UFCFFY-15-M Cyber Security Analytics¶
Practical Lab: Yet More Network Traffic Analysis¶
You have been asked to examine a sample of network traffic to investigate suspicious activity on some of the company workstations. The company directors need to be able to understand this data.
- Can you analyse the packet capture (PCAP) file provided and produce useful visualisation outputs (e.g., node-link diagram, parallel coordinates) based on this, that can help further explain the observed activity?
In [2]:
### Load in the libraries and the data
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns
def load_csv_data():
data = pd.read_csv('./example_data/example_pcap.csv')
return data
data = load_csv_data()
data
Out[2]:
In [80]:
# How may you create a network graph / node link graph using Python?
import numpy as np
srcs = data['Source']
dsts = data['Destination']
nodes = np.concatenate((srcs, dsts))
nodes = np.unique(nodes)
import networkx as nx
G = nx.Graph()
G.add_nodes_from(nodes)
for i in range(data.shape[0]):
src = data.iloc[i]['Source']
dst = data.iloc[i]['Destination']
G.add_edge(src, dst)
import matplotlib.pyplot as plt
plt.figure(figsize=(20,10))
nx.draw(G, with_labels=True)
In [7]:
# How could you create a parallel coordinates chart using Python?
import pandas
import matplotlib.pyplot as plt
import seaborn as sns
from pandas.plotting import parallel_coordinates
protocol_list = ['DNS', 'HTTP', 'SMB2']
pc_data = data[['Source', 'Destination', 'Protocol', 'Length']]
pc_data = pc_data.astype(str)
pc_data = pc_data[pc_data['Protocol'].isin(protocol_list)]
plt.figure(figsize=(20,10))
parallel_coordinates(pc_data, 'Protocol', color=('#1b9e77','#d95f02','#7570b3'))
plt.show()
In [ ]: