python检测挖矿特征的几种方式
Posted ljy1227476113
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了python检测挖矿特征的几种方式相关的知识,希望对你有一定的参考价值。
电脑性能上:
①cpu和内存使用率(常见):
python 实时得到cpu和内存的使用情况方法_python_脚本之家
https://www.jb51.net/article/141835.htm
②c盘剩余容量(有的挖矿程序会占用c盘大量内存):
Python实现获取磁盘剩余空间的2种方法_python_脚本之家
https://www.jb51.net/article/115604.htm
③直接对已有挖矿进程库进行杀死:
Python3之查看windows下所有进程并杀死指定进程 - Quincy.Coder的博客 - CSDN博客
https://blog.csdn.net/qq_33733970/article/details/80751957
整理并加上其他功能(流量,端口)完成代码如下:
1 #!/usr/bin/python3 2 # coding:utf-8 3 from tkinter import * 4 import psutil,linecache,ctypes,wmi 5 import os,datetime,time,platform,sys,socket 6 7 def net_is_used(port,ip=‘127.0.0.1‘):#端口检测 8 s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) 9 try: 10 s.connect((ip,port)) 11 s.shutdown(2) 12 print(‘%s:%d is used‘ % (ip,port)) 13 return True 14 except: 15 print(‘%s:%d is unused‘ % (ip,port)) 16 return False 17 18 def get_network_flow(os):#当前流量特征 19 if os == "Windows": 20 c = wmi.WMI() 21 for interfacePerTcp in c.Win32_PerfRawData_Tcpip_TCPv4(): 22 sentflow = float(interfacePerTcp.SegmentsSentPersec) #已发送的流量 23 receivedflow = float(interfacePerTcp.SegmentsReceivedPersec) #接收的流量 24 present_flow = sentflow+receivedflow #算出当前的总流量 25 time.sleep(1) 26 for interfacePerTcp in c.Win32_PerfRawData_Tcpip_TCPv4(): 27 sentflow = float(interfacePerTcp.SegmentsSentPersec) #已发送的流量 28 receivedflow = float(interfacePerTcp.SegmentsReceivedPersec) #接收的流量 29 per_last_present_flow = sentflow+receivedflow #算出1秒后当前的总流量 30 present_network_flow = (per_last_present_flow - present_flow)/1024 31 return "%.2f"%present_network_flow 32 33 def getMemCpu(): 34 global n 35 data = psutil.virtual_memory() 36 total = data.total #总内存,单位为byte 37 free = data.available #可以内存 38 memory = "Memory usage:%d"%(int(round(data.percent)))+"%\n"#内存使用率 39 cpu = "CPU:%0.2f"%psutil.cpu_percent(interval=1)+"%\n"#CPU使用率 40 if int(round(data.percent))>75 and psutil.cpu_percent(interval=1) > 75:#挖矿一个特征 41 n=1#☆☆☆阈值 42 else: 43 n=0 44 return memory+cpu 45 46 def get_free_space_mb(folder):#C盘内存剩余量 47 if platform.system() == ‘Windows‘: 48 free_bytes = ctypes.c_ulonglong(0) 49 ctypes.windll.kernel32.GetDiskFreeSpaceExW(ctypes.c_wchar_p(folder), None, None, ctypes.pointer(free_bytes)) 50 return free_bytes.value/1024/1024/1024 51 else: 52 st = os.statvfs(folder) 53 return st.f_bavail * st.f_frsize/1024/1024 54 55 def on_click():#开始检测按钮函数 56 global num,n,cont 57 os = platform.system() 58 label[‘text‘] = ‘正在检测···‘ 59 info=getMemCpu() 60 info = info +"C free space:%0.2f"%get_free_space_mb(‘C:\\‘) + "G\n" 61 flow=get_network_flow(os) 62 if float(flow) > 3000:#病毒一般占用3033KB/s☆☆☆阈值 63 n=1 64 info = info + "traffic:" + flow + "KB/s" 65 conte=linecache.getlines(‘port.txt‘)#端口在port文件中 66 for i in range(len(conte)):#病毒一般占用4位数端口,端口范围可选,或针对端口关闭 67 if net_is_used(int(conte[i])): 68 n=1 69 #if net_is_used(xxx):xxx为指定端口 70 # n=1 71 if get_free_space_mb(‘C:\\‘) < 1: 72 n=1 73 pids = psutil.pids() 74 cont=linecache.getlines(‘process.txt‘) 75 for j in range(len(cont)): 76 cont[j]=cont[j][:len(cont[j])-1] 77 for pid in pids: 78 p = psutil.Process(pid) 79 #print(p.name()) 80 for j in range(len(cont)): 81 if p.name() == cont[j]: 82 n=1 83 myfile=open(‘test.txt‘,‘a‘) 84 if n==0: 85 message[‘text‘] = ‘本系统现未遭受挖矿攻击\n‘+info 86 middle=time.strftime(‘%Y%m%d%H%M‘,time.localtime(time.time()))+‘ normal ‘ + str("%.2f"%get_free_space_mb(‘C:\\‘)) + ‘ ‘ + flow 87 message[‘bg‘] = ‘green‘ 88 myfile.write(‘\n‘+middle) 89 if n==1: 90 message[‘text‘] = ‘本系统正在遭受挖矿,紧急!\n‘+info 91 middle=time.strftime(‘%Y%m%d%H%M‘,time.localtime(time.time()))+‘ warning ‘+ str("%.2f"%get_free_space_mb(‘C:\\‘)) + ‘ ‘ + flow 92 message[‘bg‘] = ‘yellow‘ 93 myfile.write(‘\n‘+middle) 94 myfile.close() 95 label[‘text‘] = ‘完成检测!‘ 96 97 def on_click2():#读取日志按钮函数 98 label[‘text‘] = ‘日志读取‘ 99 content=linecache.getlines(‘test.txt‘) 100 logs=‘‘ 101 for i in range(len(content)): 102 mid=‘‘ 103 mid=content[i][0:4]+‘.‘+content[i][4:6]+‘.‘+content[i][6:8]+‘ ‘+content[i][8:10]+‘:‘+content[i][10:] 104 logs=logs+mid 105 message[‘text‘] = logs 106 107 def on_click3():#重置按钮函数 108 message[‘text‘] = ‘‘ 109 label[‘text‘] = ‘欢迎使用本反挖矿系统‘ 110 message[‘bg‘] = ‘white‘ 111 112 def on_click4():#杀死文件中进程函数 113 global n,cont 114 pids = psutil.pids() 115 #cont=linecache.getlines(‘process.txt‘) 116 for pid in pids: 117 p = psutil.Process(pid) 118 #print(p.name()) 119 for j in range(len(cont)): 120 if p.name() == cont[j]: 121 cmd = ‘taskkill /f /t /im ‘+ ‘"‘+cont[j]+‘"‘ 122 os.system(cmd) 123 message[‘text‘] = ‘指定文件中进程已清除‘ 124 message[‘bg‘] = ‘green‘ 125 126 n=0 127 root=Tk(className=‘反挖矿系统‘) 128 root.geometry(‘400x300‘) 129 label = Label(root) 130 label[‘text‘] = ‘欢迎使用本反挖矿系统‘ 131 message = Label(root,text=‘‘) 132 label.pack() 133 button = Button(root,text=‘开始使用‘,command=on_click) 134 button.pack() 135 button2 = Button(root,text=‘查看日志‘,command=on_click2) 136 button2.pack() 137 button3 = Button(root,text=‘重置界面‘,command=on_click3) 138 button3.pack() 139 button4 = Button(root,text=‘杀死进程‘,command=on_click4) 140 button4.pack() 141 message.pack() 142 root.mainloop()
以上是关于python检测挖矿特征的几种方式的主要内容,如果未能解决你的问题,请参考以下文章
一张图,理顺 Spring Boot应用在启动阶段执行代码的几种方式
一张图,理顺 Spring Boot应用在启动阶段执行代码的几种方式
一张图,理顺 Spring Boot应用在启动阶段执行代码的几种方式