This repository contains two Python scripts, draw.py and calculate.py, that analyze network traffic data from the CTU-13 dataset. The scripts create and visualize network graphs and calculate several graph attributes such as centrality measures.
This script reads .binetflow files from the CTU-13 dataset, creates directed network graphs using the networkx library, and visualizes the graphs. It saves the resulting graph as PNG images.
- Reads the
.binetflowfiles. - Constructs a directed graph where nodes represent IP addresses and edges represent communication between them.
- Visualizes the graph using
matplotliband saves it as a PNG file.
- The script loops through directories in the specified dataset directory.
- For each
.binetflowfile, it creates a directed graph usingnetworkx. - The graph is then drawn using
matplotliband saved as a PNG image.
python draw.pyThis script calculates various graph metrics, including degree, centrality measures, and page rank, from .binetflow data files using the igraph library. It saves these metrics in CSV format.
- Creates a directed graph using
igraph. - Calculates graph attributes such as:
- Degree
- In-degree
- Out-degree
- Closeness centrality
- Eigenvector centrality
- PageRank
- Alpha centrality
- Saves the results as CSV files for further analysis.
- The script iterates through the specified dataset directory.
- For each
.binetflowfile, it creates a graph and calculates the desired metrics. - The results are saved as a CSV file in the same directory.
python calculate.pyDue to the enormous size of the graph generated from the dataset, it is almost impossible to draw and save it as a single image. The sheer number of nodes and edges would make the visualization process computationally expensive and result in images that are impractical to analyze.
Therefore, instead of attempting to draw the graph, we focus on calculating and extracting the necessary graph parameters (such as degree, centrality measures, etc.) and save these values in a CSV file for further analysis. This approach allows us to efficiently handle large-scale graphs and derive meaningful insights without the need for expensive and impractical visualizations.
To analyze the network traffic data from the CTU-13 dataset, you can utilize Wireshark, a powerful network protocol analyzer. It allows you to capture and inspect network packets, making it easier to debug and explore network traffic.
-
Download the Wireshark installer from the official website:
Wireshark 4.4.3 (Windows) -
During installation, you will be prompted to install Npcap, a packet capture library. It is highly recommended to install it, as it allows Wireshark to capture network traffic and perform real-time analysis.
-
Follow the installation steps, and once complete, you can start analyzing the
.binetflowfiles and other network capture data in the CTU-13 dataset with Wireshark.
Npcap is an essential component for network capture and is included in the Wireshark installation process. If you decide to install Wireshark, make sure that the Npcap option is selected during the setup. If you prefer to install Npcap separately, you can download it here:
Npcap Download
Once installed, Npcap will allow you to capture network data using tools like Wireshark or other compatible software.
You can install the necessary dependencies using pip:
pip install pandas networkx igraph matplotlib numpyFeel free to fork the repository, submit pull requests, or open issues if you have any improvements or suggestions. Contributions are welcome!
This project is licensed under the MIT License. See the LICENSE file for more details.
Copyright 2025, Max Base