This tool has been created to generate malicious traffic culminating from a random scanning computer worm. The malcious traffic created is in netflow format (.txt). The malcious traffic that we have modelled here are as follows:
- DDoS attack;
- Vertical Scan attack;
- Random Scan attack; and
- Horizontal Scan attack.
- Python 3.7.3 or above
- Iptools 0.7.0
- pprint 0.1
- DateTime 4.3
- numpy 1.18.5
- python-dateutil 2.8.1
In main, a nested for loop creates different variations of malicious traffic culminating from a propagating computer worm. It does so by calling function Generator, which takes 5 inputs and they are as follows:
- Population Size (Pop_Size)--population size of the scanning worm;
- Suscpetible Proportion (Susc_Prop)--size of the susceptible set of computers within the population size;
- Scanning Rate (Scan_Rate)--scanning rate of computer worm;
- Number of Initial Infected Hosts (Ninf)--number of the initial set of infected hosts; and
- Type of Attack (Code)--attack type from the attacks that we have modelled.
The output of the function Generator is a set of malicious traffic culminating from different variations of computer worms (by taking these values as input).
In the example folder, we have created a sample set of malicious traffic for the attacks that we have modelled--(i) DDoS (1); (ii) Horizontal Scan (2); (iii) Vertical Scan (3); and (iv) Fin Scan (4) using these values:
- Pop_Size = {1000000}
- Susc_Prop = {0.75}
- Scan_Rate = {50}
- Ninf = {1}
- Code = {1, 2, 3, 4}
To run the code, use the following command:
$ python Syn_worms_flow.py
The malicious datasets will be created in the current directory.