µ–º—ã–µ –ø—Ä–∏–∑–Ω–∞–∫–∏: {self.model.feature_names_in_}")
                return []
        return []

    def _extract_features(self, pkt: Dict[str, Any]) -> Optional[List[float]]:
        """–ò–∑–≤–ª–µ—á–µ–Ω–∏–µ –ø—Ä–∏–∑–Ω–∞–∫–æ–≤ –∏–∑ –ø–∞–∫–µ—Ç–∞"""
        try:
            features = []
            for col in self.feature_order:
                if col in ['length', 'ttl', 'src_port', 'dst_port']:
                    features.append(pkt.get(col, 0))
                elif col in self.encoders:
                    val = str(pkt.get(col, '0'))
                    if val in self.encoders[col].classes_:
                        features.append(self.encoders[col].transform([val])[0])
                    else:
                        features.append(0)
            return features
        except Exception as e:
            print(f"–û—à–∏–±–∫–∞ –∏–∑–≤–ª–µ—á–µ–Ω–∏—è –ø—Ä–∏–∑–Ω–∞–∫–æ–≤: {str(e)}")
            return None

# 2. –ö–ª–∞—Å—Å –¥–ª—è —É–ø—Ä–∞–≤–ª–µ–Ω–∏—è —Ç—Ä–∞—Ñ–∏–∫–æ–º
class TrafficManager:
    def __init__(self):
        self.blocked_ips = set()
        self.rate_limited_ips = {}
        self.load_history = []

    def get_recommendations(self, attack_type, src_ip):
        recommendations = []

        if attack_type == "DDoS":
            recommendations.extend([
                "1. –ë–ª–æ–∫–∏—Ä–æ–≤–∞—Ç—å IP –Ω–∞ firewall",
                "2. –û–≥—Ä–∞–Ω–∏—á–∏—Ç—å —Å–∫–æ—Ä–æ—Å—Ç—å –¥–ª—è —ç—Ç–æ–≥–æ IP",
                "3. –ü–µ—Ä–µ–Ω–∞–ø—Ä–∞–≤–∏—Ç—å —Ç—Ä–∞—Ñ–∏–∫ —á–µ—Ä–µ–∑ scrubbing center"
            ])
        elif attack_type == "Port Scan":
            recommendations.extend([
                "1. –ó–∞–∫—Ä—ã—Ç—å –Ω–µ–∏—Å–ø–æ–ª—å–∑—É–µ–º—ã–µ –ø–æ—Ä—Ç—ã",
                "2. –í–∫–ª—é—á–∏—Ç—å stealth mode",
                "3. –î–æ–±–∞–≤–∏—Ç—å IP –≤ blacklist"
            ])

        recommendations.append("4. –û—Ç–ø—Ä–∞–≤–∏—Ç—å —É–≤–µ–¥–æ–º–ª–µ–Ω–∏–µ –∞–¥–º–∏–Ω–∏—Å—Ç—Ä–∞—Ç–æ—Ä—É")
        return recommendations

    def get_load_balance_recommendations(self, cpu_load, mem_load):
        recommendations = []

        if cpu_load > 80:
            recommendations.append("1. –£–≤–µ–ª–∏—á–∏—Ç—å –∫–æ–ª–∏—á–µ—Å—Ç–≤–æ worker-–ø—Ä–æ—Ü–µ—Å—Å–æ–≤")
            recommendations.append("2. –ü–µ—Ä–µ–Ω–µ—Å—Ç–∏ —á–∞—Å—Ç—å –Ω–∞–≥—Ä—É–∑–∫–∏ –Ω–∞ backup-—Å–µ—Ä–≤–µ—Ä")

        if mem_load > 80:
            recommendations.append("3. –û–ø—Ç–∏–º–∏–∑–∏—Ä–æ–≤–∞—Ç—å –∫—ç—à–∏—Ä–æ–≤–∞–Ω–∏–µ")
            recommendations.append("4. –£–≤–µ–ª–∏—á–∏—Ç—å swap-–ø—Ä–æ—Å—Ç—Ä–∞–Ω—Å—Ç–≤–æ")

        if not recommendations:
            recommendations.append("–°–∏—Å—Ç–µ–º–∞ —Ä–∞–±–æ—Ç–∞–µ—Ç –≤ –Ω–æ—Ä–º–∞–ª—å–Ω–æ–º —Ä–µ–∂–∏–º–µ")

        return recommendations

# 3. –ü–∞—Ä—Å–µ—Ä PCAP-—Ñ–∞–π–ª–æ–≤
def parse_pcap(file_path: str) -> List[Dict[str, Any]]:
    """–ü–∞—Ä—Å–∏–Ω–≥ PCAP-—Ñ–∞–π–ª–∞ –≤ —Å–ø–∏—Å–æ–∫ –ø–∞–∫–µ—Ç–æ–≤"""
    packets = []
    with open(file_path, 'rb') as f:
        try:
            pcap = dpkt.pcap.Reader(f)
            for ts, buf in pcap:
                try:
                    eth = dpkt.ethernet.Ethernet(buf)
                    if not isinstance(eth.data, dpkt.ip.IP):
                        continue

                    ip = eth.data
                    transport = ip.data

                    packet = {
                        'timestamp': ts,
                        'src_ip': socket.inet_ntoa(ip.src),
                        'dst_ip': socket.inet_ntoa(ip.dst),
                        'length': ip.len,
                        'ttl': ip.ttl,
                        'protocol': 'other'
                    }

                    if isinstance(transport, dpkt.tcp.TCP):
                        packet.update({
                            'protocol': 'tcp',
                            'src_port': transport.sport,
                            'dst_port': transport.dport,
                            'flags': transport.flags
                        })
                    elif isinstance(transport, dpkt.udp.UDP):
                        packet.update({
                            'protocol': 'udp',
                            'src_port': transport.sport,
                            'dst_port': transport.dport
                        })

                    packets.append(packet)
                except Exception as e:
                    continue
        except Exception as e:
            print(f"–û—à–∏–±–∫–∞ —á—Ç–µ–Ω–∏—è —Ñ–∞–π–ª–∞ {file_path}: {str(e)}")

    return packets

# 4. –ò–Ω—Ç–µ—Ä—Ñ–µ–π—Å –∞–¥–º–∏–Ω–∏—Å—Ç—Ä–∞—Ç–æ—Ä–∞
class AdminInterface:
    def __init__(self, analyzer, manager):
        self.analyzer = analyzer
        self.manager = manager
        self.setup_ui()

    def setup_ui(self):
        self.output = widgets.Output()
        self.recommendation_dropdown = widgets.Dropdown(options=[], description='–î–µ–π—Å—Ç–≤–∏–µ:')
        self.execute_button = widgets.Button(description="–í—ã–ø–æ–ª–Ω–∏—Ç—å")
        self.execute_button.on_click(self.execute_action)

        display(self.output)

    def show_attack_alert(self, attack_packets):
        with self.output:
            clear_output()
            print("üö® –û–±–Ω–∞—Ä—É–∂–µ–Ω–∞ –ø–æ—Ç–µ–Ω—Ü–∏–∞–ª—å–Ω–∞—è –∞—Ç–∞–∫–∞!")
            print(f"–¢–∏–ø –∞—Ç–∞–∫–∏: {self.detect_attack_type(attack_packets)}")
            print("–†–µ–∫–æ–º–µ–Ω–¥—É–µ–º—ã–µ –¥–µ–π—Å—Ç–≤–∏—è:")

            src_ip = attack_packets[0]['src_ip']
            recommendations = self.manager.get_recommendations(self.detect_attack_type(attack_packets), src_ip)
            self.recommendation_dropdown.options = recommendations

            display(self.recommendation_dropdown)
            display(self.execute_button)

    def show_load_alert(self, cpu_load, mem_load):
        with self.output:
            clear_output()
            print("‚öñÔ∏è –ù–∞–≥—Ä—É–∑–∫–∞ –Ω–∞ —Å–∏—Å—Ç–µ–º—É:")
            print(f"CPU: {cpu_load}%, MEM: {mem_load}%")
            print("–†–µ–∫–æ–º–µ–Ω–¥–∞—Ü–∏–∏ –ø–æ –±–∞–ª–∞–Ω—Å–∏—Ä–æ–≤–∫–µ:")

            recommendations = self.manager.get_load_balance_recommendations(cpu_load, mem_load)
            self.recommendation_dropdown.options = recommendations

            display(self.recommendation_dropdown)
            display(self.execute_button)

    def detect_attack_type(self, packets):
        if len(packets) > 1000:
            return "DDoS"
        elif len(set(p['dst_port'] for p in packets)) > 20:
            return "Port Scan"
        else:
            return "Unknown"

    def execute_action(self, b):
        with self.output:
            action = self.recommendation_dropdown.value
            print(f"–í—ã–ø–æ–ª–Ω—è–µ—Ç—Å—è: {action}...")
            time.sleep(1)
            print("‚úÖ –î–µ–π—Å—Ç–≤–∏–µ –≤—ã–ø–æ–ª–Ω–µ–Ω–æ")

# 5. –ì–ª–∞–≤–Ω–∞—è —Å–∏—Å—Ç–µ–º–∞
class SecuritySystem:
    def __init__(self):
        self.analyzer = TrafficAnalyzer()
        self.manager = TrafficManager()
        self.interface = AdminInterface(self.analyzer, self.manager)

        # –ò–º–∏—Ç–∞—Ü–∏—è —Å–∏—Å—Ç–µ–º–Ω–æ–≥–æ –º–æ–Ω–∏—Ç–æ—Ä–∏–Ω–≥–∞
        self.cpu_load = 30
        self.mem_load = 45

    def load_dataset(self, pcap_files: List[str]) -> List[Dict[str, Any]]:
        all_packets = []
        for file in pcap_files:
            print(f"–û–±—Ä–∞–±–æ—Ç–∫–∞ —Ñ–∞–π–ª–∞: {os.path.basename(file)}")
            packets = parse_pcap(file)
            print(f"–ò–∑–≤–ª–µ—á–µ–Ω–æ –ø–∞–∫–µ—Ç–æ–≤: {len(packets)}")

            # –ü—Ä–æ–≤–µ—Ä–∫–∞ –Ω–∞–ª–∏—á–∏—è –æ–±—è–∑–∞—Ç–µ–ª—å–Ω—ã—Ö –ø–æ–ª–µ–π
            if packets and all(key in packets[0] for key in ['length', 'ttl', 'src_ip', 'dst_ip', 'protocol']):
                all_packets.extend(packets)
            else:
                print(f"–§–∞–π–ª {file} –Ω–µ —Å–æ–¥–µ—Ä–∂–∏—Ç –Ω–µ–æ–±—Ö–æ–¥–∏–º—ã—Ö –ø–æ–ª–µ–π")

        if not all_packets:
            raise ValueError("–ù–µ —É–¥–∞–ª–æ—Å—å –∏–∑–≤–ª–µ—á—å –ø–∞–∫–µ—Ç—ã —Å –Ω–µ–æ–±—Ö–æ–¥–∏–º—ã–º–∏ –ø–æ–ª—è–º–∏")

        df = pd.DataFrame(all_packets)
        processed_df = self.analyzer.preprocess(df)

        # –ò—Å–ø–æ–ª—å–∑—É–µ–º 70% –¥–∞–Ω–Ω—ã—Ö –¥–ª—è –æ–±—É—á–µ–Ω–∏—è
        train_size = int(0.7 * len(processed_df))
        self.analyzer.train(processed_df.iloc[:train_size])

        return all_packets

    def simulate_attacks(self, packets: List[Dict[str, Any]]):
        """–ò–º–∏—Ç–∞—Ü–∏—è –æ–±–Ω–∞—Ä—É–∂–µ–Ω–∏—è –∞—Ç–∞–∫ –∏ –≤—ã—Å–æ–∫–æ–π –Ω–∞–≥—Ä—É–∑–∫–∏"""
        # –ü—Ä–æ–≤–µ—Ä—è–µ–º –ø–µ—Ä–≤—ã–µ 500 –ø–∞–∫–µ—Ç–æ–≤ (—É–≤–µ–ª–∏—á–∏–ª–∏ –¥–ª—è –ª—É—á—à–µ–≥–æ –æ–±–Ω–∞—Ä—É–∂–µ–Ω–∏—è)
        test_packets = packets[:1000]

        # –û–±–Ω–∞—Ä—É–∂–µ–Ω–∏–µ –∞–Ω–æ–º–∞–ª–∏–π
        attack_packets = self.analyzer.detect_anomalies(test_packets)
        if attack_packets:
            attack_type = self.interface.detect_attack_type(attack_packets)
            self.analyzer.attack_stats[attack_type] += len(attack_packets)
            print(f"–û–±–Ω–∞—Ä—É–∂–µ–Ω–æ {len(attack_packets)} –∞–Ω–æ–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤ ({attack_type})")
            self.interface.show_attack_alert(attack_packets)
        else:
            print("–ê–Ω–æ–º–∞–ª–∏–π –Ω–µ –æ–±–Ω–∞—Ä—É–∂–µ–Ω–æ")

        # –ò–º–∏—Ç–∞—Ü–∏—è –≤—ã—Å–æ–∫–æ–π –Ω–∞–≥—Ä—É–∑–∫–∏ (30% chance)
        if np.random.random() > 0.7:
            self.cpu_load = min(100, self.cpu_load + np.random.randint(20, 60))
            self.mem_load = min(100, self.mem_load + np.random.randint(10, 40))
            print(f"–ù–∞–≥—Ä—É–∑–∫–∞ –Ω–∞ —Å–∏—Å—Ç–µ–º—É: CPU={self.cpu_load}%, MEM={self.mem_load}%")
            self.interface.show_load_alert(self.cpu_load, self.mem_load)

# 6. –ó–∞–≥—Ä—É–∑–∫–∞ –¥–∞–Ω–Ω—ã—Ö
def download_and_extract_zip():
    zip_url = "https://github.com/westermo/network-traffic-dataset/raw/main/data/extended/pcaps/right.zip"
    zip_path = "right.zip"
    extract_dir = "right"

    if not os.path.exists(extract_dir):
        print("‚¨áÔ∏è –ó–∞–≥—Ä—É–∑–∫–∞ ZIP-–∞—Ä—Ö–∏–≤–∞...")
        urlretrieve(zip_url, zip_path)

        print("üì¶ –†–∞—Å–ø–∞–∫–æ–≤–∫–∞ –∞—Ä—Ö–∏–≤–∞...")
        with zipfile.ZipFile(zip_path, 'r') as zip_ref:
            zip_ref.extractall(extract_dir)

        os.remove(zip_path)

    return [os.path.join(extract_dir, f) for f in os.listdir(extract_dir) if f.endswith('.pcap')]

# 7. –ó–∞–ø—É—Å–∫ —Å–∏—Å—Ç–µ–º—ã
def main():
    print("üîÑ –ó–∞–ø—É—Å–∫ —Å–∏—Å—Ç–µ–º—ã –±–µ–∑–æ–ø–∞—Å–Ω–æ—Å—Ç–∏...")

    # –ó–∞–≥—Ä—É–∑–∫–∞ –¥–∞–Ω–Ω—ã—Ö
    pcap_files = download_and_extract_zip()
    print(f"–ù–∞–π–¥–µ–Ω–æ {len(pcap_files)} PCAP-—Ñ–∞–π–ª–æ–≤")

    # –ò–Ω–∏—Ü–∏–∞–ª–∏–∑–∞—Ü–∏—è —Å–∏—Å—Ç–µ–º—ã
    system = SecuritySystem()
    packets = system.load_dataset(pcap_files)

    # –ê–Ω–∞–ª–∏–∑ —Ç—Ä–∞—Ñ–∏–∫–∞
    print("üîç –ê–Ω–∞–ª–∏–∑ —Ç—Ä–∞—Ñ–∏–∫–∞...")
    system.simulate_attacks(packets)

    print("\n‚úÖ –°–∏—Å—Ç–µ–º–∞ –≥–æ—Ç–æ–≤–∞ –∫ —Ä–∞–±–æ—Ç–µ")
    print("–ú–æ–Ω–∏—Ç–æ—Ä–∏–Ω–≥ —Ç—Ä–∞—Ñ–∏–∫–∞ –∏ –Ω–∞–≥—Ä—É–∑–∫–∏ –≤—ã–ø–æ–ª–Ω—è–µ—Ç—Å—è –≤ —Ñ–æ–Ω–æ–≤–æ–º —Ä–µ–∂–∏–º–µ...")

if __name__ == "__main__":
    main()


Writing security_system.py


In [23]:
%%writefile generate_test_traffic.py
import random
import time
from scapy.all import *
from scapy.layers.inet import IP, TCP, UDP, Ether

def generate_normal_traffic(output_file="normal_traffic.pcap", packet_count=10000):
    """–ì–µ–Ω–µ—Ä–∞—Ü–∏—è –Ω–æ—Ä–º–∞–ª—å–Ω–æ–≥–æ —Ç—Ä–∞—Ñ–∏–∫–∞ —Å Ethernet-–∑–∞–≥–æ–ª–æ–≤–∫–∞–º–∏"""
    packets = []
    for i in range(packet_count):
        eth = Ether(src="00:11:22:33:44:55", dst="66:77:88:99:aa:bb")
        ip = IP(src=f"192.168.{random.randint(0, 255)}.{random.randint(1, 254)}",
                dst=f"10.0.{random.randint(0, 255)}.{random.randint(1, 254)}")

        if random.choice([True, False]):
            pkt = eth/ip/TCP(sport=random.randint(1024, 65535),
                            dport=random.choice([80, 443, 22, 21]))
        else:
            pkt = eth/ip/UDP(sport=random.randint(1024, 65535),
                            dport=random.choice([53, 67, 68]))

        packets.append(pkt)

    wrpcap(output_file, packets)
    print(f"–°–≥–µ–Ω–µ—Ä–∏—Ä–æ–≤–∞–Ω–æ {packet_count} –Ω–æ—Ä–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤ –≤ {output_file}")

def generate_ddos_attack(output_file="ddos_attack.pcap", packet_count=300):
    """–ì–µ–Ω–µ—Ä–∞—Ü–∏—è DDoS –∞—Ç–∞–∫–∏"""
    packets = []
    target_ip = "10.0.0.1"

    for i in range(packet_count):
        eth = Ether(src="00:11:22:33:44:55", dst="66:77:88:99:aa:bb")
        ip = IP(src=f"{random.randint(1, 255)}.{random.randint(1, 255)}.{random.randint(1, 255)}.{random.randint(1, 255)}",
                dst=target_ip)
        pkt = eth/ip/TCP(dport=80, flags="S")
        packets.append(pkt)

    wrpcap(output_file, packets)
    print(f"–°–≥–µ–Ω–µ—Ä–∏—Ä–æ–≤–∞–Ω–æ {packet_count} DDoS –ø–∞–∫–µ—Ç–æ–≤ –≤ {output_file}")

if __name__ == "__main__":
    generate_normal_traffic()
    generate_ddos_attack()

Overwriting generate_test_traffic.py


In [5]:
%%writefile test_model.py
import os
from security_system import SecuritySystem

def test_model():
    system = SecuritySystem()
    test_files = ["normal_traffic.pcap", "ddos_attack.pcap"]

    for file in test_files:
        if not os.path.exists(file):
            print(f"–§–∞–π–ª {file} –Ω–µ –Ω–∞–π–¥–µ–Ω!")
            return

    print("\n=== –¢–µ—Å—Ç –Ω–æ—Ä–º–∞–ª—å–Ω–æ–≥–æ —Ç—Ä–∞—Ñ–∏–∫–∞ ===")
    normal_packets = system.load_dataset(["normal_traffic.pcap"])
    system.simulate_attacks(normal_packets)

    print("\n=== –¢–µ—Å—Ç DDoS –∞—Ç–∞–∫–∏ ===")
    attack_packets = system.load_dataset(["ddos_attack.pcap"])
    system.simulate_attacks(attack_packets)

if __name__ == "__main__":
    test_model()

Writing test_model.py


In [6]:
%%writefile perfomance_test.py
import time
import random
import pandas as pd
from security_system import TrafficAnalyzer

def test_performance():
    analyzer = TrafficAnalyzer()

    # –ì–µ–Ω–µ—Ä–∞—Ü–∏—è —Ç–µ—Å—Ç–æ–≤—ã—Ö –¥–∞–Ω–Ω—ã—Ö
    data = {
        'src_ip': [f"192.168.1.{i}" for i in range(1, 1001)],
        'dst_ip': [f"10.0.0.{i%100}" for i in range(1, 1001)],
        'protocol': ['tcp' if i%2 else 'udp' for i in range(1, 1001)],
        'length': [random.randint(40, 1500) for _ in range(1000)],
        'ttl': [random.randint(32, 128) for _ in range(1000)],
        'src_port': [random.randint(1024, 65535) for _ in range(1000)],
        'dst_port': [random.choice([80, 443, 22, 53]) for _ in range(1000)]
    }
    df = pd.DataFrame(data)

    # –¢–µ—Å—Ç –ø—Ä–µ–¥–æ–±—Ä–∞–±–æ—Ç–∫–∏
    start_time = time.time()
    processed_df = analyzer.preprocess(df)
    preprocess_time = time.time() - start_time

    # –¢–µ—Å—Ç –æ–±—É—á–µ–Ω–∏—è
    start_time = time.time()
    analyzer.train(processed_df)
    train_time = time.time() - start_time

    # –¢–µ—Å—Ç –ø—Ä–µ–¥—Å–∫–∞–∑–∞–Ω–∏—è
    test_data = df.iloc[:100].to_dict('records')
    start_time = time.time()
    anomalies = analyzer.detect_anomalies(test_data)
    predict_time = time.time() - start_time

    print("\n=== –†–µ–∑—É–ª—å—Ç–∞—Ç—ã —Ç–µ—Å—Ç–∏—Ä–æ–≤–∞–Ω–∏—è –ø—Ä–æ–∏–∑–≤–æ–¥–∏—Ç–µ–ª—å–Ω–æ—Å—Ç–∏ ===")
    print(f"–í—Ä–µ–º—è –ø—Ä–µ–¥–æ–±—Ä–∞–±–æ—Ç–∫–∏ (1000 –∑–∞–ø–∏—Å–µ–π): {preprocess_time:.4f} —Å–µ–∫")
    print(f"–í—Ä–µ–º—è –æ–±—É—á–µ–Ω–∏—è –º–æ–¥–µ–ª–∏: {train_time:.4f} —Å–µ–∫")
    print(f"–í—Ä–µ–º—è –ø—Ä–µ–¥—Å–∫–∞–∑–∞–Ω–∏—è (100 –∑–∞–ø–∏—Å–µ–π): {predict_time:.4f} —Å–µ–∫")
    print(f"–û–±–Ω–∞—Ä—É–∂–µ–Ω–æ –∞–Ω–æ–º–∞–ª–∏–π: {len(anomalies)}")

if __name__ == "__main__":
    test_performance()

Writing perfomance_test.py


In [7]:
%%writefile accuracy_test.py
import numpy as np
import pandas as pd
from sklearn.metrics import classification_report
from security_system import TrafficAnalyzer

def test_accuracy():
    # 1. –ò–Ω–∏—Ü–∏–∞–ª–∏–∑–∞—Ü–∏—è –∞–Ω–∞–ª–∏–∑–∞—Ç–æ—Ä–∞
    analyzer = TrafficAnalyzer()

    # 2. –ì–µ–Ω–µ—Ä–∞—Ü–∏—è –¥–∞–Ω–Ω—ã—Ö —Å —Ñ–∏–∫—Å–∏—Ä–æ–≤–∞–Ω–Ω—ã–º –ø–æ—Ä—è–¥–∫–æ–º –ø—Ä–∏–∑–Ω–∞–∫–æ–≤
    num_samples = 2000
    normal_samples = int(num_samples * 0.7)

    # –°–Ω–∞—á–∞–ª–∞ —Å–æ–∑–¥–∞–µ–º DataFrame —Å —è–≤–Ω—ã–º –ø–æ—Ä—è–¥–∫–æ–º —Å—Ç–æ–ª–±—Ü–æ–≤
    columns_order = ['length', 'ttl', 'src_port', 'dst_port', 'src_ip', 'dst_ip', 'protocol']

    # –ù–æ—Ä–º–∞–ª—å–Ω—ã–π —Ç—Ä–∞—Ñ–∏–∫
    normal_data = pd.DataFrame({
        'length': np.clip(np.random.normal(500, 100, normal_samples), 40, 1500).astype(int),
        'ttl': np.random.randint(50, 64, normal_samples),
        'src_port': np.random.randint(1024, 65535, normal_samples),
        'dst_port': np.random.choice([80, 443, 22, 53], normal_samples),
        'src_ip': [f"192.168.1.{i}" for i in range(normal_samples)],
        'dst_ip': [f"10.0.0.{i%10}" for i in range(normal_samples)],
        'protocol': ['tcp' if i%2 else 'udp' for i in range(normal_samples)]
    })[columns_order]  # –Ø–≤–Ω–æ –∑–∞–¥–∞–µ–º –ø–æ—Ä—è–¥–æ–∫ —Å—Ç–æ–ª–±—Ü–æ–≤

    # –ê–Ω–æ–º–∞–ª—å–Ω—ã–π —Ç—Ä–∞—Ñ–∏–∫
    attack_data = pd.DataFrame({
        'length': np.clip(np.random.normal(1500, 10, num_samples-normal_samples), 40, 1500).astype(int),
        'ttl': np.random.randint(32, 40, num_samples-normal_samples),
        'src_port': np.random.randint(1024, 65535, num_samples-normal_samples),
        'dst_port': np.random.randint(1, 1024, num_samples-normal_samples),
        'src_ip': [f"172.16.1.{i}" for i in range(num_samples-normal_samples)],
        'dst_ip': ["10.0.0.1"] * (num_samples-normal_samples),
        'protocol': ['tcp'] * (num_samples-normal_samples)
    })[columns_order]  # –¢–æ—Ç –∂–µ –ø–æ—Ä—è–¥–æ–∫ —Å—Ç–æ–ª–±—Ü–æ–≤

    # –û–±—ä–µ–¥–∏–Ω–µ–Ω–∏–µ –¥–∞–Ω–Ω—ã—Ö
    df = pd.concat([normal_data, attack_data], ignore_index=True)
    labels = np.array([1]*normal_samples + [-1]*(num_samples-normal_samples))

    # 3. –ü—Ä–µ–¥–æ–±—Ä–∞–±–æ—Ç–∫–∞
    processed_df = analyzer.preprocess(df)

    # 4. –ü—Ä–æ–≤–µ—Ä–∫–∞ –ø–æ—Ä—è–¥–∫–∞ –ø—Ä–∏–∑–Ω–∞–∫–æ–≤ –ø–æ—Å–ª–µ –ø—Ä–µ–¥–æ–±—Ä–∞–±–æ—Ç–∫–∏
    print("–ü–æ—Ä—è–¥–æ–∫ –ø—Ä–∏–∑–Ω–∞–∫–æ–≤ –ø–æ—Å–ª–µ –ø—Ä–µ–¥–æ–±—Ä–∞–±–æ—Ç–∫–∏:", processed_df.columns.tolist())

    # 5. –†–∞–∑–¥–µ–ª–µ–Ω–∏–µ –Ω–∞ train/test
    train_size = int(0.7 * len(processed_df))
    X_train = processed_df.iloc[:train_size]
    X_test = processed_df.iloc[train_size:]
    y_train = labels[:train_size]
    y_test = labels[train_size:]

    # 6. –û–±—É—á–µ–Ω–∏–µ –º–æ–¥–µ–ª–∏
    analyzer.train(X_train)

    # 7. –ü—Ä–æ–≤–µ—Ä–∫–∞ feature_names_in_ –≤ –º–æ–¥–µ–ª–∏
    if hasattr(analyzer.model, 'feature_names_in_'):
        print("–ü—Ä–∏–∑–Ω–∞–∫–∏ –º–æ–¥–µ–ª–∏:", analyzer.model.feature_names_in_)

    # 8. –ü—Ä–µ–¥—Å–∫–∞–∑–∞–Ω–∏–µ —Å —è–≤–Ω—ã–º –∫–æ–Ω—Ç—Ä–æ–ª–µ–º –ø–æ—Ä—è–¥–∫–∞ –ø—Ä–∏–∑–Ω–∞–∫–æ–≤
    try:
        preds = analyzer.model.predict(X_test[analyzer.model.feature_names_in_])
        print("\n=== –û—Ç—á–µ—Ç –æ —Ç–æ—á–Ω–æ—Å—Ç–∏ –º–æ–¥–µ–ª–∏ ===")
        print(classification_report(y_test, preds,
                                 target_names=['–ê–Ω–æ–º–∞–ª–∏—è', '–ù–æ—Ä–º–∞–ª—å–Ω—ã–π']))
    except Exception as e:
        print("\n=== –û—à–∏–±–∫–∞ –ø—Ä–µ–¥—Å–∫–∞–∑–∞–Ω–∏—è ===")
        print(str(e))
        print("\n–°—Ä–∞–≤–Ω–µ–Ω–∏–µ –ø—Ä–∏–∑–Ω–∞–∫–æ–≤:")
        print("–û–∂–∏–¥–∞–ª–æ—Å—å:", analyzer.model.feature_names_in_)
        print("–§–∞–∫—Ç–∏—á–µ—Å–∫–∏:", X_test.columns.tolist())

if __name__ == "__main__":
    test_accuracy()

Writing accuracy_test.py


In [8]:
%%writefile integration_test.py
import os
from security_system import SecuritySystem

def run_integration_test():
    print("=== –ó–∞–ø—É—Å–∫ –∏–Ω—Ç–µ–≥—Ä–∞—Ü–∏–æ–Ω–Ω–æ–≥–æ —Ç–µ—Å—Ç–∞ —Å–∏—Å—Ç–µ–º—ã –±–µ–∑–æ–ø–∞—Å–Ω–æ—Å—Ç–∏ ===")

    # 1. –ò–Ω–∏—Ü–∏–∞–ª–∏–∑–∞—Ü–∏—è —Å–∏—Å—Ç–µ–º—ã
    system = SecuritySystem()
    print("[‚úì] –°–∏—Å—Ç–µ–º–∞ –∏–Ω–∏—Ü–∏–∞–ª–∏–∑–∏—Ä–æ–≤–∞–Ω–∞")

    # 2. –ó–∞–≥—Ä—É–∑–∫–∞ —Ç–µ—Å—Ç–æ–≤—ã—Ö –¥–∞–Ω–Ω—ã—Ö
    test_files = ["normal_traffic.pcap", "ddos_attack.pcap"]
    missing_files = [f for f in test_files if not os.path.exists(f)]

    if missing_files:
        print(f"[√ó] –û—Ç—Å—É—Ç—Å—Ç–≤—É—é—Ç —Ç–µ—Å—Ç–æ–≤—ã–µ —Ñ–∞–π–ª—ã: {missing_files}")
        print("–°–Ω–∞—á–∞–ª–∞ –∑–∞–ø—É—Å—Ç–∏—Ç–µ generate_test_traffic.py")
        return

    try:
        packets = system.load_dataset(test_files)
        print("[‚úì] –¢–µ—Å—Ç–æ–≤—ã–µ –¥–∞–Ω–Ω—ã–µ —É—Å–ø–µ—à–Ω–æ –∑–∞–≥—Ä—É–∂–µ–Ω—ã")
    except Exception as e:
        print(f"[√ó] –û—à–∏–±–∫–∞ –∑–∞–≥—Ä—É–∑–∫–∏ –¥–∞–Ω–Ω—ã—Ö: {str(e)}")
        return

    # 3. –¢–µ—Å—Ç–∏—Ä–æ–≤–∞–Ω–∏–µ –æ–±–Ω–∞—Ä—É–∂–µ–Ω–∏—è –∞—Ç–∞–∫
    print("\n–¢–µ—Å—Ç–∏—Ä–æ–≤–∞–Ω–∏–µ –æ–±–Ω–∞—Ä—É–∂–µ–Ω–∏—è –∞—Ç–∞–∫...")
    system.simulate_attacks(packets)

    # 4. –ü—Ä–æ–≤–µ—Ä–∫–∞ —Å—Ç–∞—Ç–∏—Å—Ç–∏–∫–∏
    print("\n=== –°—Ç–∞—Ç–∏—Å—Ç–∏–∫–∞ –æ–±–Ω–∞—Ä—É–∂–µ–Ω–∏—è ===")
    for attack_type, count in system.analyzer.attack_stats.items():
        print(f"{attack_type}: {count} –ø–∞–∫–µ—Ç–æ–≤")

    print("\n=== –ò–Ω—Ç–µ–≥—Ä–∞—Ü–∏–æ–Ω–Ω—ã–π —Ç–µ—Å—Ç –∑–∞–≤–µ—Ä—à–µ–Ω ===")

if __name__ == "__main__":
    run_integration_test()

Writing integration_test.py


In [24]:
!python generate_test_traffic.py

–°–≥–µ–Ω–µ—Ä–∏—Ä–æ–≤–∞–Ω–æ 10000 –Ω–æ—Ä–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤ –≤ normal_traffic.pcap
–°–≥–µ–Ω–µ—Ä–∏—Ä–æ–≤–∞–Ω–æ 300 DDoS –ø–∞–∫–µ—Ç–æ–≤ –≤ ddos_attack.pcap


In [10]:
!python test_model.py

Output()

=== –¢–µ—Å—Ç –Ω–æ—Ä–º–∞–ª—å–Ω–æ–≥–æ —Ç—Ä–∞—Ñ–∏–∫–∞ ===
–û–±—Ä–∞–±–æ—Ç–∫–∞ —Ñ–∞–π–ª–∞: normal_traffic.pcap
–ò–∑–≤–ª–µ—á–µ–Ω–æ –ø–∞–∫–µ—Ç–æ–≤: 1000
–û–±–Ω–∞—Ä—É–∂–µ–Ω–æ 888 –∞–Ω–æ–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤ (Unknown)
üö® –û–±–Ω–∞—Ä—É–∂–µ–Ω–∞ –ø–æ—Ç–µ–Ω—Ü–∏–∞–ª—å–Ω–∞—è –∞—Ç–∞–∫–∞!
–¢–∏–ø –∞—Ç–∞–∫–∏: Unknown
–†–µ–∫–æ–º–µ–Ω–¥—É–µ–º—ã–µ –¥–µ–π—Å—Ç–≤–∏—è:
Dropdown(description='–î–µ–π—Å—Ç–≤–∏–µ:', options=('4. –û—Ç–ø—Ä–∞–≤–∏—Ç—å —É–≤–µ–¥–æ–º–ª–µ–Ω–∏–µ –∞–¥–º–∏–Ω–∏—Å—Ç—Ä–∞—Ç–æ—Ä—É',), value='4. –û—Ç–ø—Ä–∞–≤–∏—Ç—å —É–≤–µ–¥–æ–º–ª–µ–Ω–∏–µ –∞–¥–º–∏–Ω–∏—Å—Ç—Ä–∞—Ç–æ—Ä—É')
Button(description='–í—ã–ø–æ–ª–Ω–∏—Ç—å', style=ButtonStyle())

=== –¢–µ—Å—Ç DDoS –∞—Ç–∞–∫–∏ ===
–û–±—Ä–∞–±–æ—Ç–∫–∞ —Ñ–∞–π–ª–∞: ddos_attack.pcap
–ò–∑–≤–ª–µ—á–µ–Ω–æ –ø–∞–∫–µ—Ç–æ–≤: 300
–û–±–Ω–∞—Ä—É–∂–µ–Ω–æ 22 –∞–Ω–æ–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤ (Unknown)
üö® –û–±–Ω–∞—Ä—É–∂–µ–Ω–∞ –ø–æ—Ç–µ–Ω—Ü–∏–∞–ª—å–Ω–∞—è –∞—Ç–∞–∫–∞!
–¢–∏–ø –∞—Ç–∞–∫–∏: Unknown
–†–µ–∫–æ–º–µ–Ω–¥—É–µ–º—ã–µ –¥–µ–π—Å—Ç–≤–∏—è:
Dropdown(description='–î–µ–π—Å—Ç–

In [11]:
!python perfomance_test.py


=== –†–µ–∑—É–ª—å—Ç–∞—Ç—ã —Ç–µ—Å—Ç–∏—Ä–æ–≤–∞–Ω–∏—è –ø—Ä–æ–∏–∑–≤–æ–¥–∏—Ç–µ–ª—å–Ω–æ—Å—Ç–∏ ===
–í—Ä–µ–º—è –ø—Ä–µ–¥–æ–±—Ä–∞–±–æ—Ç–∫–∏ (1000 –∑–∞–ø–∏—Å–µ–π): 0.0098 —Å–µ–∫
–í—Ä–µ–º—è –æ–±—É—á–µ–Ω–∏—è –º–æ–¥–µ–ª–∏: 0.1943 —Å–µ–∫
–í—Ä–µ–º—è –ø—Ä–µ–¥—Å–∫–∞–∑–∞–Ω–∏—è (100 –∑–∞–ø–∏—Å–µ–π): 0.0129 —Å–µ–∫
–û–±–Ω–∞—Ä—É–∂–µ–Ω–æ –∞–Ω–æ–º–∞–ª–∏–π: 63


In [13]:
!python integration_test.py

=== –ó–∞–ø—É—Å–∫ –∏–Ω—Ç–µ–≥—Ä–∞—Ü–∏–æ–Ω–Ω–æ–≥–æ —Ç–µ—Å—Ç–∞ —Å–∏—Å—Ç–µ–º—ã –±–µ–∑–æ–ø–∞—Å–Ω–æ—Å—Ç–∏ ===
Output()
[‚úì] –°–∏—Å—Ç–µ–º–∞ –∏–Ω–∏—Ü–∏–∞–ª–∏–∑–∏—Ä–æ–≤–∞–Ω–∞
–û–±—Ä–∞–±–æ—Ç–∫–∞ —Ñ–∞–π–ª–∞: normal_traffic.pcap
–ò–∑–≤–ª–µ—á–µ–Ω–æ –ø–∞–∫–µ—Ç–æ–≤: 1000
–û–±—Ä–∞–±–æ—Ç–∫–∞ —Ñ–∞–π–ª–∞: ddos_attack.pcap
–ò–∑–≤–ª–µ—á–µ–Ω–æ –ø–∞–∫–µ—Ç–æ–≤: 300
[‚úì] –¢–µ—Å—Ç–æ–≤—ã–µ –¥–∞–Ω–Ω—ã–µ —É—Å–ø–µ—à–Ω–æ –∑–∞–≥—Ä—É–∂–µ–Ω—ã

–¢–µ—Å—Ç–∏—Ä–æ–≤–∞–Ω–∏–µ –æ–±–Ω–∞—Ä—É–∂–µ–Ω–∏—è –∞—Ç–∞–∫...
–û–±–Ω–∞—Ä—É–∂–µ–Ω–æ 792 –∞–Ω–æ–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤ (Unknown)
üö® –û–±–Ω–∞—Ä—É–∂–µ–Ω–∞ –ø–æ—Ç–µ–Ω—Ü–∏–∞–ª—å–Ω–∞—è –∞—Ç–∞–∫–∞!
–¢–∏–ø –∞—Ç–∞–∫–∏: Unknown
–†–µ–∫–æ–º–µ–Ω–¥—É–µ–º—ã–µ –¥–µ–π—Å—Ç–≤–∏—è:
Dropdown(description='–î–µ–π—Å—Ç–≤–∏–µ:', options=('4. –û—Ç–ø—Ä–∞–≤–∏—Ç—å —É–≤–µ–¥–æ–º–ª–µ–Ω–∏–µ –∞–¥–º–∏–Ω–∏—Å—Ç—Ä–∞—Ç–æ—Ä—É',), value='4. –û—Ç–ø—Ä–∞–≤–∏—Ç—å —É–≤–µ–¥–æ–º–ª–µ–Ω–∏–µ –∞–¥–º–∏–Ω–∏—Å—Ç—Ä–∞—Ç–æ—Ä—É')
Button(description='–í—ã–ø–æ–ª–Ω–∏—Ç—å', style=ButtonStyle())
–ù–∞–≥—Ä—É–∑–∫–∞ –Ω–∞ —Å–∏—Å—Ç–µ–º—É: CPU=

In [14]:
!python security_system.py

üîÑ –ó–∞–ø—É—Å–∫ —Å–∏—Å—Ç–µ–º—ã –±–µ–∑–æ–ø–∞—Å–Ω–æ—Å—Ç–∏...
‚¨áÔ∏è –ó–∞–≥—Ä—É–∑–∫–∞ ZIP-–∞—Ä—Ö–∏–≤–∞...
üì¶ –†–∞—Å–ø–∞–∫–æ–≤–∫–∞ –∞—Ä—Ö–∏–≤–∞...
–ù–∞–π–¥–µ–Ω–æ 1 PCAP-—Ñ–∞–π–ª–æ–≤
Output()
–û–±—Ä–∞–±–æ—Ç–∫–∞ —Ñ–∞–π–ª–∞: right.pcap
–ò–∑–≤–ª–µ—á–µ–Ω–æ –ø–∞–∫–µ—Ç–æ–≤: 22902
üîç –ê–Ω–∞–ª–∏–∑ —Ç—Ä–∞—Ñ–∏–∫–∞...
–û–±–Ω–∞—Ä—É–∂–µ–Ω–æ 927 –∞–Ω–æ–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤ (Port Scan)
üö® –û–±–Ω–∞—Ä—É–∂–µ–Ω–∞ –ø–æ—Ç–µ–Ω—Ü–∏–∞–ª—å–Ω–∞—è –∞—Ç–∞–∫–∞!
–¢–∏–ø –∞—Ç–∞–∫–∏: Port Scan
–†–µ–∫–æ–º–µ–Ω–¥—É–µ–º—ã–µ –¥–µ–π—Å—Ç–≤–∏—è:
Dropdown(description='–î–µ–π—Å—Ç–≤–∏–µ:', options=('1. –ó–∞–∫—Ä—ã—Ç—å –Ω–µ–∏—Å–ø–æ–ª—å–∑—É–µ–º—ã–µ –ø–æ—Ä—Ç—ã', '2. –í–∫–ª—é—á–∏—Ç—å stealth mode', '3. –î–æ–±–∞–≤–∏—Ç—å IP –≤ blacklist', '4. –û—Ç–ø—Ä–∞–≤–∏—Ç—å —É–≤–µ–¥–æ–º–ª–µ–Ω–∏–µ –∞–¥–º–∏–Ω–∏—Å—Ç—Ä–∞—Ç–æ—Ä—É'), value='1. –ó–∞–∫—Ä—ã—Ç—å –Ω–µ–∏—Å–ø–æ–ª—å–∑—É–µ–º—ã–µ –ø–æ—Ä—Ç—ã')
Button(description='–í—ã–ø–æ–ª–Ω–∏—Ç—å', style=ButtonStyle())
–ù–∞–≥—Ä—É–∑–∫–∞ –Ω–∞ —Å–∏—Å—Ç–µ–º—É: CPU=76%, MEM=84%
‚öñÔ∏è –ù–∞–≥—Ä—É–∑–∫–∞ –Ω–∞ 

In [27]:
%%writefile generate_test_traffic1.py
import random
import socket
import time
from scapy.all import *
from scapy.layers.inet import IP, TCP, UDP, ICMP

def generate_normal_traffic(output_file="normal_traffic.pcap", packet_count=1000):
    """–ì–µ–Ω–µ—Ä–∞—Ü–∏—è –Ω–æ—Ä–º–∞–ª—å–Ω–æ–≥–æ —Ç—Ä–∞—Ñ–∏–∫–∞"""
    packets = []
    for i in range(packet_count):
        # –ì–µ–Ω–µ—Ä–∞—Ü–∏—è —Å–ª—É—á–∞–π–Ω—ã—Ö IP-–∞–¥—Ä–µ—Å–æ–≤ –≤ –ø—Ä–∏–≤–∞—Ç–Ω–æ–º –¥–∏–∞–ø–∞–∑–æ–Ω–µ
        src_ip = f"192.168.{random.randint(0, 255)}.{random.randint(1, 254)}"
        dst_ip = f"10.0.{random.randint(0, 255)}.{random.randint(1, 254)}"

        # –°–ª—É—á–∞–π–Ω—ã–π –≤—ã–±–æ—Ä –ø—Ä–æ—Ç–æ–∫–æ–ª–∞
        if random.choice([True, False]):
            pkt = IP(src=src_ip, dst=dst_ip)/TCP(sport=random.randint(1024, 65535),
                                              dport=random.choice([80, 443, 22, 21]))
        else:
            pkt = IP(src=src_ip, dst=dst_ip)/UDP(sport=random.randint(1024, 65535),
                                              dport=random.choice([53, 67, 68]))

        packets.append(pkt)

    wrpcap(output_file, packets)
    print(f"–°–≥–µ–Ω–µ—Ä–∏—Ä–æ–≤–∞–Ω–æ {packet_count} –Ω–æ—Ä–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤ –≤ {output_file}")

def generate_ddos_attack(output_file="ddos_attack.pcap", packet_count=5000):
    """–ì–µ–Ω–µ—Ä–∞—Ü–∏—è DDoS –∞—Ç–∞–∫–∏"""
    packets = []
    target_ip = "10.0.0.1"  # –¶–µ–ª—å –∞—Ç–∞–∫–∏

    for i in range(packet_count):
        src_ip = f"{random.randint(1, 255)}.{random.randint(1, 255)}.{random.randint(1, 255)}.{random.randint(1, 255)}"
        pkt = IP(src=src_ip, dst=target_ip)/TCP(dport=80, flags="S")
        packets.append(pkt)

    wrpcap(output_file, packets)
    print(f"–°–≥–µ–Ω–µ—Ä–∏—Ä–æ–≤–∞–Ω–æ {packet_count} DDoS –ø–∞–∫–µ—Ç–æ–≤ –≤ {output_file}")

def generate_port_scan(output_file="port_scan.pcap", target_ip="10.0.0.1"):
    """–ì–µ–Ω–µ—Ä–∞—Ü–∏—è Port Scan –∞—Ç–∞–∫–∏"""
    packets = []
    src_ip = f"192.168.{random.randint(0, 255)}.{random.randint(1, 254)}"

    for port in range(1, 100):  # –°–∫–∞–Ω–∏—Ä—É–µ–º –ø–µ—Ä–≤—ã–µ 100 –ø–æ—Ä—Ç–æ–≤
        pkt = IP(src=src_ip, dst=target_ip)/TCP(dport=port, flags="S")
        packets.append(pkt)

    wrpcap(output_file, packets)
    print(f"–°–≥–µ–Ω–µ—Ä–∏—Ä–æ–≤–∞–Ω–æ Port Scan –ø–∞–∫–µ—Ç–æ–≤ –≤ {output_file}")

Writing generate_test_traffic1.py


In [28]:
!python generate_test_traffic1.py

In [29]:
import numpy as np
import pandas as pd
from sklearn.ensemble import IsolationForest
from sklearn.preprocessing import RobustScaler, LabelEncoder
from collections import defaultdict, Counter
from typing import List, Dict, Any, Optional
import logging
import dpkt  # –ë–∏–±–ª–∏–æ—Ç–µ–∫–∞ –¥–ª—è —Ä–∞–±–æ—Ç—ã —Å PCAP-—Ñ–∞–π–ª–∞–º–∏
import socket

# –ù–∞—Å—Ç—Ä–æ–π–∫–∞ –ª–æ–≥–∏—Ä–æ–≤–∞–Ω–∏—è
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)

class TrafficAnalyzer:
    def __init__(self):
        """–ò–Ω–∏—Ü–∏–∞–ª–∏–∑–∞—Ü–∏—è —Å –æ–ø—Ç–∏–º–∏–∑–∏—Ä–æ–≤–∞–Ω–Ω—ã–º–∏ –ø–∞—Ä–∞–º–µ—Ç—Ä–∞–º–∏ –º–æ–¥–µ–ª–∏"""
        self.model = IsolationForest(
            n_estimators=200,
            max_samples=256,
            contamination=0.01,
            random_state=42,
            verbose=1
        )
        self.encoders = {}
        self.scaler = RobustScaler()
        self.feature_order = [
            'length', 'ttl', 'src_port', 'dst_port',
            'src_ip', 'dst_ip', 'protocol'
        ]
        self.threshold = -0.2  # –ù–∞—á–∞–ª—å–Ω–æ–µ –∑–Ω–∞—á–µ–Ω–∏–µ –ø–æ—Ä–æ–≥–∞
        self.attack_stats = defaultdict(int)

    def preprocess(self, df: pd.DataFrame) -> pd.DataFrame:
        """–£–ª—É—á—à–µ–Ω–Ω–∞—è –ø—Ä–µ–¥–æ–±—Ä–∞–±–æ—Ç–∫–∞ —Å –æ–±—Ä–∞–±–æ—Ç–∫–æ–π –≤—ã–±—Ä–æ—Å–æ–≤"""
        # –ó–∞–ø–æ–ª–Ω–µ–Ω–∏–µ –ø—Ä–æ–ø—É—Å–∫–æ–≤
        for col in ['src_port', 'dst_port', 'ttl']:
            if col in df.columns:
                df[col] = df[col].fillna(0).astype(int)

        # –û–±—Ä–∞–±–æ—Ç–∫–∞ –≤—ã–±—Ä–æ—Å–æ–≤
        if 'length' in df.columns:
            df['length'] = np.clip(df['length'], 40, 1500)

        # –ö–æ–¥–∏—Ä–æ–≤–∞–Ω–∏–µ –∫–∞—Ç–µ–≥–æ—Ä–∏–∞–ª—å–Ω—ã—Ö –ø—Ä–∏–∑–Ω–∞–∫–æ–≤
        for col in ['src_ip', 'dst_ip', 'protocol']:
            if col in df.columns:
                if col not in self.encoders:
                    self.encoders[col] = LabelEncoder()
                    df[col] = self.encoders[col].fit_transform(df[col].astype(str))

        # –ù–æ—Ä–º–∞–ª–∏–∑–∞—Ü–∏—è —á–∏—Å–ª–æ–≤—ã—Ö –ø—Ä–∏–∑–Ω–∞–∫–æ–≤
        numeric_cols = ['length', 'ttl', 'src_port', 'dst_port']
        numeric_cols = [col for col in numeric_cols if col in df.columns]

        if numeric_cols:
            df[numeric_cols] = self.scaler.fit_transform(df[numeric_cols])

        return df[[col for col in self.feature_order if col in df.columns]]

    def calibrate_model(self, normal_packets: List[Dict[str, Any]]):
        """–ö–∞–ª–∏–±—Ä–æ–≤–∫–∞ –º–æ–¥–µ–ª–∏ –Ω–∞ —á–∏—Å—Ç–æ–º —Ç—Ä–∞—Ñ–∏–∫–µ"""
        logger.info("–ù–∞—á–∞–ª–æ –∫–∞–ª–∏–±—Ä–æ–≤–∫–∏ –º–æ–¥–µ–ª–∏...")
        df = pd.DataFrame(normal_packets)
        processed_df = self.preprocess(df)

        # –ê–≤—Ç–æ–º–∞—Ç–∏—á–µ—Å–∫–∞—è –Ω–∞—Å—Ç—Ä–æ–π–∫–∞ –ø–∞—Ä–∞–º–µ—Ç—Ä–æ–≤
        self.model.fit(processed_df)
        scores = self.model.decision_function(processed_df)

        # –ê–≤—Ç–æ–º–∞—Ç–∏—á–µ—Å–∫–∏–π –ø–æ–¥–±–æ—Ä –ø–æ—Ä–æ–≥–∞ (5% –∫–≤–∞–Ω—Ç–∏–ª—å)
        self.threshold = np.percentile(scores, 5)
        logger.info(f"–£—Å—Ç–∞–Ω–æ–≤–ª–µ–Ω –ø–æ—Ä–æ–≥ –∞–Ω–æ–º–∞–ª—å–Ω–æ—Å—Ç–∏: {self.threshold:.2f}")

    def train(self, normal_traffic: pd.DataFrame):
        """–û–±—É—á–µ–Ω–∏–µ –º–æ–¥–µ–ª–∏ —Å –∫–æ–Ω—Ç—Ä–æ–ª–µ–º –∫–∞—á–µ—Å—Ç–≤–∞"""
        logger.info("–û–±—É—á–µ–Ω–∏–µ –º–æ–¥–µ–ª–∏...")
        train_data = normal_traffic[self.feature_order]
        self.model.fit(train_data)
        logger.info("–û–±—É—á–µ–Ω–∏–µ –∑–∞–≤–µ—Ä—à–µ–Ω–æ")

    def detect_attack_type(self, packets: List[Dict[str, Any]]) -> str:
        """–¢–æ—á–Ω–æ–µ –æ–ø—Ä–µ–¥–µ–ª–µ–Ω–∏–µ —Ç–∏–ø–∞ –∞—Ç–∞–∫–∏"""
        if not packets:
            return "Normal"

        # –ê–Ω–∞–ª–∏–∑ —Ä–∞—Å–ø—Ä–µ–¥–µ–ª–µ–Ω–∏—è –ø–∞–∫–µ—Ç–æ–≤
        src_ips = Counter(p['src_ip'] for p in packets)
        ports = Counter(p.get('dst_port', 0) for p in packets)

        if len(packets) > 500:
            if len(src_ips) > 50 and max(src_ips.values()) < 20:
                return "DDoS"
            return "Flood Attack"

        if len(ports) > 20:
            return "Port Scan"

        if any(p.get('length', 0) > 1400 for p in packets):
            return "Oversized Packets"

        if len(src_ips) == 1:
            return "Targeted Attack"

        return "Suspicious Activity"

    def detect_anomalies(self, packets: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
        """–£–ª—É—á—à–µ–Ω–Ω–æ–µ –æ–±–Ω–∞—Ä—É–∂–µ–Ω–∏–µ –∞–Ω–æ–º–∞–ª–∏–π"""
        if not packets:
            return []

        features = []
        valid_packets = []

        for pkt in packets:
            feat = self._extract_features(pkt)
            if feat and all(v is not None for v in feat):
                features.append(feat)
                valid_packets.append(pkt)

        if not features:
            return []

        try:
            feature_df = pd.DataFrame(features, columns=self.feature_order)
            scores = self.model.decision_function(feature_df)

            # –§–∏–ª—å—Ç—Ä–∞—Ü–∏—è –ø–æ –ø–æ—Ä–æ–≥—É
            anomalies = [pkt for pkt, score in zip(valid_packets, scores) if score < self.threshold]
            logger.info(f"–û–±–Ω–∞—Ä—É–∂–µ–Ω–æ {len(anomalies)} –∞–Ω–æ–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤")
            return anomalies
        except Exception as e:
            logger.error(f"–û—à–∏–±–∫–∞ –ø—Ä–µ–¥—Å–∫–∞–∑–∞–Ω–∏—è: {str(e)}")
            return []

    def _extract_features(self, pkt: Dict[str, Any]) -> Optional[List[float]]:
        """–ò–∑–≤–ª–µ—á–µ–Ω–∏–µ –ø—Ä–∏–∑–Ω–∞–∫–æ–≤ —Å –æ–±—Ä–∞–±–æ—Ç–∫–æ–π –æ—à–∏–±–æ–∫"""
        try:
            features = []
            for col in self.feature_order:
                if col in ['length', 'ttl', 'src_port', 'dst_port']:
                    features.append(pkt.get(col, 0))
                elif col in self.encoders:
                    val = str(pkt.get(col, '0'))
                    if val in self.encoders[col].classes_:
                        features.append(self.encoders[col].transform([val])[0])
                    else:
                        features.append(0)
                else:
                    features.append(0)
            return features
        except Exception as e:
            logger.error(f"–û—à–∏–±–∫–∞ –∏–∑–≤–ª–µ—á–µ–Ω–∏—è –ø—Ä–∏–∑–Ω–∞–∫–æ–≤: {str(e)}")
            return None

class SecuritySystem:
    def __init__(self):
        self.analyzer = TrafficAnalyzer()
        logger.info("–°–∏—Å—Ç–µ–º–∞ –±–µ–∑–æ–ø–∞—Å–Ω–æ—Å—Ç–∏ –∏–Ω–∏—Ü–∏–∞–ª–∏–∑–∏—Ä–æ–≤–∞–Ω–∞")

    @staticmethod
    def parse_pcap(file_path: str) -> List[Dict[str, Any]]:
        """–ü–∞—Ä—Å–∏–Ω–≥ PCAP-—Ñ–∞–π–ª–∞ —Å –æ–±—Ä–∞–±–æ—Ç–∫–æ–π TCP/UDP/ICMP –ø–∞–∫–µ—Ç–æ–≤"""
        packets = []

        try:
            with open(file_path, 'rb') as f:
                pcap = dpkt.pcap.Reader(f)

                for ts, buf in pcap:
                    packet = {
                        'timestamp': ts,
                        'length': len(buf)
                    }

                    try:
                        eth = dpkt.ethernet.Ethernet(buf)
                        if not isinstance(eth.data, (dpkt.ip.IP, dpkt.ip6.IP6)):
                            continue

                        ip = eth.data
                        packet.update({
                            'src_ip': socket.inet_ntoa(ip.src) if hasattr(ip, 'src') else '0.0.0.0',
                            'dst_ip': socket.inet_ntoa(ip.dst) if hasattr(ip, 'dst') else '0.0.0.0',
                            'ttl': ip.ttl if hasattr(ip, 'ttl') else 0,
                            'protocol': ip.p if hasattr(ip, 'p') else 0
                        })

                        # –û–±—Ä–∞–±–æ—Ç–∫–∞ TCP
                        if isinstance(ip.data, dpkt.tcp.TCP):
                            tcp = ip.data
                            packet.update({
                                'src_port': tcp.sport,
                                'dst_port': tcp.dport
                            })
                        # –û–±—Ä–∞–±–æ—Ç–∫–∞ UDP
                        elif isinstance(ip.data, dpkt.udp.UDP):
                            udp = ip.data
                            packet.update({
                                'src_port': udp.sport,
                                'dst_port': udp.dport
                            })
                        # –û–±—Ä–∞–±–æ—Ç–∫–∞ ICMP
                        elif isinstance(ip.data, dpkt.icmp.ICMP):
                            packet.update({
                                'src_port': 0,
                                'dst_port': 0
                            })

                        packets.append(packet)
                    except Exception as e:
                        logger.warning(f"–û—à–∏–±–∫–∞ –ø–∞—Ä—Å–∏–Ω–≥–∞ –ø–∞–∫–µ—Ç–∞: {str(e)}")
                        continue

        except FileNotFoundError:
            logger.error(f"–§–∞–π–ª –Ω–µ –Ω–∞–π–¥–µ–Ω: {file_path}")
        except Exception as e:
            logger.error(f"–û—à–∏–±–∫–∞ —á—Ç–µ–Ω–∏—è PCAP-—Ñ–∞–π–ª–∞: {str(e)}")

        return packets

    def load_dataset(self, pcap_files: List[str]) -> List[Dict[str, Any]]:
        """–ó–∞–≥—Ä—É–∑–∫–∞ –∏ –æ–±—Ä–∞–±–æ—Ç–∫–∞ –¥–∞–Ω–Ω—ã—Ö"""
        all_packets = []
        for file in pcap_files:
            logger.info(f"–û–±—Ä–∞–±–æ—Ç–∫–∞ —Ñ–∞–π–ª–∞: {file}")
            packets = self.parse_pcap(file)
            logger.info(f"–ò–∑–≤–ª–µ—á–µ–Ω–æ –ø–∞–∫–µ—Ç–æ–≤: {len(packets)}")

            if packets and all(key in packets[0] for key in ['length', 'src_ip']):
                all_packets.extend(packets)
            else:
                logger.warning(f"–§–∞–π–ª {file} —Å–æ–¥–µ—Ä–∂–∏—Ç –Ω–µ–ø–æ–ª–Ω—ã–µ –¥–∞–Ω–Ω—ã–µ")

        if not all_packets:
            raise ValueError("–ù–µ —É–¥–∞–ª–æ—Å—å –∑–∞–≥—Ä—É–∑–∏—Ç—å –¥–∞–Ω–Ω—ã–µ")

        df = pd.DataFrame(all_packets)
        processed_df = self.analyzer.preprocess(df)

        # –ö–∞–ª–∏–±—Ä–æ–≤–∫–∞ –Ω–∞ –ø–µ—Ä–≤—ã—Ö 70% –¥–∞–Ω–Ω—ã—Ö
        train_size = int(0.7 * len(processed_df))
        self.analyzer.calibrate_model(processed_df.iloc[:train_size])
        self.analyzer.train(processed_df.iloc[:train_size])

        return all_packets

    def analyze_traffic(self, packets: List[Dict[str, Any]]):
        """–ê–Ω–∞–ª–∏–∑ —Ç—Ä–∞—Ñ–∏–∫–∞ —Å –≤—ã–≤–æ–¥–æ–º —Ä–µ–∑—É–ª—å—Ç–∞—Ç–æ–≤"""
        anomalies = self.analyzer.detect_anomalies(packets)
        if anomalies:
            attack_type = self.analyzer.detect_attack_type(anomalies)
            self.analyzer.attack_stats[attack_type] += len(anomalies)

            logger.warning(f"–û–±–Ω–∞—Ä—É–∂–µ–Ω–∞ –∞—Ç–∞–∫–∞: {attack_type}")
            logger.warning(f"–ö–æ–ª–∏—á–µ—Å—Ç–≤–æ –ø–∞–∫–µ—Ç–æ–≤: {len(anomalies)}")
            logger.warning(f"–ò—Å—Ç–æ—á–Ω–∏–∫: {anomalies[0]['src_ip']}")

            return {
                "attack_type": attack_type,
                "count": len(anomalies),
                "samples": anomalies[:5]  # –ü–µ—Ä–≤—ã–µ 5 –∞–Ω–æ–º–∞–ª—å–Ω—ã—Ö –ø–∞–∫–µ—Ç–æ–≤
            }
        return {"status": "Normal traffic"}

def main():
    """–¢–æ—á–∫–∞ –≤—Ö–æ–¥–∞ –≤ —Å–∏—Å—Ç–µ–º—É"""
    try:
        logger.info("–ó–∞–ø—É—Å–∫ —Å–∏—Å—Ç–µ–º—ã –±–µ–∑–æ–ø–∞—Å–Ω–æ—Å—Ç–∏...")
        system = SecuritySystem()

        # –¢–µ—Å—Ç–æ–≤—ã–µ –¥–∞–Ω–Ω—ã–µ (–∑–∞–º–µ–Ω–∏—Ç–µ –Ω–∞ —Ä–µ–∞–ª—å–Ω—ã–µ —Ñ–∞–π–ª—ã)
        pcap_files = ["normal_traffic.pcap", "ddos_attack.pcap"]
        packets = system.load_dataset(pcap_files)

        # –ê–Ω–∞–ª–∏–∑ —Ç—Ä–∞—Ñ–∏–∫–∞
        result = system.analyze_traffic(packets)
        logger.info(f"–†–µ–∑—É–ª—å—Ç–∞—Ç –∞–Ω–∞–ª–∏–∑–∞: {result}")

    except Exception as e:
        logger.error(f"–ö—Ä–∏—Ç–∏—á–µ—Å–∫–∞—è –æ—à–∏–±–∫–∞: {str(e)}")
    finally:
        logger.info("–†–∞–±–æ—Ç–∞ —Å–∏—Å—Ç–µ–º—ã –∑–∞–≤–µ—Ä—à–µ–Ω–∞")

if __name__ == "__main__":
    main()

[Parallel(n_jobs=1)]: Done   1 out of   1 | elapsed:    0.4s finished
[Parallel(n_jobs=1)]: Done  49 tasks      | elapsed:    0.0s
[Parallel(n_jobs=1)]: Done 199 tasks      | elapsed:    0.1s
[Parallel(n_jobs=1)]: Done 200 out of 200 | elapsed:    0.1s finished
[Parallel(n_jobs=1)]: Done  49 tasks      | elapsed:    0.0s
[Parallel(n_jobs=1)]: Done 199 tasks      | elapsed:    0.1s
[Parallel(n_jobs=1)]: Done 200 out of 200 | elapsed:    0.1s finished
[Parallel(n_jobs=1)]: Done   1 out of   1 | elapsed:    0.6s finished
[Parallel(n_jobs=1)]: Done  49 tasks      | elapsed:    0.0s
[Parallel(n_jobs=1)]: Done 199 tasks      | elapsed:    0.2s
[Parallel(n_jobs=1)]: Done 200 out of 200 | elapsed:    0.2s finished
[Parallel(n_jobs=1)]: Done  49 tasks      | elapsed:    0.0s
[Parallel(n_jobs=1)]: Done 199 tasks      | elapsed:    0.1s
[Parallel(n_jobs=1)]: Done 200 out of 200 | elapsed:    0.1s finished
