Machine learning is used to detect whether a packet or packets are part of a DDoS attack.
Currently, the model can only give a probability on a general DDoS attack.
Required packages:
- pip install kamene
- conda install keras
- conda install scikit-learn
Steps to add a new dataset:
- Create new directory in ./Datasets, with the name being anything you'd like.
- Add sequence of pcap files to the new directory
- Add a .csv in ./Labels, which will have our labels.
- Each row in this csv will correspond to each packet in all of the pcap files.
- Columns:
- source
- source_port
- destination
- destination_port
- protocol
- timestamp
- label ("BENIGN" for non-DDoS packet, and "DDoS" for DDoS packet)
- Example rows:
- 172.16.0.1-192.168.10.50-33136-80-6,172.16.0.1,33136,192.168.10.50,80,6,5/7/2017 10:48,DoS Hulk
- 192.168.10.14-216.58.219.226-51676-443-6,192.168.10.14,51676,216.58.219.226,443,6,5/7/2017 10:49,BENIGN
- 172.16.0.1-192.168.10.50-33132-80-6,172.16.0.1,33132,192.168.10.50,80,6,5/7/2017 10:48,DoS Hulk
- 172.217.12.161-192.168.10.14-443-51701-6,192.168.10.14,51701,172.217.12.161,443,6,5/7/2017 10:49,BENIGN
- 172.217.12.164-192.168.10.14-443-51688-6,192.168.10.14,51688,172.217.12.164,443,6,5/7/2017 10:49,BENIGN
- 172.16.0.1-192.168.10.50-33144-80-6,172.16.0.1,33144,192.168.10.50,80,6,5/7/2017 10:48,DoS Hulk
- 172.16.0.1-192.168.10.50-33138-80-6,172.16.0.1,33138,192.168.10.50,80,6,5/7/2017 10:48,DoS Hulk
- 172.16.0.1-192.168.10.50-33142-80-6,172.16.0.1,33142,192.168.10.50,80,6,5/7/2017 10:48,DoS Hulk
- Run Main.py
- Choose to calculate labels for new dataset.