├── README.md
├── atu(simple).py
└── atu.py


/README.md:
--------------------------------------------------------------------------------
 1 | # Cyber security System Analysis Tcp Udp
 2 | 
 3 | ## Description
 4 | This project implements a cybersecurity system for detecting anomalies and intrusions in network traffic. It utilizes machine learning models, network monitoring tools, and intrusion detection systems to monitor and respond to security threats in real-time.
 5 | 
 6 | ## Features
 7 | - Network anomaly detection using machine learning models
 8 | - Integration with Snort and Zeek for intrusion detection
 9 | - Automated response mechanisms for handling security threats
10 | - Real-time monitoring and logging of network 
11 | 
12 | ## Usage
13 | 1. Initialize the cybersecurity system:
14 |    ```bash
15 |    python atu.py
16 |    ```
17 | 2. Monitor network traffic and detect anomalies:
18 |    - The system will start detecting intrusions based on alerts and logs from Snort and Zeek.
19 |    - Anomalies in network traffic will be detected using machine learning models.
20 | 
21 | ## Configuration
22 | - Modify the `config.py` file to customize settings such as model parameters and response actions.
23 | - Ensure that the `send_alert()` function is configured to handle alerts appropriately.
24 | 
25 | ## Contributing
26 | Contributions are welcome! If you'd like to contribute to this project, please follow these steps:
27 | 1. Fork the repository
28 | 2. Create a new branch (`git checkout -b feature`)
29 | 3. Make your changes
30 | 4. Commit your changes (`git commit -am 'Add new feature'`)
31 | 5. Push to the branch (`git push origin feature`)
32 | 6. Create a new Pull Request
33 | 
34 | ## License
35 | This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
36 | 
37 | ## Acknowledgements
38 | - [Scapy](https://scapy.net/) - For network packet manipulation
39 | - [Snort](https://www.snort.org/) - For intrusion detection
40 | - [Zeek](https://www.zeek.org/) - For network security 
41 | 


--------------------------------------------------------------------------------
/atu(simple).py:
--------------------------------------------------------------------------------
 1 | from scapy.all import *
 2 | import threading
 3 | from sklearn.ensemble import IsolationForest
 4 | import numpy as np
 5 | 
 6 | # Global variables for storing features and model
 7 | features = []
 8 | model = IsolationForest(contamination=0.05)
 9 | 
10 | # Function to process packets and extract features
11 | def process_packet(packet):
12 |     if IP in packet:
13 |         if TCP in packet:
14 |             features.append([packet[IP].len, packet[TCP].sport, packet[TCP].dport])
15 |         elif UDP in packet:
16 |             features.append([packet[IP].len, packet[UDP].sport, packet[UDP].dport])
17 | 
18 | # Function to train the anomaly detection model
19 | def train_model():
20 |     global model
21 |     X_train = np.array(features)
22 |     model.fit(X_train)
23 | 
24 | # Function to monitor traffic and detect anomalies
25 | def traffic_monitor():
26 |     sniff(filter="(tcp or udp)", prn=process_packet)
27 |     train_model()
28 | 
29 | # Function to send alerts
30 | def send_alert(alert_type, description):
31 |     print(f"Alert: {alert_type} - {description}")
32 | 
33 | # Start a separate thread to monitor traffic and train the model
34 | traffic_thread = threading.Thread(target=traffic_monitor)
35 | traffic_thread.start()
36 | 
37 | # Function to detect anomalies in real-time traffic
38 | def detect_anomalies(packet):
39 |     global model
40 |     if IP in packet:
41 |         if TCP in packet:
42 |             features_test = [[packet[IP].len, packet[TCP].sport, packet[TCP].dport]]
43 |             y_pred = model.predict(features_test)
44 |             if y_pred[0] == -1:
45 |                 send_alert("Anomaly detected", f"Possible malicious TCP connection from {packet[IP].src} to {packet[IP].dst}")
46 |         elif UDP in packet:
47 |             features_test = [[packet[IP].len, packet[UDP].sport, packet[UDP].dport]]
48 |             y_pred = model.predict(features_test)
49 |             if y_pred[0] == -1:
50 |                 send_alert("Anomaly detected", f"Possible malicious UDP connection from {packet[IP].src} to {packet[IP].dst}")
51 | 
52 | # Start sniffing in real-time and detect anomalies
53 | sniff(filter="(tcp or udp)", prn=detect_anomalies)
54 | 


--------------------------------------------------------------------------------
/atu.py:
--------------------------------------------------------------------------------
 1 | import threading
 2 | from scapy.all import *
 3 | from sklearn.ensemble import IsolationForest
 4 | import numpy as np
 5 | from machine_learning_models import *
 6 | from snort import Snort
 7 | import zeek
 8 | 
 9 | # Global variables
10 | network_model = None
11 | snort_alerts = []
12 | zeek_logs = []
13 | 
14 | def setup_intrusion_detection():
15 |     """Set up intrusion detection systems."""
16 |     global snort_alerts, zeek_logs
17 |     snort = Snort()
18 |     zeek_monitor = zeek.Zeek()
19 |     snort.start()
20 |     zeek_monitor.start()
21 | 
22 | def train_network_model():
23 |     """Train the network anomaly detection model."""
24 |     global network_model
25 |     network_model = train_network_anomaly_detection_model()
26 | 
27 | def train_ids_model():
28 |     """Train the intrusion detection system model."""
29 |     global snort_alerts, zeek_logs
30 |     return train_ids_model(snort_alerts, zeek_logs)
31 | 
32 | def initialize_system():
33 |     """Initialize the cybersecurity system."""
34 |     setup_intrusion_detection()
35 |     train_network_model()
36 |     train_ids_model()
37 | 
38 | def detect_anomalies(packet):
39 |     """Detect anomalies in network traffic."""
40 |     global network_model
41 |     if IP in packet:
42 |         if TCP in packet:
43 |             features_test = [[packet[IP].len, packet[TCP].sport, packet[TCP].dport]]
44 |             y_pred = network_model.predict(features_test)
45 |             if y_pred[0] == -1:
46 |                 automated_response_mechanism()
47 |                 send_alert("Anomaly detected", f"Possible malicious TCP connection from {packet[IP].src} to {packet[IP].dst}")
48 |         elif UDP in packet:
49 |             features_test = [[packet[IP].len, packet[UDP].sport, packet[UDP].dport]]
50 |             y_pred = network_model.predict(features_test)
51 |             if y_pred[0] == -1:
52 |                 automated_response_mechanism()
53 |                 send_alert("Anomaly detected", f"Possible malicious UDP connection from {packet[IP].src} to {packet[IP].dst}")
54 | 
55 | def detect_intrusions():
56 |     """Detect intrusions based on alerts and logs."""
57 |     global snort_alerts, zeek_logs
58 |     while True:
59 |         if snort_alerts:
60 |             alert = snort_alerts.pop(0)
61 |             automated_response_mechanism()
62 |             send_alert("Intrusion detected", f"Snort alert: {alert}")
63 |         if zeek_logs:
64 |             log = zeek_logs.pop(0)
65 |             automated_response_mechanism()
66 |             send_alert("Intrusion detected", f"Zeek log: {log}")
67 | 
68 | # Initialize the system
69 | initialize_system()
70 | 
71 | # Start detecting intrusions
72 | threading.Thread(target=detect_intrusions).start()
73 | 
74 | # Start sniffing network traffic and detect anomalies
75 | sniff(filter="(tcp or udp)", prn=detect_anomalies)
76 | 


--------------------------------------------------------------------------------