Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
controller
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
TFS
controller
Commits
ef2960a1
Commit
ef2960a1
authored
1 year ago
by
karamchandan
Browse files
Options
Downloads
Patches
Plain Diff
Cleanup of the DAD service implementation
parent
bc1d7a58
No related branches found
No related tags found
2 merge requests
!142
Release TeraFlowSDN 2.1
,
!141
Pre-release fixes and code cleanup in L3 cybersecurity components
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
src/l3_distributedattackdetector/service/l3_distributedattackdetector.py
+21
-20
21 additions, 20 deletions
...tedattackdetector/service/l3_distributedattackdetector.py
with
21 additions
and
20 deletions
src/l3_distributedattackdetector/service/l3_distributedattackdetector.py
+
21
−
20
View file @
ef2960a1
...
@@ -66,7 +66,7 @@ BATCH_SIZE = 10
...
@@ -66,7 +66,7 @@ BATCH_SIZE = 10
class
l3_distributedattackdetector
:
class
l3_distributedattackdetector
:
def
__init__
(
self
):
def
__init__
(
self
):
LOGGER
.
info
(
"
Creating Distributed Attack Detector
"
)
LOGGER
.
info
(
"
Creating Distributed Attack Detector
"
)
self
.
feature_ids
=
[]
self
.
feature_ids
=
[]
self
.
cad_features
=
{}
self
.
cad_features
=
{}
...
@@ -76,26 +76,26 @@ class l3_distributedattackdetector:
...
@@ -76,26 +76,26 @@ class l3_distributedattackdetector:
self
.
new_connections
=
{}
# Dictionary for storing new connections data
self
.
new_connections
=
{}
# Dictionary for storing new connections data
self
.
known_attack_ips
=
self
.
read_kwnown_attack_ips
()
self
.
known_attack_ips
=
self
.
read_kwnown_attack_ips
()
signal
.
signal
(
signal
.
SIGINT
,
self
.
handler
)
signal
.
signal
(
signal
.
SIGINT
,
self
.
handler
)
with
grpc
.
insecure_channel
(
CENTRALIZED_ATTACK_DETECTOR
)
as
channel
:
with
grpc
.
insecure_channel
(
CENTRALIZED_ATTACK_DETECTOR
)
as
channel
:
self
.
cad
=
L3CentralizedattackdetectorStub
(
channel
)
self
.
cad
=
L3CentralizedattackdetectorStub
(
channel
)
LOGGER
.
info
(
"
Connected to the Centralized Attack Detector
"
)
LOGGER
.
info
(
"
Connected to the Centralized Attack Detector
"
)
LOGGER
.
info
(
"
Obtaining features Ids. from the Centralized Attack Detector...
"
)
LOGGER
.
info
(
"
Obtaining features Ids. from the Centralized Attack Detector...
"
)
self
.
feature_ids
=
self
.
get_features_ids
()
self
.
feature_ids
=
self
.
get_features_ids
()
LOGGER
.
info
(
"
Features Ids.: {:s}
"
.
format
(
str
(
self
.
feature_ids
)))
LOGGER
.
info
(
"
Features Ids.: {:s}
"
.
format
(
str
(
self
.
feature_ids
)))
asyncio
.
run
(
self
.
process_traffic
())
asyncio
.
run
(
self
.
process_traffic
())
def
read_kwnown_attack_ips
(
self
):
def
read_kwnown_attack_ips
(
self
):
known_attack_ips
=
[]
known_attack_ips
=
[]
# open known attack ips csv file
# open known attack ips csv file
with
open
(
"
known_attack_ips.csv
"
,
"
r
"
)
as
f
:
with
open
(
"
known_attack_ips.csv
"
,
"
r
"
)
as
f
:
known_attack_ips
=
f
.
read
().
split
(
"
,
"
)
known_attack_ips
=
f
.
read
().
split
(
"
,
"
)
return
known_attack_ips
return
known_attack_ips
def
handler
(
self
):
def
handler
(
self
):
...
@@ -140,14 +140,14 @@ class l3_distributedattackdetector:
...
@@ -140,14 +140,14 @@ class l3_distributedattackdetector:
here
=
os
.
path
.
dirname
(
os
.
path
.
abspath
(
__file__
))
here
=
os
.
path
.
dirname
(
os
.
path
.
abspath
(
__file__
))
tstat_piped
=
os
.
path
.
join
(
here
,
dirname
)
tstat_piped
=
os
.
path
.
join
(
here
,
dirname
)
tstat_dirs
=
os
.
listdir
(
tstat_piped
)
tstat_dirs
=
os
.
listdir
(
tstat_piped
)
if
len
(
tstat_dirs
)
>
0
:
if
len
(
tstat_dirs
)
>
0
:
tstat_dirs
.
sort
()
tstat_dirs
.
sort
()
new_dir
=
tstat_dirs
[
-
1
]
new_dir
=
tstat_dirs
[
-
1
]
tstat_file
=
tstat_piped
+
new_dir
+
"
/log_tcp_temp_complete
"
tstat_file
=
tstat_piped
+
new_dir
+
"
/log_tcp_temp_complete
"
LOGGER
.
info
(
"
Following: {:s}
"
.
format
(
str
(
tstat_file
)))
LOGGER
.
info
(
"
Following: {:s}
"
.
format
(
str
(
tstat_file
)))
return
tstat_file
return
tstat_file
else
:
else
:
LOGGER
.
info
(
"
No Tstat directory found. Waiting...
"
)
LOGGER
.
info
(
"
No Tstat directory found. Waiting...
"
)
...
@@ -177,7 +177,7 @@ class l3_distributedattackdetector:
...
@@ -177,7 +177,7 @@ class l3_distributedattackdetector:
stub
=
ContextServiceStub
(
channel
)
stub
=
ContextServiceStub
(
channel
)
context_id
=
ContextId
()
context_id
=
ContextId
()
context_id
.
context_uuid
.
uuid
=
context_id_str
context_id
.
context_uuid
.
uuid
=
context_id_str
return
stub
.
ListServiceIds
(
context_id
)
return
stub
.
ListServiceIds
(
context_id
)
def
get_services
(
self
,
context_id_str
):
def
get_services
(
self
,
context_id_str
):
...
@@ -185,31 +185,31 @@ class l3_distributedattackdetector:
...
@@ -185,31 +185,31 @@ class l3_distributedattackdetector:
stub
=
ContextServiceStub
(
channel
)
stub
=
ContextServiceStub
(
channel
)
context_id
=
ContextId
()
context_id
=
ContextId
()
context_id
.
context_uuid
.
uuid
=
context_id_str
context_id
.
context_uuid
.
uuid
=
context_id_str
return
stub
.
ListServices
(
context_id
)
return
stub
.
ListServices
(
context_id
)
def
get_service_id
(
self
,
context_id
):
def
get_service_id
(
self
,
context_id
):
service_list
=
self
.
get_services
(
context_id
)
service_list
=
self
.
get_services
(
context_id
)
service_id
=
None
service_id
=
None
for
s
in
service_list
.
services
:
for
s
in
service_list
.
services
:
if
s
.
service_type
==
ServiceTypeEnum
.
SERVICETYPE_L3NM
:
if
s
.
service_type
==
ServiceTypeEnum
.
SERVICETYPE_L3NM
:
service_id
=
s
.
service_id
service_id
=
s
.
service_id
break
break
else
:
else
:
pass
pass
return
service_id
return
service_id
def
get_endpoint_id
(
self
,
context_id
):
def
get_endpoint_id
(
self
,
context_id
):
service_list
=
self
.
get_services
(
context_id
)
service_list
=
self
.
get_services
(
context_id
)
endpoint_id
=
None
endpoint_id
=
None
for
s
in
service_list
.
services
:
for
s
in
service_list
.
services
:
if
s
.
service_type
==
ServiceTypeEnum
.
SERVICETYPE_L3NM
:
if
s
.
service_type
==
ServiceTypeEnum
.
SERVICETYPE_L3NM
:
endpoint_id
=
s
.
service_endpoint_ids
[
0
]
endpoint_id
=
s
.
service_endpoint_ids
[
0
]
break
break
return
endpoint_id
return
endpoint_id
def
get_features_ids
(
self
):
def
get_features_ids
(
self
):
...
@@ -246,7 +246,7 @@ class l3_distributedattackdetector:
...
@@ -246,7 +246,7 @@ class l3_distributedattackdetector:
def
check_if_connection_is_attack
(
self
):
def
check_if_connection_is_attack
(
self
):
if
self
.
conn_id
[
0
]
in
self
.
known_attack_ips
or
self
.
conn_id
[
2
]
in
self
.
known_attack_ips
:
if
self
.
conn_id
[
0
]
in
self
.
known_attack_ips
or
self
.
conn_id
[
2
]
in
self
.
known_attack_ips
:
LOGGER
.
info
(
"
Attack detected. Origin: {0}, destination: {1}
"
.
format
(
self
.
conn_id
[
0
],
self
.
conn_id
[
2
]))
LOGGER
.
info
(
"
Attack detected. Origin
IP address
: {0}, destination
IP address
: {1}
"
.
format
(
self
.
conn_id
[
0
],
self
.
conn_id
[
2
]))
def
create_cad_features
(
self
):
def
create_cad_features
(
self
):
self
.
cad_features
=
{
self
.
cad_features
=
{
...
@@ -323,20 +323,21 @@ class l3_distributedattackdetector:
...
@@ -323,20 +323,21 @@ class l3_distributedattackdetector:
while
line
is
None
:
while
line
is
None
:
LOGGER
.
info
(
"
Waiting for new data...
"
)
LOGGER
.
info
(
"
Waiting for new data...
"
)
time
.
sleep
(
1
/
100
)
time
.
sleep
(
1
/
100
)
line
=
next
(
loglines
,
None
)
line
=
next
(
loglines
,
None
)
if
index
==
0
and
IGNORE_FIRST_LINE_TSTAT
:
if
index
==
0
and
IGNORE_FIRST_LINE_TSTAT
:
index
=
index
+
1
index
=
index
+
1
continue
continue
if
STOP
:
if
STOP
:
break
break
num_lines
+=
1
num_lines
+=
1
start
=
time
.
time
()
start
=
time
.
time
()
line_id
=
line
.
split
(
"
"
)
line_id
=
line
.
split
(
"
"
)
self
.
conn_id
=
(
line_id
[
0
],
line_id
[
1
],
line_id
[
14
],
line_id
[
15
])
self
.
conn_id
=
(
line_id
[
0
],
line_id
[
1
],
line_id
[
14
],
line_id
[
15
])
self
.
new_connections
[
self
.
conn_id
]
=
self
.
process_line
(
line
)
self
.
new_connections
[
self
.
conn_id
]
=
self
.
process_line
(
line
)
...
@@ -358,7 +359,7 @@ class l3_distributedattackdetector:
...
@@ -358,7 +359,7 @@ class l3_distributedattackdetector:
metrics_list_pb
,
send_data_times
=
await
self
.
send_data
(
metrics_list_pb
,
send_data_times
)
metrics_list_pb
,
send_data_times
=
await
self
.
send_data
(
metrics_list_pb
,
send_data_times
)
index
=
index
+
1
index
+
=
1
process_time
.
append
(
time
.
time
()
-
start
)
process_time
.
append
(
time
.
time
()
-
start
)
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment