Skip to content
/ DeepMAD Public template

Malicious Activity Detection System. Final Year Project. Deep Learning-based solution, which analyses Network Activity sequences to classify whether the certain node is Malicious or Benign. Devising a tool/software which will detect malicious Network Activity Detection using Deep Learning Model. Tools: Python, Neural Network (BERT), Google Colab…

License

GPL-2.0 license
10 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

maliksh7/DeepMAD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
__pycache__
__pycache__
 
 
build/lib/flowmeter
build/lib/flowmeter
 
 
csvs
csvs
 
 
dist
dist
 
 
flowmeter
flowmeter
 
 
hdf5
hdf5
 
 
pcapF
pcapF
 
 
prc_flowmeter.egg-info
prc_flowmeter.egg-info
 
 
prediction_data
prediction_data
 
 
preprocessed_csv
preprocessed_csv
 
 
rich
rich
 
 
.gitignore
.gitignore
 
 
800kValidation-Dos-DDos-PS-Benign.h5
800kValidation-Dos-DDos-PS-Benign.h5
 
 
800kvalidcheck.h5
800kvalidcheck.h5
 
 
CNAME
CNAME
 
 
DeepMAD1.gif
DeepMAD1.gif
 
 
FYP_thesis.pdf
FYP_thesis.pdf
 
 
LICENSE
LICENSE
 
 
MNAD-DNN.h5
MNAD-DNN.h5
 
 
MNAD-LoadingModelWeights.py
MNAD-LoadingModelWeights.py
 
 
Normalized-data.h5
Normalized-data.h5
 
 
README.md
README.md
 
 
Untitled Diagram.drawio
Untitled Diagram.drawio
 
 
__init__.py
__init__.py
 
 
__main__.py
__main__.py
 
 
_config.yml
_config.yml
 
 
celery1.py
celery1.py
 
 
check.txt
check.txt
 
 
csv_to_h5.py
csv_to_h5.py
 
 
dump_traffic_to_pcap.py
dump_traffic_to_pcap.py
 
 
mergeCSV.py
mergeCSV.py
 
 
model.py
model.py
 
 
norrm.py
norrm.py
 
 
pcap_to_csv.py
pcap_to_csv.py
 
 
requirements.txt
requirements.txt
 
 
run.py
run.py
 
 
setup.py
setup.py
 
 

Repository files navigation

WORK IN PROGRESS: We devised a initial build of tool that will capture network stream from a live network through Wireshark's Commad-line utility called Dumpcap.

Dumpcap

Find Dumpcap documentation here. Like this for example:

dumpcap -i wlp1s0 -a filesize:600 -w pcapF/data.pcap

Once we have captured a pcap file, now its time to pass it to PRC Flowmeter v0.2.0.

RUN dump_traffic_to_pcap.py

python3 dump_traffic_to_pcap.py

PRC Flowmeter v0.2.0

Flowmeter is a Scapy-based tool for deriving statistical features from PCAPs for data analysis and machine learning. The features are based on the java application CICFlowmeter

Based heavily on this flowmeter app

Usage

A Flowmeter object is created with up to three parameters:

  • offline (str) - filename of a pcap file; if none provided, streams from available ports (requires run as admin in linux-based environments.)
  • outfunc (function) - a csv rendition of the metered flows will be sent to this function as they are created. If none provided, will default to print().
  • outfile (str) - filename to store csv flow output. If none is provided, results are not stored.

Building off of scapy Sessions, Flowmeter separates packet streams into distinct network communication 'flows', which are identified simply as communications between two endpoints (ip:port) on a given protocol within a period of time. From there it begins analyzing the flow data to derive features useful for plotting, traffic pattern analysis, and machine learning.

from flowmeter import Flowmeter

feature_gen = Flowmeter(
    offline = "input.pcap",
    outfunc = None,
    outfile = "output.csv")

feature_gen.run()

Now we got a csv file that contain Bi-flows and alot of details that is not need, so we preprocess and normalize (all feature to scale in 0 to 255 range) the file, change the datatype to 'uint8', and in the end convert file to HDF5 format.

Model Selection

We have trained several Machine Learning and Deep Learning models, and saved their weights in HDF5 format, once model predict/ classify the activity, proper log file will be maintained to keep track of any malicious activity.

Acknowledgments

We used an Open Source tool for deriving statistical features from PCAP data, called PRC Flowmeter v0.2.0.

Future Work

We are still working on this project and devising a complete deployable tool to Open Source community.

About

Malicious Activity Detection System. Final Year Project. Deep Learning-based solution, which analyses Network Activity sequences to classify whether the certain node is Malicious or Benign. Devising a tool/software which will detect malicious Network Activity Detection using Deep Learning Model. Tools: Python, Neural Network (BERT), Google Colab…

Topics

security data-science machine-learning deep-learning network python-script cybersecurity neural-networks data-analysis python-3 network-analysis

Resources

Readme

License

GPL-2.0 license
Activity

Stars

10 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages