In [3]:
import pandas as pd

# Buat dummy data untuk user logs
data = {
    'ip_address': ['192.168.1.1', '192.168.1.2'],
    'url': ['/index', '/upload'],
    'request_type': ['GET', 'POST'],
    'response_code': [200, 200],
    'user_agent': ['Mozilla/5.0', 'curl/7.64.1'],
    'timestamp': ['2024-10-01 12:00:00', '2024-10-01 12:05:00'],
    'file_path': ['test_file_1.txt', 'test_file_2.txt']
}

# Simpan sebagai file CSV (atau bisa simpan di variabel)
log_df = pd.DataFrame(data)

# Simpan CSV
log_df.to_csv('user_logs.csv', index=False)


In [4]:
import re
import os
import pandas as pd

# 1. Load data log pengguna
data = pd.read_csv('user_logs.csv')

# 2. Definisikan pola untuk berbagai jenis serangan
attack_patterns = {
    'XSS': [
        r"<script.*?>.*?</script>",
        r"javascript:.*",
        r"eval\(.*?\)",
        r"document\.cookie",
        r"alert\(.*?\)",
        r"<iframe.*?>",
        r"<img.*?onerror=.*?>",
        r"on\w+=.*"
    ],
    'SQL Injection': [
        r"'.*?--",
        r"SELECT.*?FROM",
        r"INSERT INTO.*?VALUES",
        r"DROP TABLE",
        r"OR 1=1",
    ],
    'CSRF': [
        r"<input.*?type=['\"]hidden['\"].*?value=['\"].*?>",
        r"form.*?action=['\"].*?>",
    ],
    'File Inclusion': [
        r"include\(.*?\)",
        r"require\(.*?\)",
        r"file_get_contents\(.*?\)",
        r"shell_exec\(.*?\)",
        r"https?:\/\/",
    ]
}

# 3. Fungsi untuk mendeteksi jenis serangan
def detect_attack_type(file_content):
    detected_attacks = []
    for attack_type, patterns in attack_patterns.items():
        for pattern in patterns:
            if re.search(pattern, file_content, re.IGNORECASE):
                detected_attacks.append(attack_type)
                break
    return detected_attacks

# 4. Fungsi untuk membaca body file dan mengklasifikasikan jenis serangan
def check_file_body_for_attack(file_path):
    try:
        # Simulasi konten file
        content = "This is a test file with potential attack script <script>alert('XSS')</script>"
        return detect_attack_type(content)
    except Exception as e:
        print(f"Error reading file {file_path}: {e}")
        return []

# 5. Fungsi untuk menganalisa file yang diupload (nama file dan konten body file)
def analyze_uploaded_files(row):
    file_path = row['file_path']  # Asumsikan kolom ini berisi path ke file yang diupload
    
    # Cek body file apakah ada jenis serangan yang terdeteksi
    attack_types = check_file_body_for_attack(file_path)
    
    if attack_types:
        print(f"Malicious script detected in file: {file_path}. Types of attack: {', '.join(attack_types)}")
        return attack_types
    
    return []

# 6. Terapkan deteksi serangan pada setiap file yang diupload
data['detected_attacks'] = data.apply(analyze_uploaded_files, axis=1)

# 7. Filter aktivitas yang mengandung serangan
malicious_files = data[data['detected_attacks'].apply(lambda x: len(x) > 0)]
print("Total malicious files detected:", malicious_files.shape[0])

# 8. Simpan hasil deteksi serangan
malicious_files.to_csv('malicious_files_detected.csv', index=False)

# 9. Output hasil analisis
print(malicious_files.head())


Malicious script detected in file: test_file_1.txt. Types of attack: XSS
Malicious script detected in file: test_file_2.txt. Types of attack: XSS
Total malicious files detected: 2
    ip_address      url request_type  response_code   user_agent  \
0  192.168.1.1   /index          GET            200  Mozilla/5.0   
1  192.168.1.2  /upload         POST            200  curl/7.64.1   

             timestamp        file_path detected_attacks  
0  2024-10-01 12:00:00  test_file_1.txt            [XSS]  
1  2024-10-01 12:05:00  test_file_2.txt            [XSS]  


In [14]:
import matplotlib.pyplot as plt
import seaborn as sns

# 1. Memuat data hasil deteksi serangan
malicious_data = pd.read_csv('malicious_files_detected.csv')

# 2. Fungsi untuk menyimpan grafik aktivitas pengguna sebagai gambar
def plot_user_activity(malicious_data, output_file='user_activity.png'):
    plt.figure(figsize=(10, 6))
    sns.countplot(data=data, x='user_agent', order=data['user_agent'].value_counts().index)
    plt.xticks(rotation=90)
    plt.title('User Activity by User Agent')
    plt.xlabel('User Agent')
    plt.ylabel('Number of Activities')
    plt.tight_layout()
    # Menyimpan grafik ke file
    plt.savefig(output_file)
    plt.close()

# 3. Fungsi untuk menyimpan grafik distribusi serangan sebagai gambar
def plot_attack_distribution(malicious_data, output_file='attack_distribution.png'):
    data_exploded = data.explode('detected_attacks')

    plt.figure(figsize=(10, 6))
    sns.countplot(data=data_exploded, x='detected_attacks', order=data_exploded['detected_attacks'].value_counts().index)
    plt.title('Detected Attack Types')
    plt.xlabel('Attack Type')
    plt.ylabel('Count')
    plt.tight_layout()
    # Menyimpan grafik ke file
    plt.savefig(output_file)
    plt.close()

# 4. Menyimpan grafik ke file yang bisa diakses oleh CodeIgniter
plot_user_activity(data, '../assets/images/user_activity.png')
plot_attack_distribution(data, '../assets/images/attack_distribution.png')
