The project report is available in the report.md file and
the jupyter notebooks are available in the nbs directory. The
core) /nbs/00_core.ipynb contains the core
functionality of the project.
From the home directory of the project the python package can be installed using the following command:
pip install -e .
The python package included in this repo mdetect also defines three
command line scripts which can be used to run the project from the
command line. These scripts are defined in the 01_cli.ipynb notebook
and are as follows:
malware-train: Train a model on a set of PCAP files, this will run the training loop given paths to directories containing the PCAP files for malware and benign samples. The model is saved to a pickle file and can be used for prediction (malware-predict).malware-transform: Transform a set of PCAP files into a set of features which can be used for classification. This just performs the feature engineering step and saves the features CSV files for the flows provided alongside labels for the flows.malware-predict: Predict the labels for a set of flows using a trained model. This will load a model from a pickle file and then use the model to predict the labels for the flows provided. Currently this script prints the number of malware flows identified in the file and the total number of flows in the file.
Each of these scripts can be run with the --help flag to get more
information on the arguments required. This report is a high level
overview of the project and the notebooks contain more detailed
information on the implementation of the project.
To run the project on some included PCAP files (after doing a pip install -e .) the following commands can be used (from the home directory of the project):
malware-train --malware ./data/malware --benign ./data/benign
malware-transform --malware ./data/malware --benign ./data/benign
malware-predict --data ./data/test/benign/output_2.pcap --model ./inference.pkl