diff --git a/src/l3_distributedattackdetector/service/l3_distributedattackdetector.py b/src/l3_distributedattackdetector/service/l3_distributedattackdetector.py
index bb2607ac0e41ce9386beed3b11b64e6685885a85..2696405388947b0503b54b910a45eaf1e809c5a6 100644
--- a/src/l3_distributedattackdetector/service/l3_distributedattackdetector.py
+++ b/src/l3_distributedattackdetector/service/l3_distributedattackdetector.py
@@ -66,7 +66,7 @@ BATCH_SIZE = 10
class l3_distributedattackdetector:
def __init__(self):
LOGGER.info("Creating Distributed Attack Detector")
-
+
self.feature_ids = []
self.cad_features = {}
@@ -76,26 +76,26 @@ class l3_distributedattackdetector:
self.new_connections = {} # Dictionary for storing new connections data
self.known_attack_ips = self.read_kwnown_attack_ips()
-
+
signal.signal(signal.SIGINT, self.handler)
with grpc.insecure_channel(CENTRALIZED_ATTACK_DETECTOR) as channel:
self.cad = L3CentralizedattackdetectorStub(channel)
LOGGER.info("Connected to the Centralized Attack Detector")
-
+
LOGGER.info("Obtaining features Ids. from the Centralized Attack Detector...")
self.feature_ids = self.get_features_ids()
LOGGER.info("Features Ids.: {:s}".format(str(self.feature_ids)))
asyncio.run(self.process_traffic())
-
+
def read_kwnown_attack_ips(self):
known_attack_ips = []
-
+
# open known attack ips csv file
with open("known_attack_ips.csv", "r") as f:
known_attack_ips = f.read().split(",")
-
+
return known_attack_ips
def handler(self):
@@ -140,14 +140,14 @@ class l3_distributedattackdetector:
here = os.path.dirname(os.path.abspath(__file__))
tstat_piped = os.path.join(here, dirname)
tstat_dirs = os.listdir(tstat_piped)
-
+
if len(tstat_dirs) > 0:
tstat_dirs.sort()
new_dir = tstat_dirs[-1]
tstat_file = tstat_piped + new_dir + "/log_tcp_temp_complete"
-
+
LOGGER.info("Following: {:s}".format(str(tstat_file)))
-
+
return tstat_file
else:
LOGGER.info("No Tstat directory found. Waiting...")
@@ -177,7 +177,7 @@ class l3_distributedattackdetector:
stub = ContextServiceStub(channel)
context_id = ContextId()
context_id.context_uuid.uuid = context_id_str
-
+
return stub.ListServiceIds(context_id)
def get_services(self, context_id_str):
@@ -185,31 +185,31 @@ class l3_distributedattackdetector:
stub = ContextServiceStub(channel)
context_id = ContextId()
context_id.context_uuid.uuid = context_id_str
-
+
return stub.ListServices(context_id)
def get_service_id(self, context_id):
service_list = self.get_services(context_id)
service_id = None
-
+
for s in service_list.services:
if s.service_type == ServiceTypeEnum.SERVICETYPE_L3NM:
service_id = s.service_id
break
else:
pass
-
+
return service_id
def get_endpoint_id(self, context_id):
service_list = self.get_services(context_id)
endpoint_id = None
-
+
for s in service_list.services:
if s.service_type == ServiceTypeEnum.SERVICETYPE_L3NM:
endpoint_id = s.service_endpoint_ids[0]
break
-
+
return endpoint_id
def get_features_ids(self):
@@ -246,7 +246,7 @@ class l3_distributedattackdetector:
def check_if_connection_is_attack(self):
if self.conn_id[0] in self.known_attack_ips or self.conn_id[2] in self.known_attack_ips:
- LOGGER.info("Attack detected. Origin: {0}, destination: {1}".format(self.conn_id[0], self.conn_id[2]))
+ LOGGER.info("Attack detected. Origin IP address: {0}, destination IP address: {1}".format(self.conn_id[0], self.conn_id[2]))
def create_cad_features(self):
self.cad_features = {
@@ -323,20 +323,21 @@ class l3_distributedattackdetector:
while line is None:
LOGGER.info("Waiting for new data...")
+
time.sleep(1 / 100)
line = next(loglines, None)
-
+
if index == 0 and IGNORE_FIRST_LINE_TSTAT:
index = index + 1
continue
-
+
if STOP:
break
num_lines += 1
start = time.time()
line_id = line.split(" ")
-
+
self.conn_id = (line_id[0], line_id[1], line_id[14], line_id[15])
self.new_connections[self.conn_id] = self.process_line(line)
@@ -358,7 +359,7 @@ class l3_distributedattackdetector:
metrics_list_pb, send_data_times = await self.send_data(metrics_list_pb, send_data_times)
- index = index + 1
+ index += 1
process_time.append(time.time() - start)