![]() Pysharkfeat is open source and free to use under GPL V3 license. You are welcome to post a issue or feature request, or send email to the author License If a pcap has 100 TLS streams, the storage will be roughly 1.6MB. The feature file of a single TLS stream has approximately 16KB. Qakbot-infection-with-spambot-traffic.pcap Emotet-infection-with-Trickbot-traffic.pcap The following table shows some test results on a Mac OSX(CPU i5, 16GB RAM). Pysharkfeat is built on tshark, which may incur substantial overhead. 2021 - 01 - 04 - Emotet - infection - with - Trickbot - traffic. load ( f ) for feat in stream_feats : print ( " %s, stream_index: %s, byte dist entropy: %s " % ( feat, feat, feat )) # display stream index and byte distribution entropy features, and bd entropies are very close. join ( output_dir, "-Emotet-infection-with-Trickbot-traffic.json" ) f = open ( feat_file ) stream_feats = json. main_extract_pcaps_feat () print ( summary ) # read feature files feat_file = os. from pysharkfeat.featextractor import FeatureExtractor import json, os # specify pcaps and output dir pcap_dir = "./pcaps/-Emotet-infection-with-Trickbot-traffic.pcap" output_dir = "./output" extractor = FeatureExtractor ( pcap_path = pcap_dir, output_dir = output_dir ) summary = extractor. This code snippet can be found in tests/demo.py. There are several feature files in tests/output generated from pcaps at Malware Traffic Analysis, and you can immediately start analyzing them. Pysharkfeat can be used for machine learning research and threat analysis. Environmentįor Windows, make sure tshark can be called by command line by adding tshark to the environment path. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |