Merge pull request #400 from Pranav0-0Aggarwal/master

Implemented an AI based DDos defender
OWASP · Apr 2, 2023 · 3fb1770 · 3fb1770
2 parents f26acfc + a6ad8a0
commit 3fb1770
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 0 deletions.
diff --git a/AI DDOS DEFENDER/AI_DDOS.py b/AI DDOS DEFENDER/AI_DDOS.py
@@ -0,0 +1,47 @@
+import pyshark
+import keras
+import numpy as np
+import logging
+
+# create logger object
+logger = logging.getLogger(__name__)
+logger.setLevel(logging.INFO)
+console_handler = logging.StreamHandler()
+console_handler.setLevel(logging.INFO)
+formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+console_handler.setFormatter(formatter)
+logger.addHandler(console_handler)
+
+interface = "eth0"
+host_ip="192.168.0.1"
+capture_filter = f"host {host_ip}"
+feature_names = ['ip.src', 'frame.len', 'ip.hdr_len', 'ip.len', 'ip.flags.rb', 'ip.flags.df', 'p.flags.mf', 'ip.frag_offset',       
+                 'ip.ttl', 'ip.proto', 'tcp.srcport', 'tcp.dstport',       
+                 'tcp.len', 'tcp.ack', 'tcp.flags.res', 'tcp.flags.ns', 'tcp.flags.cwr',       
+                 'tcp.flags.ecn', 'tcp.flags.urg', 'tcp.flags.ack', 'tcp.flags.push',       
+                 'tcp.flags.reset', 'tcp.flags.syn', 'tcp.flags.fin', 'tcp.window_size',       
+                 'tcp.time_delta']
+model_path = "brnn_model.h5"
+model = keras.models.load_model(model_path)
+suspicious_ips = set()
+
+capture = pyshark.LiveCapture(interface=interface, display_filter=capture_filter)
+for packet in capture.sniff_continuously():
+    features = [getattr(packet, feature_name) for feature_name in feature_names]
+    x = np.array(features[1:]).reshape(1, -1)  # Skip the first feature (IP address)
+    prediction = model.predict(x)
+    tcp_header = packet.tcp
+    src_port = tcp_header.srcport
+    dst_port = tcp_header.dstport
+    seq_num = tcp_header.seq
+    ack_num = tcp_header.ack
+
+    if prediction[0] == 1:
+        suspicious_ips.add(features[0])
+        logger.info("Suspicious IP detected: %s", features[0])
+        # Send RST packet to source IP
+        ip_packet = IP(dst=host_ip, src=features[0])
+        tcp_packet = TCP(dport=src_port, sport=dst_port, flags="R", seq=seq_num, ack=ack_num)
+        rst_packet = ip_packet/tcp_packet
+        send(rst_packet)
+        logger.info("RST packet sent to %s", features[0])
diff --git a/AI DDOS DEFENDER/README.md b/AI DDOS DEFENDER/README.md
@@ -0,0 +1,22 @@
+# DDOS AI DEFENDER
+
+This Python code uses machine learning to detect suspicious IP addresses that may be attempting to perform network intrusion on a specified host IP address. It uses Pyshark to capture live network packets and Keras to load a pre-trained Bidirectional Recurrent Neural Network (BRNN) model that has been trained to classify network traffic as either normal or suspicious.
+
+
+## Features
+- [X] Detects for network anomolies.
+- [X] Disconnects the suspected IP.
+
+
+## Usage
+
+1. Install the required packages using the command `pip install -r requirements.txt`.
+2. Update the `interface`, `host_ip`, `capture_filter`, variables in the code according to your specific network configuration.
+3. Run the code using the command `python network_intrusion_detection.py`.
+4. The code will continuously capture live network packets and classify them as normal or suspicious based on the loaded BRNN model.
+5. If a suspicious IP address is detected, a RST packet will be sent to the IP address to terminate the connection.
+
+
+## Credits
+
+The BRNN model used in this code was trained and provided by [santhisenan](https://github.com/santhisenan/DeepDefense)
diff --git a/AI DDOS DEFENDER/brnn_model.h5 b/AI DDOS DEFENDER/brnn_model.h5
diff --git a/AI DDOS DEFENDER/requirements.txt b/AI DDOS DEFENDER/requirements.txt
@@ -0,0 +1,3 @@
+pyshark==0.4.3.2
+keras==2.6.0
+numpy==1.19.5