-
Notifications
You must be signed in to change notification settings - Fork 0
/
detect_deauthentication_attacks.py
119 lines (93 loc) · 4.61 KB
/
detect_deauthentication_attacks.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
import pandas as pd
import matplotlib.pyplot as plt
import numpy as np
from scipy.ndimage import median_filter
csv = 'your_csv_file_here'
# Read the CSV file and create a DataFrame
df = pd.read_csv(csv)
# Convert the "Time" column to a datetime object
date_format = "%H:%M:%S.%f"
df['Time'] = pd.to_datetime(df['Time'], format=date_format)
# Group by one-second intervals and count the occurrences
grouped = df.groupby(pd.Grouper(key='Time', freq='1S')).size().reset_index(name='count')
# Extract the seconds (time) and packet counts (count) for the scatter plot
seconds = grouped['Time']
packet_counts = grouped['count']
# Find the rolling median for a 10 second window
rolling_median = median_filter(packet_counts, size=10)
# Calculate the dynamic threshold based on rolling_median
mean = np.mean(rolling_median)
std_dev = np.std(rolling_median)
threshold = mean + 1 * std_dev
print(threshold)
outliers = [x if x > threshold else 0 for x in list(packet_counts)]
attack_points = []
# Check if there are any isolated outliers with 5 seconds time distance and exclude them from malicious traffic.
for i in range(len(outliers)):
if i - 5 >= 0 and i + 5 < len(outliers):
if outliers[i - 5:i].count(0) > 4 and outliers[i + 1:i + 6].count(0) > 4:
attack_points.append(0)
else:
attack_points.append(outliers[i])
else:
attack_points.append(outliers[i])
attack_points[0] = 0
attack_points[-1]= 0
# Create a scatter plot
plt.figure(figsize=(10, 6)) # Adjust the figure size if needed
plt.scatter(seconds, packet_counts, s=10, marker='o', label='Packets per Second', alpha=0.8)
plt.plot(seconds, packet_counts, label='Packet Counts')
# Find the targeted MACs in case of attack detection
def detect_targets(file):
import csv
from collections import Counter
# Initialize counters for source and destination MAC addresses
source_counter = Counter()
destination_counter = Counter()
associated_destination = {}
# Read the CSV file
with open(file, 'r') as csv_file:
csv_reader = csv.DictReader(csv_file)
# Iterate through each row in the CSV
for row in csv_reader:
source_mac = row['Source']
destination_mac = row['Destination']
# Update the counters for source and destination MAC addresses
source_counter[source_mac] += 1
destination_counter[destination_mac] += 1
# Track the associations between source and destination MAC addresses
if source_mac not in associated_destination:
associated_destination[source_mac] = []
associated_destination[source_mac].append(destination_mac)
# Find the most common source MAC address
most_common_source_mac, source_count = source_counter.most_common(1)[0]
# Find the associated destination MAC addresses for the most common source MAC address
associated_destinations = associated_destination[most_common_source_mac]
# Find the most common destination MAC address among associated destinations
most_common_destination_mac, destination_count = Counter(associated_destinations).most_common(1)[0]
print(f"Main targeted MAC Address: {most_common_source_mac} (targeted {source_count} times)")
print(f"Main targeted MAC Address associated with {most_common_source_mac}: {most_common_destination_mac} (targeted {destination_count} times)")
if threshold >= 1:
# Create a scatter plot with seconds on the x-axis and result on the y-axis
plt.axhline(y=threshold, color='red', linestyle='--', label='Dynamic Threshold')
seconds_x = [seconds[i] for i in range(len(attack_points)) if attack_points[i] > 0]
attack_points_y = [attack_points[i] for i in range(len(attack_points)) if attack_points[i] > 0]
plt.scatter(seconds_x, attack_points_y, c='red', s=30, marker='x', label='Malicious Traffic')
result = "Attack Detected"
label = "Status:"
plt.text(seconds.iloc[0], max(packet_counts), f"{label} {result}", verticalalignment='top', horizontalalignment='left', color='red')
# Find the targeted MACs
detect_targets(csv)
else:
result = "Normal Traffic"
label = "Status:"
plt.text(seconds.iloc[0], max(packet_counts), f"{label} {result}", verticalalignment='top', horizontalalignment='left', color='blue')
plt.legend(loc='upper right')
# Add labels and title
plt.xlabel("Time (s)")
plt.ylabel("Deauth Packets / 1 sec")
plt.title("Scatter Plot of Deauthentication Packets per Second Over Time")
# Display the plot
plt.grid(True)
plt.tight_layout()
plt.show()