GitHub - skumailraza/tls_malware_detection: Using Machine Learning for Malware Traffic Classification

Python code to automate the execution of the clustering process.

Step 1: Parse pcaps/bro logs into a JSON file

Step 2: Extract features

Run the clustering/prep/extract_features.py script, specifying the corresponding avclass and virustotal files, if any, and the folder with the certs. The TLS fingerprints can be located at clustering/data/tls_fprints/
The output is a TSV file with the feature vectors.

Step 3: Run the clustering

When using the script clustering/run_clustering.py, a dataset_name must be specified. The script will look for two files into the data/groundtruth folder by default, the feature vectors (dataset_name.tsv) and the related avclass file (dataset_name.labels)
The output will be generated inside a folder with the same name as the dataset_name.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
aux		aux
clustering		clustering
db		db
pcap_processing		pcap_processing
pcaps_frompcaps_dataset		pcaps_frompcaps_dataset
.DS_Store		.DS_Store
README.md		README.md
TLS_Malware_Paper.pdf		TLS_Malware_Paper.pdf
extract_features_pcaps_frompcaps_dataset.err		extract_features_pcaps_frompcaps_dataset.err
parse_bro_logs_v2_pcaps_frompcaps_dataset.err		parse_bro_logs_v2_pcaps_frompcaps_dataset.err
parse_log_files.sh		parse_log_files.sh
parse_pcap_files.sh		parse_pcap_files.sh
pcaps_frompcaps_dataset.tsv		pcaps_frompcaps_dataset.tsv
run.sh		run.sh