diff --git a/src/l3_attackmitigator/service/.l3_attackmitigatorServiceServicerImpl.py.swp b/src/l3_attackmitigator/service/.l3_attackmitigatorServiceServicerImpl.py.swp new file mode 100644 index 0000000000000000000000000000000000000000..65809863d885b43c2f574076dea8189e7171564b Binary files /dev/null and b/src/l3_attackmitigator/service/.l3_attackmitigatorServiceServicerImpl.py.swp differ diff --git a/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py b/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py index f4b34cda141f41a30ca4cceb5da3686e1171e482..51533c784e4090bbdc007c06a07e8e2d70e80750 100644 --- a/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py +++ b/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py @@ -53,46 +53,6 @@ class l3_attackmitigatorServiceServicerImpl(L3AttackmitigatorServicer): self.context_client = ContextClient() self.service_client = ServiceClient() - def GenerateRuleValue(self, ip_o, ip_d, port_o, port_d): - value = { - "ipv4:source-address": ip_o, - "ipv4:destination-address": ip_d, - "transport:source-port": port_o, - "transport:destination-port": port_d, - "forwarding-action": "DROP", - } - - return value - - def GenerateContextId(self, context_id): - context_id_obj = ContextId() - uuid = Uuid() - uuid.uuid = context_id - context_id_obj.context_uuid.CopyFrom(uuid) - - return context_id_obj - - def GenerateServiceId(self, service_id): - service_id_obj = ServiceId() - context_id = ContextId() - uuid = Uuid() - uuid.uuid = service_id - context_id.context_uuid.CopyFrom(uuid) - service_id_obj.context_id.CopyFrom(context_id) - service_id_obj.service_uuid.CopyFrom(uuid) - - return service_id_obj - - def GetConfigRule(self, ip_o, ip_d, port_o, port_d): - config_rule = ConfigRule() - config_rule_custom = ConfigRule_Custom() - config_rule.action = ConfigActionEnum.CONFIGACTION_SET - config_rule_custom.resource_key = "acl" - config_rule_custom.resource_value = json.dumps(self.GenerateRuleValue(ip_o, ip_d, port_o, port_d)) - config_rule.custom.CopyFrom(config_rule_custom) - - return config_rule - def configure_acl_rule( self, context_uuid: str, @@ -224,8 +184,10 @@ class l3_attackmitigatorServiceServicerImpl(L3AttackmitigatorServicer): return Empty(message=f"OK, received values: {last_tag} with confidence {last_value}.") +""" def GetMitigation(self, request, context): logging.info("Returning mitigation strategy...") k = self.last_value * 2 return Empty(message=f"Mitigation with double confidence = {k}") +""" diff --git a/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py b/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py index 37fa9ce53cfc0dea19486cdab6a85654ba22431c..2de768810c06f48e2ffa282dd4e1308dc30554b0 100644 --- a/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py +++ b/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py @@ -46,6 +46,10 @@ classification_threshold = os.getenv("CAD_CLASSIFICATION_THRESHOLD", 0.5) class l3_centralizedattackdetectorServiceServicerImpl(L3CentralizedattackdetectorServicer): + + """ + Initialize variables, prediction model and clients of components used by CAD + """ def __init__(self): LOGGER.info("Creating Centralized Attack Detector Service") @@ -60,6 +64,13 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto self.attackmitigator_client = l3_attackmitigatorClient() + """ + Create the Cryptomining Detector Predicted Class KPI for a service and add it to the Monitoring Client + -input: + + client: Monitoring Client object where the KPI will be tracked + + service_id: service ID where the KPI will be created + -output: KPI identifier representing the Cryptomining Detector Predicted Class KPI + """ def create_predicted_class_kpi(self, client: MonitoringClient, service_id): kpi_description: KpiDescriptor = KpiDescriptor() kpi_description.kpi_description = "Cryptomining Detector Predicted Class (service: {})".format(service_id) @@ -71,6 +82,13 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto return new_kpi + """ + Create the Cryptomining Detector Prediction KPI for a service and add it to the Monitoring Client + -input: + + client: Monitoring Client object where the KPI will be tracked + + service_id: service ID where the KPI will be created + -output: KPI identifier representing the Cryptomining Detector Prediction KPI + """ def create_class_prob_kpi(self, client: MonitoringClient, service_id): kpi_description: KpiDescriptor = KpiDescriptor() kpi_description.kpi_description = "Cryptomining Detector Prediction (service: {})".format(service_id) @@ -82,6 +100,12 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto return new_kpi + """ + Classify connection as standard traffic or cryptomining attack and return results + -input: + + request: L3CentralizedattackdetectorMetrics object with connection features information + -output: L3AttackmitigatorOutput object with information about the assigned class and prediction confidence + """ def make_inference(self, request): x_data = np.array( [ @@ -132,6 +156,12 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto return L3AttackmitigatorOutput(**output_message) + """ + Receive features from Attack Mitigator, predict attack and communicate with Attack Mitigator + -input: + + request: L3CentralizedattackdetectorMetrics object with connection features information + -output: Empty object with a message about the execution of the function + """ def SendInput(self, request, context): # Store the data sent in the request self.inference_values.append(request) @@ -173,7 +203,8 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto self.monitoring_client.IncludeKpi(kpi_class) self.monitoring_client.IncludeKpi(kpi_prob) - + + # Only notify Attack Mitigator when a cryptomining connection has been detected if output.tag_name == "Crypto": logging.info("Crypto attack detected") @@ -183,11 +214,6 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto ) try: - """with grpc.insecure_channel("192.168.165.78:10002") as channel: - stub = L3AttackmitigatorStub(channel) - logging.info("Sending the connection information to the Attack Mitigator component...") - response = stub.SendOutput(output)""" - logging.info("Sending the connection information to the Attack Mitigator component...") response = self.attackmitigator_client.SendOutput(output) logging.info( @@ -205,9 +231,11 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto return Empty(message="Ok, information received (no attack detected)") +""" def GetOutput(self, request, context): logging.info("Returning inference output...") k = np.multiply(self.inference_values, [2]) k = np.sum(k) return self.make_inference(k) +"""