This tool has been created to generate malicious traffic culminating from a random scanning computer worm. The malcious traffic created is in netflow format (.txt and .csv). The malcious traffic that we have modelled here are--
- DDoS attack.
- Vertical Scan attack
- Random Scan attack.
- Horizontal Scan attack.
- Python 3.7.3 or above
- Iptools 0.7.0
- pprint 0.1
- DateTime 4.3
- numpy 1.18.5
- python-dateutil 2.8.1
In main, a nested for loop creates different variations of malicious traffic based culminating from a propagating computert worm. It does so by calling function Generator, which takes 5 inputs--
- Population Size (Pop_Size)--population size of the scanning worm ;
- Suscpetible Proportion (Susc_Prop)--size of the susceptible set of computers within the population size ;
- Scanning Rate (Scan_Rate)--scanning rate of computer worm ;
- Number of Initial Infected Hosts (Ninf)--number of the initial set of infected hosts. ; and
- Type of Attack (Code)--attack type from the attacks that we have modelled.
The output of the function Generator is a set of malicious traffic culminating from the different variations of computer worms by taking these values.
In the example folder, we have created a sample set of malicious traffic for the attacks that we have modelled--(i) DDoS (1) ; (ii) Horizontal Scan (2) ; (iii) Vertical Scan (3) ; and (iv) Fin Scan (4) using these values--
- Pop_Size = {1000000}
- Susc_Prop = {0.75}
- Scan_Rate = {50}
- Ninf = {1}
- Code = {1, 2, 3, 4}
To run the code--
$ python syn-worm-flow.py
The malicious datasets will be created in the current directory.