Python Machine Learning Threat Hunting with Wireshark

 Wireshark is an app that captures live network traffic. All activities in a pc that is connected to a network has to send and receive data over the network. Viruses nowadays often originates from websites. but wireshark does not only scans network traffic, it can also check USB traffic. To understand the network traffic, a solid understanding of the OSI model is a must.

As a beginning, malwares are often get downloaded using the HTTP protocol, So to analyze the packets inside it, it should be downloaded from wireshark and upload this file at Virustotal.com for further analysis.

This project will be a python program to gather network packets and save it to a pcap file and submit this file to virustotal.com using their api for virus detection, this will be our raw data to discover patterns using keras/tensorflow.

Capturing Network Packets

I used TSHARK(an application that gets installed when Wireshark is installed) to capture network packets from the command line, and for example, I need to capture packets in 10 seconds over the wifi network and save the captured packets to file, I would use the following python code:

import os
os.system('cmd /c "tshark -i 3 -w packet_log.pcap -a duration:10"')

 

....(to be continued)

A simple face Detection Program with Python and Opencv

A face detection program will enable a user to have another eye. Imagine how a machine will be able to see face and tells you that it saw a face by either alerting you or saving the face in the form of an image for you to view later among other things.

A lot of people may ask how does the program identify a face among billions of possible objects that may be present in that image. The answer is using the image as unstructured data and programmers use machine learning algorithms. Of course initially, the programmer identify the basic characteristics of a face, like answering the question "what are the basic features of a face?", "what is it composed of?", and the list goes on, and on, and on until they introduce an image with a face, and the program checks it and using statistical methods from an initial data, like eyes has to be always 2 and it records the distance between the 2 eyes, distance between the eye and the nose, and the mouth, and so on. The program also identifies certain data points on the face and record the distance between data points.

 

 That is just for a start, the machine learning algorithm needs a lot of images to train itself. These algorithms are thoroughly discussed in Data Science courses so I wont be discussing the full details of the algorithms.

However, not every programmers need to create their face detection program from scratch because the training activities could be saved to a file and can be shared  to other programmers who are interested to use the file for other meaningful applications and ultimately make the world a better place.

Having said that, in python, there is a library called opencv that lets programmers create face detection programs without starting from scratch. And that is the main topic of this post.

Subscribe to: Comments (Atom)