Wiki
Clone wikiaiengine / VirtualCloudMalwareBasedDetectionPython
Virtual/Cloud malware based detection
Nowadays Data centers manage hundres of virtual machines/networls, On the following example we will configure the system for monitor malware domains on different virtual networks. Lets see how works:
import pyaiengine
def callback(flow): d = flow.dns_info if (d): print("Malware on ip %s domain %d network id %d" % (flow.src_ip,d.domain_name,flow.tag))
def loadUnwantedDomains(): dm = pyaiengine.DomainNameManager() dom = pyaiengine.DomainName("Facebook",".facebook.com") dm.add_domain_name(dom) dom = pyaiengine.DomainName("Google",".google.com") dm.add_domain_name(dom) # Add more common domains return dm
if __name__ == '__main__': st = pyaiengine.StackVirtual()
st.udp_flows = 1638400
st.set_domain_name_manager(loadBadDomains(),"DNSProtocol") st.set_domain_name_manager(loadUnwantedDomains(),"DNSProtocol", False)
with pyaiengine.PacketDispatcher("eth0") as pd: pd.stack = st pd.run()
Updated