diff --git a/manifests/l3_attackmitigatorservice.yaml b/manifests/l3_attackmitigatorservice.yaml
index dec1bc4d936a9db5758679691f0fb130a5d67324..ee97d2c92abb5abcad80f8ddf04800ef13144522 100644
--- a/manifests/l3_attackmitigatorservice.yaml
+++ b/manifests/l3_attackmitigatorservice.yaml
@@ -32,6 +32,7 @@ spec:
imagePullPolicy: Always
ports:
- containerPort: 10002
+ - containerPort: 9192
env:
- name: LOG_LEVEL
value: "DEBUG"
@@ -53,11 +54,69 @@ apiVersion: v1
kind: Service
metadata:
name: l3-attackmitigatorservice
+ labels:
+ app: l3-attackmitigatorservice
spec:
type: ClusterIP
selector:
app: l3-attackmitigatorservice
ports:
+ - name: metrics
+ protocol: TCP
+ port: 9192
+ targetPort: 9192
- name: grpc
port: 10002
targetPort: 10002
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: l3-attackmitigatorservice-hpa
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: l3-attackmitigatorservice
+ minReplicas: 1
+ maxReplicas: 10
+ metrics:
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: 80
+ behavior:
+ scaleDown:
+ stabilizationWindowSeconds: 120
+
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: tfs-l3-attackmitigatorservice-metric
+ labels:
+ app: l3-attackmitigatorservice
+ #release: prometheus
+ #release: prom # name of the release
+ # ( VERY IMPORTANT: You need to know the correct release name by viewing
+ # the servicemonitor of Prometheus itself: Without the correct name,
+ # Prometheus cannot identify the metrics of the Flask app as the target.)
+spec:
+ selector:
+ matchLabels:
+ # Target app service
+ #namespace: tfs
+ app: l3-attackmitigatorservice # same as above
+ #release: prometheus # same as above
+ endpoints:
+ - port: metrics # named port in target app
+ scheme: http
+ path: /metrics # path to scrape
+ interval: 5s # scrape interval
+ namespaceSelector:
+ any: false
+ matchNames:
+ - tfs # namespace where the app is running
diff --git a/manifests/l3_centralizedattackdetectorservice.yaml b/manifests/l3_centralizedattackdetectorservice.yaml
index c1b7469cb28bd1b82a64b70eb4f679833480ba6b..594e21f4dbb1b10e1d859053c33785e2e59e4b46 100644
--- a/manifests/l3_centralizedattackdetectorservice.yaml
+++ b/manifests/l3_centralizedattackdetectorservice.yaml
@@ -32,6 +32,7 @@ spec:
imagePullPolicy: Always
ports:
- containerPort: 10001
+ - containerPort: 9192
env:
- name: LOG_LEVEL
value: "DEBUG"
@@ -53,11 +54,17 @@ apiVersion: v1
kind: Service
metadata:
name: l3-centralizedattackdetectorservice
+ labels:
+ app: l3-centralizedattackdetectorservice
spec:
type: ClusterIP
selector:
app: l3-centralizedattackdetectorservice
ports:
+ - name: metrics
+ protocol: TCP
+ port: 9192
+ targetPort: 9192
- name: grpc
port: 10001
targetPort: 10001
@@ -84,3 +91,31 @@ spec:
behavior:
scaleDown:
stabilizationWindowSeconds: 120
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: tfs-l3-centralizedattackdetectorservice-metric
+ labels:
+ app: l3-centralizedattackdetectorservice
+ #release: prometheus
+ #release: prom # name of the release
+ # ( VERY IMPORTANT: You need to know the correct release name by viewing
+ # the servicemonitor of Prometheus itself: Without the correct name,
+ # Prometheus cannot identify the metrics of the Flask app as the target.)
+spec:
+ selector:
+ matchLabels:
+ # Target app service
+ #namespace: tfs
+ app: l3-centralizedattackdetectorservice # same as above
+ #release: prometheus # same as above
+ endpoints:
+ - port: metrics # named port in target app
+ scheme: http
+ path: /metrics # path to scrape
+ interval: 5s # scrape interval
+ namespaceSelector:
+ any: false
+ matchNames:
+ - tfs # namespace where the app is running
diff --git a/my_deploy.sh b/my_deploy.sh
index d2f68207fba615d8a8852368b32ca0c9a185650a..d70d6966bd948459a3e7154c986d0b367446bfc2 100755
--- a/my_deploy.sh
+++ b/my_deploy.sh
@@ -3,15 +3,7 @@ export TFS_REGISTRY_IMAGES="http://localhost:32000/tfs/"
export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui load_generator l3_attackmitigator l3_centralizedattackdetector"
export TFS_IMAGE_TAG="dev"
export TFS_K8S_NAMESPACE="tfs"
-<<<<<<< HEAD
export TFS_EXTRA_MANIFESTS="manifests/nginx_ingress_http.yaml"
-=======
-
-# Set additional manifest files to be applied after the deployment
-export TFS_EXTRA_MANIFESTS="manifests/nginx_ingress_http.yaml manifests/servicemonitors.yaml"
-
-# Set the new Grafana admin password
->>>>>>> origin/develop
export TFS_GRAFANA_PASSWORD="admin123+"
export TFS_SKIP_BUILD=""
diff --git a/prediction_accuracy.txt b/prediction_accuracy.txt
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py b/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py
index a20eab9454185e99a63558ae391f1c46140ba576..de4e8bb045098743649de30a555445c3f4efe217 100644
--- a/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py
+++ b/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py
@@ -30,8 +30,12 @@ from common.tools.grpc.Tools import grpc_message_to_json_string
from context.client.ContextClient import ContextClient
from service.client.ServiceClient import ServiceClient
+from common.method_wrappers.Decorator import MetricsPool, safe_and_metered_rpc_method
+
LOGGER = logging.getLogger(__name__)
+METRICS_POOL = MetricsPool('l3_attackmitigator', 'RPC')
+
class l3_attackmitigatorServiceServicerImpl(L3AttackmitigatorServicer):
def __init__(self):
@@ -123,6 +127,7 @@ class l3_attackmitigatorServiceServicerImpl(L3AttackmitigatorServicer):
if service_reply != service_request.service_id: # pylint: disable=no-member
raise Exception("Service update failed. Wrong ServiceId was returned")
+ @safe_and_metered_rpc_method(METRICS_POOL, LOGGER)
def PerformMitigation(self, request, context):
last_value = request.confidence
last_tag = request.tag
@@ -180,6 +185,7 @@ class l3_attackmitigatorServiceServicerImpl(L3AttackmitigatorServicer):
return Empty(message=f"OK, received values: {last_tag} with confidence {last_value}.")
+ @safe_and_metered_rpc_method(METRICS_POOL, LOGGER)
def GetConfiguredACLRules(self, request, context):
acl_rules = ACLRules()
diff --git a/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py b/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py
index 0e167c9845afa2547b431eb06b420e3c7cc0dbaf..40557d62eef21fb29aac239c143f56384f679ed6 100644
--- a/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py
+++ b/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py
@@ -41,6 +41,7 @@ from l3_attackmitigator.client.l3_attackmitigatorClient import l3_attackmitigato
import uuid
+from common.method_wrappers.Decorator import MetricsPool, safe_and_metered_rpc_method
LOGGER = logging.getLogger(__name__)
current_dir = os.path.dirname(os.path.abspath(__file__))
@@ -52,6 +53,9 @@ ATTACK_IPS = ["37.187.95.110", "91.121.140.167", "94.23.23.52", "94.23.247.226",
TIME_TO_STABILIZE = 10 # minutes
MAX_CONNECTION_TIME = 60
+METRICS_POOL = MetricsPool('l3_centralizedattackdetector', 'RPC')
+
+
class ConnectionInfo:
def __init__(self, ip_o, port_o, ip_d, port_d):
self.ip_o = ip_o
@@ -182,6 +186,8 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
self.total_predictions = 0
self.false_positives = 0
self.false_negatives = 0
+
+ #self.generate_scalability_accuracy_csv()
"""
Create a monitored KPI for a specific service and add it to the Monitoring Client
@@ -459,7 +465,7 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
+ request: L3CentralizedattackdetectorMetrics object with connection features information
-output: Empty object with a message about the execution of the function
"""
-
+ @safe_and_metered_rpc_method(METRICS_POOL, LOGGER)
def AnalyzeConnectionStatistics(self, request, context):
# Perform inference with the data sent in the request
logging.info("Performing inference...")
@@ -623,7 +629,10 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
LOGGER.info("Cryptomining Attack Detection Accuracy: {}".format(cryptomining_attack_detection_acc))
LOGGER.info("Cryptomining Detector Confidence: {}".format(confidence))
-
+
+ self.generate_accuracy_log(overall_detection_acc, cryptomining_attack_detection_acc, confidence)
+ self.generate_
+
with open("prediction_accuracy.txt", "a") as f:
LOGGER.debug("Exporting prediction accuracy and confidence")
@@ -638,7 +647,9 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
f.write("Timestamp: {}\n".format(datetime.now().strftime("%d/%m/%Y %H:%M:%S")))
f.close()
- def generate_scalability_accuracy_csv(self):
+ #def generate_accuracy_log(self, overall_detection_acc, cryptomining_attack_detection_acc, confidence):
+
+ def generate_accuracy_scalability_csv(self, overall_detection_acc, cryptomining_attack_detection_acc, confidence):
LOGGER.info("Generating scalability accuracy csv")
with open("scalability_accuracy.csv", 'a', newline='') as f:
@@ -672,7 +683,7 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
Send features allocated in the metadata of the onnx file to the DAD
-output: ONNX metadata as a list of integers
"""
-
+ @safe_and_metered_rpc_method(METRICS_POOL, LOGGER)
def GetFeaturesIds(self, request: Empty, context):
features = AutoFeatures()