extend get_inter_arrival_time function, enhance eternalBlue packet rate

code/Attack/BaseAttack.py

@@ -476,29 +476,38 @@ class BaseAttack(metaclass=ABCMeta):
             sys.exit(0)
 
 
-    def get_inter_arrival_time_dist(self, packets):
+    def get_inter_arrival_time(self, packets, distribution:bool=False):
         """
-        Gets the inter-arrival time distribution of a set of packets.
+        Gets the inter-arrival times array and its distribution of a set of packets.
 
         :param packets: the packets to extract their inter-arrival time.
+        :return inter_arrival_times: array of the inter-arrival times
+        :return dict: the inter-arrival time distribution as a histogram {inter-arrival time:frequency}
         """
-        timeSteps = []
+        inter_arrival_times = []
         prvsPktTime = 0
         for index, pkt in enumerate(packets):
-            eth_frame = Ether(pkt[0])
+            timestamp = pkt[1][0] + pkt[1][1]/10**6
+
             if index == 0:
-                prvsPktTime = eth_frame.time
+                prvsPktTime = timestamp
+                inter_arrival_times.append(0)
             else:
-                timeSteps.append(eth_frame.time - prvsPktTime)
-                prvsPktTime = eth_frame.time
-
-        import numpy as np
-        freq,values = np.histogram(timeSteps,bins=20)
-        dict = {}
-        for i,val in enumerate(values):
-            if i < len(freq):
-                dict[str(val)] = freq[i]
-        return dict
+                inter_arrival_times.append(timestamp - prvsPktTime)
+                prvsPktTime = timestamp
+
+        if distribution:
+            # Build a distribution dictionary
+            import numpy as np
+            freq,values = np.histogram(inter_arrival_times,bins=20)
+            dict = {}
+            for i,val in enumerate(values):
+                if i < len(freq):
+                    dict[str(val)] = freq[i]
+            return inter_arrival_times, dict
+        else:
+            return inter_arrival_times
+
 
     def clean_white_spaces(self, str):
         """

code/Attack/EternalBlueExploit.py

@@ -52,25 +52,27 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
         """
         # PARAMETERS: initialize with default utilsvalues
         # (values are overwritten if user specifies them)
+        # Attacker configuration
         most_used_ip_address = self.statistics.get_most_used_ip_address()
         if isinstance(most_used_ip_address, list):
             most_used_ip_address = most_used_ip_address[0]
-        self.add_param_value(Param.IP_SOURCE, most_used_ip_address)
-        self.add_param_value(Param.MAC_SOURCE, self.statistics.get_mac_address(most_used_ip_address))
-        self.add_param_value(Param.INJECT_AFTER_PACKET, randint(0, self.statistics.get_packet_count()))
-        self.add_param_value(Param.PACKETS_PER_SECOND,
-                             (self.statistics.get_pps_sent(most_used_ip_address) +
-                              self.statistics.get_pps_received(most_used_ip_address)) / 2)
-
-        # victim configuration
         random_ip_address = self.statistics.get_random_ip_address()
-        self.add_param_value(Param.IP_DESTINATION, random_ip_address)
+        self.add_param_value(Param.IP_SOURCE, random_ip_address)
+        self.add_param_value(Param.MAC_SOURCE, self.statistics.get_mac_address(random_ip_address))
 
-        destination_mac = self.statistics.get_mac_address(random_ip_address)
+        # Victim configuration
+        self.add_param_value(Param.IP_DESTINATION, most_used_ip_address)
+        destination_mac = self.statistics.get_mac_address(most_used_ip_address)
         if isinstance(destination_mac, list) and len(destination_mac) == 0:
             destination_mac = self.generate_random_mac_address()
         self.add_param_value(Param.MAC_DESTINATION, destination_mac)
 
+        # Attack configuration
+        self.add_param_value(Param.PACKETS_PER_SECOND,
+                             (self.statistics.get_pps_sent(most_used_ip_address) +
+                              self.statistics.get_pps_received(most_used_ip_address)) / 2)
+        self.add_param_value(Param.INJECT_AFTER_PACKET, randint(0, self.statistics.get_packet_count()))
+
     def generate_attack_pcap(self):
         def update_timestamp(timestamp, pps):
             """
@@ -147,8 +149,8 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
         # Read Win7_eternalblue_scan pcap file
         orig_ip_dst = None
         exploit_raw_packets = RawPcapReader(self.template_scan_pcap_path)
-        inter_arrival_time_dist = self.get_inter_arrival_time_dist(exploit_raw_packets)
-        timeSteps = Lea.fromValFreqsDict(inter_arrival_time_dist)
+        inter_arrival_times = self.get_inter_arrival_time(exploit_raw_packets)
+        #timeSteps = Lea.fromValFreqsDict(inter_arrival_time_dist)
         exploit_raw_packets = RawPcapReader(self.template_scan_pcap_path)
 
         port_source = randint(self.minDefaultPort,self.maxDefaultPort) # experiments show this range of ports
@@ -186,7 +188,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                 new_pkt.time = timestamp_next_pkt
 
                 pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
-                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
+                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]#float(timeSteps.random())
             # Reply
             else:
                 # Ether
@@ -206,7 +208,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                 tcp_pkt.setfieldval("window", new_win)
 
                 new_pkt = (eth_frame / ip_pkt / tcp_pkt)
-                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
+                timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]#+ float(timeSteps.random())
                 new_pkt.time = timestamp_next_pkt
 
             packets.append(new_pkt)
@@ -226,8 +228,8 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
             timestamp_next_pkt = conv_start_timesamp
 
             conv_pkts = conversations[conv]
-            inter_arrival_time_dist = self.get_inter_arrival_time_dist(conv_pkts)
-            timeSteps = Lea.fromValFreqsDict(inter_arrival_time_dist)
+            inter_arrival_times = self.get_inter_arrival_time(conv_pkts)
+            #timeSteps = Lea.fromValFreqsDict(inter_arrival_time_dist)
 
             if conv_index == len(orderList_conversations) - 2:  # Not the last conversation
                 timestamp_next_pkt = packets[-1].time + uniform(0.001,0.01)
@@ -265,7 +267,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         new_pkt.time = timestamp_next_pkt
 
                         pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
-                        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
+                        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num] #float(timeSteps.random())
 
                     # Reply
                     else:
@@ -288,7 +290,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
 
                         pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
-                        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
+                        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]#float(timeSteps.random())
 
                         new_pkt.time = timestamp_next_pkt
 
@@ -324,7 +326,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         new_pkt.time = timestamp_next_pkt
 
                         pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
-                        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
+                        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]# float(timeSteps.random())
 
                     # Reply
                     else:
@@ -347,7 +349,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
 
                         pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
-                        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
+                        timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + inter_arrival_times[pkt_num]# float(timeSteps.random())
 
                         new_pkt.time = timestamp_next_pkt
 

code/Attack/JoomlaRegPrivExploit.py

@@ -139,7 +139,7 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
         # Read joomla_registration_privesc pcap file
         orig_ip_dst = None
         exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
-        inter_arrival_time_dist = self.get_inter_arrival_time_dist(exploit_raw_packets)
+        inter_arrival_times, inter_arrival_time_dist = self.get_inter_arrival_time(exploit_raw_packets,True)
         timeSteps = Lea.fromValFreqsDict(inter_arrival_time_dist)
         exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
 

code/Attack/SQLiAttack.py

@@ -137,7 +137,7 @@ class SQLiAttack(BaseAttack.BaseAttack):
         # Read SQLi Attack pcap file
         orig_ip_dst = None
         exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
-        inter_arrival_time_dist = self.get_inter_arrival_time_dist(exploit_raw_packets)
+        inter_arrival_times, inter_arrival_time_dist = self.get_inter_arrival_time(exploit_raw_packets,True)
         timeSteps = Lea.fromValFreqsDict(inter_arrival_time_dist)
         exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)