Implemented basic feature extractor.

.gitignore

@@ -8,7 +8,9 @@ data/*/
 *.a
 *.so
 *.pdf
+*.plo
 src/flow-seperator/flow-seperator
 src/pcap-matcher/pcap-matcher
 src/packet-matcher/packet-matcher
 src/common/*.a
+data/keylog-matchings.txt

src/feature-extractor/extractor.py

@@ -0,0 +1,25 @@
+#!/usr/bin/python3
+
+def parse_args():
+    import argparse
+    parser = argparse.ArgumentParser(
+        description='Extract features from pcap files.')
+    parser.add_argument('pcaps', metavar='pcaps', type=argparse.FileType('rb'),
+                        nargs='+', help='pcap from which to extract features')
+    parser.add_argument('-o', '--outfile', type=argparse.FileType('wb'),
+                        default="features.plo", help='Where to save the " \
+                        "extracted features (default: features.plo)')
+    return parser.parse_args()
+
+def main():
+    args = parse_args()
+    from sample import Sample
+    out = [Sample(pcap) for pcap in args.pcaps[0:1]];
+    try:
+        import cPickle as pickle
+    except:
+        import pickle
+    pickle.dump(out, args.outfile)
+
+if __name__ == '__main__':
+    main()

src/feature-extractor/sample.py

@@ -0,0 +1,20 @@
+import typing
+import pyshark
+from datetime import datetime
+
+class Sample:
+    EPOCH = datetime(1970, 1, 1)
+    TIME_FMT = '%Y-%m-%d %H:%M:%S.%f'
+    
+    def __init__(self, pcap: typing.BinaryIO):
+        f = pyshark.FileCapture(pcap, only_summaries=True)
+        f.load_packets()
+        self.extract_packet_stats(f)
+
+    def extract_packet_stats(self, pcap):
+        start = (datetime.strptime(pcap[0].time, self.TIME_FMT) - self.EPOCH)\
+              .total_seconds()
+        end = (datetime.strptime(pcap[-1].time, self.TIME_FMT) - self.EPOCH)\
+              .total_seconds()
+        self.average_iat = self.average_iat = (end - start) / len(pcap)
+