Skip to content

Commit

Permalink
deploy: b1a3754
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlirezaDehlaghi
AlirezaDehlaghi committed Jan 23, 2024
0 parents commit ae1bf5f
Show file tree
Hide file tree
Showing 51 changed files with 5,701 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .buildinfo
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Sphinx build info version 1
# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
config: 62067277e1d30a8c93d784005608bccd
tags: 645f666f9bcd5a90fca523b33c5a78b7
Binary file added .doctrees/api.doctree
Binary file not shown.
Binary file added .doctrees/environment.pickle
Binary file not shown.
Binary file added .doctrees/index.doctree
Binary file not shown.
Binary file added .doctrees/readme_copy.doctree
Binary file not shown.
Empty file added .nojekyll
Empty file.
20 changes: 20 additions & 0 deletions _sources/api.md.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# API reference

This page is under development!
## Helper Class

```{eval-rst}
.. automodule:: Helper
:members:
:show-inheritance:
```

## ICSFlowGenerator Class

```{eval-rst}
.. autoclass:: ICSFlowGenerator.ICSFlowGenerator
:imported-members:
:members:
:undoc-members:
:show-inheritance:
```
14 changes: 14 additions & 0 deletions _sources/index.rst.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
.. Example documentation master file, created by
sphinx-quickstart on Sat Sep 23 20:35:12 2023.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
Welcome to ICSFLow's documentation!
===================================

.. toctree::
:maxdepth: 2
:caption: Contents:

readme_copy.md
api.md
79 changes: 79 additions & 0 deletions _sources/readme_copy.md.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@

# ICSFLowGenerator in Docs

This is tool for offline and online processing of network packets and creating network flows.



## Capabilities
Reading packets could be done in two modes
* offline from PCAP file
* online sniffing of LAN

We can annotate data using True labels or predicted labels
* Ture Labels: proving attack history log files, it can detect which flows are malicious
* Predicated Labels: We could also try to analyze network flows with pretrained model and predict its anomality.


## Arguments
positional arguments: <action:sniff|convert>
Choose online sniffing of a LAN or offline converting
PCAP file

options:
-h, --help show this help message and exit
--source <source file or LAN name>>
In online sniffing provide <LAN name> and in offline
converting provide <PCAP file>
--interval interval in seconds
interval to compute flows
--attacks attack log csv file address
attack file address for finding true flows' label
--predictor model address of pre trained ml model to classify incoming
flows
--target_stream <Stream address>
Target server address to stream out network flows
--target_file <csv file name>
csv file to output


## Sample runtime arguments
1) sniffing from Wi-Fi lan without annotation and writing flows to file:
```
sniff --source Wi-Fi --interval 0.5 --target_file output/sniffed.csv
```


2) offline generating of network flows from PCAP file with True label annotation and writing flows to file::
```
Convert
--source input/traffic.pcap
--interval 0.5
--attacks input/attacker_machine_summary.csv
--target_file output/sniffed.csv
```

3) offline generating of network flows from PCAP file with True label annotation and prediction and writing flows to file:
```
Convert
--source input/traffic.pcap
--interval 0.5
--attacks input/attacker_machine_summary.csv
--predictor input/predict_model.joblib
--target_file output/sniffed.csv
```
or
```
Convert --source input/traffic.pcap --interval 0.5 --attacks input/attacker_machine_summary.csv --target_file output/sniffed.csv
```

4) offline generating of network flows from PCAP file with True label annotation and prediction and sending them to both target file and MQTT server with credential:
```
Convert
--source input/traffic.pcap
--interval 0.5
--attacks input/attacker_machine_summary.csv
--predictor input/predict_model.joblib
--target_file output/sniffed.csv
--target_connection sample_connection.txt
```
123 changes: 123 additions & 0 deletions _static/_sphinx_javascript_frameworks_compat.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
/* Compatability shim for jQuery and underscores.js.
*
* Copyright Sphinx contributors
* Released under the two clause BSD licence
*/

/**
* small helper function to urldecode strings
*
* See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL
*/
jQuery.urldecode = function(x) {
if (!x) {
return x
}
return decodeURIComponent(x.replace(/\+/g, ' '));
};

/**
* small helper function to urlencode strings
*/
jQuery.urlencode = encodeURIComponent;

/**
* This function returns the parsed url parameters of the
* current request. Multiple values per key are supported,
* it will always return arrays of strings for the value parts.
*/
jQuery.getQueryParameters = function(s) {
if (typeof s === 'undefined')
s = document.location.search;
var parts = s.substr(s.indexOf('?') + 1).split('&');
var result = {};
for (var i = 0; i < parts.length; i++) {
var tmp = parts[i].split('=', 2);
var key = jQuery.urldecode(tmp[0]);
var value = jQuery.urldecode(tmp[1]);
if (key in result)
result[key].push(value);
else
result[key] = [value];
}
return result;
};

/**
* highlight a given string on a jquery object by wrapping it in
* span elements with the given class name.
*/
jQuery.fn.highlightText = function(text, className) {
function highlight(node, addItems) {
if (node.nodeType === 3) {
var val = node.nodeValue;
var pos = val.toLowerCase().indexOf(text);
if (pos >= 0 &&
!jQuery(node.parentNode).hasClass(className) &&
!jQuery(node.parentNode).hasClass("nohighlight")) {
var span;
var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg");
if (isInSVG) {
span = document.createElementNS("http://www.w3.org/2000/svg", "tspan");
} else {
span = document.createElement("span");
span.className = className;
}
span.appendChild(document.createTextNode(val.substr(pos, text.length)));
node.parentNode.insertBefore(span, node.parentNode.insertBefore(
document.createTextNode(val.substr(pos + text.length)),
node.nextSibling));
node.nodeValue = val.substr(0, pos);
if (isInSVG) {
var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect");
var bbox = node.parentElement.getBBox();
rect.x.baseVal.value = bbox.x;
rect.y.baseVal.value = bbox.y;
rect.width.baseVal.value = bbox.width;
rect.height.baseVal.value = bbox.height;
rect.setAttribute('class', className);
addItems.push({
"parent": node.parentNode,
"target": rect});
}
}
}
else if (!jQuery(node).is("button, select, textarea")) {
jQuery.each(node.childNodes, function() {
highlight(this, addItems);
});
}
}
var addItems = [];
var result = this.each(function() {
highlight(this, addItems);
});
for (var i = 0; i < addItems.length; ++i) {
jQuery(addItems[i].parent).before(addItems[i].target);
}
return result;
};

/*
* backward compatibility for jQuery.browser
* This will be supported until firefox bug is fixed.
*/
if (!jQuery.browser) {
jQuery.uaMatch = function(ua) {
ua = ua.toLowerCase();

var match = /(chrome)[ \/]([\w.]+)/.exec(ua) ||
/(webkit)[ \/]([\w.]+)/.exec(ua) ||
/(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) ||
/(msie) ([\w.]+)/.exec(ua) ||
ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) ||
[];

return {
browser: match[ 1 ] || "",
version: match[ 2 ] || "0"
};
};
jQuery.browser = {};
jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true;
}
Loading

0 comments on commit ae1bf5f

Please sign in to comment.