The goal of this software is to detect threats within captured pcap files. The software can be loaded onto a host to perform these functions on medium to small sized pcap files for analysis. An administrator can view the records of tests, recognize blacklisted IP’s that have previously been identified, and edit records, targeted IP’s, as well as modify administrator access.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
Following is a list of prerequisite libraries employed in the project:
sklearn
numpy
pyshark
prettytable
pyfiglet
To install these libraries onto your machine, we recommend using pip3. For example, the command:
pip3 install sklearn
Will install the sklearn library to your machine. No further action is required to complete installation.
A step by step series of examples that tell you how to get a copy of the project running on your machine.
Obtain a copy of all code contained here either by cloning this repository to your machine or by downloading a compressed folder containing all project files and placing it where you would like the code to run.
To clone the repository, run: git clone https://github.com/JPsquared/Autonomous-Threat-Hunting.git
To run the program, execute the following line of code in a terminal:
python3 ath.py
Introductory information will be displayed, then the screen will then give you choices for 1, testing, or 2, system admin. Option 3 will exit the program.
After selecting 1, you will be presented to choose a module to examine and test a pcap on. Follow number choices in order to determine how you want to test.
You can also choose system admin. You will need to input a username and password.
- INITIAL USERNAME: USNA
- INITIAL PASSWORD: 2021
Once access has been gained, you can view/edit, records, admins, and the IP blacklist.
- Sean Bowman - Group Leader
- Matt Ransom
- Ethan Dupre
- Brody Jenkins
- John Paul Post
viewRec.py
- allows user to records of testseditRec.py
- editing recordsviewAdmin.py
- viewing admin passwords and usernameseditAdmin.py
- editing admin accessviewBL.py
- viewing blacklisted IPseditBL.py
- editing blacklisted IPs
timing.py
- used for determining interpacket spacing of packetsIPAA.py
- feature extraction for port access attemptstesting.py
- used for selection of features, and general analytics
learning.py
- used to create a classifier model that will determine threatening behavior