Created a system that will block the suspicious IP whenever any cyber attack came …
Create a automated system which will be useful for a server in terms of following features:-
1. This system will keep log of the information about the clients hit or request to the server for example we can get log file of a webserver at location /var/log/httpd/
2. This log data of clients will be used for finding the unusual pattern of a client request for example if a client is sending request repeatedly. for this purpose we can use here clustering to make clusters of different patterns of client request and to identify which cluster of client requests can cause some security and performance issue in the server
3. If any kind of unusual pattern we got then we can use Jenkins to perform certain task for example it can run some command to block that IP which is causing this trouble.
Steps to follow for creating the system which will block suspicious IP whenever any Cyber Attack came …
Step 1: Attacking the webserver using Hulk Master tool … U can search it in google and do the things as website shows ….
After attacking the webserver , we can see the log file for httpd server from the location /var/log/httpd/ …
My access_log file is in GitHub
Step 2: Now I am converting this Access_log to csv file using perl command …
Here is the link for perl command … follow this website for resources …
For this u need to install perl in your system … Also download the file from this website …Here is the cmd for converting assess_log to csv file …
Step 3: Now write the code to train the model and predict the Suspicious IP from the output csv file using the concept of Cluster ….
import pandas as pd
dataset = pd.read_csv(‘webserverlog.csv’)
newdata = dataset.drop([‘Log Name’ , ‘Time Zone’ , ‘Method’ , ‘Referer’ , ‘Bytes Sent’, ‘User Agent’], axis=1)
from sklearn.preprocessing import OneHotEncoder,label =LabelEncoder
X = newdata.iloc[:,:]
x = X.to_numpy()
label = LabelEncoder()
IP = label.fit_transform(x[:,0])
Date = label.fit_transform(x[:,1])
URL = label.fit_transform(x[:,2])
RC = label.fit_transform(x[:,3])
df1 = pd.DataFrame(IP, columns=[‘IP’])
df2 = pd.DataFrame(Date, columns=[‘DATE’])
df3 = pd.DataFrame(URL, columns=[‘URL’])
df4 = pd.DataFrame(RC, columns=[‘Response Code’])
frames = [df1, df2, df3, df4]
result = pd.concat(frames, axis=1 )
from sklearn.preprocessing import StandardScaler
sc = StandardScaler()
data_scaled = sc.fit_transform(result)
from sklearn.cluster import KMeans
model = KMeans(n_clusters=10)
pred = model.fit_predict(data_scaled)
dataset_scaled = pd.DataFrame(data_scaled, columns=[‘IP’, ‘Date’, ‘URL’, ‘Response Code’])
dataset_scaled[‘mycluster’] = pred
ips = [dataset[‘Host’], result[‘IP’]]
ips_result = pd.concat(ips, axis=1)
def CountFrequency(my_list, ip_label):
freq = {}
for item in my_list:
if (item in freq):
freq[item] += 1
else:
freq[item] = 1
max_freq = 0
max_key = 0
for key, value in freq.items():
if value > max_freq:
max_freq = value
max_key = key
return ip_label[my_list.index(max_key)]res = CountFrequency(ips_result[‘IP’].tolist(), ips_result[‘Host’].tolist())
res = str(res)file1 = open(“blockIP.txt”,”w”)
file1.write(res)
file1.close()
Step 4: We need automated system.. So that’s why I am using jenkins as a automation tool ….
→ Job1 : To pull all the files from github link which we provided and copy all those files into one workspace ,,, In my case I copied all files into /task5 folder …
Output of Job 1:
Note :
→ U need to install python3 and also pip
→ Install tensorflow and keras … to run the model in ur system…
→Job2 : Run the model ‘blockingIP.py’ which we have written in above step 3 …. And build triggers
Console Output for Job 2 :
The above model ‘blockingIP.py ’ will create one file with suspicious IP .. The Output of that file is ….
→ Job 3 : After retrieving the Suspicious IP , we need to block that IP …
Here is the command to block the IP … Also Build Triggers…
Build Pipeline for all the three jobs …
That’s all … Done with the task … Worked collaboratively with Vyshnavi Talla
Here is the GitHub Link ….
Thanks for reading …
…. Signing off ….
