Initial_Commit!

DDOS_Model_Generation.py

@@ -0,0 +1,510 @@
+#!/usr/bin/env python
+# coding: utf-8
+
+# In[1]:
+
+
+
+
+import pandas as pd
+import numpy as np
+
+import matplotlib.pyplot as plt
+from matplotlib.pyplot import figure
+import seaborn as sns
+
+from sklearn.metrics import confusion_matrix
+from sklearn.metrics import accuracy_score
+from sklearn.metrics import classification_report
+from sklearn.model_selection import train_test_split
+from sklearn import metrics
+from sklearn.model_selection import cross_val_score
+from sklearn import preprocessing
+
+from sklearn.model_selection import cross_val_predict
+from sklearn.model_selection import GridSearchCV
+import time
+
+from sklearn.tree import DecisionTreeClassifier
+from sklearn.linear_model import LogisticRegression
+from sklearn import svm
+from sklearn.neighbors import KNeighborsClassifier
+from sklearn.ensemble import RandomForestClassifier
+
+from sklearn import metrics
+
+data = pd.read_csv('dataset_sdn.csv')
+
+
+
+data.head()
+
+
+data.shape
+
+data.info()
+
+##### Here we see that the label contains boolean values: 0 - Benign, 1-Maliciuous 
+data.label.unique()
+
+
+data.label.value_counts()
+
+label_dict = dict(data.label.value_counts())
+sns.countplot(data.label)
+
+
+labels = ["Maliciuous",'Benign']
+sizes = [dict(data.label.value_counts())[0], dict(data.label.value_counts())[1]]
+plt.figure(figsize = (13,8))
+plt.pie(sizes, labels=labels, autopct='%1.1f%%',
+        shadow=True, startangle=90)
+plt.legend(["Maliciuous", "Benign"])
+plt.title('The percentage of Benign and Maliciuos Requests in dataset')
+# plt.show()
+
+
+data.describe()
+
+
+# Let's look at the vizualisation of Null valued features
+figure(figsize=(9, 5), dpi=80)
+data[data.columns[data.isna().sum() >= 0]].isna().sum().sort_values().plot.bar()
+plt.title("Features which has NuLL values")
+
+
+data.isnull().sum()
+
+
+numeric_df = data.select_dtypes(include=['int64', 'float64'])
+object_df = data.select_dtypes(include=['object'])
+numeric_cols = numeric_df.columns
+object_cols = object_df.columns
+print('Numeric Columns: ')
+print(numeric_cols, '\n')
+print('Object Columns: ')
+print(object_cols, '\n')
+print('Number of Numeric Features: ', len(numeric_cols))
+print('Number of Object Features: ', len(object_cols))
+
+
+# In[14]:
+
+
+object_df.head()
+
+
+# In[15]:
+
+
+#### Let's look at Oblect columns (Source Destination Protocol)
+
+figure(figsize=(12, 7), dpi=80)
+plt.barh(list(dict(data.src.value_counts()).keys()), dict(data.src.value_counts()).values(), color='lawngreen')
+
+for idx, val in enumerate(dict(data.src.value_counts()).values()):
+    plt.text(x = val, y = idx-0.2, s = str(val), color='r', size = 13)
+
+plt.xlabel('Number of Requests')
+plt.ylabel('IP addres of sender')
+plt.title('Number of all reqests')
+
+
+# In[16]:
+
+
+figure(figsize=(12, 7), dpi=80)
+plt.barh(list(dict(data[data.label == 1].src.value_counts()).keys()), dict(data[data.label == 1].src.value_counts()).values(), color='blue')
+
+for idx, val in enumerate(dict(data[data.label == 1].src.value_counts()).values()):
+    plt.text(x = val, y = idx-0.2, s = str(val), color='r', size = 13)
+
+plt.xlabel('Number of Requests')
+plt.ylabel('IP addres of sender')
+plt.title('Number of Attack requests')
+
+
+# In[17]:
+
+
+figure(figsize=(12, 7), dpi=80)
+plt.barh(list(dict(data.src.value_counts()).keys()), dict(data.src.value_counts()).values(), color='lawngreen')
+plt.barh(list(dict(data[data.label == 1].src.value_counts()).keys()), dict(data[data.label == 1].src.value_counts()).values(), color='blue')
+
+for idx, val in enumerate(dict(data.src.value_counts()).values()):
+    plt.text(x = val, y = idx-0.2, s = str(val), color='r', size = 13)
+
+for idx, val in enumerate(dict(data[data.label == 1].src.value_counts()).values()):
+    plt.text(x = val, y = idx-0.2, s = str(val), color='w', size = 13)
+
+
+plt.xlabel('Number of Requests')
+plt.ylabel('IP addres of sender')
+plt.legend(['All','malicious'])
+plt.title('Number of requests from different IP adress')
+
+
+# In[18]:
+
+
+figure(figsize=(10, 6), dpi=80)
+plt.bar(list(dict(data.Protocol.value_counts()).keys()), dict(data.Protocol.value_counts()).values(), color='r')
+plt.bar(list(dict(data[data.label == 1].Protocol.value_counts()).keys()), dict(data[data.label == 1].Protocol.value_counts()).values(), color='b')
+
+plt.text(x = 0 - 0.15, y = 41321 + 200, s = str(41321), color='black', size=17)
+plt.text(x = 1 - 0.15, y = 33588 + 200, s = str(33588), color='black', size=17)
+plt.text(x = 2 - 0.15, y = 29436 + 200, s = str(29436), color='black', size=17)
+
+plt.text(x = 0 - 0.15, y = 9419 + 200, s = str(9419), color='w', size=17)
+plt.text(x = 1 - 0.15, y = 17499 + 200, s = str(17499), color='w', size=17)
+plt.text(x = 2 - 0.15, y = 13866 + 200, s = str(13866), color='w', size=17)
+
+plt.xlabel('Protocol')
+plt.ylabel('Count')
+plt.legend(['All', 'malicious'])
+plt.title('The number of requests from different protocols')
+
+
+# In[19]:
+
+
+df = data.copy()
+
+
+# In[20]:
+
+
+figure(figsize=(8, 4), dpi=80)
+plt.hist(df.dur, bins=20, color='b')
+plt.title('Duration')
+# plt.show()
+
+
+# In[21]:
+
+
+figure(figsize=(8, 4), dpi=80)
+plt.hist(df.tx_bytes, bins=20, color='r')
+plt.title('TX_BYTES - Transmitted Bytes')
+# plt.show()
+
+
+# In[22]:
+
+
+figure(figsize=(8, 4), dpi=80)
+plt.hist(df.tx_kbps, bins=10, color='g')
+plt.title('TX_KBPC')
+# plt.show()
+
+
+# In[23]:
+
+
+plt.hist(df.switch, bins=20, color='r')
+plt.title('SWITCH')
+plt.xlabel('SWITCH')
+# plt.show()
+
+
+# In[24]:
+
+
+plt.hist(df[df['label'] == 1].switch, bins=20, color='r')
+plt.title('SWITCH')
+plt.xlabel('SWITCH')
+# plt.show()
+
+import joblib
+
+class Model:
+    global y
+    def __init__(self, data):
+        self.data = data
+        X = preprocessing.StandardScaler().fit(self.data).transform(self.data)
+        self.X_train, self.X_test, self.y_train, self.y_test = train_test_split(X, y, random_state=42, test_size=0.3)  
+    
+    def LogisticRegression(self):
+        solvers = ['newton-cg', 'lbfgs', 'liblinear', 'sag', 'saga']
+
+        start_time = time.time()
+        results_lr = []
+        accuracy_list = []
+        for solver in solvers:
+            LR = LogisticRegression(C=0.03, solver=solver).fit(self.X_train, self.y_train)
+            predicted_lr = LR.predict(self.X_test)
+            accuracy_lr = accuracy_score(self.y_test, predicted_lr)
+            results_lr.append({'solver' : solver, 'accuracy': str(round(accuracy_lr * 100, 2)) + "%", 
+                                  'Coefficients': {'W' : LR.coef_, 'b': LR.intercept_}})
+            accuracy_list.append(accuracy_lr)
+       
+        solver_name = solvers[accuracy_list.index(max(accuracy_list))]
+        LR = LogisticRegression(C=0.03, solver=solver_name).fit(self.X_train, self.y_train)
+        predicted_lr = LR.predict(self.X_test)
+        accuracy_lr = accuracy_score(self.y_test, predicted_lr)
+        print("Accuracy: %.2f%%" % (accuracy_lr * 100.0), '\n')
+        print("########################################################################")
+        print('Best solver is : ', solver_name)
+        print("########################################################################")
+        print(classification_report(predicted_lr, self.y_test), '\n')
+        print("########################################################################")
+        print("--- %s seconds --- time for LogisticRegression" % (time.time() - start_time))
+        
+        # Save the model
+        joblib.dump(LR, 'logistic_regression_model.pkl')
+        
+    def SupportVectorMachine(self):
+        start_time = time.time()
+        accuracy_list = []
+        result_svm = []
+        kernels = ['linear', 'poly','rbf', 'sigmoid']
+        for kernel in kernels:
+            SVM = svm.SVC(kernel=kernel).fit(self.X_train, self.y_train)
+            predicted_svm = SVM.predict(self.X_test)
+            accuracy_svm = accuracy_score(self.y_test, predicted_svm)
+            result_svm.append({"kernel" : kernel, "accuracy": f"{round(accuracy_svm*100,2)}%"})
+            print("Accuracy: %.2f%%" % round((accuracy_svm * 100.0),2))
+            print('######################################################################')
+            accuracy_list.append(accuracy_svm)
+        
+        kernel_name = kernels[accuracy_list.index(max(accuracy_list))]
+        SVM = svm.SVC(kernel=kernel_name).fit(self.X_train, self.y_train)
+        predicted_svm = SVM.predict(self.X_test)
+        accuracy_svm = accuracy_score(self.y_test, predicted_svm)
+        print(f"Accuracy of SVM model {round(accuracy_svm,2)*100}%", '\n')
+        print("########################################################################")
+        print('best kernel is : ', kernel_name)
+        print("########################################################################")
+        print(classification_report(predicted_svm, self.y_test))
+        print("########################################################################")
+        print("--- %s seconds ---" % (time.time() - start_time))
+        
+        # Save the model
+        joblib.dump(SVM, 'svm_model.pkl')
+        
+    def KNearetsNeighbor(self):
+        start_time = time.time()
+        Ks = 12
+        accuracy_knn = np.zeros((Ks-1))
+        std_acc = np.zeros((Ks-1))
+        for n in range(1,Ks):
+            neigh = KNeighborsClassifier(n_neighbors = n).fit(self.X_train, self.y_train)
+            yhat = neigh.predict(self.X_test)
+            accuracy_knn[n-1] = metrics.accuracy_score(self.y_test, yhat)
+            std_acc[n-1] = np.std(yhat==self.y_test) / np.sqrt(yhat.shape[0])
+
+        plt.figure(figsize=(10,6))
+        plt.plot(range(1,Ks), accuracy_knn, 'g')
+        plt.fill_between(range(1,Ks), accuracy_knn - 1 * std_acc, accuracy_knn + 1 * std_acc, alpha=0.10)
+        plt.fill_between(range(1,Ks), accuracy_knn - 3 * std_acc, accuracy_knn + 3 * std_acc, alpha=0.10, color="green")
+        plt.legend(('Accuracy ', '+/- 1xstd', '+/- 3xstd'))
+        plt.ylabel('Accuracy ')
+        plt.xlabel('Number of Neighbors (K)')
+        plt.tight_layout()
+        # plt.show()
+        
+        knnc = KNeighborsClassifier()
+        knnc_search = GridSearchCV(knnc, param_grid={'n_neighbors': [3, 5, 10],
+                                             'weights': ['uniform', 'distance'],
+                                             'metric': ['euclidean', 'manhattan']},
+                           n_jobs=-1, cv=3, scoring='accuracy', verbose=2)
+        knnc_search.fit(self.X_train, self.y_train)
+        n_neighbors = knnc_search.best_params_['n_neighbors']
+        weights = knnc_search.best_params_['weights']
+        metric = knnc_search.best_params_['metric']
+        KNN = KNeighborsClassifier(n_neighbors=n_neighbors, metric=metric, weights=weights).fit(self.X_train, self.y_train)
+        
+        predicted_knn = KNN.predict(self.X_test)
+        accuracy_knn = metrics.accuracy_score(self.y_test, predicted_knn)
+        print(f"Accuracy of KNN model {round(accuracy_knn,2)*100}%", '\n')
+        print("########################################################################")
+        print(classification_report(predicted_knn, self.y_test))
+        print("########################################################################")
+        print("--- %s seconds ---" % (time.time() - start_time))
+        
+        # Save the model
+        joblib.dump(KNN, 'knn_model.pkl')
+        
+    def DecisionTree(self):
+        start_time = time.time()
+        tree = DecisionTreeClassifier()
+        dt_search = GridSearchCV(tree, param_grid={'criterion' : ['gini', 'entropy'],
+                                           'max_depth' : [2,3,4,5,6,7,8, 9, 10],
+                                           'max_leaf_nodes' : [2,3,4,5,6,7,8,9,10, 11]},
+                           n_jobs=-1, cv=5, scoring='accuracy', verbose=2)
+        dt_search.fit(self.X_train, self.y_train)
+        
+        criterion = dt_search.best_params_['criterion']
+        max_depth = dt_search.best_params_['max_depth']
+        max_leaf_nodes = dt_search.best_params_['max_leaf_nodes']
+        
+        dtree = DecisionTreeClassifier(criterion=criterion, 
+                                       max_depth=max_depth, 
+                                       max_leaf_nodes=max_leaf_nodes).fit(self.X_train, self.y_train)
+        predicted_dt = dtree.predict(self.X_test)
+        accuracy_dt = metrics.accuracy_score(self.y_test, predicted_dt)
+        print(f"criterion: {criterion}, max depth: {max_depth}, max_leaf: {max_leaf_nodes}")
+        print(f"The Accuracy is : {round(accuracy_dt * 100,2)}%")
+        print("########################################################################")
+        print(classification_report(predicted_dt, self.y_test))
+        print("########################################################################")
+        print("--- %s seconds ---" % (time.time() - start_time))
+        
+        # Save the model
+        joblib.dump(dtree, 'decision_tree_model.pkl')
+    
+    def RandomForest(self):
+        start_time = time.time()
+        RF = RandomForestClassifier(criterion='gini', 
+                                     n_estimators=500,
+                                     min_samples_split=10,
+                                     max_features='sqrt',
+                                     oob_score=True,
+                                     random_state=1,
+                                     n_jobs=-1).fit(self.X_train, self.y_train)
+        
+        predicted_rf = RF.predict(self.X_test)
+        svm_accuracy = accuracy_score(self.y_test, predicted_rf)
+        print(f"Accuracy of RF is : {round(svm_accuracy*100,2)}%", '\n')
+        print("########################################################################")
+        print(classification_report(predicted_rf, self.y_test))
+        print("########################################################################")
+        print("--- %s seconds ---" % (time.time() - start_time))
+
+        # Save the model
+        joblib.dump(RF, 'random_forest_model.pkl')
+
+
+"""
+Decision Tree works Well
+Suppert Vector Machine works well
+Logistic Regression works well
+KNN works well
+Random Forest works well
+"""
+
+
+df = data.copy()
+df = df.dropna()
+
+X = df.drop(['dt','src','dst','label'], axis=1)
+y = df.label
+
+X = pd.get_dummies(X)
+
+M = Model(X)
+print(X)
+# Logistic Regression(Without FS)
+# M.LogisticRegression()
+
+# # Support Vector Machine(Without FS)
+# M.SupportVectorMachine()
+
+# # Decision Tree(Without FS)
+# M.DecisionTree()
+
+# # Random Forest Classification(Without FS)
+# M.RandomForest()
+
+
+# M.KNearetsNeighbor()
+
+df1 = data.copy()
+
+
+df1 = df1.dropna()
+
+
+
+df1.columns
+
+
+df1.info()
+
+important_features = [
+    'src',
+    'pktcount',
+    'dst',
+    'byteperflow',
+    'pktperflow',
+    'pktrate',
+    'tot_kbps',
+    'rx_kbps',
+    'flows',
+    'bytecount',
+    'dt',
+    'Protocol',
+    'dur',
+    'tot_dur'
+                      
+]
+
+
+weights = [
+    17.87,
+    15.16,
+    13.64,
+    12.97,
+    11.35,
+    11.35,
+    9.68,
+    9.66,
+    8.95,
+    4.92,
+    2.33,
+    1.31,
+    1.11,
+    1.11
+]
+
+
+weighted_features = pd.DataFrame({'features':important_features,
+                                 'weights':weights})
+weighted_features
+# print(weighted_features)
+
+X = df1[important_features]
+y = df1.label
+
+X = X.drop(['src', 'dst', 'dt'], axis=1)
+
+X.head()
+
+
+# print(X)
+X = pd.get_dummies(X)
+abs(X.corr())
+
+fig, ax = plt.subplots(figsize=(10,7)) 
+sns.heatmap(abs(X.corr()), annot=True)
+
+
+
+
+# ### There some duplicated features and high correlated features
+
+
+
+X = X.drop(['dur', "pktrate", "pktperflow"], axis=1)
+
+# X.columns
+
+fig, ax = plt.subplots(figsize=(10,7)) 
+sns.heatmap(abs(X.corr()), annot=True)
+
+
+X = pd.get_dummies(X)
+
+
+M = Model(X)
+# print(X)
+
+# ## Logistic Regression(With FS)
+# M.LogisticRegression()
+
+# ## Support Vector Machine
+# M.SupportVectorMachine()
+# M.RandomForest()
+
+# M.DecisionTree()
+M.KNearetsNeighbor()

Final_Malware.py

@@ -0,0 +1,584 @@
+import os
+import time
+import logging
+import subprocess
+import tkinter as tk
+from tkinter import filedialog, messagebox, ttk
+from watchdog.observers import Observer
+from watchdog.events import FileSystemEventHandler
+import threading
+import pandas as pd
+import pickle
+import numpy as np
+from sklearn.preprocessing import MinMaxScaler
+import sys
+import os
+import pandas as pd
+import numpy as np
+import codecs
+import pickle
+import requests
+
+
+
+isMonitoring = False
+
+output_directory = "outputs"
+bytes_output_directory = "outputs/bytes_output"
+asm_output_directory = "outputs/asm_output"
+result_folder = "results"
+bytes_result_directory = "results/bytes_result"
+asm_result_directory = "results/asm_result"
+bytes_model_directory = "bytes_models"
+asm_model_directory = "asm_models"
+
+if not os.path.exists(asm_model_directory) or not os.path.exists(bytes_model_directory):
+    messagebox.showinfo("Error", "Models Not Found for Prediction")
+    exit(-1)
+
+if not os.path.exists(output_directory):
+    os.makedirs(output_directory)
+
+if not os.path.exists(asm_output_directory):
+    os.makedirs(asm_output_directory)
+
+if not os.path.exists(bytes_output_directory):
+    os.makedirs(bytes_output_directory)
+
+if not os.path.exists(result_folder):
+    os.makedirs(result_folder)
+
+if not os.path.exists(asm_result_directory):
+    os.makedirs(asm_result_directory)
+
+if not os.path.exists(bytes_result_directory):
+    os.makedirs(bytes_result_directory)
+
+logging.basicConfig(level=logging.INFO)
+
+
+
+
+def send_predictions_to_api(file_path):
+    url = "http://127.0.0.1:8000/predict-malware/"
+    with open(file_path, 'rb') as f:
+        files = {'csv_file': f}
+        response = requests.post(url, files=files)
+        if response.status_code == 201:
+            print(f"Successfully sent {file_path} to API.")
+        else:
+            print(f"Failed to send {file_path} to API. Status code: {response.status_code}")
+
+
+def send_asm_predictions_to_api(file_path):
+    url = "http://142.93.221.85:8000/predict-malware/"
+    with open(file_path, 'rb') as f:
+        files = {'file': f}
+        response = requests.post(url, files=files)
+        if response.status_code == 200:
+            print(f"Successfully sent {file_path} to API.")
+        else:
+            print(f"Failed to send {file_path} to API. Status code: {response.status_code}")
+
+
+
+def format_bytes_to_hex(data):
+    hex_dump = ""
+    for i in range(0, len(data), 16):
+        chunk = data[i:i+16]
+        hex_values = " ".join(f"{byte:02X}" for byte in chunk)
+        address = f"{i:08X}"
+        hex_dump += f"{address} {hex_values}\n"
+    return hex_dump
+
+def convert_file_to_hex(input_file, output_file):
+    try:
+        with open(input_file, 'rb') as f:
+            data = f.read()
+        
+        hex_dump = format_bytes_to_hex(data)
+        
+        with open(output_file, 'w') as f:
+            f.write(hex_dump)
+        
+        logging.info(f"Converted '{input_file}' to hex dump and saved to '{output_file}'")
+    except Exception as e:
+        logging.error(f"Error converting '{input_file}': {e}")
+
+def scan_and_convert_directory(directory, output_dir):
+    for root, _, files in os.walk(directory, followlinks=True):
+        for filename in files:
+            input_file = os.path.join(root, filename)
+            if not filename.endswith(".bytes"):
+                output_file = os.path.join(output_dir, f"{filename}.bytes")
+                if not os.path.exists(output_file):
+                    convert_file_to_hex(input_file, output_file)
+
+class FileChangeHandler(FileSystemEventHandler):
+    def __init__(self, output_dir, hex_dirs, disasm_dirs):
+        self.output_dir = output_dir
+        self.hex_dirs = hex_dirs
+        self.disasm_dirs = disasm_dirs
+        super().__init__()
+
+    def on_created(self, event):
+        if not event.is_directory:
+            input_file = event.src_path
+            output_file_hex = os.path.join(bytes_output_directory, f"{os.path.basename(input_file)}.bytes")
+            if not os.path.exists(output_file_hex):
+                # Convert to hex in a new thread
+                threading.Thread(target=self.run_hex_conversion, args=(input_file, output_file_hex)).start()
+            threading.Thread(target=self.run_disassembly, args=(input_file,)).start()
+            
+            # Disassemble in a new thread
+
+    def run_hex_conversion(self, input_file, output_file):
+        convert_file_to_hex(input_file, output_file)
+        run_malware_ai_analysis_bytes()
+    def run_disassembly(self, file_path):
+        try:
+            print(f"Disassembling {file_path}")
+            result = subprocess.run(['objdump', '-d', file_path], capture_output=True, text=True, check=True)
+            assembly_code = result.stdout
+
+            base_name = os.path.basename(file_path)
+            if not file_path.endswith(".asm"):
+                asm_file_name = f"{base_name}.asm"
+                asm_file_path = os.path.join(asm_output_directory, asm_file_name)
+                
+                with open(asm_file_path, "w") as asm_file:
+                    asm_file.write(assembly_code)
+                
+                print(f"Disassembly complete. Assembly code saved to {asm_file_path}")
+            run_malware_analysis_asm()
+        except subprocess.CalledProcessError as e:
+            print(f"Error disassembling file {file_path}: {e}", file=sys.stderr)
+
+def monitor_directories(directories, output_dir):
+    event_handler = FileChangeHandler(output_dir, hex_dirs=directories, disasm_dirs=directories)
+    observer = Observer()
+    for directory in directories:
+        observer.schedule(event_handler, path=directory, recursive=True)
+        logging.info(f"Monitoring directory: {directory}")
+    
+    observer.start()
+    try:
+        while True:
+            time.sleep(1)
+    except KeyboardInterrupt:
+        observer.stop()
+    observer.join()
+
+
+def start_observer(directories, output_dir):
+
+    observer = Observer()
+    event_handler = FileChangeHandler(output_dir, hex_dirs=directories, disasm_dirs=directories)
+    for directory in directories:
+        observer.schedule(event_handler, path=directory, recursive=True)
+        logging.info(f"Monitoring directory: {directory}")
+    
+    observer.start()
+    return observer
+
+
+
+def disassemble_elf(file_path, output_dir):
+    try:
+        print(f"Disassembling {file_path}")
+        result = subprocess.run(['objdump', '-d', file_path], capture_output=True, text=True, check=True)
+        assembly_code = result.stdout
+        
+        base_name = os.path.basename(file_path)
+        if not file_path.endswith(".asm"):
+            asm_file_name = f"{base_name}.asm"
+            asm_file_path = os.path.join(output_dir, asm_file_name)
+            
+            with open(asm_file_path, "w") as asm_file:
+                asm_file.write(assembly_code)
+            
+            print(f"Disassembly complete. Assembly code saved to {asm_file_path}")
+        
+    except subprocess.CalledProcessError as e:
+        print(f"Error disassembling file {file_path}: {e}", file=sys.stderr)
+
+def find_elf_files(start_dirs):
+    elf_files = []
+    for start_dir in start_dirs:
+        if not os.path.isdir(start_dir):
+            continue
+        
+        try:
+            find_command = ['find', start_dir, '-path', '/proc', '-prune', '-o', '-path', '/sys', '-prune', '-o', '-path', '/run', '-prune', '-o', '-type', 'f', '-print']
+            find_result = subprocess.run(find_command, capture_output=True, text=True, check=False)
+            
+            if find_result.returncode != 0:
+                print(f"Error running find command: {find_result.stderr}", file=sys.stderr)
+                continue
+            
+            file_paths = find_result.stdout.splitlines()
+            print(f"Found files in {start_dir}:")
+            print(file_paths)
+            
+            for file_path in file_paths:
+                try:
+                    file_command = ['file', '--mime-type', file_path]
+                    file_result = subprocess.run(file_command, capture_output=True, text=True, check=True)
+                    
+                    if 'application/x-executable' in file_result.stdout or 'application/x-sharedlib' in file_result.stdout:
+                        elf_files.append(file_path)
+                except subprocess.CalledProcessError as e:
+                    print(f"Error running file command on {file_path}: {e}", file=sys.stderr)
+
+        except Exception as e:
+            print(f"Error processing directory {start_dir}: {e}", file=sys.stderr)
+
+    print(f"Found ELF files: {elf_files}")
+    return elf_files
+
+def process_files(output_dir, start_dirs):
+    os.makedirs(output_dir, exist_ok=True)
+    elf_files = find_elf_files(start_dirs)
+    
+    if not elf_files:
+        print("No ELF files found.")
+        return
+    
+    for elf_file in elf_files:
+        disassemble_elf(elf_file, output_dir)
+    
+    print("Disassembly complete. Assembly files are saved in the output directory.")
+
+def process_files_malware(folder_path, files_to_process):
+    feature_matrix = np.zeros((len(files_to_process), 258), dtype=int)  # Adjusted to 258 columns
+
+    for k, file in enumerate(files_to_process):
+        if file.endswith("bytes"):
+            try:
+                with open(os.path.join(folder_path, file), "r") as byte_file:
+                    for lines in byte_file:
+                        line = lines.rstrip().split(" ")
+                        for hex_code in line:
+                            if hex_code != '??':
+                                index = int(hex_code, 16)
+                                if index < 257:  # Keep the bounds check for 257
+                                    feature_matrix[k][index] += 1
+                            else:
+                                feature_matrix[k][257] += 1  # This now references the 258th feature
+            except:
+                continue
+    # Normalize the features
+    scaler = MinMaxScaler()
+    feature_matrix = scaler.fit_transform(feature_matrix)
+    
+    return feature_matrix
+
+def test_files(folder_path, model_path, output_csv):
+    files = os.listdir(folder_path)
+    
+    # Check if the CSV file already exists
+    if os.path.exists(output_csv):
+        existing_results = pd.read_csv(output_csv)
+        already_scanned_files = set(existing_results['File'].tolist())
+    else:
+        already_scanned_files = set()
+    
+    # Filter out files that have already been scanned
+    files_to_process = [file for file in files if file not in already_scanned_files]
+    
+    if not files_to_process:
+        print("All files have already been scanned.")
+        return
+
+    # Process only the files that haven't been scanned yet
+    feature_matrix = process_files_malware(folder_path, files_to_process)
+    
+    # Load the trained model
+    with open(model_path, 'rb') as model_file:
+        model = pickle.load(model_file)
+    
+    # Make predictions
+    predictions = model.predict(feature_matrix)
+    prediction_probs = model.predict_proba(feature_matrix)
+
+    # Create a DataFrame for the new results
+    new_results = pd.DataFrame({
+        'File': files_to_process,
+        'Predicted Class': predictions,
+        'Prediction Probability': [max(probs) for probs in prediction_probs]
+    })
+    
+    # Append new results to the existing CSV file or create a new one
+    if os.path.exists(output_csv):
+        new_results.to_csv(output_csv, mode='a', header=False, index=False)
+    else:
+        new_results.to_csv(output_csv, index=False)
+
+    print(f"New predictions appended to {output_csv}")
+
+def run_malware_ai_analysis_bytes():
+    print("bytes malware analysis started")
+    directory = bytes_output_directory
+    model_files = bytes_model_directory
+   
+    model_folder = model_files # Folder containing the .pkl files
+    model_files = [f for f in os.listdir(model_folder) if f.endswith('.pkl')]
+    
+    for model_file in model_files:
+        model_path = os.path.join(model_folder, model_file)
+        output_csv = os.path.join(bytes_result_directory, f"bytes_predictions_{os.path.splitext(model_file)[0]}.csv")
+        test_files(directory, model_path, output_csv)
+        try:
+            send_predictions_to_api(output_csv)
+        except:
+            print("Connection Failed")
+
+
+
+        
+def preprocess_asm_file(file_path):
+    prefixes = ['.text:', '.Pav:', '.idata:', '.data:', '.bss:', '.rdata:', '.edata:', '.rsrc:', '.tls:', '.reloc:', '.BSS:', '.CODE']
+    opcodes = ['jmp', 'mov', 'retf', 'push', 'pop', 'xor', 'retn', 'nop', 'sub', 'inc', 'dec', 'add', 'imul', 'xchg', 'or', 'shr', 'cmp', 'call', 'shl', 'ror', 'rol', 'jnb', 'jz', 'rtn', 'lea', 'movzx']
+    keywords = ['.dll', 'std::', ':dword']
+    registers = ['edx', 'esi', 'eax', 'ebx', 'ecx', 'edi', 'ebp', 'esp', 'eip']
+
+    # Initialize counts
+    prefix_counts = np.zeros(len(prefixes), dtype=int)
+    opcode_counts = np.zeros(len(opcodes), dtype=int)
+    keyword_counts = np.zeros(len(keywords), dtype=int)
+    register_counts = np.zeros(len(registers), dtype=int)
+
+    # Process file
+    with open(file_path, 'r', encoding='cp1252', errors='replace') as f:
+        for line in f:
+            line = line.rstrip().split()
+            if not line:
+                continue
+            l = line[0]
+            for i, prefix in enumerate(prefixes):
+                if prefix in l:
+                    prefix_counts[i] += 1
+            line = line[1:]
+            for i, opcode in enumerate(opcodes):
+                if any(opcode == li for li in line):
+                    opcode_counts[i] += 1
+            for i, register in enumerate(registers):
+                if any(register in li and ('text' in l or 'CODE' in l) for li in line):
+                    register_counts[i] += 1
+            for i, keyword in enumerate(keywords):
+                if any(keyword in li for li in line):
+                    keyword_counts[i] += 1
+
+    # Create feature vector
+    feature_vector = np.concatenate([prefix_counts, opcode_counts, register_counts, keyword_counts])
+    
+    return feature_vector
+
+
+# Main function to load models and make predictions
+def run_malware_analysis_asm(asm_folder_path=asm_output_directory, models_folder=asm_model_directory):
+    print("Starting analysis...")
+
+    # Get all .asm files in the folder
+    asm_files = [f for f in os.listdir(asm_folder_path) if f.endswith('.asm')]
+
+    # Load all .pkl models from the models folder
+    model_files = [f for f in os.listdir(models_folder) if f.endswith('.pkl')]
+
+    models = {}
+    for model_file in model_files:
+        model_name = os.path.splitext(model_file)[0]
+        with open(os.path.join(models_folder, model_file), 'rb') as f:
+            model_clf = pickle.load(f)
+            models[model_name] = model_clf
+
+    # Prediction and saving results
+    for model_name, model_clf in models.items():
+        print(f"Making asm predictions with {model_name}...")
+
+        # Generate the correct class mapping
+        def get_class_mapping(model_name):
+            if model_name == 'XGBClassifier':
+                return {i: i for i in range(9)}  # XGB uses 0-8
+            else:
+                return {i: i+1 for i in range(9)}  # Other models use 1-9
+
+        class_mapping = get_class_mapping(model_name)
+
+        # Check if result file for the model already exists
+        results_file_path = f'{asm_result_directory}/asm_prediction_{model_name}.csv'
+        if os.path.exists(results_file_path):
+            results_df = pd.read_csv(results_file_path)
+        else:
+            results_df = pd.DataFrame(columns=['file_name', 'prediction', 'probability'])
+
+        new_predictions = []
+
+        for asm_file in asm_files:
+            if asm_file not in results_df['file_name'].values:
+                file_path = os.path.join(asm_folder_path, asm_file)
+                feature_vector = preprocess_asm_file(file_path)
+                feature_vector = feature_vector.reshape(1, -1)
+
+                # Predict using the current model
+                prediction = model_clf.predict(feature_vector)
+                probability = model_clf.predict_proba(feature_vector)
+
+                mapped_prediction = class_mapping[prediction[0]]
+                predicted_prob = probability[0][prediction[0]]
+
+
+                if "XGB" in model_name.upper():
+                    new_predictions.append({
+                    'file_name': asm_file,
+                    'prediction': mapped_prediction+1,
+                    'probability': predicted_prob
+                })    
+                else:
+                    new_predictions.append({
+                        'file_name': asm_file,
+                        'prediction': mapped_prediction,
+                        'probability': predicted_prob
+                    })
+
+        # Append new predictions to results DataFrame
+        if new_predictions:
+            new_predictions_df = pd.DataFrame(new_predictions)
+            results_df = pd.concat([results_df, new_predictions_df], ignore_index=True)
+            results_df.to_csv(results_file_path, index=False)
+
+            print(f"Predictions saved to {results_file_path}.")
+            try:
+                send_asm_predictions_to_api(results_file_path)
+            except:
+                print("Connection Failed")
+
+
+def run_hex_conversion():
+    hex_dirs = [d.strip() for d in hex_files_entry.get().split(',')]
+    hex_output_dir =bytes_output_directory
+    
+    if not hex_dirs or not hex_output_dir:
+        messagebox.showwarning("Warning", "Please specify both directories and output directory.")
+        return
+    
+    def hex_conversion_task():
+        for hex_dir in hex_dirs:
+            hex_dir = hex_dir.strip()
+            if os.path.isdir(hex_dir):
+                scan_and_convert_directory(hex_dir, hex_output_dir)
+            else:
+                messagebox.showwarning("Warning", f"{hex_dir} is not a directory.")
+        
+        print("Hex conversion complete.")
+        run_malware_ai_analysis_bytes()
+        global isMonitoring
+        if(not isMonitoring):
+            isMonitoring = True
+            start_monitoring()
+        # After the hex conversion, run disassembly
+        # run_disassembly()
+
+        # Re-show the window after both tasks are done
+        root.deiconify()
+
+    # Hide the window before starting the task
+    root.withdraw()    
+    # hex_conversion_task()
+    threading.Thread(target=hex_conversion_task).start()
+
+def run_disassembly():
+    start_dirs = [d.strip() for d in start_dirs_entry.get().split(',')]
+    output_dir = asm_output_directory
+    
+    if not start_dirs or not output_dir:
+        messagebox.showwarning("Warning", "Please specify both directories and output directory.")
+        return
+    
+    def disassembly_task():
+            
+        process_files(output_dir, start_dirs)
+        run_malware_analysis_asm()
+
+        global isMonitoring
+        if(not isMonitoring):
+            isMonitoring = True
+            start_monitoring()
+    # disassembly_task()
+    threading.Thread(target=disassembly_task).start()
+
+def start_monitoring():
+  
+    directories = [d.strip() for d in hex_files_entry.get().split(',')]
+    directories += [d.strip() for d in start_dirs_entry.get().split(',')]
+    output_dir = output_directory
+
+    def monitoring_task():
+        monitor_directories(directories, output_dir)
+    
+    # Start monitoring in a new thread
+    threading.Thread(target=monitoring_task, daemon=True).start()
+    print("Started monitoring directories.")
+
+def on_closing():
+
+    root.destroy()
+
+def browse_hex_directories():
+    directories = []
+    while True:
+        directory = filedialog.askdirectory(title="Select a Directory")
+        if not directory:
+            break  # Stop if no more directories are selected
+        directories.append(directory)
+    
+    if directories:
+        hex_files_entry.delete(0, tk.END)
+        hex_files_entry.insert(0, ', '.join(directories))
+
+def browse_start_dirs():
+    directories = []
+    while True:
+        directory = filedialog.askdirectory(title="Select a Directory")
+        if not directory:
+            break  # Stop if no more directories are selected
+        directories.append(directory)
+    
+    if directories:
+        start_dirs_entry.delete(0, tk.END)
+        start_dirs_entry.insert(0, ', '.join(directories))
+
+
+def show_frame(frame):
+    frame.tkraise()
+# Create the main window
+root = tk.Tk()
+root.title("File Conversion and Disassembly Wizard")
+
+
+root.protocol("WM_DELETE_WINDOW", on_closing)
+
+
+notebook = ttk.Notebook(root)
+notebook.pack(fill='both', expand=True)
+
+hex_frame = ttk.Frame(notebook)
+asm_frame = ttk.Frame(notebook)
+malware_frame = ttk.Frame(notebook)
+notebook.add(hex_frame, text='Hex Conversion')
+notebook.add(asm_frame, text='ELF Disassembly')
+
+tk.Label(hex_frame, text="Select Directories to Convert to Hex:").pack(pady=5)
+hex_files_entry = tk.Entry(hex_frame, width=80)
+hex_files_entry.pack(pady=5)
+tk.Button(hex_frame, text="Browse...", command=browse_hex_directories).pack(pady=5)
+tk.Button(hex_frame, text="Convert to Hex", command=run_hex_conversion).pack(pady=10)
+
+tk.Label(asm_frame, text="Select Directories to Scan for ELF Files:").pack(pady=5)
+start_dirs_entry = tk.Entry(asm_frame, width=80)
+start_dirs_entry.pack(pady=5)
+tk.Button(asm_frame, text="Browse...", command=browse_start_dirs).pack(pady=5)
+
+tk.Button(asm_frame, text="Disassemble ELF Files", command=run_disassembly).pack(pady=10)
+show_frame(hex_frame)
+root.mainloop()

Ransomware_Audit.py

@@ -0,0 +1,405 @@
+import tkinter as tk
+from tkinter import messagebox
+import subprocess
+import os
+import csv
+import inotify_simple
+import threading
+import time
+import re
+import requests
+from watchdog.observers import Observer
+from watchdog.events import FileSystemEventHandler
+from collections import defaultdict
+import numpy as np
+import pandas as pd
+from sklearn.preprocessing import StandardScaler
+import tensorflow as tf
+from sklearn.metrics import accuracy_score, confusion_matrix, classification_report
+from datetime import datetime
+
+permission_operations = None
+# Define event masks manually
+IN_CREATE = 0x00000100
+IN_DELETE = 0x00000200
+IN_MODIFY = 0x00000002
+IN_OPEN = 0x00000020
+IN_ISDIR = 0x40000000
+
+####################
+
+
+TEST_DATA_PATH = 'combined_log_summary.csv'
+VARIABLE_NAMES_PATH = 'output.txt'
+def predict_ransomware():
+# Load the trained model
+    model = tf.keras.models.load_model('updated_ransomware_classifier.h5')
+
+    # Load and prepare test data
+    # Read variable names
+    with open(VARIABLE_NAMES_PATH, encoding='utf-8') as f:
+        columns = [line.split(';')[1].strip() for line in f]
+
+    # Load test data
+    data = pd.read_csv(TEST_DATA_PATH, header=None, names=columns)
+
+    # Check and clean column names
+    data.columns = data.columns.str.strip()
+    X = data
+    # Standardize the features
+    scaler = StandardScaler()
+    X = scaler.fit_transform(X)
+
+    # Make predictions
+    predictions = model.predict(X)
+    predicted_labels = (predictions > 0.5).astype(int)
+
+
+    # Convert predictions to "Yes" or "No"
+    predicted_labels_text = ['Yes' if label == 1 else 'No' for label in predicted_labels.flatten()]
+
+
+    # Get current timestamp
+    timestamp = datetime.now().strftime('%Y-%m-%d_%H-%M-%S')
+
+                                                                                                                  
+    # Save predictions and true labels to a CSV file with timestamp
+    output_df = pd.DataFrame({
+        'Timestamp': [timestamp] * len(predicted_labels_text),  # Add timestamp column
+        'Predicted Label': predicted_labels_text
+    })
+
+    output_file = f'prediction.csv'
+    output_df.to_csv(output_file, index=False)
+    print(f"Predictions saved to {output_file} ({timestamp})")
+
+
+    def send_predictions_to_api(file_path):
+        url = "http://142.93.221.85:8000/predict-malware/"
+        with open(file_path, 'rb') as f:
+            files = {'file': f}
+            response = requests.post(url, files=files)
+            if response.status_code == 200:
+                print(f"Successfully sent {file_path} to API.")
+            else:
+                print(f"Failed to send {file_path} to API. Status code: {response.status_code}")
+    try:
+        send_predictions_to_api(output_file)
+    except:
+        print("Error Connection Server")
+
+####################
+
+ID = 0
+
+is_flip = 0
+flipped = False
+class PermissionChangeHandler(FileSystemEventHandler):
+    def __init__(self):
+        super().__init__()
+        self.file_types = set()
+
+    def get_file_extension(self, file_path):
+        """Extracts the file extension from the file path."""
+        _, ext = os.path.splitext(file_path)
+        return ext.strip(".")  # Strip the dot from the extension
+
+    def on_modified(self, event):
+        if not event.is_directory:
+            file_path = event.src_path
+            file_extension = self.get_file_extension(file_path)
+            
+            # Collect all file types
+            file_types = set()
+            for operations in permission_operations.values():
+                for key in operations:
+                    match = re.search(r'\.\w+$', key)
+                    if match:
+                        file_types.add(match.group().strip('.'))
+
+            if file_extension in file_types:
+                current_permissions = oct(os.stat(file_path).st_mode & 0o777)
+            
+
+                # Check all operations (chmod/chown) for this file type
+                for operation, perms in permission_operations.items():
+                    for key in perms:
+                        if file_extension in key:
+                            perms[key] += 1
+                            # print(f"Updated {operation} for {file_extension}: {perms[key]}")
+
+class AuditDManagerApp:
+    def __init__(self, root):
+        self.root = root
+        self.root.title("AuditD Manager")
+        self.root.geometry("400x350")  # Adjusted for additional widget
+
+        # Create Widgets
+        self.install_button = tk.Button(root, text="Install AuditD", command=self.install_auditd)
+        self.install_button.pack(pady=10)
+       
+        self.start_button = tk.Button(root, text="Start AuditD", command=self.start_auditd)
+        self.start_button.pack(pady=10)
+
+        self.stop_button = tk.Button(root, text="Stop AuditD", command=self.stop_auditd)
+        self.stop_button.pack(pady=10)
+
+        self.status_button = tk.Button(root, text="Check Status", command=self.check_status)
+        self.status_button.pack(pady=10)
+
+        # Add Text Entry for Watch Path
+
+        # Initialize monitoring flags and data structures
+        self.monitoring = False
+        self.log_file = "/var/log/audit/audit.log"
+        self.combined_csv_file = "combined_log_summary.csv"
+        self.monitored_files_set = {
+            'bash.bashrc', 'bash_completion.d', 'environment', 'fstab', 'fwupd', 'group', 'host.conf', 'hosts', 'init.d',
+            'inputrc', 'ld.so.cache', 'locale.alias', 'locale.conf', 'login.defs', 'machine-id', 'modprobe.d', 'nsswitch.conf',
+            'passwd', 'sensors.d', 'sensors3.conf', 'shadow', 'shells', 'sudo.conf', 'sudoers', 'sudoers.d'
+        }
+        self.log_counts = {key: 0 for key in [
+            'Id','PROCTITLE', 'AVC', 'SYSCALL', 'USER_AUTH', 'USER_ACCT',
+            'USER_CMD', 'CRED_REFR', 'USER_START', 'USER_AVC', 'USER_END', 'CRED_DISP', 'CRED_ACQ',
+            'LOGIN', 'SERVICE_START', 'SERVICE_STOP']}
+        
+        # Track file extensions
+        self.ext_count = {ext: {'modified': 0, 'created': 0, 'deleted': 0, 'opened': 0} for ext in [
+            '.db', '.AR', '.01', '.GIF', '.TXT', '.scc', '.dat', '.bmp', '.STF', '.scf',
+            '.exe', '.typelib', '.cl', '.ocx', '.xml', '.json', '.csv', '.html', '.css',
+            '.js', '.py', '.log', '.sql', '.pdf', '.doc', '.docx', '.ppt', '.pptx',
+            '.xlsx', '.jpg', '.jpeg', '.png', '.mp4', '.mp3', '.zip', '.tar', '.gz', '.rar', '.7z', '.apk', '.iso']}
+        
+        # Track permission operations
+        global permission_operations
+        permission_operations = {
+            'chmod': {f'chmod{perm}{ext}': 0 for perm in ['644', '755', '777'] for ext in self.ext_count},
+            'chown': {f'chown{owner}{ext}': 0 for owner in ['user', 'group'] for ext in self.ext_count},
+            'chgrp': {f'chgrp{group}{ext}': 0 for group in ['staff', 'admin'] for ext in self.ext_count}
+        }
+
+        # Directory operations tracking
+        self.directory_count = {'created': 0, 'deleted': 0, 'modified': 0, 'opened': 0}
+
+        # Initialize inotify
+        self.inotify = inotify_simple.INotify()
+        self.EVENT_MASKS = IN_CREATE | IN_DELETE | IN_MODIFY | IN_OPEN | IN_ISDIR
+        self.watch_path = '/etc'  # Default path, will be updated
+        self.watch_descriptor2 = self.inotify.add_watch(self.watch_path, self.EVENT_MASKS)
+
+        # Observer for filesystem events
+        self.observer = None
+        self.event_handler = None
+        self.monitor_thread = threading.Thread(target=self.monitor_logs)
+
+        # Initialize file monitoring data
+        self.open_count = defaultdict(int)
+
+    def run_command(self, command, success_message, error_message):
+        try:
+            result = subprocess.run(command, shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+            messagebox.showinfo("Success", success_message)
+        except subprocess.CalledProcessError as e:
+            messagebox.showerror("Error", f"{error_message}\n\n{e.stderr.decode()}")
+
+    def prompt_for_password(self, command, success_message, error_message):
+        password_window = tk.Toplevel(self.root)
+        password_window.title("Enter Sudo Password")
+
+        tk.Label(password_window, text="Enter your sudo password:").pack(pady=10)
+
+        password_entry = tk.Entry(password_window, show="*")
+        password_entry.pack(pady=5)
+        
+        def on_submit():
+            password = password_entry.get()
+            password_window.destroy()
+            if not password:
+                messagebox.showwarning("Input Error", "Please enter your sudo password.")
+                return
+
+            full_command = f"echo {password} | sudo -S {command}"
+            self.run_command(full_command, success_message, error_message)
+        tk.Button(password_window, text="Submit", command=on_submit).pack(pady=10)
+
+    def install_auditd(self):
+        command = "sudo apt-get update && sudo apt-get install -y auditd"
+        self.prompt_for_password(command, "AuditD installed successfully!", "Failed to install AuditD.")
+
+    def start_auditd(self):
+        command = "sudo systemctl start auditd"
+        self.prompt_for_password(command, "AuditD started successfully!", "Failed to start AuditD.")
+        self.start_monitoring()
+
+    def stop_auditd(self):
+        command = "sudo systemctl stop auditd"
+        self.prompt_for_password(command, "AuditD stopped successfully!", "Failed to stop AuditD.")
+        self.stop_monitoring()
+
+    def check_status(self):
+        command = "systemctl status auditd"
+        try:
+            result = subprocess.run(command, shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+            status = result.stdout.decode()
+            messagebox.showinfo("AuditD Status", status)
+        except subprocess.CalledProcessError as e:
+            messagebox.showerror("Error", f"Failed to check status of AuditD.\n\n{e.stderr.decode()}")
+
+    def start_monitoring(self):
+        self.monitoring = True
+        if not self.monitor_thread.is_alive():
+            self.monitor_thread = threading.Thread(target=self.monitor_logs)
+            self.monitor_thread.start()
+
+        # Get the user-defined watch path
+        self.watch_path = '/etc'  # Default to root if empty
+        self.watch_descriptor = self.inotify.add_watch(self.watch_path, self.EVENT_MASKS)
+
+        # Start filesystem event monitoring
+        if self.observer is None:
+            self.event_handler = PermissionChangeHandler()
+            self.observer = Observer()
+            self.observer.schedule(self.event_handler, '/home', recursive=True)
+            self.observer.start()
+
+    def stop_monitoring(self):
+        self.monitoring = False
+        if self.monitor_thread.is_alive():
+            self.monitor_thread.join()
+
+        # Stop filesystem event monitoring
+        if self.observer:
+            self.observer.stop()
+            self.observer.join()
+
+    def monitor_logs(self):
+        while self.monitoring:
+            if os.path.exists(self.log_file):
+                with open(self.log_file, 'r') as f:
+                    lines = f.readlines()
+
+                for line in lines:
+                    if 'type=' in line:
+                        log_type = line.split('type=')[1].split(' ')[0]
+                        if log_type in self.log_counts:
+                            self.log_counts[log_type] += 1
+
+                self.update_csv()
+
+            self.monitor_extensions()
+            predict_ransomware()
+            time.sleep(5)  # Sleep for one second before the next update
+
+    def update_csv(self):
+        # headers = [
+        #     'Id' ,'PROCTITLE', 'AVC', 'SYSCALL', 'USER_AUTH', 'USER_ACCT',
+        #     'USER_CMD', 'CRED_REFR', 'USER_START', 'USER_AVC', 'USER_END', 'CRED_DISP', 'CRED_ACQ',
+        #     'LOGIN', 'SERVICE_START', 'SERVICE_STOP'
+        # ] + [f'chmod{perm}{ext}' for perm in ['644', '755', '777'] for ext in self.ext_count] + \
+        # [f'chown{owner}{ext}' for owner in ['user', 'group'] for ext in self.ext_count] + \
+        # [f'chgrp{group}{ext}' for group in ['staff', 'admin'] for ext in self.ext_count] + \
+        # [f'Modified({ext})' for ext in self.ext_count] + \
+        # [f'Created({ext})' for ext in self.ext_count] + \
+        # [f'Deleted({ext})' for ext in self.ext_count] + \
+        # [f'Opened({ext})' for ext in self.ext_count] + \
+        # ['Directories Created', 'Directories Deleted', 'Directories Modified', 'Directories Opened']+ \
+        # list(self.monitored_files_set) 
+
+        global ID
+        ID += 1
+        global is_flip
+        global flipped
+        if flipped:
+            is_flip = 1
+            flipped = False
+        else:
+            is_flip = 0
+            flipped = True
+        
+        row = [
+            ID,
+            self.log_counts.get('PROCTITLE', 0),
+            self.log_counts.get('AVC', 0),
+            self.log_counts.get('SYSCALL', 0),
+            self.log_counts.get('USER_AUTH', 0),
+            self.log_counts.get('USER_ACCT', 0),
+            self.log_counts.get('USER_CMD', 0),
+            self.log_counts.get('CRED_REFR', 0),
+            self.log_counts.get('USER_START', 0),
+            self.log_counts.get('USER_AVC', 0),
+            self.log_counts.get('USER_END', 0),
+            self.log_counts.get('CRED_DISP', 0),
+            self.log_counts.get('CRED_ACQ', 0),
+            self.log_counts.get('LOGIN', 0),
+            self.log_counts.get('SERVICE_START', 0),
+            self.log_counts.get('SERVICE_STOP', 0),
+        ]
+        
+        # print(permission_operations['chmod'])
+        # Add permission operations and extensions
+        row.extend(permission_operations['chmod'].values())
+        row.extend(permission_operations['chown'].values())
+        row.extend(permission_operations['chgrp'].values())
+
+        # Add extension counts for modification, creation, deletion, and opening
+        for ext in self.ext_count:
+            row.extend([
+                self.ext_count[ext]['modified'],
+                self.ext_count[ext]['created'],
+                self.ext_count[ext]['deleted'],
+                self.ext_count[ext]['opened'],
+            ])
+
+        # Add directory counts
+        row.extend([
+            self.directory_count['created'],
+            self.directory_count['deleted'],
+            self.directory_count['modified'],
+            self.directory_count['opened']
+        ])
+
+        # Add monitored files open counts
+        row.extend(self.open_count.get(file, 0) for file in sorted(self.monitored_files_set))
+
+        # Write to CSV, append if file exists
+        file_exists = os.path.isfile(self.combined_csv_file)
+        with open(self.combined_csv_file, 'a', newline='') as csv_file:
+            writer = csv.writer(csv_file)
+            if not file_exists:
+                pass
+            writer.writerow(row)
+
+
+    def monitor_extensions(self):
+        events = self.inotify.read(timeout=100000)
+        for event in events:
+            (_, event_types, _, filename) = event
+
+            filename = event.name
+            ext = os.path.splitext(filename)[1]
+            if ext in self.ext_count:
+                if event.mask & IN_CREATE:
+                    self.ext_count[ext]['created'] += 1
+                if event.mask & IN_DELETE:
+                    self.ext_count[ext]['deleted'] += 1
+                if event.mask & IN_MODIFY:
+                    self.ext_count[ext]['modified'] += 1
+                if event.mask & IN_OPEN:
+                    self.ext_count[ext]['opened'] += 1
+                    if filename in self.monitored_files_set:
+                        self.open_count[filename] += 1
+
+            if event.mask & IN_ISDIR:
+                if event.mask & IN_CREATE:
+                    self.directory_count['created'] += 1
+                if event.mask & IN_DELETE:
+                    self.directory_count['deleted'] += 1
+                if event.mask & IN_MODIFY:
+                    self.directory_count['modified'] += 1
+                if event.mask & IN_OPEN:
+                    self.directory_count['opened'] += 1
+
+if __name__ == "__main__":
+    root = tk.Tk()
+    app = AuditDManagerApp(root)
+    root.mainloop()

Ransomware_type_model_generator.py

@@ -0,0 +1,139 @@
+import pandas as pd
+from sklearn.ensemble import RandomForestClassifier
+from sklearn.model_selection import train_test_split
+from sklearn.metrics import confusion_matrix, accuracy_score
+import pickle
+import os
+import subprocess
+import sys
+import csv 
+
+# Load dataset (dummy dataset provided as an example)
+def load_dataset():
+    # Sample data for demonstration purposes. Replace this with actual dataset.
+    data = pd.read_csv('results.csv')
+    return data
+def md5_hash(file_path):
+    """Compute the MD5 hash of a file using md5sum."""
+    result = subprocess.run(['md5sum', file_path], capture_output=True, text=True)
+    return result.stdout.split()[0]
+
+
+def get_machine_type(file_path):
+    """Get the machine architecture from an ELF file using readelf."""
+    try:
+        result = subprocess.run(['readelf', '-h', file_path], capture_output=True, text=True)
+        for line in result.stdout.splitlines():
+            if 'Machine:' in line:
+                return line.split(':')[1].strip()
+    except Exception as e:
+        print(f"Error getting machine type: {e}")
+    return None
+
+
+def get_number_of_sections(file_path):
+    """Get the number of sections in an ELF file using readelf."""
+    try:
+        result = subprocess.run(['readelf', '-h', file_path], capture_output=True, text=True)
+        for line in result.stdout.splitlines():
+            if 'Number of section headers:' in line:
+                return int(line.split(':')[1].strip())
+    except Exception as e:
+        print(f"Error getting number of sections: {e}")
+    return None
+
+
+def get_resource_size(file_path):
+    """Get the size of the .rodata section (resources) in an ELF file using readelf."""
+    try:
+        result = subprocess.run(['readelf', '-S', file_path], capture_output=True, text=True)
+        for line in result.stdout.splitlines():
+            if '.rodata' in line:
+                size_hex = line.split()[5]
+                return int(size_hex, 16)  # Convert from hex to decimal
+    except Exception as e:
+        print(f"Error getting resource size: {e}")
+    return 0
+
+
+def get_linker_version(file_path):
+    """Get the linker version from an ELF file using objdump."""
+    try:
+        result = subprocess.run(['objdump', '-p', file_path], capture_output=True, text=True)
+        for line in result.stdout.splitlines():
+            if 'Version:' in line:
+                version = line.split(':')[1].strip()
+                major_version = version.split('.')[0]
+                minor_version = version.split('.')[1] if '.' in version else '0'
+                return major_version, minor_version
+    except Exception as e:
+        print(f"Error getting linker version: {e}")
+    return None, None
+
+
+def get_dynamic_info(file_path):
+    """Get dynamic linking information (e.g., import address table equivalent) using readelf."""
+    try:
+        result = subprocess.run(['readelf', '-d', file_path], capture_output=True, text=True)
+        dynamic_info = []
+        for line in result.stdout.splitlines():
+            dynamic_info.append(line)
+        return dynamic_info
+    except Exception as e:
+        print(f"Error getting dynamic linking info: {e}")
+    return None
+
+
+def extract_features(file_path):
+    """Extract features from an ELF file."""
+    features = {
+        'FileName': file_path,
+        'md5Hash': md5_hash(file_path),
+        'Machine': get_machine_type(file_path),
+        'NumberOfSections': get_number_of_sections(file_path),
+        'ResourceSize': get_resource_size(file_path),
+        'LinkerVersionMajor': 0,
+        'LinkerVersionMinor': 0,
+        'DynamicInfo': get_dynamic_info(file_path)
+    }
+
+    # Get linker version
+    major_version, minor_version = get_linker_version(file_path)
+    features['LinkerVersionMajor'] = major_version
+    features['LinkerVersionMinor'] = minor_version
+
+  
+
+    return features
+
+# Train the model
+def train_model(data):
+    # Split into features and labels
+    # X = data.drop(columns=['RansomwareType','FileName', 'md5Hash', 'Machine','DynamicInfo'])  # Features
+
+    X = data.drop(columns=['RansomwareType','FileName', 'md5Hash', 'Machine'])  # Features
+    y = data['RansomwareType']                # Labels (target)
+
+    # Split the dataset into training and testing sets
+    X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42)
+
+    # Train the RandomForestClassifier
+    clf = RandomForestClassifier()
+    clf.fit(X_train, y_train)
+
+    # Save the model
+    with open('model.pkl', 'wb') as f:
+        pickle.dump(clf, f)
+
+    # Evaluate the model on the test set
+    y_pred = clf.predict(X_test)
+    print("Confusion Matrix:")
+    print(confusion_matrix(y_test, y_pred))
+    print("Accuracy:", accuracy_score(y_test, y_pred))
+
+
+if __name__ == "__main__":
+    # Load dataset and train the model
+    data = load_dataset()
+    train_model(data)
+

combined_log_summary.csv

@@ -0,0 +1,18 @@
+1,5301,5300,5301,0,0,0,0,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+1,7714,7712,7714,0,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+2,15533,15529,15533,0,2,0,2,2,2,2,2,2,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+3,23457,23451,23457,1,5,2,5,5,4,5,5,3,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+4,31486,31478,31486,2,8,4,8,8,6,8,8,4,4,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+5,39621,39611,39621,3,11,6,11,11,8,11,11,5,5,5,5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+6,47862,47850,47862,4,14,8,14,14,10,14,14,6,6,6,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+7,56206,56192,56206,5,17,10,17,17,12,17,17,7,7,7,7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+8,64653,64637,64653,6,20,12,20,20,14,20,20,8,8,8,8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+9,73203,73185,73203,7,23,14,23,23,16,23,23,9,9,9,9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+10,81856,81836,81856,8,26,16,26,26,18,26,26,10,10,10,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+11,90612,90590,90612,9,29,18,29,29,20,29,29,11,11,11,11,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+12,99471,99447,99471,10,32,20,32,32,22,32,32,12,12,12,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+13,108433,108407,108433,11,35,22,35,35,24,35,35,13,13,13,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+14,117498,117470,117498,12,38,24,38,38,26,38,38,14,14,14,14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+15,126666,126636,126666,13,41,26,41,41,28,41,41,15,15,15,15,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+16,135937,135905,135937,14,44,28,44,44,30,44,44,16,16,16,16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+17,145311,145277,145311,15,47,30,47,47,32,47,47,17,17,17,17,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,43,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,43,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,43,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,43,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,43,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,43,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,43,0,0,0,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

data.csv

@@ -0,0 +1,7 @@
+FileName,md5Hash,Machine,NumberOfSections,ResourceSize,LinkerVersionMajor,LinkerVersionMinor,DynamicInfo
+/home/tech4biz-001/Downloads/tesing/libpcp.so.3,630ed1fc0fed63a06de864aa94fc3858,Advanced Micro Devices X86-64,31,0,,,"['', 'Dynamic section at offset 0xb1d08 contains 31 entries:', '  Tag        Type                         Name/Value', ' 0x0000000000000001 (NEEDED)             Shared library: [libssl3.so]', ' 0x0000000000000001 (NEEDED)             Shared library: [libnss3.so]', ' 0x0000000000000001 (NEEDED)             Shared library: [libnspr4.so]', ' 0x0000000000000001 (NEEDED)             Shared library: [libsasl2.so.2]', ' 0x0000000000000001 (NEEDED)             Shared library: [liblzma.so.5]', ' 0x0000000000000001 (NEEDED)             Shared library: [libsystemd.so.0]', ' 0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]', ' 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]', ' 0x0000000000000001 (NEEDED)             Shared library: [ld-linux-x86-64.so.2]', ' 0x000000000000000e (SONAME)             Library soname: [libpcp.so.3]', ' 0x000000000000000c (INIT)               0x15000', ' 0x000000000000000d (FINI)               0x880e4', ' 0x000000006ffffef5 (GNU_HASH)           0x328', ' 0x0000000000000005 (STRTAB)             0x70d0', ' 0x0000000000000006 (SYMTAB)             0x1718', ' 0x000000000000000a (STRSZ)              14143 (bytes)', ' 0x000000000000000b (SYMENT)             24 (bytes)', ' 0x0000000000000003 (PLTGOT)             0xb3000', ' 0x0000000000000002 (PLTRELSZ)           16152 (bytes)', ' 0x0000000000000014 (PLTREL)             RELA', ' 0x0000000000000017 (JMPREL)             0x10738', ' 0x0000000000000007 (RELA)               0xb6c8', ' 0x0000000000000008 (RELASZ)             20592 (bytes)', ' 0x0000000000000009 (RELAENT)            24 (bytes)', ' 0x000000006ffffffc (VERDEF)             0xaf90', ' 0x000000006ffffffd (VERDEFNUM)          37', ' 0x000000006ffffffe (VERNEED)            0xb4b8', ' 0x000000006fffffff (VERNEEDNUM)         8', ' 0x000000006ffffff0 (VERSYM)             0xa810', ' 0x000000006ffffff9 (RELACOUNT)          784', ' 0x0000000000000000 (NULL)               0x0']"
+/home/tech4biz-001/Downloads/tesing/libBLTlite.2.5.so.8.6,6eb00855e1e5896c4f76b4f035b6a8c0,Advanced Micro Devices X86-64,29,0,,,"['', 'Dynamic section at offset 0x4ada8 contains 27 entries:', '  Tag        Type                         Name/Value', ' 0x0000000000000001 (NEEDED)             Shared library: [libtcl8.6.so]', ' 0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]', ' 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]', ' 0x000000000000000e (SONAME)             Library soname: [libBLTlite.2.5.so.8.6]', ' 0x000000000000000c (INIT)               0xc000', ' 0x000000000000000d (FINI)               0x3d3fc', ' 0x0000000000000019 (INIT_ARRAY)         0x4bd70', ' 0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)', ' 0x000000000000001a (FINI_ARRAY)         0x4bd78', ' 0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)', ' 0x000000006ffffef5 (GNU_HASH)           0x2f0', ' 0x0000000000000005 (STRTAB)             0x3500', ' 0x0000000000000006 (SYMTAB)             0xa88', ' 0x000000000000000a (STRSZ)              7450 (bytes)', ' 0x000000000000000b (SYMENT)             24 (bytes)', ' 0x0000000000000003 (PLTGOT)             0x4c000', ' 0x0000000000000002 (PLTRELSZ)           5088 (bytes)', ' 0x0000000000000014 (PLTREL)             RELA', ' 0x0000000000000017 (JMPREL)             0xa318', ' 0x0000000000000007 (RELA)               0x5638', ' 0x0000000000000008 (RELASZ)             19680 (bytes)', ' 0x0000000000000009 (RELAENT)            24 (bytes)', ' 0x000000006ffffffe (VERNEED)            0x55a8', ' 0x000000006fffffff (VERNEEDNUM)         2', ' 0x000000006ffffff0 (VERSYM)             0x521a', ' 0x000000006ffffff9 (RELACOUNT)          791', ' 0x0000000000000000 (NULL)               0x0']"
+/home/tech4biz-001/Downloads/tesing/libpcp_import.so.1,e1e243cda1fe80f3cebb531f37ffd70b,Advanced Micro Devices X86-64,28,0,,,"['', 'Dynamic section at offset 0x8e10 contains 24 entries:', '  Tag        Type                         Name/Value', ' 0x0000000000000001 (NEEDED)             Shared library: [libpcp.so.3]', ' 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]', ' 0x000000000000000e (SONAME)             Library soname: [libpcp_import.so.1]', ' 0x000000000000000c (INIT)               0x2000', ' 0x000000000000000d (FINI)               0x66e4', ' 0x000000006ffffef5 (GNU_HASH)           0x2f0', ' 0x0000000000000005 (STRTAB)             0xcf8', ' 0x0000000000000006 (SYMTAB)             0x3c8', ' 0x000000000000000a (STRSZ)              1322 (bytes)', ' 0x000000000000000b (SYMENT)             24 (bytes)', ' 0x0000000000000003 (PLTGOT)             0xa000', ' 0x0000000000000002 (PLTRELSZ)           1608 (bytes)', ' 0x0000000000000014 (PLTREL)             RELA', ' 0x0000000000000017 (JMPREL)             0x14f0', ' 0x0000000000000007 (RELA)               0x1448', ' 0x0000000000000008 (RELASZ)             168 (bytes)', ' 0x0000000000000009 (RELAENT)            24 (bytes)', ' 0x000000006ffffffc (VERDEF)             0x12e8', ' 0x000000006ffffffd (VERDEFNUM)          4', ' 0x000000006ffffffe (VERNEED)            0x1368', ' 0x000000006fffffff (VERNEEDNUM)         2', ' 0x000000006ffffff0 (VERSYM)             0x1222', ' 0x000000006ffffff9 (RELACOUNT)          1', ' 0x0000000000000000 (NULL)               0x0']"
+/home/tech4biz-001/Downloads/tesing/libBLT.2.5.so.8.6,9ad257f26d37c40ff5aa2ad88028a208,Advanced Micro Devices X86-64,29,0,,,"['', 'Dynamic section at offset 0x14cc08 contains 29 entries:', '  Tag        Type                         Name/Value', ' 0x0000000000000001 (NEEDED)             Shared library: [libtk8.6.so]', ' 0x0000000000000001 (NEEDED)             Shared library: [libtcl8.6.so]', ' 0x0000000000000001 (NEEDED)             Shared library: [libX11.so.6]', ' 0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]', ' 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]', ' 0x000000000000000e (SONAME)             Library soname: [libBLT.2.5.so.8.6]', ' 0x000000000000000c (INIT)               0x41000', ' 0x000000000000000d (FINI)               0x118b5c', ' 0x0000000000000019 (INIT_ARRAY)         0x14d6d0', ' 0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)', ' 0x000000000000001a (FINI_ARRAY)         0x14d6d8', ' 0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)', ' 0x000000006ffffef5 (GNU_HASH)           0x2f0', ' 0x0000000000000005 (STRTAB)             0x8928', ' 0x0000000000000006 (SYMTAB)             0x1848', ' 0x000000000000000a (STRSZ)              21141 (bytes)', ' 0x000000000000000b (SYMENT)             24 (bytes)', ' 0x0000000000000003 (PLTGOT)             0x14e000', ' 0x0000000000000002 (PLTRELSZ)           11208 (bytes)', ' 0x0000000000000014 (PLTREL)             RELA', ' 0x0000000000000017 (JMPREL)             0x3e2e8', ' 0x0000000000000007 (RELA)               0xe5e8', ' 0x0000000000000008 (RELASZ)             195840 (bytes)', ' 0x0000000000000009 (RELAENT)            24 (bytes)', ' 0x000000006ffffffe (VERNEED)            0xe528', ' 0x000000006fffffff (VERNEEDNUM)         2', ' 0x000000006ffffff0 (VERSYM)             0xdbbe', ' 0x000000006ffffff9 (RELACOUNT)          7688', ' 0x0000000000000000 (NULL)               0x0']"
+/home/tech4biz-001/Downloads/tesing/klibc-BnzSoOUNgFnGkEcRdekugdBENMs.so,35b2788a1b5f6fde2c22ebb1742777d9,Advanced Micro Devices X86-64,8,61440,,,"['', 'There is no dynamic section in this file.']"
+/home/tech4biz-001/Downloads/tesing/libpcp_gui.so.2,c1a321190e6c05eba7c841d5fafe3a08,Advanced Micro Devices X86-64,28,0,,,"['', 'Dynamic section at offset 0x5e08 contains 24 entries:', '  Tag        Type                         Name/Value', ' 0x0000000000000001 (NEEDED)             Shared library: [libpcp.so.3]', ' 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]', ' 0x000000000000000e (SONAME)             Library soname: [libpcp_gui.so.2]', ' 0x000000000000000c (INIT)               0x2000', ' 0x000000000000000d (FINI)               0x4c44', ' 0x000000006ffffef5 (GNU_HASH)           0x2f0', ' 0x0000000000000005 (STRTAB)             0xb50', ' 0x0000000000000006 (SYMTAB)             0x358', ' 0x000000000000000a (STRSZ)              1052 (bytes)', ' 0x000000000000000b (SYMENT)             24 (bytes)', ' 0x0000000000000003 (PLTGOT)             0x7000', ' 0x0000000000000002 (PLTRELSZ)           1656 (bytes)', ' 0x0000000000000014 (PLTREL)             RELA', ' 0x0000000000000017 (JMPREL)             0x11b0', ' 0x0000000000000007 (RELA)               0x10f0', ' 0x0000000000000008 (RELASZ)             192 (bytes)', ' 0x0000000000000009 (RELAENT)            24 (bytes)', ' 0x000000006ffffffc (VERDEF)             0x1018', ' 0x000000006ffffffd (VERDEFNUM)          2', ' 0x000000006ffffffe (VERNEED)            0x1050', ' 0x000000006fffffff (VERNEEDNUM)         2', ' 0x000000006ffffff0 (VERSYM)             0xf6c', ' 0x000000006ffffff9 (RELACOUNT)          1', ' 0x0000000000000000 (NULL)               0x0']"

intaller.py

@@ -0,0 +1,262 @@
+
+import tkinter as tk
+from tkinter import messagebox
+import re
+import webbrowser
+import requests  # Make sure to install this library if you haven't already
+
+# Function to get the device MAC address
+def get_mac_address():
+    return '13:bb:81:47:b2:e6'
+
+# Function to generate a 16-digit unique ID
+def get_unique_id():
+    return 'cf4650bb871111ef'
+
+# Function to handle the "Check Device" button
+def check_device():
+    response = messagebox.askyesno("Check Device", "Do you want to check your device?")
+    if response:  # User clicked "Yes"
+        email_label.pack()
+        email_entry.pack()
+        submit_button.pack()
+
+# Function to validate and submit the entered email and call the send-otp API
+def submit_email():
+    email = email_entry.get()
+    if re.match(r"[^@]+@[^@]+\.[^@]+", email):  # Simple email validation
+        messagebox.showinfo("Success", f"Email submitted: {email}")
+
+        # Replace 'your_api_url' with the actual URL of your API
+        api_url = 'http://127.0.0.1:8000/send-otp/'
+        try:
+            response = requests.post(api_url, data={"email": email})  # Adjust the payload as needed
+            if response.status_code == 200:
+                messagebox.showinfo("Success", "OTP sent successfully! Please verify OTP on the web.")
+                webbrowser.open('http://127.0.0.1:8000/signup') 
+
+                # Show OTP verification window after successful OTP request
+                show_otp_verification_window(email)
+            else:
+                messagebox.showwarning("Error", "Failed to send OTP.")
+        except Exception as e:
+            messagebox.showerror("Error", f"An error occurred: {str(e)}")
+    else:
+        messagebox.showwarning("Error", "Invalid email entered")
+
+# Function to show OTP verification window
+def show_otp_verification_window(email):
+    otp_window = tk.Toplevel(root)
+    otp_window.title("Verify OTP")
+    otp_window.geometry("300x200")
+
+    otp_label = tk.Label(otp_window, text="Enter the OTP:")
+    otp_label.pack(pady=10)
+
+    # Entry field for OTP
+    otp_entry = tk.Entry(otp_window)
+    otp_entry.pack(pady=10)
+
+    # Button to verify OTP
+    verify_button = tk.Button(otp_window, text="Verify OTP", command=lambda: verify_otp(otp_entry.get(), email, otp_window))
+    verify_button.pack(pady=10)
+
+    # Focus on the OTP entry field
+    otp_entry.focus_set()
+
+def verify_otp(otp, email, window):
+    api_url = 'http://127.0.0.1:8000/verify-second-otp/'
+    try:
+        # Include the second_otp and email in the payload
+        response = requests.post(api_url, data={
+            "second_otp": otp, 
+           
+        })
+
+        if response.status_code == 200:
+            # Extract user_profile_id from the response
+            response_data = response.json()
+            user_profile_id = response_data.get("user_profile_id")
+
+            messagebox.showinfo("Success", "OTP verified successfully!")
+            window.destroy()  # Close OTP window on successful verification
+
+            # After OTP is verified, send device info with user_profile_id
+            send_device_info(user_profile_id)
+
+        else:
+            messagebox.showwarning("Error", "Invalid or expired OTP.")
+    except Exception as e:
+        messagebox.showerror("Error", f"An error occurred: {str(e)}")
+
+# Function to send the device information after OTP is verified
+def send_device_info(user_profile_id):
+    device_info_url = 'http://127.0.0.1:8000/send-device-info/'  # Adjust to the correct API endpoint
+    mac_address = get_mac_address()  # Get MAC address
+    unique_id = get_unique_id()  # Get unique ID
+
+    try:
+        # Make the POST request to send the device info
+        response = requests.post(device_info_url, json={
+            "user_profile_id": user_profile_id,  # Use the user_profile_id from OTP verification
+            "mac_address": mac_address,
+            "unique_id": unique_id
+        })
+
+        if response.status_code == 200:
+            messagebox.showinfo("Success", "Device info sent successfully!")
+            webbrowser.open('http://127.0.0.1:8000/home')
+            root.destroy()
+        else:
+            messagebox.showwarning("Error", f"Failed to send device info. {response.json().get('error')}")
+
+    except Exception as e:
+        messagebox.showerror("Error", f"An error occurred while sending device info: {str(e)}")
+
+# Create the main window
+root = tk.Tk()
+root.title("Device Info Checker")
+root.geometry("300x300")
+
+# Create and pack the button to check the device
+check_button = tk.Button(root, text="Check Device", command=check_device)
+check_button.pack(pady=20)
+
+# Label and entry for email input (hidden initially)
+email_label = tk.Label(root, text="Enter your email:")
+email_entry = tk.Entry(root)
+submit_button = tk.Button(root, text="Submit", command=submit_email)
+
+# Run the GUI loop
+root.mainloop()
+#===========================================================================this is working =============================
+# import webview
+# import tkinter as tk
+# from tkinter import messagebox
+# import requests
+
+# # Function to get the device MAC address
+# def get_mac_address():
+#     return '13:bb:81:47:b2:e6'
+
+# # Function to generate a 16-digit unique ID
+# def get_unique_id():
+#     return 'cf4650bb871111ef'
+
+# # Function to handle the "Check Device" button
+# def check_device():
+#     response = messagebox.askyesno("Check Device", "Do you want to check your device?")
+#     if response:  # User clicked "Yes"
+#         email_label.pack()
+#         email_entry.pack()
+#         submit_button.pack()
+
+# # Function to validate and submit the entered email and call the send-otp API
+# def submit_email():
+#     email = email_entry.get()
+#     if '@' in email:  # Simple email validation
+#         messagebox.showinfo("Success", f"Email submitted: {email}")
+#         api_url = 'http://127.0.0.1:8000/send-otp/'  # Replace with your actual API URL
+        
+#         try:
+#             response = requests.post(api_url, data={"email": email})
+#             if response.status_code == 200:
+#                 messagebox.showinfo("Success", "OTP sent successfully! Please verify OTP on the web.")
+#                 # Show OTP verification window using PyWebView
+#                 show_otp_verification_window(email)
+#             else:
+#                 messagebox.showwarning("Error", "Failed to send OTP.")
+#         except Exception as e:
+#             messagebox.showerror("Error", f"An error occurred: {str(e)}")
+#     else:
+#         messagebox.showwarning("Error", "Invalid email entered")
+
+# # Function to show OTP verification window using PyWebView
+# def show_otp_verification_window(email):
+#     # HTML content to show the OTP input window
+#     html_content = f"""
+#     <!DOCTYPE html>
+#     <html lang="en">
+#     <head>
+#         <meta charset="UTF-8">
+#         <meta name="viewport" content="width=device-width, initial-scale=1.0">
+#         <title>OTP Verification</title>
+#         <style>
+#             body {{
+#                 font-family: Arial, sans-serif;
+#                 text-align: center;
+#                 padding-top: 50px;
+#             }}
+#             input {{
+#                 padding: 10px;
+#                 width: 200px;
+#                 margin-top: 20px;
+#                 font-size: 16px;
+#             }}
+#             button {{
+#                 padding: 10px 20px;
+#                 font-size: 16px;
+#                 margin-top: 20px;
+#             }}
+#         </style>
+#     </head>
+#     <body>
+#         <h1>Verify OTP</h1>
+#         <p>Please enter the OTP sent to {email}</p>
+#         <input type="text" id="otp" placeholder="Enter OTP">
+#         <button onclick="verifyOTP()">Verify OTP</button>
+#         <p id="result"></p>
+        
+#         <script>
+#             function verifyOTP() {{
+#                 var otp = document.getElementById('otp').value;
+#                 if (otp === '') {{
+#                     document.getElementById('result').innerText = 'Please enter OTP.';
+#                     return;
+#                 }}
+#                 // Call Python function to verify OTP
+#                 window.pywebview.api.verify_otp(otp, '{email}').then(function(response) {{
+#                     document.getElementById('result').innerText = response.message;
+#                 }}).catch(function(error) {{
+#                     document.getElementById('result').innerText = 'Error: ' + error;
+#                 }});
+#             }}
+#         </script>
+#     </body>
+#     </html>
+#     """
+
+#     # Create a PyWebView window
+#     webview.create_window('OTP Verification', html=html_content, js_api=JSApi())
+#     webview.start()
+
+# # Define a JavaScript API class that will handle Python calls from the web page
+# class JSApi:
+#     def verify_otp(self, otp, email):
+#         # Verify OTP with the backend
+#         api_url = 'http://127.0.0.1:8000/verify-second-otp/'
+#         try:
+#             response = requests.post(api_url, data={"second_otp": otp, "email": email})
+#             if response.status_code == 200:
+#                 return {"message": "OTP verified successfully!"}
+#             else:
+#                 return {"message": "Invalid or expired OTP."}
+#         except Exception as e:
+#             return {"message": f"An error occurred: {str(e)}"}
+
+# # Create the main window
+# root = tk.Tk()
+# root.title("Device Info Checker")
+# root.geometry("300x300")
+
+# # Create and pack the button to check the device
+# check_button = tk.Button(root, text="Check Device", command=check_device)
+# check_button.pack(pady=20)
+
+# # Label and entry for email input (hidden initially)
+# email_label = tk.Label(root, text="Enter your email:")
+# email_entry = tk.Entry(root)
+# submit_button = tk.Button(root, text="Submit", command=submit_email)
+
+# # Run the GUI loop
+# root.mainloop()

mapping.txt

@@ -0,0 +1,4 @@
+0, goodware
+1, revil
+2, petya
+3, ransomexx

marged.py

@@ -0,0 +1,447 @@
+
+import subprocess
+import tkinter as tk
+from tkinter import messagebox
+import threading
+
+
+
+
+# # Function to run device check before showing the wizard window
+# def device_check():
+#     try:
+#         subprocess.run(['python3', 'intaller.py'], check=True)
+#         return True
+#     except subprocess.CalledProcessError as e:
+#         print(f"Error running device check script: {e}")
+#         return False
+
+
+
+
+
+
+class DeviceCheckWizard:
+    def __init__(self, master):
+        self.master = master
+        self.step = 0  # Tracks the current step in the wizard
+
+        # Set up the wizard window
+        self.master.title("Device Check Wizard")
+        self.master.geometry("400x300")
+
+        self.label = tk.Label(self.master, text="Welcome to the Device Check Wizard")
+        self.label.pack(pady=20)
+        
+
+        self.back_button = tk.Button(self.master, text="Back", command=self.previous_step, state="disabled")
+        self.back_button.pack(side=tk.LEFT, padx=20, pady=10)  # Initially disabled
+
+        self.next_button = tk.Button(self.master, text="Next", command=self.next_step)
+        self.next_button.pack(side=tk.RIGHT, padx=20, pady=10)
+
+        self.result_label = tk.Label(self.master, text="")
+        self.result_label.pack(pady=20)
+
+        self.progress_label = tk.Label(self.master, text="")
+        self.progress_label.pack(pady=10)
+
+    def next_step(self):
+        # Hide the "Next" button and update labels for the current step
+        self.next_button.config(state="disabled")  # Disable the "Next" button after it's clicked
+        self.hide_previous_content()  # Clear previous content
+        self.progress_label.config(text="Running... Please wait.")
+        self.progress_label.pack(pady=10)
+
+        # Enable the Back button after the first step
+        if self.step > 0:
+            self.back_button.config(state="normal")
+
+        # Proceed to the respective step (DDoS, Malware, etc.)
+        if self.step == 0:
+            self.run_async(self.run_ddos)
+        elif self.step == 1:
+            self.run_async(self.run_malware)
+        elif self.step == 2:
+            self.run_async(self.run_ransomware)
+        else:
+            messagebox.showinfo("Info", "All checks completed.")
+            self.master.quit()
+
+        self.step += 1
+
+    def previous_step(self):
+        # Hide the "Back" button if the user goes back to the first step
+        self.step -= 1
+
+        if self.step == 0:
+            self.back_button.config(state="disabled")
+
+        # Handle going to the previous step
+        if self.step == 0:
+            self.result_label.config(text="Running DDoS check again.")
+            self.run_async(self.run_ddos)
+        elif self.step == 1:
+            self.result_label.config(text="Running Malware check again.")
+            self.run_async(self.run_malware)
+        elif self.step == 2:
+            self.result_label.config(text="Running Ransomware check again.")
+            self.run_async(self.run_ransomware)
+
+    def hide_previous_content(self):
+        # Hide the current widgets by removing them from the window
+        self.result_label.pack_forget()
+        self.progress_label.pack_forget()
+
+    def run_async(self, func):
+        # Run the function in a separate thread
+        thread = threading.Thread(target=func)
+        thread.start()
+
+    def run_ddos(self):
+        try:
+            process = subprocess.Popen(['python3', 'runn.py'])
+            self.result_label.config(text="DDoS check running in the background.")
+            self.result_label.pack(pady=20)
+            self.check_process(process, "DDoS")
+        except Exception as e:
+            self.result_label.config(text=f"Error running DDoS script: {e}")
+        finally:
+            self.on_process_complete()
+
+    def run_malware(self):
+        try:
+            process = subprocess.Popen(['python3', 'Final_Malware.py'])
+            self.result_label.config(text="Malware check running in the background.")
+            self.result_label.pack(pady=20)
+            self.check_process(process, "Malware")
+        except Exception as e:
+            self.result_label.config(text=f"Error running malware script: {e}")
+        finally:
+            self.on_process_complete()
+
+    def run_ransomware(self):
+        try:
+            process = subprocess.Popen(['python3', 'Ransomware_Type.py'])
+            self.result_label.config(text="Ransomware check running in the background.")
+            self.result_label.pack(pady=20)
+            self.check_process(process, "Ransomware")
+        except Exception as e:
+            self.result_label.config(text=f"Error running ransomware script: {e}")
+        finally:
+            self.on_process_complete()
+
+    def check_process(self, process, name):
+        def poll():
+            if process.poll() is None:
+                # If the process is still running, check again after 500ms
+                self.master.after(500, poll)
+            else:
+                # Process has completed
+                if process.returncode == 0:
+                    self.result_label.config(text=f"{name} check completed successfully.")
+                else:
+                    self.result_label.config(text=f"{name} check failed.")
+                self.on_process_complete()
+
+        # Start polling the process
+        poll()
+
+    def on_process_complete(self):
+        # Re-enable the Next button after the process is done
+        self.next_button.config(state="normal")
+        self.next_button.pack(pady=10)
+        self.progress_label.config(text="Process completed. Click Next to proceed.")
+        self.progress_label.pack(pady=10)
+
+
+
+# # # Main logic to run the device check before starting the wizard
+# # if __name__ == "__main__":
+# #     if device_check():
+# #         # If device check is successful, initialize the Tkinter window
+# #         root = tk.Tk()
+# #         wizard = DeviceCheckWizard(root)
+# #         root.mainloop()
+# #     else:
+# #         # If the device check fails, show an error message and exit
+# #         print("Device check failed. Exiting program.")
+# #         messagebox.showerror("Error", "Device check failed. The wizard will not start.")
+
+# Initialize the Tkinter window
+root = tk.Tk()
+wizard = DeviceCheckWizard(root)
+
+root.mainloop()
+
+
+# import tkinter as tk
+# from tkinter import ttk, messagebox
+# import subprocess
+# import threading
+# import sys
+
+# class DeviceCheckWizard:
+#     def __init__(self, master):
+#         self.master = master
+#         self.step = 0  # Tracks the current step in the wizard
+#         self.is_running = False  # Flag to check if a process is running
+
+#         # Set up the wizard window
+#         self.master.title("Device Check Wizard")
+#         self.master.geometry("600x450")  # Adjusted for better visibility
+
+#         # Step title
+#         self.step_label = tk.Label(self.master, text="Step 1: Welcome", font=("Helvetica", 16, "bold"))
+#         self.step_label.pack(pady=10)
+
+#         # Description label for each step
+#         self.description_label = tk.Label(self.master, text="This wizard will guide you through device checks.")
+#         self.description_label.pack(pady=5)
+
+#         # Progress bar for visual feedback
+#         self.progress_bar = ttk.Progressbar(self.master, orient='horizontal', mode='determinate', length=400)
+#         self.progress_bar.pack(pady=10)
+
+#         # Frame for output
+#         self.output_frame = tk.Frame(self.master, padx=10, pady=10)
+#         self.output_frame.pack(pady=10)
+
+#         self.output_text = tk.Text(self.output_frame, height=10, width=60)
+#         self.output_text.pack(side=tk.LEFT, fill=tk.BOTH, expand=True)
+
+#         self.scrollbar = ttk.Scrollbar(self.output_frame, command=self.output_text.yview)
+#         self.scrollbar.pack(side=tk.RIGHT, fill=tk.Y)
+#         self.output_text.config(yscrollcommand=self.scrollbar.set, bg="#f0f0f0", borderwidth=1, relief="solid")
+
+#         # Navigation buttons
+#         self.button_frame = tk.Frame(self.master)
+#         self.button_frame.pack(pady=20)
+
+#         self.back_button = ttk.Button(self.button_frame, text="Back", command=self.previous_step, state="disabled")
+#         self.back_button.grid(row=0, column=0, padx=20)
+
+#         self.next_button = ttk.Button(self.button_frame, text="Next", command=self.next_step)
+#         self.next_button.grid(row=0, column=1, padx=20)
+
+#     def update_step(self):
+#         """Updates step labels, progress bar, and description."""
+#         steps_info = [
+#             ("Step 1: Welcome", "Welcome to the Device Check Wizard."),
+#             ("Step 2: DDoS Check", "Checking for any Distributed Denial of Service attacks."),
+#             ("Step 3: Malware Check", "Running a Malware scan on the device."),
+#             ("Step 4: Ransomware Check", "Checking for Ransomware on the device."),
+#         ]
+#         self.step_label.config(text=steps_info[self.step][0])
+#         self.description_label.config(text=steps_info[self.step][1])
+#         self.progress_bar['value'] = (self.step + 1) * 25  # Progress increment based on steps (0 to 100)
+
+#     def next_step(self):
+#         # Check if a process is running
+#         if self.is_running:
+#             messagebox.showinfo("Info", "A process is currently running. Please wait.")
+#             return
+
+#         # Proceed to the respective step (DDoS, Malware, etc.)
+#         if self.step == 0:
+#             self.output_text.delete(1.0, tk.END)
+#             self.output_text.insert(tk.END, "Running DDoS check...\n")
+#             self.run_async(self.run_ddos)
+#         elif self.step == 1:
+#             self.output_text.delete(1.0, tk.END)
+#             self.output_text.insert(tk.END, "Running Malware check...\n")
+#             self.run_async(self.run_malware)
+#         elif self.step == 2:
+#             self.output_text.delete(1.0, tk.END)
+#             self.output_text.insert(tk.END, "Running Ransomware check...\n")
+#             self.run_async(self.run_ransomware)
+#         else:
+#             messagebox.showinfo("Info", "All checks completed.")
+#             self.master.quit()
+
+#         self.step += 1
+#         self.update_step()  # Update the UI for the next step
+
+#         # Enable the back button after the first step
+#         if self.step > 0:
+#             self.back_button.config(state="normal")
+
+#     def previous_step(self):
+#         if self.is_running:
+#             messagebox.showinfo("Info", "A process is currently running. Please wait.")
+#             return
+
+#         self.step -= 1
+
+#         if self.step < 0:
+#             self.step = 0
+#             self.back_button.config(state="disabled")
+
+#         self.update_step()  # Update the UI for the previous step
+
+#     def run_async(self, func):
+#         # Set the flag to indicate a process is running
+#         self.is_running = True
+#         thread = threading.Thread(target=func)
+#         thread.start()
+
+#     def run_ddos(self):
+#         self.run_process(['python3', 'runn.py'], "DDoS")
+
+#     def run_malware(self):
+#         self.run_process(['python3', 'Final_Malware.py'], "Malware")
+
+#     def run_ransomware(self):
+#         self.run_process(['python3', 'Ransomware_Type.py'], "Ransomware")
+
+#     def run_process(self, command, name):
+#         self.output_text.insert(tk.END, f"{name} check started...\n")
+#         self.output_text.see(tk.END)  # Scroll to the end
+
+#         try:
+#             # Using Popen for real-time output
+#             process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+
+#             # Read the output line by line
+#             for line in process.stdout:
+#                 self.output_text.insert(tk.END, line)  # Display stdout
+#                 self.output_text.see(tk.END)  # Auto-scroll to the end
+            
+#             # Wait for the process to complete and get return code
+#             return_code = process.wait()
+            
+#             if return_code == 0:
+#                 self.output_text.insert(tk.END, f"{name} check completed successfully.\n")
+#             else:
+#                 self.output_text.insert(tk.END, f"Error running {name} script. Return code: {return_code}\n")
+#         except Exception as e:
+#             self.output_text.insert(tk.END, f"Exception running {name} script: {str(e)}\n")
+#         finally:
+#             self.is_running = False  # Reset the flag
+#             self.on_process_complete()
+
+#     def on_process_complete(self):
+#         self.description_label.config(text="Process completed. You can proceed to the next step.")
+
+# # Initialize the Tkinter window
+# root = tk.Tk()
+# wizard = DeviceCheckWizard(root)
+# root.mainloop()
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# import subprocess
+# import tkinter as tk
+# from concurrent.futures import ThreadPoolExecutor
+
+# def devicecheck():
+#     try:
+#         # Call the subprocess to run the installer.py script
+#         result = subprocess.run(['python3', 'intaller.py'], check=True, capture_output=True, text=True)
+#         print("Device check successful.")
+#         print("Installer output:", result.stdout)
+#         print("Installer errors (if any):", result.stderr)
+
+#         # Use ThreadPoolExecutor to call all functions in parallel
+#         with ThreadPoolExecutor() as executor:
+#             # Start the function calls
+#             futures = {
+#                 'ddos': executor.submit(ddos),
+#                 'malware': executor.submit(malware),
+#                 'ransomware': executor.submit(ransomware),
+#                 'ransomware_model': executor.submit(ransomware_model),
+#             }
+            
+#             # Wait for all functions to complete and print their results
+#             for name, future in futures.items():
+#                 try:
+#                     result = future.result()  # This will block until the function completes
+#                     print(f"{name.capitalize()} check result: {result}")
+#                 except Exception as e:
+#                     print(f"Error in {name}: {e}")
+
+#     except subprocess.CalledProcessError as e:
+#         print(f"Error running installer.py: {e}")
+#         print(f"Installer returned error output: {e.stderr}")
+
+      
+
+
+
+# def ddos():
+#     try:
+#         subprocess.run(['python3', '/home/tech4biz-001/Desktop/umais-code/Final_DDOS_UBUNTU_Tested/run.py'], check=True)
+#         print("DDOS check successful.")
+#         return True
+#     except subprocess.CalledProcessError as e:
+#         print(f"Error running DDoS script: {e}")
+#         return False
+
+# def malware():
+#     try:
+#         subprocess.run(['python3', 'Final_Malware.py'], check=True)
+#         print("Malware check successful.")
+#         return True
+#     except subprocess.CalledProcessError as e:
+#         print(f"Error running malware script: {e}")
+#         return False
+
+# def ransomware():
+#     try:
+#         subprocess.run(['python3', 'Ransomware_Type.py'], check=True)
+#         print("Ransomware check successful.")
+#         return True
+#     except subprocess.CalledProcessError as e:
+#         print(f"Error running ransomware script: {e}")
+#         return False
+
+# def ransomware_model():
+#     try:
+#         subprocess.run(['python3', 'Ransomware_Audit.py'], check=True)
+#         print("Ransomware model check successful.")
+#         return True
+#     except subprocess.CalledProcessError as e:
+#         print(f"Error running ransomware model script: {e}")
+#         return False
+
+# # Initialize the Tkinter window
+# root = tk.Tk()
+# root.title("Marged App")
+# root.geometry("400x300")
+
+# label = tk.Label(root, text="Tkinter Application for Device Check")
+# label.pack(pady=20)
+
+# # Add a button to trigger the devicecheck function
+# button = tk.Button(root, text="Start Device Check", command=devicecheck)
+# button.pack(pady=10)
+
+# # Start the Tkinter main loop
+# root.mainloop()

output.txt

@@ -0,0 +1,496 @@
+1;ID
+4;API:PROCTITLE
+5;API:AVC
+6;API:SYSCALL
+7;API:USER_AUTH
+8;API:USER_ACCT
+9;API:USER_CMD
+10;API:CRED_REFR
+11;API:USER_START
+12;API:USER_AVC
+13;API:USER_END
+14;API:CRED_DISP
+15;API:CRED_ACQ
+16;API:LOGIN
+17;API:SERVICE_START
+18;API:SERVICE_STOP
+19;DROP:chmod644.db
+20;DROP:chmod644.AR
+21;DROP:chmod644.01
+22;DROP:chmod644.GIF
+23;DROP:chmod644.TXT
+24;DROP:chmod644.scc
+25;DROP:chmod644.dat
+26;DROP:chmod644.bmp
+27;DROP:chmod644.STF
+28;DROP:chmod644.scf
+29;DROP:chmod644.exe
+30;DROP:chmod644.typelib
+31;DROP:chmod644.cl
+32;DROP:chmod644.ocx
+33;DROP:chmod644.xml
+34;DROP:chmod644.json
+35;DROP:chmod644.csv
+36;DROP:chmod644.html
+37;DROP:chmod644.css
+38;DROP:chmod644.js
+39;DROP:chmod644.py
+40;DROP:chmod644.log
+41;DROP:chmod644.sql
+42;DROP:chmod644.pdf
+43;DROP:chmod644.doc
+44;DROP:chmod644.docx
+45;DROP:chmod644.ppt
+46;DROP:chmod644.pptx
+47;DROP:chmod644.xlsx
+48;DROP:chmod644.jpg
+49;DROP:chmod644.jpeg
+50;DROP:chmod644.png
+51;DROP:chmod644.mp4
+52;DROP:chmod644.mp3
+53;DROP:chmod644.zip
+54;DROP:chmod644.tar
+55;DROP:chmod644.gz
+56;DROP:chmod644.rar
+57;DROP:chmod644.7z
+58;DROP:chmod644.apk
+59;DROP:chmod644.iso
+60;DROP:chmod755.db
+61;DROP:chmod755.AR
+62;DROP:chmod755.01
+63;DROP:chmod755.GIF
+64;DROP:chmod755.TXT
+65;DROP:chmod755.scc
+66;DROP:chmod755.dat
+67;DROP:chmod755.bmp
+68;DROP:chmod755.STF
+69;DROP:chmod755.scf
+70;DROP:chmod755.exe
+71;DROP:chmod755.typelib
+72;DROP:chmod755.cl
+73;DROP:chmod755.ocx
+74;DROP:chmod755.xml
+75;DROP:chmod755.json
+76;DROP:chmod755.csv
+77;DROP:chmod755.html
+78;DROP:chmod755.css
+79;DROP:chmod755.js
+80;DROP:chmod755.py
+81;DROP:chmod755.log
+82;DROP:chmod755.sql
+83;DROP:chmod755.pdf
+84;DROP:chmod755.doc
+85;DROP:chmod755.docx
+86;DROP:chmod755.ppt
+87;DROP:chmod755.pptx
+88;DROP:chmod755.xlsx
+89;DROP:chmod755.jpg
+90;DROP:chmod755.jpeg
+91;DROP:chmod755.png
+92;DROP:chmod755.mp4
+93;DROP:chmod755.mp3
+94;DROP:chmod755.zip
+95;DROP:chmod755.tar
+96;DROP:chmod755.gz
+97;DROP:chmod755.rar
+98;DROP:chmod755.7z
+99;DROP:chmod755.apk
+100;DROP:chmod755.iso
+101;DROP:chmod777.db
+102;DROP:chmod777.AR
+103;DROP:chmod777.01
+104;DROP:chmod777.GIF
+105;DROP:chmod777.TXT
+106;DROP:chmod777.scc
+107;DROP:chmod777.dat
+108;DROP:chmod777.bmp
+109;DROP:chmod777.STF
+110;DROP:chmod777.scf
+111;DROP:chmod777.exe
+112;DROP:chmod777.typelib
+113;DROP:chmod777.cl
+114;DROP:chmod777.ocx
+115;DROP:chmod777.xml
+116;DROP:chmod777.json
+117;DROP:chmod777.csv
+118;DROP:chmod777.html
+119;DROP:chmod777.css
+120;DROP:chmod777.js
+121;DROP:chmod777.py
+122;DROP:chmod777.log
+123;DROP:chmod777.sql
+124;DROP:chmod777.pdf
+125;DROP:chmod777.doc
+126;DROP:chmod777.docx
+127;DROP:chmod777.ppt
+128;DROP:chmod777.pptx
+129;DROP:chmod777.xlsx
+130;DROP:chmod777.jpg
+131;DROP:chmod777.jpeg
+132;DROP:chmod777.png
+133;DROP:chmod777.mp4
+134;DROP:chmod777.mp3
+135;DROP:chmod777.zip
+136;DROP:chmod777.tar
+137;DROP:chmod777.gz
+138;DROP:chmod777.rar
+139;DROP:chmod777.7z
+140;DROP:chmod777.apk
+141;DROP:chmod777.iso
+142;DROP:chownuser.db
+143;DROP:chownuser.AR
+144;DROP:chownuser.01
+145;DROP:chownuser.GIF
+146;DROP:chownuser.TXT
+147;DROP:chownuser.scc
+148;DROP:chownuser.dat
+149;DROP:chownuser.bmp
+150;DROP:chownuser.STF
+151;DROP:chownuser.scf
+152;DROP:chownuser.exe
+153;DROP:chownuser.typelib
+154;DROP:chownuser.cl
+155;DROP:chownuser.ocx
+156;DROP:chownuser.xml
+157;DROP:chownuser.json
+158;DROP:chownuser.csv
+159;DROP:chownuser.html
+160;DROP:chownuser.css
+161;DROP:chownuser.js
+162;DROP:chownuser.py
+163;DROP:chownuser.log
+164;DROP:chownuser.sql
+165;DROP:chownuser.pdf
+166;DROP:chownuser.doc
+167;DROP:chownuser.docx
+168;DROP:chownuser.ppt
+169;DROP:chownuser.pptx
+170;DROP:chownuser.xlsx
+171;DROP:chownuser.jpg
+172;DROP:chownuser.jpeg
+173;DROP:chownuser.png
+174;DROP:chownuser.mp4
+175;DROP:chownuser.mp3
+176;DROP:chownuser.zip
+177;DROP:chownuser.tar
+178;DROP:chownuser.gz
+179;DROP:chownuser.rar
+180;DROP:chownuser.7z
+181;DROP:chownuser.apk
+182;DROP:chownuser.iso
+183;DROP:chowngroup.db
+184;DROP:chowngroup.AR
+185;DROP:chowngroup.01
+186;DROP:chowngroup.GIF
+187;DROP:chowngroup.TXT
+188;DROP:chowngroup.scc
+189;DROP:chowngroup.dat
+190;DROP:chowngroup.bmp
+191;DROP:chowngroup.STF
+192;DROP:chowngroup.scf
+193;DROP:chowngroup.exe
+194;DROP:chowngroup.typelib
+195;DROP:chowngroup.cl
+196;DROP:chowngroup.ocx
+197;DROP:chowngroup.xml
+198;DROP:chowngroup.json
+199;DROP:chowngroup.csv
+200;DROP:chowngroup.html
+201;DROP:chowngroup.css
+202;DROP:chowngroup.js
+203;DROP:chowngroup.py
+204;DROP:chowngroup.log
+205;DROP:chowngroup.sql
+206;DROP:chowngroup.pdf
+207;DROP:chowngroup.doc
+208;DROP:chowngroup.docx
+209;DROP:chowngroup.ppt
+210;DROP:chowngroup.pptx
+211;DROP:chowngroup.xlsx
+212;DROP:chowngroup.jpg
+213;DROP:chowngroup.jpeg
+214;DROP:chowngroup.png
+215;DROP:chowngroup.mp4
+216;DROP:chowngroup.mp3
+217;DROP:chowngroup.zip
+218;DROP:chowngroup.tar
+219;DROP:chowngroup.gz
+220;DROP:chowngroup.rar
+221;DROP:chowngroup.7z
+222;DROP:chowngroup.apk
+223;DROP:chowngroup.iso
+224;DROP:chgrpstaff.db
+225;DROP:chgrpstaff.AR
+226;DROP:chgrpstaff.01
+227;DROP:chgrpstaff.GIF
+228;DROP:chgrpstaff.TXT
+229;DROP:chgrpstaff.scc
+230;DROP:chgrpstaff.dat
+231;DROP:chgrpstaff.bmp
+232;DROP:chgrpstaff.STF
+233;DROP:chgrpstaff.scf
+234;DROP:chgrpstaff.exe
+235;DROP:chgrpstaff.typelib
+236;DROP:chgrpstaff.cl
+237;DROP:chgrpstaff.ocx
+238;DROP:chgrpstaff.xml
+239;DROP:chgrpstaff.json
+240;DROP:chgrpstaff.csv
+241;DROP:chgrpstaff.html
+242;DROP:chgrpstaff.css
+243;DROP:chgrpstaff.js
+244;DROP:chgrpstaff.py
+245;DROP:chgrpstaff.log
+246;DROP:chgrpstaff.sql
+247;DROP:chgrpstaff.pdf
+248;DROP:chgrpstaff.doc
+249;DROP:chgrpstaff.docx
+250;DROP:chgrpstaff.ppt
+251;DROP:chgrpstaff.pptx
+252;DROP:chgrpstaff.xlsx
+253;DROP:chgrpstaff.jpg
+254;DROP:chgrpstaff.jpeg
+255;DROP:chgrpstaff.png
+256;DROP:chgrpstaff.mp4
+257;DROP:chgrpstaff.mp3
+258;DROP:chgrpstaff.zip
+259;DROP:chgrpstaff.tar
+260;DROP:chgrpstaff.gz
+261;DROP:chgrpstaff.rar
+262;DROP:chgrpstaff.7z
+263;DROP:chgrpstaff.apk
+264;DROP:chgrpstaff.iso
+265;DROP:chgrpadmin.db
+266;DROP:chgrpadmin.AR
+267;DROP:chgrpadmin.01
+268;DROP:chgrpadmin.GIF
+269;DROP:chgrpadmin.TXT
+270;DROP:chgrpadmin.scc
+271;DROP:chgrpadmin.dat
+272;DROP:chgrpadmin.bmp
+273;DROP:chgrpadmin.STF
+274;DROP:chgrpadmin.scf
+275;DROP:chgrpadmin.exe
+276;DROP:chgrpadmin.typelib
+277;DROP:chgrpadmin.cl
+278;DROP:chgrpadmin.ocx
+279;DROP:chgrpadmin.xml
+280;DROP:chgrpadmin.json
+281;DROP:chgrpadmin.csv
+282;DROP:chgrpadmin.html
+283;DROP:chgrpadmin.css
+284;DROP:chgrpadmin.js
+285;DROP:chgrpadmin.py
+286;DROP:chgrpadmin.log
+287;DROP:chgrpadmin.sql
+288;DROP:chgrpadmin.pdf
+289;DROP:chgrpadmin.doc
+290;DROP:chgrpadmin.docx
+291;DROP:chgrpadmin.ppt
+292;DROP:chgrpadmin.pptx
+293;DROP:chgrpadmin.xlsx
+294;DROP:chgrpadmin.jpg
+295;DROP:chgrpadmin.jpeg
+296;DROP:chgrpadmin.png
+297;DROP:chgrpadmin.mp4
+298;DROP:chgrpadmin.mp3
+299;DROP:chgrpadmin.zip
+300;DROP:chgrpadmin.tar
+301;DROP:chgrpadmin.gz
+302;DROP:chgrpadmin.rar
+303;DROP:chgrpadmin.7z
+304;DROP:chgrpadmin.apk
+305;DROP:chgrpadmin.iso
+306;FILES:Modified(.db)
+307;FILES:Modified(.AR)
+308;FILES:Modified(.01)
+309;FILES:Modified(.GIF)
+310;FILES:Modified(.TXT)
+311;FILES:Modified(.scc)
+312;FILES:Modified(.dat)
+313;FILES:Modified(.bmp)
+314;FILES:Modified(.STF)
+315;FILES:Modified(.scf)
+316;FILES:Modified(.exe)
+317;FILES:Modified(.typelib)
+318;FILES:Modified(.cl)
+319;FILES:Modified(.ocx)
+320;FILES:Modified(.xml)
+321;FILES:Modified(.json)
+322;FILES:Modified(.csv)
+323;FILES:Modified(.html)
+324;FILES:Modified(.css)
+325;FILES:Modified(.js)
+326;FILES:Modified(.py)
+327;FILES:Modified(.log)
+328;FILES:Modified(.sql)
+329;FILES:Modified(.pdf)
+330;FILES:Modified(.doc)
+331;FILES:Modified(.docx)
+332;FILES:Modified(.ppt)
+333;FILES:Modified(.pptx)
+334;FILES:Modified(.xlsx)
+335;FILES:Modified(.jpg)
+336;FILES:Modified(.jpeg)
+337;FILES:Modified(.png)
+338;FILES:Modified(.mp4)
+339;FILES:Modified(.mp3)
+340;FILES:Modified(.zip)
+341;FILES:Modified(.tar)
+342;FILES:Modified(.gz)
+343;FILES:Modified(.rar)
+344;FILES:Modified(.7z)
+345;FILES:Modified(.apk)
+346;FILES:Modified(.iso)
+347;FILES:Created(.db)
+348;FILES:Created(.AR)
+349;FILES:Created(.01)
+350;FILES:Created(.GIF)
+351;FILES:Created(.TXT)
+352;FILES:Created(.scc)
+353;FILES:Created(.dat)
+354;FILES:Created(.bmp)
+355;FILES:Created(.STF)
+356;FILES:Created(.scf)
+357;FILES:Created(.exe)
+358;FILES:Created(.typelib)
+359;FILES:Created(.cl)
+360;FILES:Created(.ocx)
+361;FILES:Created(.xml)
+362;FILES:Created(.json)
+363;FILES:Created(.csv)
+364;FILES:Created(.html)
+365;FILES:Created(.css)
+366;FILES:Created(.js)
+367;FILES:Created(.py)
+368;FILES:Created(.log)
+369;FILES:Created(.sql)
+370;FILES:Created(.pdf)
+371;FILES:Created(.doc)
+372;FILES:Created(.docx)
+373;FILES:Created(.ppt)
+374;FILES:Created(.pptx)
+375;FILES:Created(.xlsx)
+376;FILES:Created(.jpg)
+377;FILES:Created(.jpeg)
+378;FILES:Created(.png)
+379;FILES:Created(.mp4)
+380;FILES:Created(.mp3)
+381;FILES:Created(.zip)
+382;FILES:Created(.tar)
+383;FILES:Created(.gz)
+384;FILES:Created(.rar)
+385;FILES:Created(.7z)
+386;FILES:Created(.apk)
+387;FILES:Created(.iso)
+388;FILES:Deleted(.db)
+389;FILES:Deleted(.AR)
+390;FILES:Deleted(.01)
+391;FILES:Deleted(.GIF)
+392;FILES:Deleted(.TXT)
+393;FILES:Deleted(.scc)
+394;FILES:Deleted(.dat)
+395;FILES:Deleted(.bmp)
+396;FILES:Deleted(.STF)
+397;FILES:Deleted(.scf)
+398;FILES:Deleted(.exe)
+399;FILES:Deleted(.typelib)
+400;FILES:Deleted(.cl)
+401;FILES:Deleted(.ocx)
+402;FILES:Deleted(.xml)
+403;FILES:Deleted(.json)
+404;FILES:Deleted(.csv)
+405;FILES:Deleted(.html)
+406;FILES:Deleted(.css)
+407;FILES:Deleted(.js)
+408;FILES:Deleted(.py)
+409;FILES:Deleted(.log)
+410;FILES:Deleted(.sql)
+411;FILES:Deleted(.pdf)
+412;FILES:Deleted(.doc)
+413;FILES:Deleted(.docx)
+414;FILES:Deleted(.ppt)
+415;FILES:Deleted(.pptx)
+416;FILES:Deleted(.xlsx)
+417;FILES:Deleted(.jpg)
+418;FILES:Deleted(.jpeg)
+419;FILES:Deleted(.png)
+420;FILES:Deleted(.mp4)
+421;FILES:Deleted(.mp3)
+422;FILES:Deleted(.zip)
+423;FILES:Deleted(.tar)
+424;FILES:Deleted(.gz)
+425;FILES:Deleted(.rar)
+426;FILES:Deleted(.7z)
+427;FILES:Deleted(.apk)
+428;FILES:Deleted(.iso)
+429;FILES:Opened(.db)
+430;FILES:Opened(.AR)
+431;FILES:Opened(.01)
+432;FILES:Opened(.GIF)
+433;FILES:Opened(.TXT)
+434;FILES:Opened(.scc)
+435;FILES:Opened(.dat)
+436;FILES:Opened(.bmp)
+437;FILES:Opened(.STF)
+438;FILES:Opened(.scf)
+439;FILES:Opened(.exe)
+440;FILES:Opened(.typelib)
+441;FILES:Opened(.cl)
+442;FILES:Opened(.ocx)
+443;FILES:Opened(.xml)
+444;FILES:Opened(.json)
+445;FILES:Opened(.csv)
+446;FILES:Opened(.html)
+447;FILES:Opened(.css)
+448;FILES:Opened(.js)
+449;FILES:Opened(.py)
+450;FILES:Opened(.log)
+451;FILES:Opened(.sql)
+452;FILES:Opened(.pdf)
+453;FILES:Opened(.doc)
+454;FILES:Opened(.docx)
+455;FILES:Opened(.ppt)
+456;FILES:Opened(.pptx)
+457;FILES:Opened(.xlsx)
+458;FILES:Opened(.jpg)
+459;FILES:Opened(.jpeg)
+460;FILES:Opened(.png)
+461;FILES:Opened(.mp4)
+462;FILES:Opened(.mp3)
+463;FILES:Opened(.zip)
+464;FILES:Opened(.tar)
+465;FILES:Opened(.gz)
+466;FILES:Opened(.rar)
+467;FILES:Opened(.7z)
+468;FILES:Opened(.apk)
+469;FILES:Opened(.iso)
+470;REG:bash.bashrc
+471;REG:bash_completion.d
+472;REG:environment
+473;REG:fstab
+474;REG:fwupd
+475;REG:group
+476;REG:host.conf
+477;REG:hosts
+478;REG:init.d
+479;REG:inputrc
+480;REG:ld.so.cache
+481;REG:locale.alias
+482;REG:locale.conf
+483;REG:login.defs
+484;REG:machine-id
+485;REG:modprobe.d
+486;REG:nsswitch.conf
+487;REG:passwd
+488;REG:sensors.d
+489;REG:sensors3.conf
+490;REG:shadow
+491;REG:shells
+492;REG:sudo.conf
+493;REG:sudoers
+494;REG:sudoers.d
+495;DIR:Directories Created
+496;DIR:Directories Deleted
+497;DIR:Directories Modified
+498;DIR:Directories Opened

prediction.csv

@@ -0,0 +1,16 @@
+pktcount,byteperflow,tot_kbps,rx_kbps,flows,bytecount,tot_dur,Protocol_ICMP,Protocol_TCP,Protocol_UDP,Protocol_HTTP,Protocol_HTTPS,Protocol_SSH,Protocol_DHCP,Protocol_FTP,Protocol_SMTP,Protocol_POP3,Protocol_IMAP,Protocol_DNS,src_ip,dst_ip,probability
+116,116.0,0.116,0.116,1,116.0,0.0,0,0,0,0,0,0,0,0,0,0,0,0,203.23.178.59,192.168.1.14,1.0
+116,116.0,0.116,0.116,1,116.0,0.02130305,0,0,0,0,0,0,0,0,0,0,0,0,203.23.178.59,192.168.1.14,0.8
+66,66.0,0.066,0.066,1,66.0,0.000110431,0,1,0,0,0,0,0,0,0,0,0,0,192.168.1.14,203.23.178.59,0.8
+116,116.0,0.116,0.116,1,116.0,0.019705325,0,0,0,0,0,0,0,0,0,0,0,0,203.23.178.59,192.168.1.14,0.8
+46,46.0,0.046,0.046,1,46.0,0.000307836,0,0,0,0,0,0,0,0,0,0,0,0,192.168.1.14,239.255.102.18,0.6
+116,116.0,0.116,0.116,1,116.0,0.014479618,0,0,0,0,0,0,0,0,0,0,0,0,203.23.178.59,192.168.1.14,0.8
+66,66.0,0.066,0.066,1,66.0,0.00010021,0,1,0,0,0,0,0,0,0,0,0,0,192.168.1.14,203.23.178.59,0.8
+116,116.0,0.116,0.116,1,116.0,0.015669561,0,0,0,0,0,0,0,0,0,0,0,0,203.23.178.59,192.168.1.14,0.8
+116,116.0,0.116,0.116,1,116.0,0.013030381,0,0,0,0,0,0,0,0,0,0,0,0,203.23.178.59,192.168.1.14,0.8
+66,66.0,0.066,0.066,1,66.0,9.7403e-05,0,1,0,0,0,0,0,0,0,0,0,0,192.168.1.14,203.23.178.59,0.8
+116,116.0,0.116,0.116,1,116.0,0.014284798,0,0,0,0,0,0,0,0,0,0,0,0,203.23.178.59,192.168.1.14,0.8
+116,116.0,0.116,0.116,1,116.0,0.012841756,0,0,0,0,0,0,0,0,0,0,0,0,203.23.178.59,192.168.1.14,0.8
+66,66.0,0.066,0.066,1,66.0,9.0748e-05,0,1,0,0,0,0,0,0,0,0,0,0,192.168.1.14,203.23.178.59,0.8
+116,116.0,0.116,0.116,1,116.0,0.016011455,0,0,0,0,0,0,0,0,0,0,0,0,203.23.178.59,192.168.1.14,0.8
+116,116.0,0.116,0.116,1,116.0,0.013576792,0,0,0,0,0,0,0,0,0,0,0,0,203.23.178.59,192.168.1.14,0.8

predictions.csv

@@ -0,0 +1,7 @@
+filename,predicted_class
+libpcp.so.3,0
+libBLTlite.2.5.so.8.6,0
+libpcp_import.so.1,0
+libBLT.2.5.so.8.6,0
+klibc-BnzSoOUNgFnGkEcRdekugdBENMs.so,0
+libpcp_gui.so.2,0

ransomware-analysis-model .py

@@ -0,0 +1,223 @@
+
+from sklearn.model_selection import train_test_split
+from sklearn.preprocessing import StandardScaler
+import tensorflow as tf
+from tensorflow.keras.models import Sequential
+from tensorflow.keras.layers import Dense
+
+from sklearn.metrics import confusion_matrix, classification_report
+
+import numpy as np # linear algebra
+import pandas as pd # data processing, CSV file I/O (e.g. pd.read_csv)
+
+# Input data files are available in the read-only "../input/" directory
+# For exampl
+import pandas as pd
+import numpy as np
+import matplotlib.pyplot as plt
+INPUT_PATH = '/home/webncodes/Downloads/ransomWare/Ransomeware'
+
+f1= open(INPUT_PATH + '/output.txt', encoding = 'utf-8')
+# f1= open(INPUT_PATH + '/output.txt', encoding = 'utf-8')
+# print(f1)
+columns=[]
+for i in f1:
+    column = i.split(';')
+    
+    columns.append(column[1].replace('\n', ''))
+
+# print(columns[0:10])
+# exit(1)
+# print("columns")
+# # print(columns)
+# print("Reading")
+
+
+# data = pd.read_csv(INPUT_PATH + '/RansomwareData.csv', header=None,names=columns)
+data = pd.read_csv(INPUT_PATH + '/combined_log_summary.csv', header=None,names=columns)
+# data = pd.read_csv(INPUT_PATH + '/tra.csv', header=None,names=columns)
+
+
+# print(data)
+
+
+#seperate data to data_ransomware and data_goodware
+
+print(data['Label (1 Ransomware / 0 Goodware)'])
+
+data_ransomware = data.loc[(data['Label (1 Ransomware / 0 Goodware)'] == 1)]
+data_goodware = data.loc[(data['Label (1 Ransomware / 0 Goodware)'] == 0)]
+print(data_ransomware)
+print("PK")
+print(data_goodware)
+# exit(1)
+# In[20]:
+
+
+#drop features that are all 0
+data_ransomware = data_ransomware.loc[:, (data_ransomware != 0).any(axis=0)]
+data_goodware = data_goodware.loc[:, (data_goodware != 0).any(axis=0)]
+
+
+
+# In[24]:
+
+
+#dictionary #some basic feature engineering done to understand and optimize ransomware model.  
+#feature -> total count 
+dic_ransomware = {}
+for (columnName, columnData) in data_ransomware.items(): 
+    dic_ransomware[columnName] = columnData.sum()
+
+# print(dic_ransomware['Ransomware Family'])
+# exit(1)
+del dic_ransomware['Ransomware Family']
+del dic_ransomware['Label (1 Ransomware / 0 Goodware)']
+    
+dic_goodware = {}
+for (columnName, columnData) in data_goodware.items(): 
+    dic_goodware[columnName] = columnData.sum()
+
+
+# In[25]:
+
+
+#sort by count, desc, all analysis done to better understand the data set
+sorted_dic_ransomware = sorted(dic_ransomware.items(),key = lambda x:x[1],reverse = True)
+sorted_dic_goodware = sorted(dic_goodware.items(),key = lambda x:x[1],reverse = True)
+
+
+# In[26]:
+
+
+# top 50 that ransomware do
+sorted_dic_ransomware_top50 = sorted_dic_ransomware[0:51]
+for var in sorted_dic_ransomware_top50:
+    print(var)
+
+
+# In[27]:
+
+
+# top 50 that goodmware do
+sorted_dic_goodware_top50 = sorted_dic_goodware[0:50]
+for var in sorted_dic_goodware_top50:
+    print(var)
+
+
+# In[28]:
+
+
+# diff, [ransomware do in top 50] but [goodmware not do in top 50]
+set_diff = dict(sorted_dic_ransomware_top50).keys() - dict(sorted_dic_goodware_top50).keys()
+print('in ransomware_top50 but not goodmware_top50: \n')
+for var in set_diff:
+    print(var)
+
+
+# In[29]:
+
+
+# from percentage perspect
+COUNT_GOODWARE = len(data_goodware)
+COUNT_RANSOMWARE = len(data_ransomware)
+# print(COUNT_GOODWARE)
+# print(COUNT_RANSOMWARE)
+# print(set_diff)
+
+print(dic_goodware)
+for var in set_diff:
+    print(f'feature {var}, ransomware count is {dic_ransomware[var]}, percentage is {dic_ransomware[var]/COUNT_RANSOMWARE}; goodware count is {dic_goodware[var]}, percentage is { dic_goodware[var]/COUNT_GOODWARE}')
+
+
+# ### ransomware do more than goodware
+# API:NtTerminateProcess 0.5120274914089347 -> 0.12845010615711253
+# STR:15066 0.7663230240549829 -> 0.43842887473460723
+# API:SetUnhandledExceptionFilter 0.6323024054982818 -> 0.321656050955414
+
+
+#ransomware do but goodware not do
+set_diff_ransomware_only = dic_ransomware.keys() - dic_goodware.keys()
+len(set_diff_ransomware_only)
+
+#goodware do but ransomware not do
+set_diff_goodware_only = dic_goodware.keys() - dic_ransomware.keys()
+len(set_diff_goodware_only)
+
+# only ransomware do, top 50
+i = 0
+for var in sorted_dic_ransomware:
+    if i == 50:
+        break
+    if var[0] in set_diff_ransomware_only:
+        print(i, ": ", var[0], var[1])
+        i = i+1
+
+# only goodware do, top 50
+i = 0
+for var in sorted_dic_goodware:
+    if i == 50:
+        break
+    if var[0] in set_diff_goodware_only:
+        print(i, ": ", var[0], var[1])
+        i = i+1
+
+
+# In[9]:
+
+
+#drop features that are all label and start the model training.
+# data = data.loc[:, (data != 0).any(axis=0)]
+X_data = data.drop('Label (1 Ransomware / 0 Goodware)', axis=1)  # Features
+X = X_data.drop('Ransomware Family', axis=1)
+# X = X_data
+# print(X)
+y = data['Label (1 Ransomware / 0 Goodware)']  # Labels
+
+print(X.head())
+print(y.head())
+
+X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42)
+scaler = StandardScaler()
+X_train = scaler.fit_transform(X_train)
+X_test = scaler.transform(X_test)
+
+# Build the model
+model = Sequential([
+    Dense(64, activation='relu', input_shape=(X_train.shape[1],)),
+    Dense(32, activation='relu'),
+    Dense(1, activation='sigmoid')  # Binary classification
+])
+
+# Compile the model
+# model.compile(optimizer='adam', loss='binary_crossentropy', metrics=['accuracy'])
+model.compile(optimizer=tf.keras.optimizers.Adam(learning_rate=0.0001), loss='binary_crossentropy', metrics=['accuracy'])
+
+
+# Train the model
+model.fit(X_train, y_train, epochs=50, batch_size=32, validation_split=0.1)
+
+# Evaluate the model
+loss, accuracy = model.evaluate(X_test, y_test)
+print(f"Test Accuracy: {accuracy:.2f}")
+
+#save and use model
+model.save('updated_ransomware_classifier.h5')
+print("trainign complete")
+loaded_model = tf.keras.models.load_model('updated_ransomware_classifier.h5')
+print(X_test)
+predictions = loaded_model.predict(X_test)
+predicted_labels = (predictions > 0.5).astype(int) 
+true_labels = y_test.values
+
+# Print the first few predictions and true labels
+for i in range(10):  # Adjust the range as needed
+    print(f"Sample {i}: Predicted = {predicted_labels[i][0]}, True = {true_labels[i]}")
+
+
+
+# In[ ]:
+
+
+
+

req.txt

@@ -0,0 +1,66 @@
+certifi==2024.8.30
+charset-normalizer==3.4.0
+idna==3.10
+requests==2.32.3
+tk==0.1.0
+urllib3==2.2.3
+pyshark
+psutil
+pandas
+joblib
+scikit-learn
+attrs==23.2.0
+Babel==2.10.3
+bcc
+blinker
+certifi
+chardet
+click
+configobj
+cryptography
+defer
+distro
+distro-info
+httplib2
+idna
+Jinja2
+jsonpatch
+jsonpointer
+jsonschema
+launchpadlib
+lazr.restfulclient
+lazr.uri
+louis
+markdown-it-py
+MarkupSafe
+mdurl
+netaddr
+oauthlib
+olefile
+pexpect
+pillow
+pyshark
+psutil
+ptyprocess
+Pygments
+PyJWT
+pyparsing
+pyrsistent
+pyserial==3.5
+python-dateutil
+pytz
+pyxdg
+PyYAML
+requests
+rich
+setuptools
+six
+urllib3
+wadllib
+watchdog
+wheel
+xdg
+xgboost
+tk
+inotify_simple
+tensorflow

run.py

@@ -0,0 +1,74 @@
+import subprocess
+import threading
+import tkinter as tk
+from tkinter import ttk
+
+# Function to run the bash script and track output for dependency installation
+def run_bash_script():
+    global process
+    try:
+         
+         
+         
+        # Run the bash script and capture stdout and stderr in real-time
+        process = subprocess.Popen(
+            ['bash', './run.sh'],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+            text=True
+        )
+        
+        # Read stdout in real-time and track pip install progress
+        for stdout_line in iter(process.stdout.readline, ""):
+            if stdout_line:
+                print(f"Output: {stdout_line.strip()}")
+                if "START_PIP_INSTALL" in stdout_line:
+                    print("Pip install started...")
+                elif "END_PIP_INSTALL" in stdout_line:
+                    print("Pip install completed. Closing loading window...")
+                    close_loading_window()  # Close the window when pip install completes
+
+        process.stdout.close()
+
+        # Read stderr at the end
+        stderr = process.stderr.read()
+        if stderr:
+            print(f"Error: {stderr.strip()}")
+
+    except Exception as e:
+        print(f"Exception occurred: {e}")
+    finally:
+        if process.poll() is None:  # Check if the process is still running
+            process.wait()  # Wait for the Bash script to finish completely
+
+# Function to show the loading window
+def show_loading_window():
+    global root
+    root = tk.Tk()
+    root.title("Please Wait")
+    root.geometry("300x100")
+    
+    label = ttk.Label(root, text="Downloading dependencies. Please wait...", anchor="center")
+    label.pack(pady=20)
+    
+    # Add a progress bar (just for visual purposes)
+    progress = ttk.Progressbar(root, mode="indeterminate")
+    progress.pack(pady=10)
+    progress.start(10)  # Start the indeterminate progress bar
+    
+    # Prevent closing the window manually
+    root.protocol("WM_DELETE_WINDOW", lambda: None)
+
+    # Start a separate thread to run the bash script
+    threading.Thread(target=run_bash_script).start()
+    
+    root.mainloop()
+
+# Function to close the loading window
+def close_loading_window():
+    if root:
+        root.withdraw()
+
+if __name__ == "__main__":
+    show_loading_window()
+

run.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Exit immediately if a command exits with a non-zero status
+set -e
+
+# Step 1: Activate the virtual environment
+echo "Creating the virtual environment (Could take up to 10 minutes for the first time)..."
+
+# Check if the virtual environment already exists
+if [ -d "venv" ]; then
+    echo "Virtual environment already exists. Activating..."
+    source "venv/bin/activate"
+    
+    echo "START_PIP_INSTALL"  # Add a marker to signal pip install starting
+
+    pip install -r req.txt
+
+    echo "END_PIP_INSTALL"  # Add a marker to signal pip install completion
+else
+    echo "Creating virtual environment..."
+    python3 -m venv "venv"
+    source "venv/bin/activate"
+    
+    echo "START_PIP_INSTALL"  # Add a marker to signal pip install starting
+
+    pip install -r req.txt
+
+    echo "END_PIP_INSTALL"  # Add a marker to signal pip install completion
+fi
+
+# Step 2: Run the Python script (this part should run after the popup closes)
+echo "Running Python script..."
+python3 Final_Malware.py
+

run.spec

@@ -0,0 +1,44 @@
+# -*- mode: python ; coding: utf-8 -*-
+
+
+a = Analysis(
+    ['run.py'],
+    pathex=[],
+    binaries=[],
+    datas=[],
+    hiddenimports=[],
+    hookspath=[],
+    hooksconfig={},
+    runtime_hooks=[],
+    excludes=[],
+    noarchive=False,
+    optimize=0,
+)
+pyz = PYZ(a.pure)
+
+exe = EXE(
+    pyz,
+    a.scripts,
+    [],
+    exclude_binaries=True,
+    name='run',
+    debug=False,
+    bootloader_ignore_signals=False,
+    strip=False,
+    upx=True,
+    console=True,
+    disable_windowed_traceback=False,
+    argv_emulation=False,
+    target_arch=None,
+    codesign_identity=None,
+    entitlements_file=None,
+)
+coll = COLLECT(
+    exe,
+    a.binaries,
+    a.datas,
+    strip=False,
+    upx=True,
+    upx_exclude=[],
+    name='run',
+)

runn.py

@@ -0,0 +1,74 @@
+import subprocess
+import threading
+import tkinter as tk
+from tkinter import ttk
+
+# Function to run the bash script and track output for dependency installation
+def run_bash_script():
+    global process
+    try:
+    
+    
+        
+        # Run the bash script and capture stdout and stderr in real-time
+        process = subprocess.Popen(
+            ['bash', './runn.sh'],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+            text=True
+        )
+        
+        # Read stdout in real-time and track pip install progress
+        for stdout_line in iter(process.stdout.readline, ""):
+            if stdout_line:
+                print(f"Output: {stdout_line.strip()}")
+                if "START_PIP_INSTALL" in stdout_line:
+                    print("Pip install started...")
+                elif "END_PIP_INSTALL" in stdout_line:
+                    print("Pip install completed. Closing loading window...")
+                    close_loading_window()  # Close the window when pip install completes
+
+        process.stdout.close()
+
+        # Read stderr at the end
+        stderr = process.stderr.read()
+        if stderr:
+            print(f"Error: {stderr.strip()}")
+
+    except Exception as e:
+        print(f"Exception occurred: {e}")
+    finally:
+        if process.poll() is None:  # Check if the process is still running
+            process.wait()  # Wait for the Bash script to finish completely
+
+# Function to show the loading window
+def show_loading_window():
+    global root
+    root = tk.Tk()
+    root.title("Please Wait")
+    root.geometry("300x100")
+    
+    label = ttk.Label(root, text="Downloading dependencies. Please wait...", anchor="center")
+    label.pack(pady=20)
+    
+    # Add a progress bar (just for visual purposes)
+    progress = ttk.Progressbar(root, mode="indeterminate")
+    progress.pack(pady=10)
+    progress.start(10)  # Start the indeterminate progress bar
+    
+    # Prevent closing the window manually
+    root.protocol("WM_DELETE_WINDOW", lambda: None)
+
+    # Start a separate thread to run the bash script
+    threading.Thread(target=run_bash_script).start()
+    
+    root.mainloop()
+
+# Function to close the loading window
+def close_loading_window():
+    if root:
+        root.withdraw()
+
+if __name__ == "__main__":
+    show_loading_window()
+

runn.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Exit immediately if a command exits with a non-zero status
+set -e
+
+# Step 1: Activate the virtual environment
+echo "Creating the virtual environment (Could take up to 10 minutes for the first time)..."
+
+# Check if the virtual environment already exists
+if [ -d "venv" ]; then
+    echo "Virtual environment already exists. Activating..."
+    source "venv/bin/activate"
+    
+    echo "START_PIP_INSTALL"  # Add a marker to signal pip install starting
+
+    pip install -r req.txt
+
+    echo "END_PIP_INSTALL"  # Add a marker to signal pip install completion
+else
+    echo "Creating virtual environment..."
+    python3 -m venv "venv"
+    source "venv/bin/activate"
+    
+    echo "START_PIP_INSTALL"  # Add a marker to signal pip install starting
+
+    pip install -r req.txt
+
+    echo "END_PIP_INSTALL"  # Add a marker to signal pip install completion
+fi
+
+# Step 2: Run the Python script (this part should run after the popup closes)
+echo "Running Python script..."
+python3 test_ddos.py
+

test_data.py

@@ -0,0 +1,84 @@
+import numpy as np
+import pandas as pd
+from sklearn.preprocessing import StandardScaler
+import tensorflow as tf
+from sklearn.metrics import accuracy_score, confusion_matrix, classification_report
+from datetime import datetime
+
+TEST_DATA_PATH = 'combined_log_summary.csv'
+VARIABLE_NAMES_PATH = 'output.txt'
+
+# Load the trained model
+model = tf.keras.models.load_model('updated_ransomware_classifier.h5')
+
+# Load and prepare test data
+# Read variable names
+with open(VARIABLE_NAMES_PATH, encoding='utf-8') as f:
+    columns = [line.split(';')[1].strip() for line in f]
+
+# Load test data
+data = pd.read_csv(TEST_DATA_PATH, header=None, names=columns)
+
+# Check and clean column names
+data.columns = data.columns.str.strip()
+print("Columns in DataFrame:", data.columns)
+
+# Drop features that are all zero and label column
+try:
+    # data = data.loc[:, (data != 0).any(axis=0)]
+    
+    #drop features that are all label and start the model training.
+    X_data = data.drop('Label (1 Ransomware / 0 Goodware)', axis=1)  # Features
+    X = X_data.drop('Ransomware Family', axis=1)
+    # X = X_data
+    # print(X)
+    y = data['Label (1 Ransomware / 0 Goodware)']  # Labels
+    # X = X.loc[:, (data != 0).any(axis=0)]
+
+except KeyError as e:
+    print(f"Error: {e}")
+    print("Available columns:", data.columns)
+    raise
+
+# Standardize the features
+scaler = StandardScaler()
+X = scaler.fit_transform(X)
+
+# Make predictions
+predictions = model.predict(X)
+predicted_labels = (predictions > 0.5).astype(int)
+true_labels = y.values
+
+# Convert predictions to "Yes" or "No"
+predicted_labels_text = ['Yes' if label == 1 else 'No' for label in predicted_labels.flatten()]
+true_labels_text = ['Yes' if label == 1 else 'No' for label in true_labels]
+
+# Get current timestamp
+timestamp = datetime.now().strftime('%Y-%m-%d_%H-%M-%S')
+
+# Evaluation metrics
+accuracy = accuracy_score(true_labels, predicted_labels)
+conf_matrix = confusion_matrix(true_labels, predicted_labels)
+class_report = classification_report(true_labels, predicted_labels)
+
+print(f"Test Accuracy ({timestamp}): {accuracy:.2f}")
+print(f"\nConfusion Matrix ({timestamp}):")
+print(conf_matrix)
+print(f"\nClassification Report ({timestamp}):")
+print(class_report)
+
+# Print the first few predictions and true labels with timestamp
+print(f"\nSample Predictions vs True Labels ({timestamp}):")
+for i in range(10):  # Adjust the range as needed
+    print(f"Sample {i}: Predicted = {predicted_labels_text[i]}, True = {true_labels_text[i]}")
+
+# Save predictions and true labels to a CSV file with timestamp
+output_df = pd.DataFrame({
+    'Timestamp': [timestamp] * len(predicted_labels_text),  # Add timestamp column
+    'Predicted Label': predicted_labels_text,
+    'True Label': true_labels_text
+})
+
+output_file = f'prediction_{timestamp}.csv'
+output_df.to_csv(output_file, index=False)
+print(f"Predictions saved to {output_file} ({timestamp})")

test_ddos.py

@@ -0,0 +1,311 @@
+import tkinter as tk
+from tkinter import messagebox, simpledialog
+import subprocess
+import os
+import sys
+import pyshark
+import psutil
+import pandas as pd
+import joblib
+from sklearn.preprocessing import StandardScaler
+import sklearn.ensemble._forest
+from threading import Thread, Event
+import csv
+import time
+import requests
+
+# Global variable for thread control
+stop_event = Event()
+value = False
+
+# Important features and weights as provided
+important_features = [
+    'pktcount',
+    'byteperflow',
+    'tot_kbps',
+    'rx_kbps',
+    'flows',
+    'bytecount',
+    'tot_dur',
+    'Protocol_ICMP',
+    'Protocol_TCP',
+    'Protocol_UDP',
+]
+
+
+# Drop features you don't need based on what you used in training
+drop_features = ['src', 'dst', 'dt', 'dur', 'pktrate', 'pktperflow',
+  
+    'Protocol_HTTP',
+    'Protocol_HTTPS',
+    'Protocol_SSH',
+    'Protocol_DHCP',
+    'Protocol_FTP',
+    'Protocol_SMTP',
+    'Protocol_POP3',
+    'Protocol_IMAP',
+    'Protocol_DNS']
+
+# Automatically detect active network interface
+def get_active_interface():
+    interfaces = psutil.net_if_addrs()
+    
+    for interface, addrs in interfaces.items():
+        for addr in addrs:
+            if addr.family == 2:  # family=2 corresponds to AF_INET (IPv4)
+                if addr.address != '127.0.0.1':  # Skip localhost (lo)
+                    return interface
+    raise Exception("No active interface found")
+
+# Preprocessing function to extract specific features from packets
+def preprocess_packet(packet):
+    try:
+        if float(packet.frame_info.time_delta) < 1:
+            byteperflow = float(packet.length)
+        else:
+            byteperflow = float(packet.length) / float(packet.frame_info.time_delta)
+
+        # Capture IP or IPv6 addresses
+        src_ip = None
+        dst_ip = None
+        if hasattr(packet, 'ip'):
+            src_ip = packet.ip.src
+            dst_ip = packet.ip.dst
+        elif hasattr(packet, 'ipv6'):
+            src_ip = packet.ipv6.src
+            dst_ip = packet.ipv6.dst
+        if(src_ip and ':' in src_ip ):
+            return None
+
+        # Capture protocol layer (handles protocols other than ICMP, TCP, UDP)
+        protocol = packet.highest_layer
+
+        # Add flags for common protocols (ICMP, TCP, UDP are already covered)
+        protocol_icmp = 1 if protocol == "ICMP" else 0
+        protocol_tcp = 1 if protocol == "TCP" else 0
+        protocol_udp = 1 if protocol == "UDP" else 0
+        protocol_http = 1 if protocol == "HTTP" else 0
+        protocol_https = 1 if protocol == "SSL" else 0  # HTTPS typically uses SSL/TLS layer
+        protocol_ssh = 1 if protocol == "SSH" else 0
+        protocol_dhcp = 1 if protocol in ["DHCP", "BOOTP"] else 0  # DHCP may appear as BOOTP
+        protocol_ftp = 1 if protocol == "FTP" else 0
+        protocol_smtp = 1 if protocol == "SMTP" else 0
+        protocol_pop3 = 1 if protocol == "POP" else 0
+        protocol_imap = 1 if protocol == "IMAP" else 0
+        protocol_dns = 1 if protocol == "DNS" else 0
+
+        features = {
+            'pktcount': int(packet.length),
+            'byteperflow': byteperflow,
+            'tot_kbps': float(packet.length) / 1000.0,
+            'rx_kbps': float(packet.length) / 1000.0,
+            'flows': 1,
+            'bytecount': float(packet.length),
+            'tot_dur': float(packet.frame_info.time_delta),
+            'Protocol_ICMP': protocol_icmp,
+            'Protocol_TCP': protocol_tcp,
+            'Protocol_UDP': protocol_udp,
+            'Protocol_HTTP': protocol_http,
+            'Protocol_HTTPS': protocol_https,
+            'Protocol_SSH': protocol_ssh,
+            'Protocol_DHCP': protocol_dhcp,
+            'Protocol_FTP': protocol_ftp,
+            'Protocol_SMTP': protocol_smtp,
+            'Protocol_POP3': protocol_pop3,
+            'Protocol_IMAP': protocol_imap,
+            'Protocol_DNS': protocol_dns,
+            'src_ip': src_ip,  # Capture source IP address
+            'dst_ip': dst_ip  ,
+            'probability' : 0.0 # Capture destination IP address
+
+        }
+
+        return pd.DataFrame([features])
+    except AttributeError:
+        return None
+
+def prepare_X_test(packets_list, drop_features):
+   
+    return None
+
+def send_prediction(file_path):
+    url = "http://127.0.0.1:8000/ddos-predictions/"
+    with open(file_path, 'rb') as f:
+        files = {'file': f}
+        response = requests.post(url, files=files)
+        if response.status_code == 200:
+            print(f"Successfully sent {file_path} to API.")
+        else:
+            print(f"Failed to send {file_path} to API. Status code: {response.status_code}")
+
+def make_predictions(X_test,X):
+    logistic_regression_model = joblib.load('logistic_regression_model.pkl')
+    svm_model = joblib.load('svm_model.pkl')
+    knn_model = joblib.load('knn_model.pkl')
+    decision_tree_model = joblib.load('decision_tree_model.pkl')
+    random_forest_model = joblib.load('random_forest_model.pkl')
+
+    scaler = StandardScaler()
+    X_test_scaled = scaler.fit_transform(X_test)
+
+    models = {
+        'Logistic Regression': logistic_regression_model,
+        'SVM': svm_model,
+        'KNN': knn_model,
+        'Decision Tree': decision_tree_model,
+        'Random Forest': random_forest_model
+    }
+        # Open the CSV file for writing
+    all_predictions = []
+
+
+
+    # Collect predictions for each model
+    for model_name, model in models.items():
+        y_pred = model.predict(X_test_scaled)
+        all_predictions.append(y_pred)
+    # print(all_predictions, "-")
+    # Transpose the list of predictions so that each row represents predictions from different models for each instance
+    transposed_predictions = list(zip(*all_predictions))
+    # print(transposed_predictions, "-")
+    i = 0
+    for row in transposed_predictions:
+        row_sum = sum(row)
+        
+        avg = row_sum / 5
+        X['probability'][i] = avg
+        i+=1
+        # print("keys: ", X.keys())
+    
+    # print("X  =", X)
+        # return results
+    with open('prediction.csv', mode='w', newline='') as file:
+        writer = csv.DictWriter(file, fieldnames=X.keys())  # Use the keys as headers
+        writer.writeheader()  # Write the header
+        for index, row in X.iterrows():
+            # print(row)
+            writer.writerow(row.to_dict())
+    try:
+        send_prediction("prediction.csv")
+    except:
+        print("could not connect to server")
+def capture_packets(interface=None):
+
+    try:
+        subprocess.check_call(['sudo', 'apt', 'install', '-y', 'tshark'])
+        print("tshark installed successfully.")
+    except subprocess.CalledProcessError:
+        print("Failed to install tshark. Please install it manually.")
+    if interface is None:
+        interface = get_active_interface()
+
+    capture = pyshark.LiveCapture(interface=interface, tshark_path='/usr/bin/tshark')
+
+
+
+    try:
+        # print("here")
+        # capture.sniff(timeout=60)
+        while value:
+            # print(value)
+            packets_list = []
+            if stop_event.is_set():
+                break
+            # print("c")
+            count = 0
+            # print(packets_list)
+            for packet in capture:
+                # print("h")
+
+                if(count == 15):
+                    break
+                try:
+                    processed_packet = preprocess_packet(packet)
+
+                    if processed_packet is not None:
+                        # print(processed_packet["dst_ip"])
+                        # print(processed_packet["src_ip"])
+
+                        if ":" in processed_packet["dst_ip"] or ":" in processed_packet["src_ip"]:
+                            print("packet isn't correct")
+                            continue
+                            # print(processed_packet)
+                        packets_list.append(processed_packet)
+                        count+=1
+                    # print(count)
+                        
+                except AttributeError as e:
+                    print(f"Error processing packet: {e}")
+                
+            # X_test_scaled = prepare_X_test(packets_list, drop_features)
+            if len(packets_list) >= 1:
+                X_test = pd.concat(packets_list, ignore_index=True)
+                X_test_scaled = X_test.drop(drop_features, axis=1, errors='ignore')
+                X_test_scaled = X_test_scaled.reindex(columns=important_features, fill_value=0)
+
+            if X_test_scaled is not None:
+                results = make_predictions(X_test_scaled,X_test)
+                # Write results to CSV
+            time.sleep(10)
+    except KeyboardInterrupt: 
+        print("\nPacket capturing stopped.")
+def start_capture():
+    global thread
+    if os.geteuid() != 0:
+        root.withdraw()  # Hide the GUI before prompting for password
+        password = simpledialog.askstring("Password", "Enter your sudo password and run again:", show='*')
+        if password:
+            try:
+                subprocess.run(['sudo', '-S', sys.executable] + sys.argv, input=password.encode(), check=True)
+            except subprocess.CalledProcessError:
+                messagebox.showerror("Error", "Failed to run the script with sudo.")
+            finally:
+                root.destroy()  # Close the GUI after attempting to elevate privileges
+        else:
+            messagebox.showerror("Error", "No password provided. Unable to run with sudo.")
+    elif not stop_event.is_set():
+        global value 
+        value = True
+        stop_event.clear()
+        # Hide the window when packet capturing starts
+        root.withdraw()
+
+        thread = Thread(target=capture_packets)
+        thread.start()
+
+        start_button.config(state=tk.DISABLED)
+        stop_button.config(state=tk.NORMAL)
+
+def stop_capture():
+    global value
+    value = False
+    stop_event.set()
+    if thread.is_alive():
+        thread.join()  # Wait for the thread to finish
+    start_button.config(state=tk.NORMAL)
+    stop_button.config(state=tk.DISABLED)
+    root.destroy()
+
+
+def setup_gui():
+    global root, start_button, stop_button, thread
+    root = tk.Tk()
+    root.title("Packet Capture Tool")
+
+
+    root.attributes('-alpha', 0.8)  # Set the transparency level (0.0 fully transparent, 1.0 fully opaque)
+     
+
+
+    root.overrideredirect(True)
+
+    start_button = tk.Button(root, text="Start Capture", command=start_capture)
+    start_button.pack(pady=20)
+
+    stop_button = tk.Button(root, text="Stop Capture", command=stop_capture, state=tk.DISABLED)
+    stop_button.pack(pady=20)
+
+    root.mainloop()
+
+if __name__ == '__main__':
+    setup_gui()