organize code

code/Attack/DDoSAttack.py

@@ -21,16 +21,9 @@ class DDoSAttack(BaseAttack.BaseAttack):
     # Aidmar - Metasploit DoS default PPS
     maxDefaultPPS = 1400
     minDefaultPPS = 400
-
-    def get_reply_delay(self, ip_dst):
-        replyDelay = self.statistics.process_db_query(
-            "SELECT avgDelay FROM conv_statistics WHERE ipAddressB='" + ip_dst + "' LIMIT 1")
-        if not replyDelay:
-            allDelays = self.statistics.process_db_query("SELECT avgDelay FROM conv_statistics")
-            replyDelay = np.median(allDelays)
-        replyDelay = int(replyDelay) * 10 ** -6  # convert from micro to seconds
-        print(replyDelay)
-        return replyDelay
+    # TO-DO: justify the values
+    minDefaultBuffer = 1000
+    maxDefaultBuffer = 2000
 
     def __init__(self, statistics, pcap_file_path):
         """
@@ -88,7 +81,7 @@ class DDoSAttack(BaseAttack.BaseAttack):
         self.add_param_value(Param.MAC_DESTINATION, destination_mac)
 
         # Aidmar
-        self.add_param_value(Param.VICTIM_BUFFER, randint(1000,2000))
+        self.add_param_value(Param.VICTIM_BUFFER, randint(self.minDefaultBuffer,self.maxDefaultBuffer))
         # Aidmar - comment out
         """
         port_destination = self.statistics.process_db_query(
@@ -211,7 +204,7 @@ class DDoSAttack(BaseAttack.BaseAttack):
 
         # Aidmar
         replies = []
-        replayDelay = self.get_reply_delay(ip_destination)
+        replyDelay = self.get_reply_delay(ip_destination)
         victim_buffer = self.get_param_value(Param.VICTIM_BUFFER)
 
         # Aidmar
@@ -219,14 +212,15 @@ class DDoSAttack(BaseAttack.BaseAttack):
         attack_duration = self.get_param_value(Param.ATTACK_DURATION)
         pkts_num = int(pps * attack_duration)
         for pkt_num in range(pkts_num):
-            # Build reply package
+            # Build request package
             # Select one IP address and its corresponding MAC address
             (ip_source, mac_source) = get_nth_random_element(ip_source_list, mac_source_list)
             # Determine source port
             (port_source, ttl_value) = get_attacker_config(ip_source)
             maxdelay = randomdelay.random()
             request_ether = Ether(dst=mac_destination, src=mac_source)
-            # Aidmar - check ip.src == ip.dst
+
+            # TO-DO: move it out of the loop. Aidmar - check ip.src == ip.dst
             if ip_source == ip_destination:
                 print("\nERROR: Invalid IP addresses; source IP is the same as destination IP: " + ip_source + ".")
                 import sys
@@ -235,6 +229,7 @@ class DDoSAttack(BaseAttack.BaseAttack):
             request_ip = IP(src=ip_source, dst=ip_destination, ttl=ttl_value)
             # Aidmar - random win size for each packet
             # request_tcp = TCP(sport=port_source, dport=port_destination, flags='S', ack=0)
+            # TO-DO: move it out of the loop
             win_size = self.statistics.process_db_query(
                 "SELECT winSize FROM tcp_syn_win ORDER BY RANDOM() LIMIT 1;")
             request_tcp = TCP(sport=port_source, dport=port_destination, flags='S', ack=0, window=win_size)
@@ -251,12 +246,13 @@ class DDoSAttack(BaseAttack.BaseAttack):
                 # options=[('MSS', mss_dst)])
                 reply = (reply_ether / reply_ip / reply_tcp)
 
-                timestamp_reply = timestamp_next_pkt + uniform(replayDelay, 2 * replayDelay)
+                # TO-DO: justify the values
+                timestamp_reply = timestamp_next_pkt + uniform(replyDelay, 2 * replyDelay)
 
                 if len(replies) > 0:
                     last_reply_timestamp = replies[-1].time
                     while timestamp_reply <= last_reply_timestamp:
-                        timestamp_reply = timestamp_reply + uniform(replayDelay, 2 * replayDelay)
+                        timestamp_reply = timestamp_reply + uniform(replyDelay, 2 * replyDelay)
 
                 reply.time = timestamp_reply
                 replies.append(reply)

code/Attack/EternalBlueExploit.py

@@ -113,7 +113,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
             sys.exit(0)
 
         path_attack_pcap = None
-        replayDelay = self.get_reply_delay(ip_destination)
+        replyDelay = self.get_reply_delay(ip_destination)
 
         # Scan (MS17) for EternalBlue
         # Read Win7_eternalblue_scan_vulnerable pcap file
@@ -161,7 +161,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                 tcp_pkt.setfieldval("dport", port_source)
 
                 new_pkt = (eth_frame / ip_pkt / tcp_pkt)
-                timestamp_next_pkt = timestamp_next_pkt + uniform(replayDelay, 2 * replayDelay)
+                timestamp_next_pkt = timestamp_next_pkt + uniform(replyDelay, 2 * replyDelay)
                 new_pkt.time = timestamp_next_pkt
 
             packets.append(new_pkt)
@@ -258,7 +258,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         # TCP
                         tcp_pkt.setfieldval("dport", port_source)
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
-                        timestamp_next_pkt = timestamp_next_pkt + uniform(replayDelay, 2 * replayDelay)
+                        timestamp_next_pkt = timestamp_next_pkt + uniform(replyDelay, 2 * replyDelay)
                         new_pkt.time = timestamp_next_pkt
                         # Not perfect timestamp
                         # rep_time = req_time + replayDelay
@@ -306,7 +306,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         # TCP
                         tcp_pkt.setfieldval("dport", port_source)
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
-                        timestamp_next_pkt = timestamp_next_pkt + uniform(replayDelay, 2 * replayDelay)
+                        timestamp_next_pkt = timestamp_next_pkt + uniform(replyDelay, 2 * replyDelay)
                         new_pkt.time = timestamp_next_pkt
                         # Not perfect timestamp
                         # rep_time = req_time + replayDelay

code/Attack/JoomlaRegPrivExploit.py

@@ -130,7 +130,7 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
             sys.exit(0)
 
         path_attack_pcap = None
-        replayDelay = self.get_reply_delay(ip_destination)
+        replyDelay = self.get_reply_delay(ip_destination)
 
         # Inject Joomla_registration_privesc
         # Read joomla_registration_privesc pcap file
@@ -213,7 +213,7 @@ class JoomlaRegPrivExploit(BaseAttack.BaseAttack):
                     str_http_pkt = str_http_pkt.replace("\\r", "\r")
 
                 new_pkt = (eth_frame / ip_pkt / tcp_pkt / str_http_pkt)
-                timestamp_next_pkt = timestamp_next_pkt + uniform(replayDelay, 2 * replayDelay)
+                timestamp_next_pkt = timestamp_next_pkt + uniform(replyDelay, 2 * replyDelay)
                 new_pkt.time = timestamp_next_pkt
 
             packets.append(new_pkt)

code/Attack/PortscanAttack.py

@@ -243,7 +243,7 @@ class PortscanAttack(BaseAttack.BaseAttack):
         # Aidmar
         A_B_packets = []
         B_A_packets = []
-        replayDelay = self.get_reply_delay(ip_destination)
+        replyDelay = self.get_reply_delay(ip_destination)
 
         for dport in dest_ports:
             # Parameters changing each iteration
@@ -281,12 +281,12 @@ class PortscanAttack(BaseAttack.BaseAttack):
                 reply = (reply_ether / reply_ip / reply_tcp)
                 # Aidmar - edit name timestamp_reply
                 #print(uniform(replayDelay, 2 * replayDelay))
-                timestamp_reply = timestamp_next_pkt + uniform(replayDelay, 2 * replayDelay) # TO-DO: justify these boundaries
+                timestamp_reply = timestamp_next_pkt + uniform(replyDelay, 2 * replyDelay) # TO-DO: justify these boundaries
 
                 if len(B_A_packets) > 0:
                     last_reply_timestamp = B_A_packets[-1].time
                     while (timestamp_reply <= last_reply_timestamp):
-                        timestamp_reply = timestamp_reply + uniform(replayDelay, 2 * replayDelay)
+                        timestamp_reply = timestamp_reply + uniform(replyDelay, 2 * replyDelay)
 
                 reply.time = timestamp_reply
                 B_A_packets.append(reply)
@@ -297,7 +297,7 @@ class PortscanAttack(BaseAttack.BaseAttack):
                 confirm_tcp = TCP(sport=sport, dport=dport, seq=1, window=0, flags='R')
                 confirm = (confirm_ether / confirm_ip / confirm_tcp)
                 # Aidmar - edit name timestamp_confirm
-                timestamp_confirm = timestamp_reply + uniform(replayDelay, 2 * replayDelay)
+                timestamp_confirm = timestamp_reply + uniform(replyDelay, 2 * replyDelay)
                 confirm.time = timestamp_confirm
                 A_B_packets.append(confirm)
 

code/Attack/SQLiAttack.py

@@ -131,7 +131,7 @@ class SQLiAttack(BaseAttack.BaseAttack):
             sys.exit(0)
 
         path_attack_pcap = None
-        replayDelay = self.get_reply_delay(ip_destination)
+        replyDelay = self.get_reply_delay(ip_destination)
 
         # Inject SQLi Attack
         # Read SQLi Attack pcap file
@@ -213,7 +213,7 @@ class SQLiAttack(BaseAttack.BaseAttack):
                     str_http_pkt = str_http_pkt.replace("\\r", "\r")
 
                 new_pkt = (eth_frame / ip_pkt / tcp_pkt / str_http_pkt)
-                timestamp_next_pkt = timestamp_next_pkt + uniform(replayDelay, 2 * replayDelay)
+                timestamp_next_pkt = timestamp_next_pkt + uniform(replyDelay, 2 * replyDelay)
                 new_pkt.time = timestamp_next_pkt
 
             packets.append(new_pkt)

code_boost/src/cxx/pcap_processor.cpp

@@ -131,46 +131,31 @@ void pcap_processor::collect_statistics() {
             return;
         }
         long timeInterval_microsec = captureDuration.count() / timeIntervalsNum;
-        std::chrono::duration<int, std::micro> timeInterval(timeInterval_microsec); // 10,000,000 = 10 sec
-        std::cout << "Aidmar: First:" << firstTimestamp.count() << std::endl;
-        std::cout << "Aidmar: Last:" << lastTimestamp.count() << std::endl;
-        std::cout << "Aidmar: Capture duration:" << captureDuration.count() << std::endl;
-        std::cout << "Aidmar: Interval duration:" << timeInterval_microsec << std::endl;        
-        //int pktsInterval = 1000;        
+        std::chrono::duration<int, std::micro> timeInterval(timeInterval_microsec);             
         int previousPacketCount = 0;
         float previousSumPacketSize = 0;
         
         // Iterate over all packets and collect statistics
-        for (; i != sniffer.end(); i++) {
-            
-            // Aidmar - packets interval
-            //if(counter%pktsInterval==0){}        
-            
+        for (; i != sniffer.end(); i++) {                  
             // Aidmar            
             std::chrono::microseconds lastPktTimestamp = i->timestamp();
             //Tins::Timestamp tt = i->timestamp();                        
             std::chrono::microseconds currentCaptureDuration = lastPktTimestamp - firstTimestamp;
             std::chrono::microseconds barrier =  timeIntervalCounter*timeInterval;
+            // For each interval
             if(currentCaptureDuration>barrier){                    
                 stats.addIntervalStat(timeInterval, intervalStartTimestamp, lastPktTimestamp, previousPacketCount, previousSumPacketSize);
                 timeIntervalCounter++;   
                 intervalStartTimestamp = lastPktTimestamp;
                 previousPacketCount = stats.getPacketCount();
                 previousSumPacketSize = stats.getSumPacketSize();
-            }
-            
-            std::cout << "Aidmar: addIntervalStat + getPacketCount" << std::endl;
-            
+            }                    
             stats.incrementPacketCount();
-            this->process_packets(*i);
-            
-             std::cout << "Aidmar: process_packets + incrementPacketCount" << std::endl;
-             
+            this->process_packets(*i);                    
             lastProcessedPacket = i->timestamp();            
             counter++;
         }
         
-         std::cout << "Aidmar: Done with packets" << std::endl;
         // Save timestamp of last packet into statistics
         stats.setTimestampLastPacket(lastProcessedPacket);
         
@@ -208,7 +193,6 @@ void pcap_processor::process_packets(const Packet &pkt) {
     
     // PDU is IPv4
     if (pdu_l3_type == PDU::PDUType::IP) {
-         std::cout << "Aidmar: PDU is IPv4" << std::endl;
         const IP &ipLayer = (const IP &) *pdu_l3;
         ipAddressSender = ipLayer.src_addr().to_string();
         ipAddressReceiver = ipLayer.dst_addr().to_string();
@@ -228,11 +212,9 @@ void pcap_processor::process_packets(const Packet &pkt) {
 
         // Aidmar - Artifacts Tests: contemporary (ToS)
         //tests.check_tos(ipLayer.tos());
-        //std::cout << "Aidmar: check_tos" << std::endl;
         
     } // PDU is IPv6
     else if (pdu_l3_type == PDU::PDUType::IPv6) {
-        std::cout << "Aidmar: PDU is IPv6" << std::endl;
         const IPv6 &ipLayer = (const IPv6 &) *pdu_l3;
         ipAddressSender = ipLayer.src_addr().to_string();
         ipAddressReceiver = ipLayer.dst_addr().to_string();
@@ -264,18 +246,14 @@ void pcap_processor::process_packets(const Packet &pkt) {
         if (pdu_l3_type == PDU::PDUType::IP) {            
             tests.check_payload(pdu_l4);
           }
-        std::cout << "Aidmar: check_payload" << std::endl;
           
         if (p == PDU::PDUType::TCP) {
-            std::cout << "Aidmar: PDU is TCP" << std::endl;
             TCP tcpPkt = (const TCP &) *pdu_l4;
             
           // Aidmar - Artifacts Tests: checksum
           if (pdu_l3_type == PDU::PDUType::IP) {            
             tests.check_checksum(ipAddressSender, ipAddressReceiver, tcpPkt);
-          }
-            std::cout << "Aidmar: check_checksum" << std::endl;
-            
+          }            
             stats.incrementProtocolCount(ipAddressSender, "TCP");                        
                     
             // Aidmar
@@ -287,8 +265,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
             if(tcpPkt.get_flag(TCP::SYN)) {
                 int win = tcpPkt.window();
                 stats.incrementWinCount(ipAddressSender, win);
-            }   
-                
+            }                   
             try {                                                                
                 int val = tcpPkt.mss();
                 stats.addMSS(ipAddressSender, val);
@@ -303,7 +280,6 @@ void pcap_processor::process_packets(const Packet &pkt) {
             
           // UDP Packet
         } else if (p == PDU::PDUType::UDP) {
-            std::cout << "Aidmar: PDU is UDP" << std::endl;
             const UDP udpPkt = (const UDP &) *pdu_l4;
             stats.incrementProtocolCount(ipAddressSender, "UDP");            
             stats.incrementPortCount(ipAddressSender, udpPkt.sport(), ipAddressReceiver, udpPkt.dport());                        

code_boost/src/cxx/statistics.cpp

@@ -170,7 +170,7 @@ void statistics::addIntervalStat(std::chrono::duration<int, std::micro> interval
     std::string lastPktTimestamp_s = std::to_string(intervalEndTimestamp.count());
     
     interval_statistics[lastPktTimestamp_s].pkts_count = packetCount - previousPacketCount;  
-    interval_statistics[lastPktTimestamp_s].kbytes = (float(sumPacketSize - previousSumPacketSize) / 1024) ;
+    interval_statistics[lastPktTimestamp_s].kbytes = (float(sumPacketSize - previousSumPacketSize) / 1024);
     
     if(ipEntopies.size()>1){
         interval_statistics[lastPktTimestamp_s].ip_src_entropy = ipEntopies[0];

eval.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+./id2t -i captures/capture_1.pcap
+./id2t -i captures/capture_2.pcap