来源

关联漏洞

描述

An AI-powered tool to predict and prevent zero-day attacks on firewalls, like Palo Alto’s CVE-2024-3400. Uses Python, Wireshark, MITRE ATT&CK datasets, and Docker for real-time anomaly detection.

介绍

# Zero-Day-Vulnerability-Exploitation-Detection-Tool
An AI-powered tool to predict and prevent zero-day attacks on firewalls, like Palo Alto’s CVE-2024-3400. Uses Python, Wireshark, MITRE ATT&CK datasets, and Docker for real-time anomaly detection.


# Zero-Day Vulnerability Exploitation Detection Tool

## 📑 Table of Contents
- [**Project Description**](#project-description)
- [**Objectives**](#objectives)
- [**Why This Project**](#why-this-project)
- [**Technologies and Tools**](#technologies-and-tools)
- [**Project Structure**](#project-structure)
- [**Timeline**](#timeline)
- [**Setup Instructions**](#setup-instructions)
- [**Running the Project**](#running-the-project)
- [**Testing the Tool**](#testing-the-tool)
- [**How to Contribute**](#how-to-contribute)
- [**License**](#license)
- [**Contact**](#contact)
- [**References**](#references)

---

## 🔍 **Project Description**
This repository hosts an **AI-powered tool** designed to predict and prevent **zero-day attacks** targeting firewalls, such as Palo Alto’s CVE-2024-3400. Zero-day vulnerabilities are exploited before patches are available, posing severe risks to network security.

The tool leverages **machine learning** to analyze network traffic, detect anomalous patterns, and block potential breaches in real-time. Built with **Python**, **Wireshark**, **MITRE ATT&CK datasets**, and **Docker**, it offers a robust solution for proactive cybersecurity. The project includes data collection, model training, tool integration, and testing in a sandbox environment—ideal for enthusiasts in **networking**, **AI**, and **cybersecurity**.

---

## 🎯 **Objectives**
- Research zero-day vulnerabilities in firewalls.  
- Collect and label network traffic data for training an AI model.  
- Develop a machine learning model to detect potential zero-day attacks.  
- Integrate the model into a functional tool for real-time monitoring.  
- Test the tool in a safe environment using simulated attacks.  
- Document the process and present findings.  

---

## ❓ **Why This Project**
Zero-day vulnerabilities are a critical cybersecurity threat, as traditional defenses often fail against unknown exploits. This project leverages machine learning to proactively detect attack patterns, enhancing firewall security. It builds on interests in **networking** and **CTF challenges**, offering a **practical learning experience** in AI and cybersecurity.

---

## 🛠️ **Technologies and Tools**

| **Tool/Library** | **Purpose** |
|------------------|-------------|
| **Python** | AI/ML model development using libraries like `scikit-learn`, `TensorFlow`, or `PyTorch`. |
| **Wireshark** | Captures and analyzes network traffic for training data. |
| **MITRE ATT&CK Dataset** | Simulates zero-day attack patterns. |
| **Docker** | Creates a sandbox for safe testing. |
| **Python Libraries** | Listed in `requirements.txt`:<br>• `scikit-learn`: For traditional ML algorithms.<br>• `tensorflow` or `pytorch`: For deep learning models.<br>• `pandas`, `numpy`: For data processing.<br>• `matplotlib`: For visualizing results. |

---

## 🗂️ **Project Structure**
The repository is organized as follows:
![image](https://github.com/user-attachments/assets/2058bede-22c5-4347-82e5-df65ee7f9be6)


---

## 🗓️ **Timeline**

| **Weeks** | **Phase**                 | **Tasks**                                      |
|-----------|---------------------------|------------------------------------------------|
| 1-2       | Research & Planning        | Study vulnerabilities, set up tools.           |
| 3-4       | Data Collection & Labeling | Capture traffic, label data.                   |
| 5-6       | Feature Engineering & ML   | Extract features, develop model.               |
| 7-8       | Model Training & Evaluation| Train and evaluate model.                      |
| 9-10      | Tool Integration           | Build and integrate tool.                      |
| 11-12     | Testing & Validation       | Test in Docker environments.                   |
| 13-14     | Documentation & Presentation| Finalize report, prepare demo.                |

---

## ⚙️ **Setup Instructions**

1. **Install Python:**
   - Download Python 3.6+ from [python.org](https://www.python.org/)
   - Verify:  
     ```bash
     python --version
     ```

2. **Install Wireshark:**
   - Download from [wireshark.org](https://www.wireshark.org/)
   - Follow OS-specific installation instructions.

3. **Install Docker:**
   - Download from [docker.com](https://www.docker.com/)
   - Verify:  
     ```bash
     docker --version
     ```

4. **Clone the Repository:**
   ```bash
   git clone https://github.com/yourusername/Zero-Day-Vulnerability-Exploitation-Detection-Tool.git
   cd Zero-Day-Vulnerability-Exploitation-Detection-Tool
   
5. **Install Python Dependencies:**
```bash
pip install -r requirements.txt
```

6. **Set Up Data**

Download MITRE ATT&CK Dataset from MITRE ATT&CK and place it in the data/ directory.
Capture network traffic using Wireshark and save it as data/capture.pcap.

## ▶️ Running the Project

### 🛡️ Data Collection

Capture traffic with Wireshark or tshark:

```bash
tshark -i eth0 -w data/capture.pcap
```

Label traffic as benign or malicious (manual or scripted).

---

### 🧹 Data Processing

```bash
python src/data_processing.py
```

---

### 🧠 Model Training

```bash
python src/model.py
```

Saves model to `models/model.pkl`.

---

### 🚦 Run the Tool

Start real-time monitoring:

```bash
python src/tool.py
```

Analyzes live traffic using the trained model.

---

## 🧪 Testing the Tool

1. Test in a Docker sandbox:

```bash
docker build -t zero-day-detector .
```
2. Run the container:
```
docker run -it zero-day-detector
```

Simulate attacks (e.g., using **Metasploit**) and verify detection.

---

## 🤝 How to Contribute

- Fork the repository.
- Create a branch:

```bash
git checkout -b feature/new-feature
```

- Commit changes:

```bash
git commit -m "Add new feature"
```

- Push the branch:

```bash
git push origin feature/new-feature
```

- Submit a pull request.

> Follow coding standards and include tests.

---

## 📄 License

This project is licensed under the **MIT License** – see `LICENSE`.

---

## 📬 Contact

Contact **Rohtih** at **rohithreddyrry2004@gmail.com** for questions or feedback.

---

## 📚 References

- [Wireshark Documentation](https://www.wireshark.org/docs/)
- [MITRE ATT&CK Framework](https://attack.mitre.org/)
- [Python Official Site](https://www.python.org/)
- [Docker Documentation](https://docs.docker.com/)
- [scikit-learn Tutorials](https://scikit-learn.org/stable/tutorial/index.html)
- [TensorFlow Tutorials](https://www.tensorflow.org/tutorials)

文件快照

 [4.0K]  /data/pocs/cece8b366ed6c23961466aec8643c59bcf34920e
├── [1.1K]  LICENSE
└── [6.6K]  README.md

0 directories, 2 files

备注