AlirezaDehlaghi
diff --git a/‎.buildinfo
+4 b/‎.buildinfo
+4
diff --git a/‎.doctrees/api.doctree
3.33 KB b/‎.doctrees/api.doctree
3.33 KB
diff --git a/‎.doctrees/environment.pickle
38 KB b/‎.doctrees/environment.pickle
38 KB
diff --git a/‎.doctrees/index.doctree
3.34 KB b/‎.doctrees/index.doctree
3.34 KB
diff --git a/‎.doctrees/readme_copy.doctree
13.7 KB b/‎.doctrees/readme_copy.doctree
13.7 KB
diff --git a/‎.nojekyll b/‎.nojekyll
diff --git a/‎_sources/api.md.txt
+20 b/‎_sources/api.md.txt
+20
diff --git a/‎_sources/index.rst.txt
+14 b/‎_sources/index.rst.txt
+14
diff --git a/‎_sources/readme_copy.md.txt
+79 b/‎_sources/readme_copy.md.txt
+79
diff --git a/‎_static/_sphinx_javascript_frameworks_compat.js
+123 b/‎_static/_sphinx_javascript_frameworks_compat.js
+123
@@ -0,0 +1,4 @@
+# Sphinx build info version 1
+# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
+config: 62067277e1d30a8c93d784005608bccd
+tags: 645f666f9bcd5a90fca523b33c5a78b7
@@ -0,0 +1,20 @@
+# API reference
+
+This page is under development!
+## Helper Class
+
+```{eval-rst}
+.. automodule:: Helper
+   :members:
+   :show-inheritance:
+```
+
+## ICSFlowGenerator Class
+
+```{eval-rst}
+.. autoclass:: ICSFlowGenerator.ICSFlowGenerator
+   :imported-members:
+   :members:
+   :undoc-members:
+   :show-inheritance:
+```
@@ -0,0 +1,14 @@
+.. Example documentation master file, created by
+   sphinx-quickstart on Sat Sep 23 20:35:12 2023.
+   You can adapt this file completely to your liking, but it should at least
+   contain the root `toctree` directive.
+
+Welcome to ICSFLow's documentation!
+===================================
+
+.. toctree::
+   :maxdepth: 2
+   :caption: Contents:
+
+   readme_copy.md
+   api.md
@@ -0,0 +1,79 @@
+
+# ICSFLowGenerator in Docs
+
+This is tool for offline and online processing of network packets and creating network flows.
+
+
+
+## Capabilities
+Reading packets could be done in two modes
+* offline from PCAP file
+* online sniffing of LAN
+
+We can annotate data using True labels or predicted labels
+* Ture Labels: proving attack history log files, it can detect which flows are malicious
+* Predicated Labels: We could also try to analyze network flows with pretrained model and predict its anomality. 
+
+
+## Arguments 
+positional arguments:  <action:sniff|convert>
+                        Choose online sniffing of a LAN or offline converting
+                        PCAP file
+
+options:
+  -h, --help            show this help message and exit
+  --source <source file or LAN name>>
+                        In online sniffing provide <LAN name> and in offline
+                        converting provide <PCAP file>
+  --interval interval in seconds
+                        interval to compute flows
+  --attacks attack log csv file address
+                        attack file address for finding true flows' label
+  --predictor model      address of pre trained ml model to classify incoming
+                        flows
+  --target_stream <Stream address>
+                        Target server address to stream out network flows
+  --target_file <csv file name>
+                        csv file to output
+
+
+## Sample runtime arguments
+1) sniffing from Wi-Fi lan without annotation and writing flows to file:
+```
+sniff --source   Wi-Fi   --interval   0.5   --target_file   output/sniffed.csv 
+```
+
+
+2) offline generating of network flows from PCAP file with True label annotation and writing flows to file::
+```
+Convert 
+    --source        input/traffic.pcap
+    --interval      0.5
+    --attacks       input/attacker_machine_summary.csv
+    --target_file   output/sniffed.csv 
+```
+
+3) offline generating of network flows from PCAP file with True label annotation and prediction and writing flows to file:
+```
+Convert 
+    --source                input/traffic.pcap
+    --interval              0.5
+    --attacks               input/attacker_machine_summary.csv
+    --predictor             input/predict_model.joblib
+    --target_file           output/sniffed.csv  
+```
+or 
+```
+Convert  --source  input/traffic.pcap --interval 0.5 --attacks  input/attacker_machine_summary.csv  --target_file  output/sniffed.csv 
+```
+
+4) offline generating of network flows from PCAP file with True label annotation and prediction and sending them to both target file and MQTT server with credential:
+```
+Convert 
+    --source                    input/traffic.pcap
+    --interval                  0.5
+    --attacks                   input/attacker_machine_summary.csv
+    --predictor                 input/predict_model.joblib
+    --target_file               output/sniffed.csv 
+    --target_connection         sample_connection.txt
+```
@@ -0,0 +1,123 @@
+/* Compatability shim for jQuery and underscores.js.
+ *
+ * Copyright Sphinx contributors
+ * Released under the two clause BSD licence
+ */
+
+/**
+ * small helper function to urldecode strings
+ *
+ * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL
+ */
+jQuery.urldecode = function(x) {
+    if (!x) {
+        return x
+    }
+    return decodeURIComponent(x.replace(/\+/g, ' '));
+};
+
+/**
+ * small helper function to urlencode strings
+ */
+jQuery.urlencode = encodeURIComponent;
+
+/**
+ * This function returns the parsed url parameters of the
+ * current request. Multiple values per key are supported,
+ * it will always return arrays of strings for the value parts.
+ */
+jQuery.getQueryParameters = function(s) {
+    if (typeof s === 'undefined')
+        s = document.location.search;
+    var parts = s.substr(s.indexOf('?') + 1).split('&');
+    var result = {};
+    for (var i = 0; i < parts.length; i++) {
+        var tmp = parts[i].split('=', 2);
+        var key = jQuery.urldecode(tmp[0]);
+        var value = jQuery.urldecode(tmp[1]);
+        if (key in result)
+            result[key].push(value);
+        else
+            result[key] = [value];
+    }
+    return result;
+};
+
+/**
+ * highlight a given string on a jquery object by wrapping it in
+ * span elements with the given class name.
+ */
+jQuery.fn.highlightText = function(text, className) {
+    function highlight(node, addItems) {
+        if (node.nodeType === 3) {
+            var val = node.nodeValue;
+            var pos = val.toLowerCase().indexOf(text);
+            if (pos >= 0 &&
+                !jQuery(node.parentNode).hasClass(className) &&
+                !jQuery(node.parentNode).hasClass("nohighlight")) {
+                var span;
+                var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg");
+                if (isInSVG) {
+                    span = document.createElementNS("http://www.w3.org/2000/svg", "tspan");
+                } else {
+                    span = document.createElement("span");
+                    span.className = className;
+                }
+                span.appendChild(document.createTextNode(val.substr(pos, text.length)));
+                node.parentNode.insertBefore(span, node.parentNode.insertBefore(
+                    document.createTextNode(val.substr(pos + text.length)),
+                    node.nextSibling));
+                node.nodeValue = val.substr(0, pos);
+                if (isInSVG) {
+                    var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect");
+                    var bbox = node.parentElement.getBBox();
+                    rect.x.baseVal.value = bbox.x;
+                    rect.y.baseVal.value = bbox.y;
+                    rect.width.baseVal.value = bbox.width;
+                    rect.height.baseVal.value = bbox.height;
+                    rect.setAttribute('class', className);
+                    addItems.push({
+                        "parent": node.parentNode,
+                        "target": rect});
+                }
+            }
+        }
+        else if (!jQuery(node).is("button, select, textarea")) {
+            jQuery.each(node.childNodes, function() {
+                highlight(this, addItems);
+            });
+        }
+    }
+    var addItems = [];
+    var result = this.each(function() {
+        highlight(this, addItems);
+    });
+    for (var i = 0; i < addItems.length; ++i) {
+        jQuery(addItems[i].parent).before(addItems[i].target);
+    }
+    return result;
+};
+
+/*
+ * backward compatibility for jQuery.browser
+ * This will be supported until firefox bug is fixed.
+ */
+if (!jQuery.browser) {
+    jQuery.uaMatch = function(ua) {
+        ua = ua.toLowerCase();
+
+        var match = /(chrome)[ \/]([\w.]+)/.exec(ua) ||
+            /(webkit)[ \/]([\w.]+)/.exec(ua) ||
+            /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) ||
+            /(msie) ([\w.]+)/.exec(ua) ||
+            ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) ||
+            [];
+
+        return {
+            browser: match[ 1 ] || "",
+            version: match[ 2 ] || "0"
+        };
+    };
+    jQuery.browser = {};
+    jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true;
+}