diff options
| author | 姜萍 <[email protected]> | 2022-05-29 17:59:26 +0800 |
|---|---|---|
| committer | 姜萍 <[email protected]> | 2022-05-29 17:59:26 +0800 |
| commit | 9f0f12ed28357ae167cb9aab3a614da0f8cd4bab (patch) | |
| tree | 0eac2d3fbfc11e7639b9a0254a8c24d8a43bd8f2 /model | |
initmaster
Diffstat (limited to 'model')
21 files changed, 537 insertions, 0 deletions
diff --git a/model/.DS_Store b/model/.DS_Store Binary files differnew file mode 100644 index 0000000..48c8a60 --- /dev/null +++ b/model/.DS_Store diff --git a/model/DBhelper.py b/model/DBhelper.py new file mode 100644 index 0000000..476e5c2 --- /dev/null +++ b/model/DBhelper.py @@ -0,0 +1,163 @@ +import mysql.connector +import sys + + +class DBhelper(object): + """ + 可能的问题: + 每次进行连接会不会造成时延呢? + 这里没有进行关闭喔 + 一条数据一条数据的更新效率可能不高 + """ + def __init__(self, host='localhost', port=3306, user='root', + database="test"): # 构造函数 + self.tablename = 'flow_feature' + try: + self.conn = mysql.connector.connect(user='root', host='localhost',password='password', + database='packetin_flow',buffered=True) + + self.cursor = self.conn.cursor() + print('Connected', self.conn) + self.cursor.execute("SHOW TABLES") + except Exception as e: + print(e) + print('gg!') + + def create_table(self): + print('Init table', self.tablename) + self.cursor.execute("DROP TABLE IF exists %s" % self.tablename) + self.cursor.execute("""CREATE TABLE %s ( + `id` INT unsigned NOT NULL AUTO_INCREMENT, + `ipSet` varchar(128) NOT NULL, + `dst_port` INT NOT NULL, + `src_port` INT NOT NULL, + `flags` INT NOT NULL, + `window_size` INT NOT NULL, + `reason` INT NOT NULL, + `in_port` INT NOT NULL, + `min_len` INT NOT NULL, + `max_len` INT NOT NULL, + `means_len` FLOAT NOT NULL, + `pcapnum` INT NOT NULL, + `tagY` INT NOT NULL, + PRIMARY KEY (`id`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8""" % self.tablename) + return 1 + + def delete_table(self): + print('Delete table', self.tablename) + self.cursor.execute("DROP TABLE IF EXISTS %s" % self.tablename) + return 1 + + def execute(self, sql): + self.cursor.execute(sql) + rowcount = self.cursor.rowcount + return rowcount + + def get_ipset_value(self, ipSet): + """ + 查询函数 + :param ipSet: 传入的是一个tuple类型的ipset + :return: 返回对应的dict,如果有多条记录只返回一条,如果查询失败返回0 + """ + ipSet_str = ' '.join(ipSet) + sql = """select * from %s where ipSet='%s' limit 1""" % (self.tablename, ipSet_str) + try: + # 执行SQL语句 + self.cursor.execute(sql) + # 使用 fetchone() 方法获取单条数据. + data = self.cursor.fetchone() + except: + # 发生错误时回滚 + print('select error, now rollback...') + self.conn.rollback() + return 0 + this_feature = list(data) + this_feature.pop(0) # 把id和ipSet删了 + this_feature.pop(0) + return {ipSet: this_feature} + + def judgeIPset(self, ipSet): + # select 1 from tablename where col = 'col' limit 1 + # select isnull((select top(1) 1 from %s where `ipSet`=%s), 0) + ipSet_str = ' '.join(ipSet) + sql = """ + select * from %s where ipSet = '%s' limit 1 + """ % (self.tablename, ipSet_str) + out = self.cursor.execute(sql) + out = self.cursor.rowcount # 不知为何用execute的out不行 + if out: + print('ipSet in database.') + else: + print('Not in database, now insert...') + return out + + def insert(self, ipSet, feature_list): + """ + 插入数据进mysql + :param ipSet: + :param feature_list: 传入的数据是处理好pcapnum和tagY的 + :return: 0失败 1成功 + """ + ipSet_str = ' '.join(ipSet) + sql = """ + INSERT INTO {0} + (ipSet, dst_port, src_port, flags, window_size, + reason, in_port, min_len, max_len, means_len, pcapnum, tagY) + VALUES + (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) + """.format(self.tablename) + values = (ipSet_str,) + tuple(feature_list) + try: + self.cursor.execute(sql, values) + self.conn.commit() + print(self.cursor.rowcount, 'Insert successful', self.cursor.lastrowid) + # self.cursor.close() + # self.conn.close() + return self.cursor.lastrowid + except: + # Rollback in case there is any error + print('Insert error, now rollback...') + self.conn.rollback() + return 0 + + def update(self, feature_list, ipSet): + """ + 数据库中本身存在,更新预测结果 + :param feature_list: 传入一个list,已经更新好的喔 + :param ipSet + :return: + """ + ipSet_str = ' '.join(ipSet) + sql = """ + UPDATE {0} SET + `ipSet` = %s, `dst_port` = %s, `src_port` = %s, `flags` = %s, `window_size` = %s, + `reason` = %s, `in_port` = %s, `min_len` = %s, `max_len` = %s, `means_len` = %s, + `pcapnum` = %s, `tagY` = %s + where ipSet='{1}' + """.format(self.tablename, ipSet_str) + values = (ipSet_str,) + tuple(feature_list) + try: + self.cursor.execute(sql, values) + self.conn.commit() + return 1 + except: + # Rollback in case there is any error + print('更新失败,要哭了') + self.conn.rollback() + return 0 + + +if __name__ == '__main__': + """ + 需要先打开mysql服务,并确保有database名为packetin_flow + 在执行packetinpredict的时候,需要先建表 + mydb.create_table() + """ + mydb = DBhelper() + mydb.create_table() + out = mydb.execute(""" + select * from flow_feature where ipSet = '188.42.254.65 10.0.2.107' limit 1 + """) + print('rowcount: ', mydb.cursor.rowcount) + # mydb.delete_table() diff --git a/model/DT.model b/model/DT.model Binary files differnew file mode 100644 index 0000000..040d4cd --- /dev/null +++ b/model/DT.model diff --git a/model/GNB.model b/model/GNB.model Binary files differnew file mode 100644 index 0000000..070dbfa --- /dev/null +++ b/model/GNB.model diff --git a/model/KN.model b/model/KN.model Binary files differnew file mode 100644 index 0000000..80ef4bc --- /dev/null +++ b/model/KN.model diff --git a/model/LR.model b/model/LR.model Binary files differnew file mode 100644 index 0000000..f46ac0b --- /dev/null +++ b/model/LR.model diff --git a/model/LightGBM.model b/model/LightGBM.model Binary files differnew file mode 100644 index 0000000..e88b3c0 --- /dev/null +++ b/model/LightGBM.model diff --git a/model/RF.model b/model/RF.model Binary files differnew file mode 100644 index 0000000..3227608 --- /dev/null +++ b/model/RF.model diff --git a/model/SVM.model b/model/SVM.model Binary files differnew file mode 100644 index 0000000..00a21c8 --- /dev/null +++ b/model/SVM.model diff --git a/model/__pycache__/DBhelper.cpython-36.pyc b/model/__pycache__/DBhelper.cpython-36.pyc Binary files differnew file mode 100644 index 0000000..a7f9c88 --- /dev/null +++ b/model/__pycache__/DBhelper.cpython-36.pyc diff --git a/model/__pycache__/benign_packetpredict.cpython-36.pyc b/model/__pycache__/benign_packetpredict.cpython-36.pyc Binary files differnew file mode 100644 index 0000000..3f9caa5 --- /dev/null +++ b/model/__pycache__/benign_packetpredict.cpython-36.pyc diff --git a/model/__pycache__/packet_predict.cpython-36.pyc b/model/__pycache__/packet_predict.cpython-36.pyc Binary files differnew file mode 100644 index 0000000..9e06fff --- /dev/null +++ b/model/__pycache__/packet_predict.cpython-36.pyc diff --git a/model/__pycache__/packetpredict.cpython-36.pyc b/model/__pycache__/packetpredict.cpython-36.pyc Binary files differnew file mode 100644 index 0000000..f883aa0 --- /dev/null +++ b/model/__pycache__/packetpredict.cpython-36.pyc diff --git a/model/__pycache__/packetpredict_db.cpython-36.pyc b/model/__pycache__/packetpredict_db.cpython-36.pyc Binary files differnew file mode 100644 index 0000000..fec8018 --- /dev/null +++ b/model/__pycache__/packetpredict_db.cpython-36.pyc diff --git a/model/benign_packetpredict.py b/model/benign_packetpredict.py new file mode 100644 index 0000000..ff5e4d2 --- /dev/null +++ b/model/benign_packetpredict.py @@ -0,0 +1,75 @@ +# -*- coding: utf-8 -*- +from keras.models import load_model +from keras.preprocessing.sequence import pad_sequences +import numpy as np +import sys +import os + +os.environ['KMP_DUPLICATE_LIB_OK'] = 'True' + +max_len = 100 + +lstm_model = 'model/lstm_packetpre.h5' # lstm参数更多,准确率更高 +mlp_model = 'model/mlp_packetin_model.h5' # mlp参数少一点,速度更快 + + +class BenignPacketData(object): + """ + 目的:用单个包(不是流)对10种良性应用进行分类,只能针对这10种 + 注意:调用的时候如果与预期不符,则多半是编码问题。检测self.data看看与输入是否一致 + 对应关系如下 + 0 Facetime + 1 BitTorrent + 2 WorldOfWarcraft + 3 FTP + 4 MySQL + 5 Skype + 6 SMB + 7 Gmail + 8 Weibo + 9 Outlook + """ + def __init__(self, msg, modelpath=mlp_model): + self.data = self.getdata(msg) + self.model = load_model(modelpath) + self.lable_list = ['Facetime', 'BitTorrent', 'WorldOfWarcraft', 'FTP', 'MySQL', + 'Skype', 'SMB', 'Gmail', 'Weibo', 'Outlook'] + + def getdata(self, msg): + # s = str(msg.split(",")[6].encode('utf-8')).split("=")[1].strip("'").strip('"') + msg = str(msg.encode('raw_unicode_escape')).strip('b\'') + s = msg.split(",")[6].split("=")[1].strip("'").strip('"') + data = [int(hex(x), 16) for x in bytes(s, encoding="utf-8")] + return data + + def predict(self): + x_data = np.array(self.data) + x_data = x_data.flatten()[None] # 变成这样[[]] + x_train = pad_sequences(x_data, maxlen=max_len) + # x_train = pad_sequences(x_data, maxlen=max_len, padding='post', truncating='post') + predict = self.model.predict(x_train) + # predict_classes = self.model.predict_classes(x_train) + # print('classes: ', predict_classes) + predict = np.argmax(predict) + return predict + + def predict_classes(self): + num = self.predict() + return self.lable_list[int(num)] + + +if __name__ == '__main__': + # Outlook: 9 + line1 = "version=0x4,msg_type=0xa,msg_len=0x5ed,xid=0x0,OFPPacketIn(buffer_id=4294967295,cookie=0,data='\x02\x1a\xc5\x01\x00\x00\x02\x1a\xc5\x02\x00\x00\x08\x00E\x00\x05\xb1\xc3\x00@\x00 \x06Lw\x01\x025*\x01\x01\x0e\xa3\x01\xbb\x85\xe5ur\xfb\xce \xea71\x80\x18T\xd8\xd4\xd6\x00\x00\x01\x01\x08\n\x1e\xb5QU\r=\x07\x8a\x17\x03\x00\x05x^\xaa^a\xdb\x89v\xa9p\x80\x01\x82\x04j\xe9{4\x18w\xfaf\xfd\xe6\xe2sh;F\x07\xa0a`\xf4\x14\xab!\xa2Vg\xd8\xb0_9$vMD4\xd96\xea\x1d\x08hf\xc9\xe6\x90\xaenwE\xb6Km/\xad\x17\xee]\xaf\xb8\x19\x1fla\x10\x99*a\xc4!#\x14}\xedV\xd3\xf8\xffy\xe5\xddG\'\x05\xb6\x85\xf2\x86X\xd8.\x96\x97\x10O\xd8\xda\xbcPJW\x19k\x08\xad\xeco\xd5\xbb|X\xb6\x90\xab,\xc3\\\x0c[\xd2\x15\x83\xf2-\xe2(8\x1fq\xf6Ovj\'>\xedV( \x93\x93\x80t\x1c{\xcd\xecj\x98\x8e\x863\x17.@65=\xa9\x100\x91\x06\xfc\xea\xab\xbb\x12L\\q d\x1d\xd9\xb1\xd5\xcb\xc1\xae\xab\xe1p\xb6\xb2\xaf\xf9\xd4}$\x16\xc8n}\xccs\xfe\x10\x00\x7f\xba\xd4\xea\xd4\xa6\x83m@7\xc0+\xe9\xc5\x8bb<5\x9f\x92\xce\xae\x1b2j^P\x8e\xa6\x9a\x14O\xf3\xbc\x12p\xf1""\xd5u\xa9/_\x13\xc2\xf1\xb3\xa3R\x8d\xbd(Q}d@\xa6+\xd7\x85\x91H\xb2l\x0e\x1a\xb5(\xefj?6\xf1\xf4\x81n:\x94\xedn0\x94+\x03L\x82\x06\xb9\x8d\xaa\x08&\x03m\xa4!G\xc5\x80\x1bQv\x03n+\xd1\x98)\xe4\xb7\xd1\xadm\x15w\xbe5A\xa0_Uer)k\xcfS\x02\xf3n\x0b\xfbs\xe1B\xf0i\xf3\xabu\x16\xb6F""\xd2\xee\xf90\xe5\x133\xa4\xdd\x81\xf1wr\x94\xfc%1d\xaf]\xa0E\x99G\x8a\xe4\x9e\x0e\x1b\xe7""\xa57\xf7\xdd[\xe1V$\xf7\xd8\xf8\xe3\x82\xf3\xd8\xbd\xfdT\xbf\x94\xaa\xae\x97\xa1\x1d\xcb\xf9\'\xce\x82x\xc3\x81\xa0\xa7X1\x1b\xacVW\xcc\xfd\xc44\x96\xf5\x15R\xf1}_\t\xc4\xc20*2\xa9\xcf\xad\x7f\xfd\xb5\x83\xcf\xeaB\x05\xf2\xacq\xfft\xfe|L(U\xcc\xe6Lq\xd5\x9fCe\x1ec\x8b\xbc\xdbzr:\xab\xa2;\x1a\xa7\xe8\x9e\xdcf1Ig\xfe\x86%\xf6)\x80\x9c\xbb\xa7|(f\x13\xa0\xbc\x9d\xe7\xc3lf\xd3\xf7\xdc\xb2O\xba\xd0\x81\xf3\xeb]&\xa5BK:\xc0@eW\t]%\xa1\t\xf0LQ\'\x9c\xf9bj\x01\xaag5*W\xb7&g\xe2\xb8\xd8g\xf6\xc8/55Av\xe0\xa5\x81\x1b\xe7\x99vH_\xadon\x98\xe8\x070\x9f\xb7\xbd\xfa\xe3:\x7f\x02\x10V\xa7\xb2o\xaa-\xfa\x9d\x96\x1f\x80V\xd4\xbd\xfb\x91\x10\xdam;\x9e\xe4\x04\x8b\x87L\xfd\xbcR\x86\xccK\xe1e\x06Y\x93\x18\xf4\x05\x8d\xe1q\xdav\xa2]\xb7\x00\xaem\xa2\xe8\xee\x1fL\xc8l\x95\x8apx\x1d\xd6\x8f\xd3\xce\x8c\xf3\xf3\xf55\xb3\x0b\xa5\xc1\xc9>\x95\x9c\xc0\xd5\xf4\xf4\xe5\x90\xee\xcc\x8c\xbc\x1a\xa6\xacX\x05\xc1\xbe\xe4*\x8cr\x7f\xa2\xaeY \xa4\x1de\xb5\x00\x8fvmr^R\xady\x8e\x00\\h\xec\xa8\xb7\x9a;\xe2\x8fQ""\x1bx\xce>\x12\xaf\xc9\x92O\xd3>\xfc\x89\xe4\xa4""4S\xeey7D\xf9!\xcf)\xcf\x04^\xd6\xb8XC\x9f\x13\xeehP\xbc@0\xf7\xb8<\xdb\xa9\rHX\x95\xf9.2\xabd\xdek\xac4\x89\xa2\x90\r\xdb#\x10\x15\x88\xc0\xb5`\xeb+\x12\x16G\x96\x97\x1f\xe9)X\xaa\xf5\xc3\xb7\xb3T\xbc cS\xeeY\xc5U\x1c~\x18;\xabqZ:\rL\n\x1cX0\x03\x12\xd5\x9dE\x8b\xd9E\xaf\xb2\xd4u\x8d\x05\xc2\xe0\x83d\x1f\x96\x13r\x91\x89McG\xa1\xf5\x8c`\xa9\xf1t\x9f\xe96m\xcd\xa2\xfc\xbfw\xde\x06\xb9\x0fE\xa7K\xec\x17\xef2~i@[\x9d\xfa;\xf7\x9d\xa8P=\xc5s\x0cWX-\x02 1\xfd\xcd\x85\xb1\xaf\xf2yN\xdc\xf3\xd7\xc4\x86\x91\xd3\xf9\xb5\xa2\xde@wO\x0bLA\xb2MD:\x17)H\xe6>\x92\\\xed\xe5\xab\xaa\xf3\xda\x98\x16^>Lg\x96\xd2\xdc\x9b\xa9\xad\x85\x9b\xf4\x1e""\x9a\xa8\xeb\xdc\tT$*\xb2\x1c_\xe3\xbe\xe5U\xf2T\xcc\xcd\x99\xeb\xa9\xeeS=t\x80\xce\x0c\xf8T\x0b\xaf\xfb\xd7\xf5\xa3H\xc5\x82\xb3|\';,\x93\x14\x0ci\x0c\x06\x82gc\xf8c\x82`\x96\xcdB\x02_\xe4\xc9\xa8\xff\xcc\xa6W\x9aQ\xb6K\xae~%\x9f\x9a[W3Kr\xd1Wc\xb7L\x81X=-:\x9f|Is\x80z\xbf\x1f\x84\xcc\xff\xa1\xca\xad\x14\xaa\x08\x8bt\x99=\\\tgD\xcc=b\x12.\x9d\xcd\xa0,}\\\x1f\x8f\xafG\xda<J\xcf\'\xach\xbe=\xfd\xd8\x1b\x99Q\xd2\xb9\x96h\xc1\xf6I\xbf\x97\xd0\x95\xd8\xf4\x8b\xd8LJ\x87r-*{HH!\x1bj\xcd0\x876)_g\x16&\xc3rIn`\xd2\x9am\xbf\x83D\xc5\x99\xbf#W;\xa09\x0c\xdc\xb5\x0b\x9dOMw\x99Q\xb3\x8fI:\x92\x08\xab\xe9uf\xa3""t\xe0>&E\x7f\xfb\xf8\x937\x93\xceX\xd1\x14\xd5\x0f\xb4\xd0\xf3N\xf1/\xcc\x95\x18\x1e\xcdP\xb4\x91<\xa3x\x81\xe7d\xfd\x80\xcf\xeb\xd4\x1a0\xeb\xf5[\xee\xe4J\xac*5\xc9\xffI\x9dO\x12\xa3\xd3\\\x18\x8chcc\x11fz\xb4\xc7sM=c\x97\r\x0e\x84\x81\xd1\x8a\xe74&\x91\x17_\xbe\t\xd5\xf2\x06O\x05\x9a\xec\x08T\xf0\x1d\x88=\xffh\xcb\xcd\x93\xd5""\xbcF\xc1\x15\xc4N\x8aT\xe0\xd4\xb6:\x08z\xcf\x1d\xeb\x97\x92\x1d\t\xea\x970\xf9)\xdb\x83^\xfb\xe5\xdfE\xcf\x88\xe8K\xc7\x1f0f+\xc9\xdaKf\xdbr\xc8R\x87\xf5\xc9\x86p\xc1\xea\x1bD\xee\xd3\xcdg\x8c\x06c\x00\xf1\xe5~/U\x9f\x1d\xa5\x0e\xd4n\x9a\x0e\x99\x0c\xce\x8b\xee\x82\x94\xf1\x96\xe6\xfe\x02g)\xe2X\x90H;\xdc\xd0',match=OFPMatch(oxm_fields={'in_port': 1}),reason=0,table_id=0,total_len=1475)" + thispacket1 = BenignPacketData(line1) + print('测试1:', thispacket1.predict(), thispacket1.predict_classes()) + + # WorldOfWarcraft: 2 + line1 = "version=0x4,msg_type=0xa,msg_len=0x74,xid=0x0,OFPPacketIn(buffer_id=4294967295,cookie=0,data='\x02\x1a\xc5\x02\x00\x00\x02\x1a\xc5\x01\x00\x00\x08\x00E\x00\x008\xda\x19@\x00 \x06\xc8\xc5\x01\x01$\xae\x01\x02\x910\x96\xcd\x0e\x8c\xe5\xfb\xa3\x94\x00\x00\x00\x00\x90\x02\x16\xa0?\x12\x00\x00\x02\x04\x05\xb4\x01\x01\x08\n\xf5m-$\x00\x00\x00\x00\x89\xc8 \xd5',match=OFPMatch(oxm_fields={'in_port': 1}),reason=0,table_id=0,total_len=74)" + thispacket2 = BenignPacketData(line1) + print('测试2:', thispacket2.predict(), thispacket2.predict_classes()) + + # Skype: 5 + line1 = "version=0x4,msg_type=0xa,msg_len=0x2ca,xid=0x0,OFPPacketIn(buffer_id=4294967295,cookie=0,data='\x02\x1a\xc5\x01\x00\x00\x02\x1a\xc5\x02\x00\x00\x08\x00E\x00\x02\x8e\xc6\x87@\x00 \x06Ja\x01\x02l\xea\x01\x01\xd8\x94\x01\xbbq\xa6f\xc6H|\xe6\xe5\xecZ\x80\x18I\x88G\xc0\x00\x00\x01\x01\x08\n!\xa0\x9b\xf7\x02\xf8\xd5\xbe\x16\x03\x00\x007\x02\x00\x003\x03\x00W\x94I\x0e_\xa4\x15I_X\x15S\xdfS\x15L_\xa4\x15k\xdf\x84\x15p_\xa4\x15y_\xa4\x15\x98\x00\xc0\x14\x00\x00\x0b\xff\x01\x00\x01\x00\x00\x0b\x00\x02\x01\x00\x16\x03\x00\x01\x90\x0b\x00\x01\x8c\x00\x01\x89\x00\x01\x860\x82\x01\x820\x82\x01,\x02\x01\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x05\x05\x000H1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0e0\x0c\x06\x03U\x04\x08\x13\x05Texas1\x110\x0f\x06\x03U\x04\x07\x13\x08ServerCA1\x160\x14\x06\x03U\x04\x03\x14\rserver_ca.int0\x1e\x17\r100204221041Z\x17\r370622221041Z0P1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0e0\x0c\x06\x03U\x04\x08\x13\x05Texas1\x100\x0e\x06\x03U\x04\x07\x13\x07Servers1\x1f0\x1d\x06\x03U\x04\x03\x14\x16serverA_512.server.int0\\0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03K\x000H\x02A\x00\xacY;\x9e\x8c\x1fp\xccw\x99\xb3\x07\t\x86<\x85#\x8a \x8c?\x1b\xa21\xddn\xec\x15%u\x8f\'H/\xfc\x83y""\x97\xcf\x1f\xbf\xa0Y\x88\xb05\xf7\x95""\n{\xd7|}\x15t\xb0\xaf\x9e? \xad)\x02\x03\x01\x00\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x05\x05\x00\x03A\x00\x97\xdf\xb0\xa3\xea\x06\x9a\xd4\x19\xe1\x84tT,\xa8le\xc2W:\n\x15%\xb87~\xb3\xa2\x83\x8d\x00\x8a \xccq]\xb1\x0cU\x16\x84\xae\x02\xa0\x8e\xe1.%\xcah\x8eP\xb1(H\xd8P[\x95\xbe(\xbf\xf6\xf5\x16\x03\x00\x00{\x0c\x00\x00w\x03\x00\x131\x04_\x84\x90\x80\xd5B\xcee\x89\xf2\xc1\x90\x0f\xf1L""\xa6\xcdh\xf1\xb1\xd9\xfe\xa4\xd3\xb5:%\xea\xcb@\xd9NR\x05\x1d@\x8f\xfaS\x1c\xda\x95]\x82\x0b\xba/\x00@v\xd1Z\x15\x8d\x1d\r!\xe9C\xb3\xc2\xaeR\xddG\x8c\xe2\x9d\x89\x81V\xc0\x9b\xa4\x1d\x1a\x94\xd4\x9f\x8f2H\x96\xb1oO^{\x03\xfc(:\xc3\x10\xd2\xa7\x1b\x89P:\xd6\xcd\xb1\x7f.\x8f\xf0\x9a\x97hH\xde\\\x16\x03\x00\x00\x04\x0e\x00\x00\x00\xe2\x957\x9b',match=OFPMatch(oxm_fields={'in_port': 1}),reason=0,table_id=0,total_len=672)" + thispacket3 = BenignPacketData(line1) + print('测试3:', thispacket3.predict(), thispacket3.predict_classes()) diff --git a/model/feature_dict.npy b/model/feature_dict.npy Binary files differnew file mode 100644 index 0000000..d312e18 --- /dev/null +++ b/model/feature_dict.npy diff --git a/model/lgbm_packetin_model.pkl b/model/lgbm_packetin_model.pkl Binary files differnew file mode 100644 index 0000000..6f780b4 --- /dev/null +++ b/model/lgbm_packetin_model.pkl diff --git a/model/lstm_packetpre.h5 b/model/lstm_packetpre.h5 Binary files differnew file mode 100644 index 0000000..59d12bb --- /dev/null +++ b/model/lstm_packetpre.h5 diff --git a/model/mlp_packetin_model.h5 b/model/mlp_packetin_model.h5 Binary files differnew file mode 100644 index 0000000..11d8da3 --- /dev/null +++ b/model/mlp_packetin_model.h5 diff --git a/model/packet_predict.py b/model/packet_predict.py new file mode 100644 index 0000000..fc4254a --- /dev/null +++ b/model/packet_predict.py @@ -0,0 +1,138 @@ +# author:jph +# date:2020.09.27 + +import joblib,csv,re,os +import numpy as np +from collections import Counter + +# 一整条流的特征 +class Flow: + all_flow = {} + def __init__(self,ipSet): + self.ipSet = ipSet + self.packet_num = 0 + self.min_len = 1e9 + self.max_len = -1 + self.total_len = 0 + + def add_new_packet(self,pkt): + self.packet_num += 1 + self.min_len = min(self.min_len,pkt.len) + self.max_len = max(self.max_len,pkt.len) + self.total_len += pkt.len + self.protocol = int(pkt.protocol) + self.dst_port = int(pkt.dst_port) + self.src_port = pkt.src_port + self.flags = pkt.flags + self.window_size = pkt.window_size + self.in_port = pkt.in_port + + + def get_feature(self): + assert self.packet_num != 0 + average_len = self.total_len/self.packet_num + feature = [ + #self.protocol, + self.dst_port, + self.src_port, + self.flags, + self.window_size, + self.in_port, + self.max_len, + self.min_len, + average_len, + self.packet_num + ] + return feature + + def print_feature(self): + print(self.get_feature()) + + + +#model_list = [] +# 一个数据包的特征 +class PacketData(object): + def __init__(self,msg,pkt): + if 'TCP' in pkt: + self.protocol = 1 + self.window_size = re.search(r'window_size=\d{1,10}', pkt).group().split('=')[1] + else: + self.protocol = 0 + self.window_size = 0 + try: + self.ipSet = ":".join(re.findall(r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b", pkt)) + self.dst_port = re.search(r'dst_port=\d{1,5}', pkt).group().split('=')[1] + self.src_port = re.search(r'src_port=\d{1,5}', pkt).group().split('=')[1] + self.flags = re.search(r'flags=\d{1,3}', pkt).group().split('=')[1] + self.reason = re.search(r'reason=\d{1,10}', msg).group().split('=')[1] + self.in_port = re.search(r'\'in_port\': \d{1,5}', msg).group().split(': ')[1] + self.len = float(re.search(r'total_len=\d{1,5}', msg).group().split('=')[1]) + if self.ipSet not in Flow.all_flow: + Flow.all_flow[self.ipSet] = Flow(self.ipSet) + Flow.all_flow[self.ipSet].add_new_packet(self) + except: + self.ipSet = None + # do nothing + def predict(self,model_list): + if self.ipSet is None: + return 0 + ''' + if Flow.all_flow[self.ipSet].packet_num < 3: + # 如果当前流的包数量小于3,则默认返回Benign + return 0 + ''' + res = [] + print(model_list) + for model in model_list: + res_ = model.predict(np.array([Flow.all_flow[self.ipSet].get_feature()]).astype(np.float64))[0] + res.append(res_) + c = Counter(res) + #print(res) + try: + return c.most_common(1)[0][0] + except: + print(c) + return 0 + + +def read_csv(path,csv_name): + print("reading",csv_name) + #this_flow = Flow(csv_name[:-3]) + csv_name = path+'/'+csv_name + with open(csv_name, 'r') as f: + while True: + line1 = f.readline().strip() + line2 = f.readline().strip() + if not line2 or not line1: + break + #print(line1,'\n--------------\n',line2) + thispacket = PacketData(line1,line2) + print(thispacket.predict()) + + +if __name__ == "__main__": + model_namelist = ["DT.model","RF.model","LightGBM.model"] + model_dir = "model/" + for model_name in model_namelist: + model = joblib.load(model_dir+model_name) + model_list.append(model) + #read_csv("./Malware/Test/Geodo-ALL","Geodo.csv.TCP_10-0-2-103_65245_192-185-210-237_80.csv") + #read_csv("./Malware/Test/Virut-ALL","Virut.csv.TCP_24-222-0-23_25_147-32-84-165_2703.csv") + + #Flow.all_flow = {} + # 来自恶意样本Shifu + line1 = "version=0x4,msg_type=0xa,msg_len=0x6c,xid=0x0,OFPPacketIn(buffer_id=343,cookie=0,data=""RT\x00\x125\x02\x08\x00'\xc1v\xc3\x08\x00E\x00\x004\x002@\x00\x80\x063\xbb\n\x00\x02k\xbc*\xfeA\xc0\x0e\x01\xbb\xf1\x1e=2\x00\x00\x00\x00\x80\x02 \x00\x98$\x00\x00\x02\x04\x05\xb4\x01\x03\x03\x02\x01\x01\x04\x02"",match=OFPMatch(oxm_fields={'in_port': 1}),reason=0,table_id=0,total_len=66)" + line2 = "ethernet(dst='52:54:00:12:35:02',ethertype=2048,src='08:00:27:c1:76:c3'), ipv4(csum=13243,dst='188.42.254.65',flags=2,header_length=5,identification=50,offset=0,option=None,proto=6,src='10.0.2.107',tos=0,total_length=52,ttl=128,version=4), tcp(ack=0,bits=2,csum=38948,dst_port=443,offset=8,option=[TCPOptionMaximumSegmentSize(kind=2,length=4,max_seg_size=1460), TCPOptionNoOperation(kind=1,length=1), TCPOptionWindowScale(kind=3,length=3,shift_cnt=2), TCPOptionNoOperation(kind=1,length=1), TCPOptionNoOperation(kind=1,length=1), TCPOptionSACKPermitted(kind=4,length=2)],seq=4045290802,src_port=49166,urgent=0,window_size=8192)" + thispacket = PacketData(line1, line2) + thispacket = PacketData(line1, line2) + print('测试1:', thispacket.predict()) + #print(thispacket.predict_npy()) + + # 来自良性样本weibo + line1 = "version=0x4,msg_type=0xa,msg_len=0x618,xid=0x0,OFPPacketIn(buffer_id=4294967295,cookie=0,data='\x02\x1a\xc5\x01\x00\x00\x02\x1a\xc5\x02\x00\x00\x08\x00E\x00\x05\xdc\x7f\xf3@\x00 \x06\xcdH\x01\x02\xf3i\x01\x01\x12t\x00PL$\xee\xe1\xd1\x1d\x86\xf8\xc8\xe8\x80\x10!\xf0\x9f\x19\x00\x00\x01\x01\x08\n\x1d\x16\xdc\xd9\n\xf7\xf8\xd7ke\xda\x92^\xcag\x94\x8fB\xed\x92}\xbd)8>\x83[\xdd\x9f""|A\xd6/|O\xe3\xfb\xad#M_\x1e\xc0n\xef\xe0\xd3e\xba\xb0E\x86\xce\xc0DD\x8d2\x16\xea\xaf\x9c1\xef\x83^\xaf\xe2D\xb5\xbb\xb1\x92\xca\xf1V\xee\xdeX\xcc2$\x83p\x90\x11\x83\x9f\xad{\xac\x9f\x08-%\x18:\x95\xc0\xfa*\xd6e\xcf\xc0M>\xe5\xf7\x9dR\xe5\x089\x1f""\xd62\xa7.\x88\xd1K\xb9\xf1\x87\xc3M\x1b\xfe\x10\xebI\xb4%\x99\xa7\xb4\xd3\xaee\xb7\xb6\'\x92\xb0\x86\xca.{\xed\x07\x1f\x85z\xbe\x96\xdb\x9e28\x07\x91^\x8b\xa4~\xc8\x9av\x99\xbc\xc9\xe2mB\xe6i$y^G\x89\x06K\x12k\xa8\xb3\xfd\x9d\xb4\xeb0\xbbu\x8b\xa6#\xa6Qk\xcbx:\xb2\x9b\x95\x8feb\xe9F\x11\x8a{\x1c>\x9cCF=\xaa\xcb\r\xc4\xf3\xc5zD?\x06\xac\xe2\x00\rJ\xe0\xff\x00\xc0\x16\xa5\x1f\x08\xac\xc0#\xfbBs\xf5QW\x1c-U\xd0\xceX\xaaL\xf2\xc5\xf9%\xc7\x1fZ\xb0b\xde\xb9\x07\x18\xafF\x1f\x06\xed\x03n\xfe\xd1\x9c\xe7\xb1E\xa9G\xc2K@1\xf6\xf9\xbf\xef\x85\xae\x8faW\xb1\x9a\xc4Au<\xde y\xe7""\xa5M\xea\x8c\xc4c\x8a\xf4t\xf8Sh\x83\x1fo\x9c\xff\x00\xc0EK\xff\x00\n\xc2\xd4\xa9_\xb6\xcd\xcf\xfb""\xab\xd8N\xfb\x12\xf1\x14\xdfS\xc7\xe7\xba\x0cOPEb\xdc\xcc\x1eL\xee?\x8d{|\x9f\x07\xacd\x07\x17\xf3\x8c\xff\x00\xb0\xb5JO\x81\x9a|\x9c\xb6\xa3?\xfd\xf0\xb4K\r6\xcd#\x8b\xa6\x91\xe2s<B""N\x07\xbda\xdd\xce-\xe2wS\x9c\x8cs\xde\xbe\x80\x9f\xf6}\xd3\xa6\x18:\xad\xd6=\x91j\x8d\xd7\xec\xd3\xa6\xdc\xc7\xb0\xebW\x8a=\xa3Z!BQz\x98\xd4\xc4)\xad\x0f\x97t}3\xe1\xef\xc2\x1d/T\xf1\x06\xa7mo\xa7\xc0\xf3\xfd\xb1\xdd\xfeg\x92\xe0\xe0|\x80\xe4\x96\xf4\x02\xad\xcf\xe1\xddg\xe3-\xee\x9b\xe2;\x9d[\xfe\x10m\x1e\x02\xed\xa7Evs6\x0eG\xda\n\x12\x06\xe0\xb8#<\x8a\xf5\xa6\xfd\x84t\x1dO\xc7\xd6\xfe%\xd7\xbcQ\xa9\xeb\xd1\xd9\x90\xd6:]\xcc1\x8b[f\x07!\x82\x81\xf37\xb9\xae\xef\xc7\x1f\xb2\xd7\x85\xbe""Ae\x0e\xb9\xba\xf6+M\xe65\x95\x01\x03p\xc1\xe8Ez\x91\xd1jyrM\xecxM\x87\xec\x9f\xa2\xcc\xad}s\xac\xaf\x8ed\x9dL\xa5\xfcD^Uf\xc0\xc6\xd6F\xc0\x04\xf3\xc0\xef]\x17\x84~\x1fx^\xdbQ\xfb&\x9be?\x81|Ue\x1b\xb7\x91\xa7\xce\xc6\x19\x14\xa8\x01\xc2\x9f\x96T\xcfb85\xf4\x0f\x86>\x12\xe9\x9e\x13\xd0\xac\xb4\x9d:W\x86\xc6\xd2%\x86(\xd5F\x02\x8e\x94\xcd_\xe1>\x9f\xab\xdc\xd9\xdd}\xaeX.\xed$\xf3""\x9e5]\xc0te>\xa0\x8e\rn\xa6\xb61T\xda>i\xf8\x8bc\xaax\xb2\xfa\xebG\xd4c\xb7Y\xad\xe2Kx\xa5\x132-\xe3\x1f\x98\xb9P>PWw\x198 \xd7\xa3\xf8gD\xb0\xd0\xfc;kk\x13\xed\x10\xa0DfbO\x07\x1f\x96+\xac\xb8\xfd\x9e\xad.\xbcYw\xae\\k\xb7\xb3K3\x83\x1c\x0c\x8b\xb2\x15\x08\x17j\xfe\xa7\xf15v\xe7\xe0\x7f\x9byk,\x1e \xbb\xb5\x86\x16\xdd$)\n\x11(\xf4$\xf2?\n\x1c\xd3\xd8\xc7\xd9J\xe7\x95|Q\x97AO\x08\xca\xba\xca\xc1>\x92\xe0\xa5\xcaO\xbb\r\xc7\x00\xe0\x1c\x0e\xbc\xd7\x8a^i\x7f\x03\xbe\x1cxwG\xd2\xc5\xc0\xd2$\xd5e\xfbm\x8c\xe1\xc9*\xfb\xc6>n\xc3\x04\xd7\xdaR|\x1e\xb0\x9a\x06\x8ak\xb9&\x8d\x86\nI\x1a\x90\x7f\n\xe2|]\xfb\x1b|=\xf1\xd5\xc5\x9c\xfa\xce\x9a\x97r\xd9\x8cBLJ\x02\x0c\xe7\x00\x0e\xde\xd4)E\x15\xec\xe4|\xf5\xf03\xc3gQ\xf8\x8f\xe2\x7f\x16]\xea\xeb}{\xbc\xd9\x08\xa29O(\x1f\xdd\xb8\xf7+\x8a\xfa\x1f\xe0\xfe\xbe\xda\x97\xc5\x9dsOG\x06\x0b\x1d60\xc3\xfd\xb6\x93?\xca\xafx\x7f\xf6c\xf0\xff\x00\x855\xeb\x9dKJ\xbb\x9a\xc5nc\x11\xcbm\x12(C\x8e\x87\xd8\xe2\xbao\x00\xfc!\xb2\xf0\x17\x8a5\xcdn\x0b\xd9\xae\xeeu]\xa1\xd6U\x00F\x14\x0c\x01\x8f\xa5\x13\x94^\xc2\xa7NQ\x95\xd9\xe8\x94QEdw\x88zW\x19\xf1""k\x8b=\x1e\x1b\xbf\xf8I\x13\xc2\xfa]\xbc\xdef\xa1{\xb1ZV\x8bi\xda\x91\x96\x04\x02\\\xafbH\xc8\x1c\x9a\xec\xcfJ\xe4\xbco\xf0\xfe\xc3\xc7?\xd9f\xf6\xea\xf6\xd8\xe9\xd7B\xf2\x0f\xb3H\xa0y\xa0\x10\xac\xca\xca\xca\xd8\xc9##\x83\xcfZ\x00\xf2/\r\xf8\x8b\xc7\x9e*\xb6\x96\xca\xe7\xc4\x17Z,\xb6\x1aU\xc6\xa5\x14\xf2ZD\x97\x17h\xd7\x12\xad\xab\xcc\x85p\xbf\xba\x8dK(\x00\xe5\xb9\xc1\xe2\xb6\xed<u\xe3\x1dS\xc4\x1f\r\xee\x9ak+-\x0fZ\x81\x85\xc41\xa1ig\x9b\xec\xcc\xe4\xe4\xfd\xc4V\x1c\x01\xc9\xcdu\xda\xc7\xc2m;[x\xa6\xbb\xd6usz {Io#\xb8H\xe5\xb9\xb7v\xcbC!T\x00\xaes\x82\x00a\xce\rm\\\xf8+C\xb8:\x101*G\xa3n\xfb\x1cH\xf8U\x063\x19\x04w\x1bN(\x15\xcf\x1e\xd4<e\xe3o\x07\xf8\x95\xb4\xd3\xac\x1dF\xf2]""\xf2\xe4\xbe\xb5n\xb6\xb6\x12\xdd!C\x1f\xd9]W%UY\xb7)<\x80\xbd\xc95\xc4|?\xf8\x89\xe3;\xfdkE\xd2\xed\xfcY\xab\xddiw\x1a\x14z\xb2\xcfu\xfd\x99\xe7\xb9yG\xdef\x1c.\x1b\xee\x9f\x98~\x15\xee\xb6?\x05\xbc3mql\xd7s\xdekV\xf6q<\x166Z\xac\xe2x,\xd1\xf1\xb8""\xe0\x13\x9c\x01\x97,@\x18\x04TK\xf0\'\xc1+\xe3\x16\xd7\x86\x91\xa7\x05\xfe\xcf\xfb\x07\xd8>\xcd\x1f\x93\x8f0?\x99\xd3;\xb8\xc7\xd2\x81\x9c\x15\xcf\xc4\x14\x08I\xe2',match=OFPMatch(oxm_fields={'in_port': 1}),reason=0,table_id=0,total_len=1518)" + line2 = "ethernet(dst='02:1a:c5:01:00:00',ethertype=2048,src='02:1a:c5:02:00:00'), ipv4(csum=52552,dst='1.1.18.116',flags=2,header_length=5,identification=32755,offset=0,option=None,proto=6,src='1.2.243.105',tos=0,total_length=1500,ttl=32,version=4), tcp(ack=2264451304,bits=16,csum=40729,dst_port=19492,offset=8,option=[TCPOptionNoOperation(kind=1,length=1), TCPOptionNoOperation(kind=1,length=1), TCPOptionTimestamps(kind=8,length=10,ts_ecr=184023255,ts_val=488037593)],seq=4007776541,src_port=80,urgent=0,window_size=8688), 'ke\xda\x92^\xcag\x94\x8fB\xed\x92}\xbd)8>\x83[\xdd\x9f""|A\xd6/|O\xe3\xfb\xad#M_\x1e\xc0n\xef\xe0\xd3e\xba\xb0E\x86\xce\xc0DD\x8d2\x16\xea\xaf\x9c1\xef\x83^\xaf\xe2D\xb5\xbb\xb1\x92\xca\xf1V\xee\xdeX\xcc2$\x83p\x90\x11\x83\x9f\xad{\xac\x9f\x08-%\x18:\x95\xc0\xfa*\xd6e\xcf\xc0M>\xe5\xf7\x9dR\xe5\x089\x1f""\xd62\xa7.\x88\xd1K\xb9\xf1\x87\xc3M\x1b\xfe\x10\xebI\xb4%\x99\xa7\xb4\xd3\xaee\xb7\xb6\'\x92\xb0\x86\xca.{\xed\x07\x1f\x85z\xbe\x96\xdb\x9e28\x07\x91^\x8b\xa4~\xc8\x9av\x99\xbc\xc9\xe2mB\xe6i$y^G\x89\x06K\x12k\xa8\xb3\xfd\x9d\xb4\xeb0\xbbu\x8b\xa6#\xa6Qk\xcbx:\xb2\x9b\x95\x8feb\xe9F\x11\x8a{\x1c>\x9cCF=\xaa\xcb\r\xc4\xf3\xc5zD?\x06\xac\xe2\x00\rJ\xe0\xff\x00\xc0\x16\xa5\x1f\x08\xac\xc0#\xfbBs\xf5QW\x1c-U\xd0\xceX\xaaL\xf2\xc5\xf9%\xc7\x1fZ\xb0b\xde\xb9\x07\x18\xafF\x1f\x06\xed\x03n\xfe\xd1\x9c\xe7\xb1E\xa9G\xc2K@1\xf6\xf9\xbf\xef\x85\xae\x8faW\xb1\x9a\xc4Au<\xde y\xe7""\xa5M\xea\x8c\xc4c\x8a\xf4t\xf8Sh\x83\x1fo\x9c\xff\x00\xc0EK\xff\x00\n\xc2\xd4\xa9_\xb6\xcd\xcf\xfb""\xab\xd8N\xfb\x12\xf1\x14\xdfS\xc7\xe7\xba\x0cOPEb\xdc\xcc\x1eL\xee?\x8d{|\x9f\x07\xacd\x07\x17\xf3\x8c\xff\x00\xb0\xb5JO\x81\x9a|\x9c\xb6\xa3?\xfd\xf0\xb4K\r6\xcd#\x8b\xa6\x91\xe2s<B""N\x07\xbda\xdd\xce-\xe2wS\x9c\x8cs\xde\xbe\x80\x9f\xf6}\xd3\xa6\x18:\xad\xd6=\x91j\x8d\xd7\xec\xd3\xa6\xdc\xc7\xb0\xebW\x8a=\xa3Z!BQz\x98\xd4\xc4)\xad\x0f\x97t}3\xe1\xef\xc2\x1d/T\xf1\x06\xa7mo\xa7\xc0\xf3\xfd\xb1\xdd\xfeg\x92\xe0\xe0|\x80\xe4\x96\xf4\x02\xad\xcf\xe1\xddg\xe3-\xee\x9b\xe2;\x9d[\xfe\x10m\x1e\x02\xed\xa7Evs6\x0eG\xda\n\x12\x06\xe0\xb8#<\x8a\xf5\xa6\xfd\x84t\x1dO\xc7\xd6\xfe%\xd7\xbcQ\xa9\xeb\xd1\xd9\x90\xd6:]\xcc1\x8b[f\x07!\x82\x81\xf37\xb9\xae\xef\xc7\x1f\xb2\xd7\x85\xbe""Ae\x0e\xb9\xba\xf6+M\xe65\x95\x01\x03p\xc1\xe8Ez\x91\xd1jyrM\xecxM\x87\xec\x9f\xa2\xcc\xad}s\xac\xaf\x8ed\x9dL\xa5\xfcD^Uf\xc0\xc6\xd6F\xc0\x04\xf3\xc0\xef]\x17\x84~\x1fx^\xdbQ\xfb&\x9be?\x81|Ue\x1b\xb7\x91\xa7\xce\xc6\x19\x14\xa8\x01\xc2\x9f\x96T\xcfb85\xf4\x0f\x86>\x12\xe9\x9e\x13\xd0\xac\xb4\x9d:W\x86\xc6\xd2%\x86(\xd5F\x02\x8e\x94\xcd_\xe1>\x9f\xab\xdc\xd9\xdd}\xaeX.\xed$\xf3""\x9e5]\xc0te>\xa0\x8e\rn\xa6\xb61T\xda>i\xf8\x8bc\xaax\xb2\xfa\xebG\xd4c\xb7Y\xad\xe2Kx\xa5\x132-\xe3\x1f\x98\xb9P>PWw\x198 \xd7\xa3\xf8gD\xb0\xd0\xfc;kk\x13\xed\x10\xa0DfbO\x07\x1f\x96+\xac\xb8\xfd\x9e\xad.\xbcYw\xae\\k\xb7\xb3K3\x83\x1c\x0c\x8b\xb2\x15\x08\x17j\xfe\xa7\xf15v\xe7\xe0\x7f\x9byk,\x1e \xbb\xb5\x86\x16\xdd$)\n\x11(\xf4$\xf2?\n\x1c\xd3\xd8\xc7\xd9J\xe7\x95|Q\x97AO\x08\xca\xba\xca\xc1>\x92\xe0\xa5\xcaO\xbb\r\xc7\x00\xe0\x1c\x0e\xbc\xd7\x8a^i\x7f\x03\xbe\x1cxwG\xd2\xc5\xc0\xd2$\xd5e\xfbm\x8c\xe1\xc9*\xfb\xc6>n\xc3\x04\xd7\xdaR|\x1e\xb0\x9a\x06\x8ak\xb9&\x8d\x86\nI\x1a\x90\x7f\n\xe2|]\xfb\x1b|=\xf1\xd5\xc5\x9c\xfa\xce\x9a\x97r\xd9\x8cBLJ\x02\x0c\xe7\x00\x0e\xde\xd4)E\x15\xec\xe4|\xf5\xf03\xc3gQ\xf8\x8f\xe2\x7f\x16]\xea\xeb}{\xbc\xd9\x08\xa29O(\x1f\xdd\xb8\xf7+\x8a\xfa\x1f\xe0\xfe\xbe\xda\x97\xc5\x9dsOG\x06\x0b\x1d60\xc3\xfd\xb6\x93?\xca\xafx\x7f\xf6c\xf0\xff\x00\x855\xeb\x9dKJ\xbb\x9a\xc5nc\x11\xcbm\x12(C\x8e\x87\xd8\xe2\xbao\x00\xfc!\xb2\xf0\x17\x8a5\xcdn\x0b\xd9\xae\xeeu]\xa1\xd6U\x00F\x14\x0c\x01\x8f\xa5\x13\x94^\xc2\xa7NQ\x95\xd9\xe8\x94QEdw\x88zW\x19\xf1""k\x8b=\x1e\x1b\xbf\xf8I\x13\xc2\xfa]\xbc\xdef\xa1{\xb1ZV\x8bi\xda\x91\x96\x04\x02\\\xafbH\xc8\x1c\x9a\xec\xcfJ\xe4\xbco\xf0\xfe\xc3\xc7?\xd9f\xf6\xea\xf6\xd8\xe9\xd7B\xf2\x0f\xb3H\xa0y\xa0\x10\xac\xca\xca\xca\xd8\xc9##\x83\xcfZ\x00\xf2/\r\xf8\x8b\xc7\x9e*\xb6\x96\xca\xe7\xc4\x17Z,\xb6\x1aU\xc6\xa5\x14\xf2ZD\x97\x17h\xd7\x12\xad\xab\xcc\x85p\xbf\xba\x8dK(\x00\xe5\xb9\xc1\xe2\xb6\xed<u\xe3\x1dS\xc4\x1f\r\xee\x9ak+-\x0fZ\x81\x85\xc41\xa1ig\x9b\xec\xcc\xe4\xe4\xfd\xc4V\x1c\x01\xc9\xcdu\xda\xc7\xc2m;[x\xa6\xbb\xd6usz {Io#\xb8H\xe5\xb9\xb7v\xcbC!T\x00\xaes\x82\x00a\xce\rm\\\xf8+C\xb8:\x101*G\xa3n\xfb\x1cH\xf8U\x063\x19\x04w\x1bN(\x15\xcf\x1e\xd4<e\xe3o\x07\xf8\x95\xb4\xd3\xac\x1dF\xf2]""\xf2\xe4\xbe\xb5n\xb6\xb6\x12\xdd!C\x1f\xd9]W%UY\xb7)<\x80\xbd\xc95\xc4|?\xf8\x89\xe3;\xfdkE\xd2\xed\xfcY\xab\xddiw\x1a\x14z\xb2\xcfu\xfd\x99\xe7\xb9yG\xdef\x1c.\x1b\xee\x9f\x98~\x15\xee\xb6?\x05\xbc3mql\xd7s\xdekV\xf6q<\x166Z\xac\xe2x,\xd1\xf1\xb8""\xe0\x13\x9c\x01\x97,@\x18\x04TK\xf0\'\xc1+\xe3\x16\xd7\x86\x91\xa7\x05\xfe\xcf\xfb\x07\xd8>\xcd\x1f\x93\x8f0?\x99\xd3;\xb8\xc7\xd2\x81\x9c\x15\xcf\xc4'" + thispacket1 = PacketData(line1, line2) + print('测试1:', thispacket1.predict()) + #print(thispacket1.predict_npy()) + diff --git a/model/packetpredict.py b/model/packetpredict.py new file mode 100644 index 0000000..5661fc4 --- /dev/null +++ b/model/packetpredict.py @@ -0,0 +1,161 @@ +import joblib +from pandas.core.frame import DataFrame +import os +import re +import numpy as np + + +class PacketData(object): + """ + 预测类: + 构造函数1:传入msg和msg处理后的data部分pkt,模型所在的pkl位置 + 构造函数2:传入一个csv文件,用不到,也没测试过 + 传msg和pkt进去的时候,最好用try,格式不对会报错 + + 主要方法: + predict:直接预测,返回结果 + predict_npy:从默认npy文件处读取一个dict,dict的key是一个tuple,里面是ip对,判断当前包是否载dict里,更新dict的内容并预测 + 如果dict[ipSet]中结果已经是0(0表示恶意,1表示良性),或者已经判断了20个包,则不更新,直接返回之前的结果 + update_helper:帮助更新的方法,不直接调用 + """ + def __init__(self, msg, pkt, modelpath='model/lgbm_packetin_model.pkl', feature_dic={}): + if feature_dic == {}: + self.flow_list = [ + int(re.search(r'dst_port=\d{1,5}', pkt).group().split('=')[1]), # 目的端口 + int(re.search(r'src_port=\d{1,5}', pkt).group().split('=')[1]), # 源端口 + int(re.search(r'flags=\d{1,3}', pkt).group().split('=')[1]), # flags + int(re.search(r'window_size=\d{1,10}', pkt).group().split('=')[1]) if 'tcp' in pkt else 0, # win_size + float(re.search(r'reason=\d{1,10}', msg).group().split('=')[1]), # reason + int(re.search(r'\'in_port\': \d{1,5}', msg).group().split(': ')[1]), # in_port + float(re.search(r'total_len=\d{1,5}', msg).group().split('=')[1]), # min_len + float(re.search(r'total_len=\d{1,5}', msg).group().split('=')[1]), # max_len + float(re.search(r'total_len=\d{1,5}', msg).group().split('=')[1]), # means_len + 1, # 包数目 + 1 # 标签,默认是1 + ] + else: self.flow_list = feature_dic + self.model = joblib.load(modelpath) + self.ipSet = tuple(re.findall(r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b", pkt)) + self.line1 = msg + self.line2 = pkt + + # 用不到的,从csv读取数据 + @classmethod + def from_csv(cls, csv_path, modelpath='model/lgbm_packetin_model.pkl'): + feature_dic = {} + with open(csv_path, 'r') as f: + pcapNum = 0 + while True: + pcapNum += 1 + line1 = f.readline().strip() + line2 = f.readline().strip() + if not line2 or not line1: break + if pcapNum >= 20: break + ipSet = tuple(re.findall(r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b", line2)) + try: + if 'tcp' in line2: + window_size = re.search(r'window_size=\d{1,10}', line2).group().split('=')[1] + else: + window_size = 0 + + if ipSet not in feature_dic: + flow_list = [ + re.search(r'dst_port=\d{1,5}', line2).group().split('=')[1], # 目的端口 + re.search(r'src_port=\d{1,5}', line2).group().split('=')[1], # 源端口 + re.search(r'flags=\d{1,3}', line2).group().split('=')[1], # flags + window_size, + re.search(r'reason=\d{1,10}', line1).group().split('=')[1], # reason + re.search(r'\'in_port\': \d{1,5}', line1).group().split(': ')[1], # in_port + float(re.search(r'total_len=\d{1,5}', line1).group().split('=')[1]), # min_len + float(re.search(r'total_len=\d{1,5}', line1).group().split('=')[1]), # max_len + float(re.search(r'total_len=\d{1,5}', line1).group().split('=')[1]), # means_len + pcapNum, # 包数目 + ] + feature_dic[ipSet] = flow_list + else: + this_length = float(re.search(r'total_len=\d{1,5}', line1).group().split('=')[1]) + feature_dic[ipSet][-2] += 1 + feature_dic[ipSet][-3] = (feature_dic[ipSet][-3] * (feature_dic[ipSet][-2] - 1) + this_length) \ + / feature_dic[ipSet][-2] + if this_length > feature_dic[ipSet][-4]: + feature_dic[ipSet][-4] = this_length + else: + feature_dic[ipSet][-5] = this_length + except Exception as e: + pass + return cls('1', '2', feature_dic=feature_dic) + + def predict(self): + previous_out = self.flow_list.pop(-1) + pre_out = self.model.predict(DataFrame(self.flow_list).T) + pre_out = pre_out.tolist()[0] # ndarray转int + self.flow_list.append(pre_out) + return pre_out + + # 保存到一个dict,和update一样的 + def predict_save(self, feature_hash): + return self.update_helper(feature_hash) + + # 保存到npy文件 + def predict_npy(self, npypath='model/feature_dict.npy', feature_hash=None): + if os.path.exists(npypath): + dict_load = np.load(npypath, allow_pickle=True) + + feature_hash = dict_load.item() + pre_out, feature_dict = self.update_helper(feature_hash) + if pre_out == -1: # -1表示不需要写回保存的文件 + return feature_dict[self.ipSet][-1]+2 + else: + np.save(npypath, feature_dict) + return pre_out + else: + feature_hash = {self.ipSet: self.flow_list} + np.save('model/feature_dict.npy', feature_hash) + return self.predict() + + def update_helper(self, feature_hash): + ipSet = self.ipSet + if self.ipSet in feature_hash: + # 如果存在且已至为0,或者num>=20则直接返回 + if feature_hash[ipSet][-1] == 0 or feature_hash[ipSet][-2] >=20: + return -1, feature_hash + + this_length = float(re.search(r'total_len=\d{1,5}', self.line1).group().split('=')[1]) + feature_hash[ipSet][-2] += 1 + feature_hash[ipSet][-3] = (feature_hash[ipSet][-3] * (feature_hash[ipSet][-2] - 1) + this_length) \ + / feature_hash[ipSet][-2] + if this_length > feature_hash[ipSet][-4]: + feature_hash[ipSet][-4] = this_length + else: + feature_hash[ipSet][-5] = this_length + feature_hash[ipSet].pop(-1) + pre_out = self.model.predict(DataFrame(feature_hash[ipSet]).T) + pre_out = pre_out.tolist()[0] + feature_hash[ipSet].append(pre_out) + else: + # 如果不存在 + self.flow_list.pop(-1) # 先删了默认的tag + pre_out = self.model.predict(DataFrame(self.flow_list).T) + pre_out = pre_out.tolist()[0] + self.flow_list.append(pre_out) # 再加回去 + feature_hash[ipSet] = self.flow_list + return pre_out, feature_hash + + def predict_mysql(self): + pass + + +if __name__ == '__main__': + # 来自恶意样本Shifu + line1 = "version=0x4,msg_type=0xa,msg_len=0x6c,xid=0x0,OFPPacketIn(buffer_id=343,cookie=0,data=""RT\x00\x125\x02\x08\x00'\xc1v\xc3\x08\x00E\x00\x004\x002@\x00\x80\x063\xbb\n\x00\x02k\xbc*\xfeA\xc0\x0e\x01\xbb\xf1\x1e=2\x00\x00\x00\x00\x80\x02 \x00\x98$\x00\x00\x02\x04\x05\xb4\x01\x03\x03\x02\x01\x01\x04\x02"",match=OFPMatch(oxm_fields={'in_port': 1}),reason=0,table_id=0,total_len=66)" + line2 = "ethernet(dst='52:54:00:12:35:02',ethertype=2048,src='08:00:27:c1:76:c3'), ipv4(csum=13243,dst='188.42.254.65',flags=2,header_length=5,identification=50,offset=0,option=None,proto=6,src='10.0.2.107',tos=0,total_length=52,ttl=128,version=4), tcp(ack=0,bits=2,csum=38948,dst_port=443,offset=8,option=[TCPOptionMaximumSegmentSize(kind=2,length=4,max_seg_size=1460), TCPOptionNoOperation(kind=1,length=1), TCPOptionWindowScale(kind=3,length=3,shift_cnt=2), TCPOptionNoOperation(kind=1,length=1), TCPOptionNoOperation(kind=1,length=1), TCPOptionSACKPermitted(kind=4,length=2)],seq=4045290802,src_port=49166,urgent=0,window_size=8192)" + thispacket = PacketData(line1, line2) + print('测试1:', thispacket.predict()) + print(thispacket.predict_npy()) + + # 来自良性样本weibo + line1 = "version=0x4,msg_type=0xa,msg_len=0x618,xid=0x0,OFPPacketIn(buffer_id=4294967295,cookie=0,data='\x02\x1a\xc5\x01\x00\x00\x02\x1a\xc5\x02\x00\x00\x08\x00E\x00\x05\xdc\x7f\xf3@\x00 \x06\xcdH\x01\x02\xf3i\x01\x01\x12t\x00PL$\xee\xe1\xd1\x1d\x86\xf8\xc8\xe8\x80\x10!\xf0\x9f\x19\x00\x00\x01\x01\x08\n\x1d\x16\xdc\xd9\n\xf7\xf8\xd7ke\xda\x92^\xcag\x94\x8fB\xed\x92}\xbd)8>\x83[\xdd\x9f""|A\xd6/|O\xe3\xfb\xad#M_\x1e\xc0n\xef\xe0\xd3e\xba\xb0E\x86\xce\xc0DD\x8d2\x16\xea\xaf\x9c1\xef\x83^\xaf\xe2D\xb5\xbb\xb1\x92\xca\xf1V\xee\xdeX\xcc2$\x83p\x90\x11\x83\x9f\xad{\xac\x9f\x08-%\x18:\x95\xc0\xfa*\xd6e\xcf\xc0M>\xe5\xf7\x9dR\xe5\x089\x1f""\xd62\xa7.\x88\xd1K\xb9\xf1\x87\xc3M\x1b\xfe\x10\xebI\xb4%\x99\xa7\xb4\xd3\xaee\xb7\xb6\'\x92\xb0\x86\xca.{\xed\x07\x1f\x85z\xbe\x96\xdb\x9e28\x07\x91^\x8b\xa4~\xc8\x9av\x99\xbc\xc9\xe2mB\xe6i$y^G\x89\x06K\x12k\xa8\xb3\xfd\x9d\xb4\xeb0\xbbu\x8b\xa6#\xa6Qk\xcbx:\xb2\x9b\x95\x8feb\xe9F\x11\x8a{\x1c>\x9cCF=\xaa\xcb\r\xc4\xf3\xc5zD?\x06\xac\xe2\x00\rJ\xe0\xff\x00\xc0\x16\xa5\x1f\x08\xac\xc0#\xfbBs\xf5QW\x1c-U\xd0\xceX\xaaL\xf2\xc5\xf9%\xc7\x1fZ\xb0b\xde\xb9\x07\x18\xafF\x1f\x06\xed\x03n\xfe\xd1\x9c\xe7\xb1E\xa9G\xc2K@1\xf6\xf9\xbf\xef\x85\xae\x8faW\xb1\x9a\xc4Au<\xde y\xe7""\xa5M\xea\x8c\xc4c\x8a\xf4t\xf8Sh\x83\x1fo\x9c\xff\x00\xc0EK\xff\x00\n\xc2\xd4\xa9_\xb6\xcd\xcf\xfb""\xab\xd8N\xfb\x12\xf1\x14\xdfS\xc7\xe7\xba\x0cOPEb\xdc\xcc\x1eL\xee?\x8d{|\x9f\x07\xacd\x07\x17\xf3\x8c\xff\x00\xb0\xb5JO\x81\x9a|\x9c\xb6\xa3?\xfd\xf0\xb4K\r6\xcd#\x8b\xa6\x91\xe2s<B""N\x07\xbda\xdd\xce-\xe2wS\x9c\x8cs\xde\xbe\x80\x9f\xf6}\xd3\xa6\x18:\xad\xd6=\x91j\x8d\xd7\xec\xd3\xa6\xdc\xc7\xb0\xebW\x8a=\xa3Z!BQz\x98\xd4\xc4)\xad\x0f\x97t}3\xe1\xef\xc2\x1d/T\xf1\x06\xa7mo\xa7\xc0\xf3\xfd\xb1\xdd\xfeg\x92\xe0\xe0|\x80\xe4\x96\xf4\x02\xad\xcf\xe1\xddg\xe3-\xee\x9b\xe2;\x9d[\xfe\x10m\x1e\x02\xed\xa7Evs6\x0eG\xda\n\x12\x06\xe0\xb8#<\x8a\xf5\xa6\xfd\x84t\x1dO\xc7\xd6\xfe%\xd7\xbcQ\xa9\xeb\xd1\xd9\x90\xd6:]\xcc1\x8b[f\x07!\x82\x81\xf37\xb9\xae\xef\xc7\x1f\xb2\xd7\x85\xbe""Ae\x0e\xb9\xba\xf6+M\xe65\x95\x01\x03p\xc1\xe8Ez\x91\xd1jyrM\xecxM\x87\xec\x9f\xa2\xcc\xad}s\xac\xaf\x8ed\x9dL\xa5\xfcD^Uf\xc0\xc6\xd6F\xc0\x04\xf3\xc0\xef]\x17\x84~\x1fx^\xdbQ\xfb&\x9be?\x81|Ue\x1b\xb7\x91\xa7\xce\xc6\x19\x14\xa8\x01\xc2\x9f\x96T\xcfb85\xf4\x0f\x86>\x12\xe9\x9e\x13\xd0\xac\xb4\x9d:W\x86\xc6\xd2%\x86(\xd5F\x02\x8e\x94\xcd_\xe1>\x9f\xab\xdc\xd9\xdd}\xaeX.\xed$\xf3""\x9e5]\xc0te>\xa0\x8e\rn\xa6\xb61T\xda>i\xf8\x8bc\xaax\xb2\xfa\xebG\xd4c\xb7Y\xad\xe2Kx\xa5\x132-\xe3\x1f\x98\xb9P>PWw\x198 \xd7\xa3\xf8gD\xb0\xd0\xfc;kk\x13\xed\x10\xa0DfbO\x07\x1f\x96+\xac\xb8\xfd\x9e\xad.\xbcYw\xae\\k\xb7\xb3K3\x83\x1c\x0c\x8b\xb2\x15\x08\x17j\xfe\xa7\xf15v\xe7\xe0\x7f\x9byk,\x1e \xbb\xb5\x86\x16\xdd$)\n\x11(\xf4$\xf2?\n\x1c\xd3\xd8\xc7\xd9J\xe7\x95|Q\x97AO\x08\xca\xba\xca\xc1>\x92\xe0\xa5\xcaO\xbb\r\xc7\x00\xe0\x1c\x0e\xbc\xd7\x8a^i\x7f\x03\xbe\x1cxwG\xd2\xc5\xc0\xd2$\xd5e\xfbm\x8c\xe1\xc9*\xfb\xc6>n\xc3\x04\xd7\xdaR|\x1e\xb0\x9a\x06\x8ak\xb9&\x8d\x86\nI\x1a\x90\x7f\n\xe2|]\xfb\x1b|=\xf1\xd5\xc5\x9c\xfa\xce\x9a\x97r\xd9\x8cBLJ\x02\x0c\xe7\x00\x0e\xde\xd4)E\x15\xec\xe4|\xf5\xf03\xc3gQ\xf8\x8f\xe2\x7f\x16]\xea\xeb}{\xbc\xd9\x08\xa29O(\x1f\xdd\xb8\xf7+\x8a\xfa\x1f\xe0\xfe\xbe\xda\x97\xc5\x9dsOG\x06\x0b\x1d60\xc3\xfd\xb6\x93?\xca\xafx\x7f\xf6c\xf0\xff\x00\x855\xeb\x9dKJ\xbb\x9a\xc5nc\x11\xcbm\x12(C\x8e\x87\xd8\xe2\xbao\x00\xfc!\xb2\xf0\x17\x8a5\xcdn\x0b\xd9\xae\xeeu]\xa1\xd6U\x00F\x14\x0c\x01\x8f\xa5\x13\x94^\xc2\xa7NQ\x95\xd9\xe8\x94QEdw\x88zW\x19\xf1""k\x8b=\x1e\x1b\xbf\xf8I\x13\xc2\xfa]\xbc\xdef\xa1{\xb1ZV\x8bi\xda\x91\x96\x04\x02\\\xafbH\xc8\x1c\x9a\xec\xcfJ\xe4\xbco\xf0\xfe\xc3\xc7?\xd9f\xf6\xea\xf6\xd8\xe9\xd7B\xf2\x0f\xb3H\xa0y\xa0\x10\xac\xca\xca\xca\xd8\xc9##\x83\xcfZ\x00\xf2/\r\xf8\x8b\xc7\x9e*\xb6\x96\xca\xe7\xc4\x17Z,\xb6\x1aU\xc6\xa5\x14\xf2ZD\x97\x17h\xd7\x12\xad\xab\xcc\x85p\xbf\xba\x8dK(\x00\xe5\xb9\xc1\xe2\xb6\xed<u\xe3\x1dS\xc4\x1f\r\xee\x9ak+-\x0fZ\x81\x85\xc41\xa1ig\x9b\xec\xcc\xe4\xe4\xfd\xc4V\x1c\x01\xc9\xcdu\xda\xc7\xc2m;[x\xa6\xbb\xd6usz {Io#\xb8H\xe5\xb9\xb7v\xcbC!T\x00\xaes\x82\x00a\xce\rm\\\xf8+C\xb8:\x101*G\xa3n\xfb\x1cH\xf8U\x063\x19\x04w\x1bN(\x15\xcf\x1e\xd4<e\xe3o\x07\xf8\x95\xb4\xd3\xac\x1dF\xf2]""\xf2\xe4\xbe\xb5n\xb6\xb6\x12\xdd!C\x1f\xd9]W%UY\xb7)<\x80\xbd\xc95\xc4|?\xf8\x89\xe3;\xfdkE\xd2\xed\xfcY\xab\xddiw\x1a\x14z\xb2\xcfu\xfd\x99\xe7\xb9yG\xdef\x1c.\x1b\xee\x9f\x98~\x15\xee\xb6?\x05\xbc3mql\xd7s\xdekV\xf6q<\x166Z\xac\xe2x,\xd1\xf1\xb8""\xe0\x13\x9c\x01\x97,@\x18\x04TK\xf0\'\xc1+\xe3\x16\xd7\x86\x91\xa7\x05\xfe\xcf\xfb\x07\xd8>\xcd\x1f\x93\x8f0?\x99\xd3;\xb8\xc7\xd2\x81\x9c\x15\xcf\xc4\x14\x08I\xe2',match=OFPMatch(oxm_fields={'in_port': 1}),reason=0,table_id=0,total_len=1518)" + line2 = "ethernet(dst='02:1a:c5:01:00:00',ethertype=2048,src='02:1a:c5:02:00:00'), ipv4(csum=52552,dst='1.1.18.116',flags=2,header_length=5,identification=32755,offset=0,option=None,proto=6,src='1.2.243.105',tos=0,total_length=1500,ttl=32,version=4), tcp(ack=2264451304,bits=16,csum=40729,dst_port=19492,offset=8,option=[TCPOptionNoOperation(kind=1,length=1), TCPOptionNoOperation(kind=1,length=1), TCPOptionTimestamps(kind=8,length=10,ts_ecr=184023255,ts_val=488037593)],seq=4007776541,src_port=80,urgent=0,window_size=8688), 'ke\xda\x92^\xcag\x94\x8fB\xed\x92}\xbd)8>\x83[\xdd\x9f""|A\xd6/|O\xe3\xfb\xad#M_\x1e\xc0n\xef\xe0\xd3e\xba\xb0E\x86\xce\xc0DD\x8d2\x16\xea\xaf\x9c1\xef\x83^\xaf\xe2D\xb5\xbb\xb1\x92\xca\xf1V\xee\xdeX\xcc2$\x83p\x90\x11\x83\x9f\xad{\xac\x9f\x08-%\x18:\x95\xc0\xfa*\xd6e\xcf\xc0M>\xe5\xf7\x9dR\xe5\x089\x1f""\xd62\xa7.\x88\xd1K\xb9\xf1\x87\xc3M\x1b\xfe\x10\xebI\xb4%\x99\xa7\xb4\xd3\xaee\xb7\xb6\'\x92\xb0\x86\xca.{\xed\x07\x1f\x85z\xbe\x96\xdb\x9e28\x07\x91^\x8b\xa4~\xc8\x9av\x99\xbc\xc9\xe2mB\xe6i$y^G\x89\x06K\x12k\xa8\xb3\xfd\x9d\xb4\xeb0\xbbu\x8b\xa6#\xa6Qk\xcbx:\xb2\x9b\x95\x8feb\xe9F\x11\x8a{\x1c>\x9cCF=\xaa\xcb\r\xc4\xf3\xc5zD?\x06\xac\xe2\x00\rJ\xe0\xff\x00\xc0\x16\xa5\x1f\x08\xac\xc0#\xfbBs\xf5QW\x1c-U\xd0\xceX\xaaL\xf2\xc5\xf9%\xc7\x1fZ\xb0b\xde\xb9\x07\x18\xafF\x1f\x06\xed\x03n\xfe\xd1\x9c\xe7\xb1E\xa9G\xc2K@1\xf6\xf9\xbf\xef\x85\xae\x8faW\xb1\x9a\xc4Au<\xde y\xe7""\xa5M\xea\x8c\xc4c\x8a\xf4t\xf8Sh\x83\x1fo\x9c\xff\x00\xc0EK\xff\x00\n\xc2\xd4\xa9_\xb6\xcd\xcf\xfb""\xab\xd8N\xfb\x12\xf1\x14\xdfS\xc7\xe7\xba\x0cOPEb\xdc\xcc\x1eL\xee?\x8d{|\x9f\x07\xacd\x07\x17\xf3\x8c\xff\x00\xb0\xb5JO\x81\x9a|\x9c\xb6\xa3?\xfd\xf0\xb4K\r6\xcd#\x8b\xa6\x91\xe2s<B""N\x07\xbda\xdd\xce-\xe2wS\x9c\x8cs\xde\xbe\x80\x9f\xf6}\xd3\xa6\x18:\xad\xd6=\x91j\x8d\xd7\xec\xd3\xa6\xdc\xc7\xb0\xebW\x8a=\xa3Z!BQz\x98\xd4\xc4)\xad\x0f\x97t}3\xe1\xef\xc2\x1d/T\xf1\x06\xa7mo\xa7\xc0\xf3\xfd\xb1\xdd\xfeg\x92\xe0\xe0|\x80\xe4\x96\xf4\x02\xad\xcf\xe1\xddg\xe3-\xee\x9b\xe2;\x9d[\xfe\x10m\x1e\x02\xed\xa7Evs6\x0eG\xda\n\x12\x06\xe0\xb8#<\x8a\xf5\xa6\xfd\x84t\x1dO\xc7\xd6\xfe%\xd7\xbcQ\xa9\xeb\xd1\xd9\x90\xd6:]\xcc1\x8b[f\x07!\x82\x81\xf37\xb9\xae\xef\xc7\x1f\xb2\xd7\x85\xbe""Ae\x0e\xb9\xba\xf6+M\xe65\x95\x01\x03p\xc1\xe8Ez\x91\xd1jyrM\xecxM\x87\xec\x9f\xa2\xcc\xad}s\xac\xaf\x8ed\x9dL\xa5\xfcD^Uf\xc0\xc6\xd6F\xc0\x04\xf3\xc0\xef]\x17\x84~\x1fx^\xdbQ\xfb&\x9be?\x81|Ue\x1b\xb7\x91\xa7\xce\xc6\x19\x14\xa8\x01\xc2\x9f\x96T\xcfb85\xf4\x0f\x86>\x12\xe9\x9e\x13\xd0\xac\xb4\x9d:W\x86\xc6\xd2%\x86(\xd5F\x02\x8e\x94\xcd_\xe1>\x9f\xab\xdc\xd9\xdd}\xaeX.\xed$\xf3""\x9e5]\xc0te>\xa0\x8e\rn\xa6\xb61T\xda>i\xf8\x8bc\xaax\xb2\xfa\xebG\xd4c\xb7Y\xad\xe2Kx\xa5\x132-\xe3\x1f\x98\xb9P>PWw\x198 \xd7\xa3\xf8gD\xb0\xd0\xfc;kk\x13\xed\x10\xa0DfbO\x07\x1f\x96+\xac\xb8\xfd\x9e\xad.\xbcYw\xae\\k\xb7\xb3K3\x83\x1c\x0c\x8b\xb2\x15\x08\x17j\xfe\xa7\xf15v\xe7\xe0\x7f\x9byk,\x1e \xbb\xb5\x86\x16\xdd$)\n\x11(\xf4$\xf2?\n\x1c\xd3\xd8\xc7\xd9J\xe7\x95|Q\x97AO\x08\xca\xba\xca\xc1>\x92\xe0\xa5\xcaO\xbb\r\xc7\x00\xe0\x1c\x0e\xbc\xd7\x8a^i\x7f\x03\xbe\x1cxwG\xd2\xc5\xc0\xd2$\xd5e\xfbm\x8c\xe1\xc9*\xfb\xc6>n\xc3\x04\xd7\xdaR|\x1e\xb0\x9a\x06\x8ak\xb9&\x8d\x86\nI\x1a\x90\x7f\n\xe2|]\xfb\x1b|=\xf1\xd5\xc5\x9c\xfa\xce\x9a\x97r\xd9\x8cBLJ\x02\x0c\xe7\x00\x0e\xde\xd4)E\x15\xec\xe4|\xf5\xf03\xc3gQ\xf8\x8f\xe2\x7f\x16]\xea\xeb}{\xbc\xd9\x08\xa29O(\x1f\xdd\xb8\xf7+\x8a\xfa\x1f\xe0\xfe\xbe\xda\x97\xc5\x9dsOG\x06\x0b\x1d60\xc3\xfd\xb6\x93?\xca\xafx\x7f\xf6c\xf0\xff\x00\x855\xeb\x9dKJ\xbb\x9a\xc5nc\x11\xcbm\x12(C\x8e\x87\xd8\xe2\xbao\x00\xfc!\xb2\xf0\x17\x8a5\xcdn\x0b\xd9\xae\xeeu]\xa1\xd6U\x00F\x14\x0c\x01\x8f\xa5\x13\x94^\xc2\xa7NQ\x95\xd9\xe8\x94QEdw\x88zW\x19\xf1""k\x8b=\x1e\x1b\xbf\xf8I\x13\xc2\xfa]\xbc\xdef\xa1{\xb1ZV\x8bi\xda\x91\x96\x04\x02\\\xafbH\xc8\x1c\x9a\xec\xcfJ\xe4\xbco\xf0\xfe\xc3\xc7?\xd9f\xf6\xea\xf6\xd8\xe9\xd7B\xf2\x0f\xb3H\xa0y\xa0\x10\xac\xca\xca\xca\xd8\xc9##\x83\xcfZ\x00\xf2/\r\xf8\x8b\xc7\x9e*\xb6\x96\xca\xe7\xc4\x17Z,\xb6\x1aU\xc6\xa5\x14\xf2ZD\x97\x17h\xd7\x12\xad\xab\xcc\x85p\xbf\xba\x8dK(\x00\xe5\xb9\xc1\xe2\xb6\xed<u\xe3\x1dS\xc4\x1f\r\xee\x9ak+-\x0fZ\x81\x85\xc41\xa1ig\x9b\xec\xcc\xe4\xe4\xfd\xc4V\x1c\x01\xc9\xcdu\xda\xc7\xc2m;[x\xa6\xbb\xd6usz {Io#\xb8H\xe5\xb9\xb7v\xcbC!T\x00\xaes\x82\x00a\xce\rm\\\xf8+C\xb8:\x101*G\xa3n\xfb\x1cH\xf8U\x063\x19\x04w\x1bN(\x15\xcf\x1e\xd4<e\xe3o\x07\xf8\x95\xb4\xd3\xac\x1dF\xf2]""\xf2\xe4\xbe\xb5n\xb6\xb6\x12\xdd!C\x1f\xd9]W%UY\xb7)<\x80\xbd\xc95\xc4|?\xf8\x89\xe3;\xfdkE\xd2\xed\xfcY\xab\xddiw\x1a\x14z\xb2\xcfu\xfd\x99\xe7\xb9yG\xdef\x1c.\x1b\xee\x9f\x98~\x15\xee\xb6?\x05\xbc3mql\xd7s\xdekV\xf6q<\x166Z\xac\xe2x,\xd1\xf1\xb8""\xe0\x13\x9c\x01\x97,@\x18\x04TK\xf0\'\xc1+\xe3\x16\xd7\x86\x91\xa7\x05\xfe\xcf\xfb\x07\xd8>\xcd\x1f\x93\x8f0?\x99\xd3;\xb8\xc7\xd2\x81\x9c\x15\xcf\xc4'" + thispacket1 = PacketData(line1, line2) + print('测试1:', thispacket1.predict()) + print(thispacket1.predict_npy()) |