adding chinguard, anomaly detector and visualisation tool

anomaly_detection_tool/README.md

@@ -0,0 +1,50 @@
+# Anomaly Detection Model
+## Overview
+This repository contains a Python class AnomalyDetectionModel built using TensorFlow and Keras
+for detecting anomalies in network traffic data. The class encapsulates the creation, training,
+and evaluation of a neural network model designed to classify network data as either normal or anomalous.
+
+### Why Use a Sequential Model?
+The Sequential model in Keras is a simple, linear stack of layers. 
+It is ideal for building feedforward neural networks where the model 
+progresses through each layer sequentially, without any branching or complex topologies.
+
+### Key Reasons for Using Sequential:
+
+Simplicity: The Sequential API is straightforward and easy to use. It is perfect for beginners and 
+for models that involve a single input and output with layers stacked one after the other.
+
+Linear Stack: For the task of anomaly detection, the architecture typically involves a simple
+forward pass through several dense layers, making the Sequential model a natural fit.
+
+Flexibility: While simple, the Sequential model is flexible enough to allow for customization
+through the addition of various types of layers, activation functions, and regularization techniques.
+
+Example Usage
+```python
+
+# Initialize the model with the input shape
+anomaly_model = AnomalyDetectionModel(X_train.shape[1])
+
+# Train the model
+history = anomaly_model.train(X_train, y_train)
+
+# Evaluate the model on the test data
+loss, accuracy = anomaly_model.evaluate(X_test, y_test)
+print(f'Test Accuracy: {accuracy:.4f}')
+```
+
+Dependencies
+Python 3.x
+TensorFlow
+Keras (included with TensorFlow)
+Scikit-learn
+Pandas
+Installation
+Install the required packages using pip:
+
+Conclusion
+The Sequential model is a great choice for this anomaly detection task due to its simplicity,
+ease of use, and the linear nature of the problem. This approach ensures that the model is easy
+to build, understand, and maintain while still providing robust performance for binary classification
+tasks such as anomaly detection.

anomaly_detection_tool/anomaly_detection_model.py

@@ -0,0 +1,30 @@
+import tensorflow as tf
+from tensorflow.keras import layers, models
+
+class AnomalyDetectionModel:
+    def __init__(self, input_shape):
+        self.model = self.build_model(input_shape)
+
+    def build_model(self, input_shape):
+        model = models.Sequential([
+            layers.Dense(64, activation='relu', input_shape=(input_shape,)),
+            layers.Dense(32, activation='relu'),
+            layers.Dense(16, activation='relu'),
+            layers.Dense(1, activation='sigmoid')
+        ])
+        model.compile(optimizer='adam', loss='binary_crossentropy', metrics=['accuracy'])
+        return model
+
+    def train(self, X_train, y_train, epochs=10, batch_size=32, validation_split=0.2):
+        history = self.model.fit(X_train, y_train, epochs=epochs, batch_size=batch_size, validation_split=validation_split)
+        return history
+
+    def evaluate(self, X_test, y_test):
+        loss, accuracy = self.model.evaluate(X_test, y_test)
+        return loss, accuracy
+
+# Example usage:
+# anomaly_model = AnomalyDetectionModel(X_train.shape[1])
+# history = anomaly_model.train(X_train, y_train)
+# loss, accuracy = anomaly_model.evaluate(X_test, y_test)
+# print(f'Test Accuracy: {accuracy:.4f}')

anomaly_detection_tool/data_processor.py

@@ -0,0 +1,38 @@
+#import fireducks.pandas as pd
+import pandas as pd
+
+from sklearn.model_selection import train_test_split
+from sklearn.preprocessing import LabelEncoder, StandardScaler
+
+class DataProcessor:
+    def __init__(self, csv_file):
+        self.data = pd.read_csv(csv_file)
+        self.label_encoders = {}
+        self.scaler = StandardScaler()
+
+    def preprocess_data(self):
+        for column in ['IP', 'Hostnames', 'OS']:
+            self.label_encoders[column] = LabelEncoder()
+            self.data[column] = self.label_encoders[column].fit_transform(self.data[column].astype(str))
+
+        self.data['Port'] = self.scaler.fit_transform(self.data[['Port']])
+        self.data['Timestamp'] = pd.to_datetime(self.data['Timestamp']).astype(int) / 10**9
+        return self.data
+
+    def get_features_and_labels(self, label_column='Anomaly'):
+        if label_column not in self.data.columns:
+            raise ValueError(f"Label column '{label_column}' not found in data.")
+
+        X = self.data.drop([label_column], axis=1)
+        y = self.data[label_column]
+        return X, y
+
+    def split_data(self, X, y, test_size=0.2, random_state=42):
+        X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=test_size, random_state=random_state)
+        return X_train, X_test, y_train, y_test
+
+# # Example usage:
+# processor = DataProcessor('shodan_scan_results.csv')
+# processed_data = processor.preprocess_data()
+# X, y = processor.get_features_and_labels()
+# X_train, X_test, y_train, y_test = processor.split_data(X, y)

chainguard/blockchain.py

@@ -0,0 +1,46 @@
+import hashlib
+import time
+
+class Block:
+    def __init__(self, index, previous_hash, timestamp, data, hash):
+        self.index = index
+        self.previous_hash = previous_hash
+        self.timestamp = timestamp
+        self.data = data
+        self.hash = hash
+
+class Blockchain:
+    def __init__(self):
+        self.chain = [self.create_genesis_block()]
+
+    def create_genesis_block(self):
+        genesis_block = Block(0, "0", int(time.time()), "Genesis Block", "0")
+        genesis_block.hash = self.calculate_hash(genesis_block)
+        return genesis_block
+
+    def calculate_hash(self, block):
+        block_string = f"{block.index}{block.previous_hash}{block.timestamp}{block.data}".encode()
+        return hashlib.sha256(block_string).hexdigest()
+
+    def get_latest_block(self):
+        return self.chain[-1]
+
+    def add_block(self, data):
+        latest_block = self.get_latest_block()
+        new_block = Block(len(self.chain), latest_block.hash, int(time.time()), data, "")
+        new_block.hash = self.calculate_hash(new_block)
+        self.chain.append(new_block)
+        print(f"Block added: {new_block.hash}")
+        return new_block
+
+    def is_chain_valid(self):
+        for i in range(1, len(self.chain)):
+            current_block = self.chain[i]
+            previous_block = self.chain[i - 1]
+
+            if current_block.hash != self.calculate_hash(current_block):
+                return False
+
+            if current_block.previous_hash != previous_block.hash:
+                return False
+        return True

chainguard/blockchain_logger.py

@@ -0,0 +1,30 @@
+from chainguard.blockchain import Blockchain
+
+class BlockchainLogger:
+    def __init__(self):
+        self.blockchain = Blockchain()
+
+    def log_data(self, data: str):
+        """
+        Logs the provided data into the blockchain.
+        Args:
+            data (str): The data to be logged in the blockchain.
+        Returns:
+            dict: The details of the newly added block.
+        """
+        new_block = self.blockchain.add_block(data)
+        return {
+            "block_hash": new_block.hash,
+            "block_index": new_block.index,
+            "blockchain_length": len(self.blockchain.chain),
+            "previous_hash": new_block.previous_hash,
+            "timestamp": new_block.timestamp
+        }
+
+    def is_blockchain_valid(self):
+        """
+        Validates the integrity of the blockchain.
+        Returns:
+            bool: True if the blockchain is valid, False otherwise.
+        """
+        return self.blockchain.is_chain_valid()

chainguard/data_transfer.py

@@ -0,0 +1,46 @@
+import socket
+from chainguard.encryption import AESCipher
+from chainguard.blockchain_logger import BlockchainLogger
+
+class SecureDataTransfer:
+    def __init__(self, password: str, host: str = 'localhost', port: int = 12345):
+        self.cipher = AESCipher(password)
+        self.host = host
+        self.port = port
+        self.blockchain_logger = BlockchainLogger()
+
+    def send_data(self, data: str):
+        """
+        Encrypts and sends data over the network, then logs it in the blockchain.
+        """
+        encrypted_data = self.cipher.encrypt(data)
+        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+            s.connect((self.host, self.port))
+            s.sendall(encrypted_data.encode())
+            print(f"Sent encrypted data: {encrypted_data}")
+            # Log the transaction in the blockchain
+            self.blockchain_logger.log_data(encrypted_data)
+
+    def receive_data(self):
+        """
+        Receives encrypted data, decrypts it, and logs it in the blockchain.
+        """
+        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+            s.bind((self.host, self.port))
+            s.listen()
+            conn, addr = s.accept()
+            with conn:
+                print(f"Connected by {addr}")
+                encrypted_data = conn.recv(1024).decode()
+                decrypted_data = self.cipher.decrypt(encrypted_data)
+                print(f"Received encrypted data: {encrypted_data}")
+                print(f"Decrypted data: {decrypted_data}")
+                # Log the transaction in the blockchain
+                self.blockchain_logger.log_data(encrypted_data)
+                return decrypted_data
+
+    def validate_blockchain(self):
+        """
+        Validates the blockchain's integrity.
+        """
+        return self.blockchain_logger.is_blockchain_valid()

chainguard/data_transformer.py

@@ -0,0 +1,35 @@
+from chainguard.blockchain_logger import BlockchainLogger
+
+class DataTransformer:
+    def __init__(self):
+        """
+        Initializes a DataTransformer with a blockchain logger instance.
+        """
+        self.blockchain_logger = BlockchainLogger()
+
+    def secure_transform(self, data):
+        """
+        Securely transforms the input data by logging it into the blockchain.
+
+        Args:
+            data (dict): The log data or any data to be securely transformed.
+
+        Returns:
+            dict: A dictionary containing the original data, block hash, and blockchain length.
+        """
+        # Log the data into the blockchain
+        block_details = self.blockchain_logger.log_data(data)
+
+        # Return the block details and blockchain status
+        return {
+            "data": data,
+            **block_details
+        }
+
+    def validate_blockchain(self):
+        """
+        Validates the integrity of the blockchain.
+        Returns:
+            bool: True if the blockchain is valid, False otherwise.
+        """
+        return self.blockchain_logger.is_blockchain_valid()

chainguard/encryption.py

@@ -0,0 +1,45 @@
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import padding
+from base64 import b64encode, b64decode
+import os
+
+class AESCipher:
+    def __init__(self, key: str):
+        self.backend = default_backend()
+        salt = os.urandom(16)
+        kdf = PBKDF2HMAC(
+            algorithm=hashes.SHA256(),
+            length=32,
+            salt=salt,
+            iterations=100000,
+            backend=self.backend
+        )
+        self.key = kdf.derive(key.encode())
+        self.iv = os.urandom(16)
+
+    def encrypt(self, plaintext: str) -> str:
+        padder = padding.PKCS7(algorithms.AES.block_size).padder()
+        padded_data = padder.update(plaintext.encode()) + padder.finalize()
+
+        cipher = Cipher(algorithms.AES(self.key), modes.CBC(self.iv), backend=self.backend)
+        encryptor = cipher.encryptor()
+        encrypted_data = encryptor.update(padded_data) + encryptor.finalize()
+
+        return b64encode(self.iv + encrypted_data).decode('utf-8')
+
+    def decrypt(self, ciphertext: str) -> str:
+        encrypted_data = b64decode(ciphertext)
+        iv = encrypted_data[:16]
+        encrypted_data = encrypted_data[16:]
+
+        cipher = Cipher(algorithms.AES(self.key), modes.CBC(iv), backend=self.backend)
+        decryptor = cipher.decryptor()
+        padded_plaintext = decryptor.update(encrypted_data) + decryptor.finalize()
+
+        unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
+        plaintext = unpadder.update(padded_plaintext) + unpadder.finalize()
+
+        return plaintext.decode('utf-8')

chainguard/tests/test_blockchain.py

@@ -0,0 +1,29 @@
+import unittest
+from chainguard.blockchain import Blockchain
+
+class TestBlockchain(unittest.TestCase):
+    def setUp(self):
+        self.blockchain = Blockchain()
+
+    def test_genesis_block(self):
+        genesis_block = self.blockchain.chain[0]
+        self.assertEqual(genesis_block.data, "Genesis Block")
+
+    def test_add_block(self):
+        self.blockchain.add_block("Test Block")
+        latest_block = self.blockchain.get_latest_block()
+        self.assertEqual(latest_block.data, "Test Block")
+
+    def test_chain_validity(self):
+        self.blockchain.add_block("First block")
+        self.blockchain.add_block("Second block")
+        self.assertTrue(self.blockchain.is_chain_valid())
+
+    def test_chain_invalidity(self):
+        self.blockchain.add_block("First block")
+        self.blockchain.chain[1].data = "Tampered Data"
+        self.assertFalse(self.blockchain.is_chain_valid())
+
+if __name__ == '__main__':
+    unittest.main()
+

chainguard/tests/test_data_transfer.py

@@ -0,0 +1,30 @@
+# chainguard/tests/test_data_transfer.py
+
+import unittest
+import threading
+from chainguard.data_transfer import SecureDataTransfer
+
+class TestSecureDataTransfer(unittest.TestCase):
+    def setUp(self):
+        self.password = "transferpassword123"
+        self.data = "Sensitive data being transferred."
+        self.server = SecureDataTransfer(self.password)
+        self.client = SecureDataTransfer(self.password)
+
+    def test_data_transfer(self):
+        def run_server():
+            received_data = self.server.receive_data()
+            self.assertEqual(received_data, self.data)
+
+        server_thread = threading.Thread(target=run_server)
+        server_thread.start()
+
+        self.client.send_data(self.data)
+        server_thread.join()
+
+        # Validate blockchain integrity after transfer
+        self.assertTrue(self.server.validate_blockchain())
+        self.assertTrue(self.client.validate_blockchain())
+
+if __name__ == '__main__':
+    unittest.main()

chainguard/tests/test_encryption.py

@@ -0,0 +1,29 @@
+import unittest
+from chainguard.encryption import AESCipher
+
+
+class TestAESCipher(unittest.TestCase):
+    def setUp(self):
+        self.password = "securepassword123"
+        self.cipher = AESCipher(self.password)
+
+    def test_encryption_decryption(self):
+        plaintext = "This is a secret message."
+        encrypted = self.cipher.encrypt(plaintext)
+        decrypted = self.cipher.decrypt(encrypted)
+
+        self.assertEqual(plaintext, decrypted)
+
+    def test_different_plaintext(self):
+        plaintext1 = "Message One"
+        plaintext2 = "Message Two"
+        encrypted1 = self.cipher.encrypt(plaintext1)
+        encrypted2 = self.cipher.encrypt(plaintext2)
+
+        self.assertNotEqual(encrypted1, encrypted2)
+        self.assertEqual(self.cipher.decrypt(encrypted1), plaintext1)
+        self.assertEqual(self.cipher.decrypt(encrypted2), plaintext2)
+
+
+if __name__ == '__main__':
+    unittest.main()

visualisation/chainguard_graph_db.py

@@ -0,0 +1,102 @@
+from neo4j import GraphDatabase
+
+class ChainGuardGraphDB:
+    def __init__(self, uri, user, password):
+        self.driver = GraphDatabase.driver(uri, auth=(user, password))
+
+    def close(self):
+        """Close the database connection."""
+        self.driver.close()
+
+    def create_node(self, label, properties):
+        """Create a node with the specified label and properties."""
+        with self.driver.session() as session:
+            session.write_transaction(self._create_and_return_node, label, properties)
+
+    @staticmethod
+    def _create_and_return_node(tx, label, properties):
+        query = (
+            f"CREATE (n:{label} {{"
+            + ", ".join([f"{k}: ${k}" for k in properties.keys()])
+            + "}}) RETURN n"
+        )
+        result = tx.run(query, **properties)
+        return result.single()[0]
+
+    def create_relationship(self, node1_label, node1_property, node2_label, node2_property, relationship_type):
+        """Create a relationship between two nodes."""
+        with self.driver.session() as session:
+            session.write_transaction(
+                self._create_and_return_relationship,
+                node1_label, node1_property, node2_label, node2_property, relationship_type
+            )
+
+    @staticmethod
+    def _create_and_return_relationship(tx, node1_label, node1_property, node2_label, node2_property, relationship_type):
+        query = (
+            f"MATCH (a:{node1_label} {{name: $node1_property}}), (b:{node2_label} {{name: $node2_property}}) "
+            f"CREATE (a)-[r:{relationship_type}]->(b) "
+            "RETURN r"
+        )
+        result = tx.run(query, node1_property=node1_property, node2_property=node2_property)
+        return result.single()[0]
+
+    def find_related_anomalies(self, transaction_name):
+        """Find all anomalies related to a specific blockchain transaction."""
+        with self.driver.session() as session:
+            result = session.run(
+                "MATCH (t:BlockchainTransaction {name: $transaction_name})-[:DETECTED_IN]->(a:Anomaly) "
+                "RETURN a.name, a.type, a.severity",
+                transaction_name=transaction_name
+            )
+            return [record for record in result]
+
+    def find_blockchain_transactions(self, anomaly_name):
+        """Find all blockchain transactions related to a specific anomaly."""
+        with self.driver.session() as session:
+            result = session.run(
+                "MATCH (a:Anomaly {name: $anomaly_name})<-[:DETECTED_IN]-(t:BlockchainTransaction) "
+                "RETURN t.name, t.amount, t.timestamp",
+                anomaly_name=anomaly_name
+            )
+            return [record for record in result]
+
+    def validate_blockchain(self):
+        """Validate the blockchain (this is a simplified example)."""
+        with self.driver.session() as session:
+            result = session.run(
+                "MATCH (b:BlockchainTransaction) "
+                "RETURN COUNT(b) as transaction_count"
+            )
+            count = result.single()["transaction_count"]
+            # Simplified validation: checks if there are transactions in the blockchain
+            return count > 0
+
+# Example usage
+if __name__ == "__main__":
+    # Connect to the database
+    db = ChainGuardGraphDB(uri="bolt://localhost:7687", user="neo4j", password="your_password")
+
+    # Create nodes
+    db.create_node("BlockchainTransaction", {"name": "Tx1", "amount": 100, "timestamp": "2024-09-01"})
+    db.create_node("Anomaly", {"name": "Anomaly1", "type": "Network", "severity": "High"})
+
+    # Create relationships
+    db.create_relationship("BlockchainTransaction", "Tx1", "Anomaly", "Anomaly1", "DETECTED_IN")
+
+    # Query related anomalies for a transaction
+    related_anomalies = db.find_related_anomalies("Tx1")
+    for anomaly in related_anomalies:
+        print(f"Related Anomaly: {anomaly['a.name']}, Type: {anomaly['a.type']}, Severity: {anomaly['a.severity']}")
+
+    # Query related transactions for an anomaly
+    related_transactions = db.find_blockchain_transactions("Anomaly1")
+    for tx in related_transactions:
+        print(f"Related Transaction: {tx['t.name']}, Amount: {tx['t.amount']}, Timestamp: {tx['t.timestamp']}")
+
+    # Validate the blockchain
+    is_valid = db.validate_blockchain()
+    print(f"Blockchain valid: {is_valid}")
+
+    # Close the connection
+    db.close()