Merge branch...

Merge branch 'Detect_network_anomalies,_deceive_attackers_with_honeypot_and_threat_sharing_system' into 'master' Added code files to my part See merge request !1

Merge branch...
Merge branch 'Detect_network_anomalies,_deceive_attackers_with_honeypot_and_threat_sharing_system' into 'master' Added code files to my part See merge request !1
249c2dda · De Silva K.N.H · 86b0672c · f81d3162 · 249c2dda · 249c2dda
Commit 249c2dda authored Nov 03, 2023 by De Silva K.N.H
27 changed files
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/DUMP.py
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/DUMP.py
+import joblib
+import re
+import nltk
+nltk.download('stopwords')
+from nltk.corpus import stopwords
+from nltk.stem.porter import PorterStemmer
+from tkinter import messagebox
+
+# Load the dumped models
+classifier = joblib.load('naive_bayes_model.joblib')
+cv = joblib.load('count_vectorizer.joblib')
+
+# Function to Clean the texts
+def preprocess_text(text):
+    log = re.sub('[^a-zA-Z0-9]', ' ', text)
+    log = log.lower()
+    log = log.split()
+    ps = PorterStemmer()
+    log = [ps.stem(word) for word in log if not word in set(stopwords.words('english'))]
+    log = ' '.join(log)
+    return log
+
+# New log insert
+new_text = input("Enter the traffic info: ")
+preprocessed_text = preprocess_text(new_text)
+
+# Use the loaded CountVectorizer object to transform the preprocessed text into a bag of words representation
+new_text_bow = cv.transform([preprocessed_text]).toarray()
+
+# Use the loaded GaussianNB object to make predictions on the new log data
+predicted_class = classifier.predict(new_text_bow)
+
+# Display a pop-up message based on the predicted class
+if predicted_class:
+    messagebox.showinfo("Anomaly Detected", "Anomaly detected in the traffic!")
+else:
+    messagebox.showinfo("No Anomaly", "No anomaly detected in the traffic.")
+    
+# Non Malicious Packet Info
+# Adjacency Message (Syn)
+# 19717  >  6068 [ACK] Seq=1285 Ack=785 Win=3344 Len=0
+
+# Malicious Packet Info
+# 80  >  51451 [ACK] Seq=214260 Ack=712 Win=16128 Len=1460 [TCP segment of a reassembled PDU]
+# 80  >  49234 [PSH, ACK] Seq=500760 Ack=325 Win=64240 Len=1448 [TCP segment of a reassembled PDU]
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test.csv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test.csv
+"No.","Time","Source","Destination","Protocol","Length","Info"
+"1","0.000000","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [SYN] Seq=0 Win=4128 Len=0 MSS=1460"
+"2","0.000000","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [SYN, ACK] Seq=0 Ack=1 Win=4128 Len=0 MSS=1460"
+"3","0.000000","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=1 Ack=1 Win=4128 Len=0"
+"4","0.008000","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Syn)"
+"5","0.008000","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Syn)"
+"6","0.008000","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (SynAck)"
+"7","0.008000","10.1.1.1","10.1.1.2","ANCP","136","Adjacency Message (Ack)"
+"8","0.008000","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"9","0.207998","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=145 Ack=145 Win=3984 Len=0"
+"10","10.008000","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Ack)"
+"11","10.008000","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"12","10.207998","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=193 Ack=193 Win=3936 Len=0"
+"13","20.008000","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Ack)"
+"14","20.008000","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"15","20.207998","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=241 Ack=241 Win=3888 Len=0"
+"16","30.008000","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"17","30.008000","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Ack)"
+"18","30.215998","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=289 Ack=289 Win=3840 Len=0"
+"19","40.016000","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"20","40.016000","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Ack)"
+"21","40.215998","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=337 Ack=337 Win=3792 Len=0"
+"22","40.215998","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=337 Ack=337 Win=3792 Len=0"
+"23","44.107999","10.1.1.2","10.1.1.1","ANCP","120","Port-Management Message"
+"24","44.327997","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=337 Ack=417 Win=3712 Len=0"
+"25","44.936000","10.1.1.1","10.1.1.2","ANCP","124","Port-Management Message"
+"26","45.147999","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=417 Ack=421 Win=3708 Len=0"
+"27","50.028000","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"28","50.028000","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Ack)"
+"29","50.235998","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=465 Ack=469 Win=3660 Len=0"
+"30","60.028000","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Ack)"
+"31","60.028000","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"32","60.227998","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=517 Ack=513 Win=3616 Len=0"
+"33","68.255998","10.1.1.2","10.1.1.1","ANCP","120","Port-Management Message"
+"34","68.455996","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=517 Ack=593 Win=3536 Len=0"
+"35","68.864001","10.1.1.1","10.1.1.2","ANCP","96","Port-Management Message"
+"36","69.063999","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=593 Ack=573 Win=3556 Len=0"
+"37","70.024000","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Ack)"
+"38","70.043999","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"39","70.255998","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=621 Ack=641 Win=3488 Len=0"
+"40","80.024000","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Ack)"
+"41","80.043999","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"42","80.263998","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=669 Ack=689 Win=3440 Len=0"
+"43","81.355997","10.1.1.1","10.1.1.2","ANCP","132","Port-Up Message"
+"44","81.556003","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=689 Ack=761 Win=3368 Len=0"
+"45","82.463996","10.1.1.1","10.1.1.2","ANCP","132","Port-Up Message"
+"46","82.664002","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=689 Ack=853 Win=3276 Len=0"
+"47","84.716002","10.1.1.1","10.1.1.2","ANCP","116","Port-Down Message"
+"48","84.916000","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=689 Ack=929 Win=3200 Len=0"
+"49","85.684002","10.1.1.1","10.1.1.2","ANCP","116","Port-Down Message"
+"50","85.884001","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=689 Ack=1005 Win=3124 Len=0"
+"51","90.035999","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Ack)"
+"52","90.055999","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"53","90.263998","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=1053 Ack=737 Win=3392 Len=0"
+"54","90.984000","10.1.1.1","10.1.1.2","ANCP","132","Port-Up Message"
+"55","91.183998","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=737 Ack=1145 Win=2984 Len=0"
+"56","91.896001","10.1.1.1","10.1.1.2","ANCP","132","Port-Up Message"
+"57","92.095999","10.1.1.2","10.1.1.1","TCP","50","6068  >  19717 [ACK] Seq=737 Ack=1237 Win=2892 Len=0"
+"58","100.043999","10.1.1.1","10.1.1.2","ANCP","88","Adjacency Message (Ack)"
+"59","100.063999","10.1.1.2","10.1.1.1","ANCP","88","Adjacency Message (Ack)"
+"60","100.263998","10.1.1.1","10.1.1.2","TCP","50","19717  >  6068 [ACK] Seq=1285 Ack=785 Win=3344 Len=0"
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test2.csv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test2.csv
+"No.","Time","Source","Destination","Protocol","Length","Info"
+"1","0.000000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"2","0.200000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"3","0.400000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"4","0.600000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"5","0.800000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"6","1.000000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"7","1.200000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"8","1.400000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"9","1.600000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"10","1.800000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"11","2.000000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"12","2.200000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"13","2.400000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"14","2.600000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"15","2.800000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"16","3.000000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"17","3.200000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"18","3.400000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"19","3.600000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"20","3.800000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"21","4.000000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"22","4.200000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"23","4.400000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"24","4.600000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"25","4.800000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"26","5.000000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"27","5.200000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"28","5.400000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"29","5.600000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"30","5.800000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"31","6.000000","192.85.1.2","192.0.0.1","BFD Control","94","Diag: No Diagnostic, State: Down, Flags: 0x04"
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test3.csv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test3.csv
+"No.","Time","Source","Destination","Protocol","Length","Info"
+"1","0.000000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"2","0.200000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"3","0.400000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"4","0.600000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"5","0.800000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"6","1.000000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"7","1.200000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"8","1.400000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"9","1.600000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"10","1.800000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"11","2.000000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"12","2.200000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"13","2.400000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"14","2.600000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"15","2.800000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"16","3.000000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"17","3.200000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"18","3.400000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"19","3.600000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"20","3.800000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"21","4.000000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"22","4.200000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"23","4.400000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"24","4.600000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"25","4.800000","192.85.1.2","192.0.0.1","BFD Control","98","Diag: No Diagnostic, State: Down, Flags: 0x04"
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test4.csv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test4.csv
+"No.","Time","Source","Destination","Protocol","Length","Info"
+"1","0.000000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"2","0.200000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"3","0.400000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"4","0.600000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"5","0.800000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"6","1.000000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"7","1.200000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"8","1.400000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"9","1.600000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"10","1.800000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"11","2.000000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"12","2.200000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"13","2.400000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"14","2.600000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
+"15","2.800000","192.85.1.2","192.0.0.1","BFD Control","79","Diag: No Diagnostic, State: Down, Flags: 0x04"
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test5.csv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test5.csv
+"No.","Time","Source","Destination","Protocol","Length","Info"
+"1","0.000000","2.1.1.2","2.1.1.1","IPv4","1010","Fragmented IP protocol (proto=ICMP 1, off=0, ID=b5d0) [Reassembled in #2]"
+"2","0.000065","2.1.1.2","2.1.1.1","ICMP","466","Echo (ping) request  id=0x13c2, seq=1/256, ttl=64 (reply in 3)"
+"3","0.000509","2.1.1.1","2.1.1.2","ICMP","1442","Echo (ping) reply    id=0x13c2, seq=1/256, ttl=64 (request in 2)"
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test6.csv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/csv files/test6.csv
+"No.","Time","Source","Destination","Protocol","Length","Info"
+"1","0.000000","fe80::205:5:5:5","ff02::1a","ICMPv6","105","RPL Control (DODAG Information Object)"
+"2","25.410000","fe80::214:14:14:14","ff02::1a","ICMPv6","97","RPL Control (DODAG Information Object)"
+"3","198.440000","fe80::20a:a:a:a","ff02::1a","ICMPv6","113","RPL Control (DODAG Information Object)"
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/Apple_IP-over-IEEE_1394_Packet.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/Apple_IP-over-IEEE_1394_Packet.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/ancp.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/ancp.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/bfd-raw-auth-md5.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/bfd-raw-auth-md5.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/bfd-raw-auth-sha1.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/bfd-raw-auth-sha1.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/bfd-raw-auth-simple.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/bfd-raw-auth-simple.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/ipv4frags.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/ipv4frags.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/rpl-dio-mc-nsa-optional-tlv-dissector-sample.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/General/pcap files/rpl-dio-mc-nsa-optional-tlv-dissector-sample.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/csv files/test1.csv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/csv files/test1.csv
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/csv files/test2.csv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/csv files/test2.csv
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/csv files/test3.csv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/csv files/test3.csv
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/csv files/test4.csv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/csv files/test4.csv
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/pcap files/2013-12-09-Whitehole-EK-traffic.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/pcap files/2013-12-09-Whitehole-EK-traffic.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/pcap files/2013-12-19-Neutrino-EK-traffic.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/pcap files/2013-12-19-Neutrino-EK-traffic.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/pcap files/2013-12-23-Neutrino-EK-traffic.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/pcap files/2013-12-23-Neutrino-EK-traffic.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/pcap files/2013-12-27-Styx-EK-traffic.pcap
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Malicious/pcap files/2013-12-27-Styx-EK-traffic.pcap
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/NLP.py
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/NLP.py
+ # Natural Language Processing for Predict Network Anomaly
+
+# Importing the libraries
+import matplotlib.pyplot as plt
+import pandas as pd
+import seaborn as sns
+import joblib
+
+# Importing the dataset
+dataset = pd.read_csv('dataset.tsv', delimiter = '\t', quoting = 3)
+
+# Cleaning the texts
+import re
+import nltk
+nltk.download('stopwords')
+from nltk.corpus import stopwords
+from nltk.stem.porter import PorterStemmer
+corpus = []
+for i in range(0, 5550):
+    log = re.sub('[^a-zA-Z0-9]', ' ', dataset['Info'][i])
+    log = log.lower()
+    log = log.split()
+    ps = PorterStemmer()
+    log = [ps.stem(word) for word in log if not word in set(stopwords.words('english'))]
+    log = ' '.join(log)
+    corpus.append(log)
+
+# Creating the Bag of Words model
+from sklearn.feature_extraction.text import CountVectorizer
+cv = CountVectorizer(max_features = 3000)
+X = cv.fit_transform(corpus).toarray()
+y = dataset.iloc[:, 1].values
+
+# Splitting the dataset into the Training set and Test set
+from sklearn.model_selection import train_test_split
+X_train, X_test, y_train, y_test = train_test_split(X, y, test_size = 0.20, random_state = 0)
+
+# Training the Naive Bayes model on the Training set
+from sklearn.naive_bayes import GaussianNB
+classifier = GaussianNB()
+classifier.fit(X_train, y_train)
+
+# Predicting the Test set results
+y_pred = classifier.predict(X_test)
+
+# Making the Confusion Matrix
+from sklearn.metrics import confusion_matrix
+cm = confusion_matrix(y_test, y_pred)
+print("Confusion Matrix")
+print(cm)
+
+#Accuracy
+from sklearn.metrics import accuracy_score
+# y_test is the actual values, y_pred is the predicted values
+accuracy = accuracy_score(y_test, y_pred)
+print('Accuracy: %.3f' % accuracy)
+
+#Precision Score
+from sklearn.metrics import precision_score
+# y_test is the actual values, y_pred is the predicted values
+precision = precision_score(y_test, y_pred, average='binary')
+print('Precision: %.3f' % precision)
+
+#Recall Score
+from sklearn.metrics import recall_score
+# y_test is the actual values, y_pred is the predicted values
+recall = recall_score(y_test, y_pred)
+print('Recall: %.3f' % recall)
+
+#F1 Score
+from sklearn.metrics import f1_score
+# y_test is the actual values, y_pred is the predicted values
+f1 = f1_score(y_test, y_pred, average='binary')
+print('F1 Score: %.3f' % f1)
+
+print("Predicted Outcomes of the Model")
+print(y_pred)
+
+print("Actual Outcomes of the Predicted Results")
+print(y_test)
+
+# Visualizing the confusion matrix as a heatmap
+sns.heatmap(cm, annot=True, cmap='Blues')
+plt.title('Confusion Matrix')
+plt.xlabel('Predicted Label')
+plt.ylabel('True Label')
+plt.show()
+
+# Calculating the number of true positives, true negatives, false positives, and false negatives
+tn, fp, fn, tp = confusion_matrix(y_test, y_pred).ravel()
+
+# Creating a bar chart to show the comparison between the predicted and true outcomes
+fig, ax = plt.subplots()
+ax.bar(['True Negatives', 'False Positives', 'False Negatives', 'True Positives'], [tn, fp, fn, tp])
+ax.set_xlabel('Outcome')
+ax.set_ylabel('Count')
+ax.set_title('Comparison of Predicted and True Outcomes')
+plt.show()
+########################################
+# Dumping the trained model to a file
+joblib.dump(classifier, 'naive_bayes_model.joblib')
+
+# Dumping the CountVectorizer
+joblib.dump(cv, 'count_vectorizer.joblib')
\ No newline at end of file
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Sample Logs to Input.txt
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/Sample Logs to Input.txt
+# Non Malicious Packet Info
+# Adjacency Message (Syn)
+# 19717  >  6068 [ACK] Seq=1285 Ack=785 Win=3344 Len=0
+
+# Malicious Packet Info
+# 80  >  51451 [ACK] Seq=214260 Ack=712 Win=16128 Len=1460 [TCP segment of a reassembled PDU]
+# 80  >  49234 [PSH, ACK] Seq=500760 Ack=325 Win=64240 Len=1448 [TCP segment of a reassembled PDU]
\ No newline at end of file
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/count_vectorizer.joblib
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/count_vectorizer.joblib
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/dataset.tsv
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/dataset.tsv
--- a/Detect network anomalies, deceive attackers with honeypot and threat sharing system/naive_bayes_model.joblib
+++ b/Detect network anomalies, deceive attackers with honeypot and threat sharing system/naive_bayes_model.joblib