diff --git a/src/l3_attackmitigator/service/.l3_attackmitigatorServiceServicerImpl.py.swp b/src/l3_attackmitigator/service/.l3_attackmitigatorServiceServicerImpl.py.swp
new file mode 100644
index 0000000000000000000000000000000000000000..65809863d885b43c2f574076dea8189e7171564b
Binary files /dev/null and b/src/l3_attackmitigator/service/.l3_attackmitigatorServiceServicerImpl.py.swp differ
diff --git a/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py b/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py
index f4b34cda141f41a30ca4cceb5da3686e1171e482..51533c784e4090bbdc007c06a07e8e2d70e80750 100644
--- a/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py
+++ b/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py
@@ -53,46 +53,6 @@ class l3_attackmitigatorServiceServicerImpl(L3AttackmitigatorServicer):
self.context_client = ContextClient()
self.service_client = ServiceClient()
- def GenerateRuleValue(self, ip_o, ip_d, port_o, port_d):
- value = {
- "ipv4:source-address": ip_o,
- "ipv4:destination-address": ip_d,
- "transport:source-port": port_o,
- "transport:destination-port": port_d,
- "forwarding-action": "DROP",
- }
-
- return value
-
- def GenerateContextId(self, context_id):
- context_id_obj = ContextId()
- uuid = Uuid()
- uuid.uuid = context_id
- context_id_obj.context_uuid.CopyFrom(uuid)
-
- return context_id_obj
-
- def GenerateServiceId(self, service_id):
- service_id_obj = ServiceId()
- context_id = ContextId()
- uuid = Uuid()
- uuid.uuid = service_id
- context_id.context_uuid.CopyFrom(uuid)
- service_id_obj.context_id.CopyFrom(context_id)
- service_id_obj.service_uuid.CopyFrom(uuid)
-
- return service_id_obj
-
- def GetConfigRule(self, ip_o, ip_d, port_o, port_d):
- config_rule = ConfigRule()
- config_rule_custom = ConfigRule_Custom()
- config_rule.action = ConfigActionEnum.CONFIGACTION_SET
- config_rule_custom.resource_key = "acl"
- config_rule_custom.resource_value = json.dumps(self.GenerateRuleValue(ip_o, ip_d, port_o, port_d))
- config_rule.custom.CopyFrom(config_rule_custom)
-
- return config_rule
-
def configure_acl_rule(
self,
context_uuid: str,
@@ -224,8 +184,10 @@ class l3_attackmitigatorServiceServicerImpl(L3AttackmitigatorServicer):
return Empty(message=f"OK, received values: {last_tag} with confidence {last_value}.")
+"""
def GetMitigation(self, request, context):
logging.info("Returning mitigation strategy...")
k = self.last_value * 2
return Empty(message=f"Mitigation with double confidence = {k}")
+"""
diff --git a/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py b/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py
index 37fa9ce53cfc0dea19486cdab6a85654ba22431c..2de768810c06f48e2ffa282dd4e1308dc30554b0 100644
--- a/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py
+++ b/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py
@@ -46,6 +46,10 @@ classification_threshold = os.getenv("CAD_CLASSIFICATION_THRESHOLD", 0.5)
class l3_centralizedattackdetectorServiceServicerImpl(L3CentralizedattackdetectorServicer):
+
+ """
+ Initialize variables, prediction model and clients of components used by CAD
+ """
def __init__(self):
LOGGER.info("Creating Centralized Attack Detector Service")
@@ -60,6 +64,13 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
self.attackmitigator_client = l3_attackmitigatorClient()
+ """
+ Create the Cryptomining Detector Predicted Class KPI for a service and add it to the Monitoring Client
+ -input:
+ + client: Monitoring Client object where the KPI will be tracked
+ + service_id: service ID where the KPI will be created
+ -output: KPI identifier representing the Cryptomining Detector Predicted Class KPI
+ """
def create_predicted_class_kpi(self, client: MonitoringClient, service_id):
kpi_description: KpiDescriptor = KpiDescriptor()
kpi_description.kpi_description = "Cryptomining Detector Predicted Class (service: {})".format(service_id)
@@ -71,6 +82,13 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
return new_kpi
+ """
+ Create the Cryptomining Detector Prediction KPI for a service and add it to the Monitoring Client
+ -input:
+ + client: Monitoring Client object where the KPI will be tracked
+ + service_id: service ID where the KPI will be created
+ -output: KPI identifier representing the Cryptomining Detector Prediction KPI
+ """
def create_class_prob_kpi(self, client: MonitoringClient, service_id):
kpi_description: KpiDescriptor = KpiDescriptor()
kpi_description.kpi_description = "Cryptomining Detector Prediction (service: {})".format(service_id)
@@ -82,6 +100,12 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
return new_kpi
+ """
+ Classify connection as standard traffic or cryptomining attack and return results
+ -input:
+ + request: L3CentralizedattackdetectorMetrics object with connection features information
+ -output: L3AttackmitigatorOutput object with information about the assigned class and prediction confidence
+ """
def make_inference(self, request):
x_data = np.array(
[
@@ -132,6 +156,12 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
return L3AttackmitigatorOutput(**output_message)
+ """
+ Receive features from Attack Mitigator, predict attack and communicate with Attack Mitigator
+ -input:
+ + request: L3CentralizedattackdetectorMetrics object with connection features information
+ -output: Empty object with a message about the execution of the function
+ """
def SendInput(self, request, context):
# Store the data sent in the request
self.inference_values.append(request)
@@ -173,7 +203,8 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
self.monitoring_client.IncludeKpi(kpi_class)
self.monitoring_client.IncludeKpi(kpi_prob)
-
+
+ # Only notify Attack Mitigator when a cryptomining connection has been detected
if output.tag_name == "Crypto":
logging.info("Crypto attack detected")
@@ -183,11 +214,6 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
)
try:
- """with grpc.insecure_channel("192.168.165.78:10002") as channel:
- stub = L3AttackmitigatorStub(channel)
- logging.info("Sending the connection information to the Attack Mitigator component...")
- response = stub.SendOutput(output)"""
-
logging.info("Sending the connection information to the Attack Mitigator component...")
response = self.attackmitigator_client.SendOutput(output)
logging.info(
@@ -205,9 +231,11 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
return Empty(message="Ok, information received (no attack detected)")
+"""
def GetOutput(self, request, context):
logging.info("Returning inference output...")
k = np.multiply(self.inference_values, [2])
k = np.sum(k)
return self.make_inference(k)
+"""