README.md

@@ -40,7 +40,8 @@ The following packages/libraries are required to compile the ID2T C++ modules
 The following python packages are required to run ID2T. Install the packages with your preferred package manager. For example, you can use pip3 (pip for python 3). Install pip3 in ubuntu with ``apt install python3-pip`` and install the packages with ``sudo pip3 install <packagename>``.
 * ``scapy`` (make sure its the python3 version)
 * ``lea``
-* ``SciPy Stack` (see [installation instructions](https://www.scipy.org/install.html))
+* ``matplotlib``
+* ``SciPy Stack`` (see [installation instructions](https://www.scipy.org/install.html))
 
 #### Notes on the Minimum Package Versions
 The minimum version stated in the previous requirements are the versions we have used in the development of ID2T. Other (older) versions might also work; however, we cannot guarantee nor support them. Furthermore, some compilation scripts would need to be manually modified to accommodate these older versions.

code/Attack/DDoSAttack.py

@@ -193,4 +193,5 @@ class DDoSAttack(BaseAttack.BaseAttack):
         self.attack_end_utime = last_packet.time
 
         # return packets sorted by packet time_sec_start
-        return pkt_num, path_attack_pcap
+        # pkt_num+1: because pkt_num starts at 0
+        return pkt_num + 1, path_attack_pcap

code/CLI.py

@@ -92,7 +92,6 @@ class CLI(object):
 
         self.process_arguments()
 
-
 def main(args):
     """
     Creates a new CLI object and invokes the arguments parsing.
@@ -103,34 +102,6 @@ def main(args):
     # Check arguments
     cli.parse_arguments(args)
 
-
 # Uncomment to enable calling by terminal
 if __name__ == '__main__':
     main(sys.argv[1:])
-
-# if __name__ == '__main__':
-#     INPUT = ['-i']
-#
-#     #    FILES = ['/root/datasets/201506021400_1G.pcap',
-#     #             '/root/datasets/201506021400_2G.pcap',
-#     #             '/root/datasets/201506021400_5G.pcap']
-#
-#     # FILES = ['/mnt/hgfs/datasets/201506021400_2G.pcap']
-#
-#     FILES = ['/home/pjattke/temp/test_me_short.pcap']
-#
-#     ATTACK_PS = ['-a', 'PortscanAttack', 'ip.src=10.2.2.4', 'mac.dst=05:AB:47:B5:19:11',
-#                  'inject.at-timestamp=1449038705.316721', 'attack.note=Portscan2']
-#     ATTACK_PS2 = ['-a', 'PortscanAttack', 'port.dst=1-1024', 'ip.src=3.3.3.3']
-#     ATTACK_DD = ['-a', 'DDoSAttack', 'ip.dst=9.9.9.9', 'attackers.count=10', 'packets.limit=100']
-#
-#     STATS_RECALC = ['-r']
-#     STATS_PRINT = ['-s']
-#     STATS_PLOT = ['-p']
-#
-#     QUERY_MODE_LOOP = ['-q']
-#     QUERY_DB = ['-q', 'ipAddress(pktsSent > 1000, kbytesSent >= 20)']
-#
-#     for f in FILES:
-#         main(INPUT + [f] + ATTACK_PS2 + ATTACK_DD)  # Statistics Calculation
-#         #main(INPUT + ATTACK_DD)  # Attack Packet Generation -> insert exit() | Merging

code/ID2TLib/Controller.py

@@ -55,26 +55,24 @@ class Controller:
         if len(self.written_pcaps) > 1:
             print("\nMerging temporary attack pcaps into single pcap file...", end=" ")
             sys.stdout.flush()  # force python to print text immediately
-            attack_pcap_file = PcapFile(self.written_pcaps[0])
-            for attack in self.written_pcaps[1:]:
-                all_attacks_pcap = attack_pcap_file.merge_attack(attack)
-                os.remove(attack)  # remove merged pcap
-                # Create new PcapFile object for next iteration
-                attack_pcap_file = PcapFile(all_attacks_pcap)
+            for i in range(0, len(self.written_pcaps) - 1):
+                attacks_pcap = PcapFile(self.written_pcaps[i])
+                attacks_pcap_path = attacks_pcap.merge_attack(self.written_pcaps[i + 1])
+                os.remove(self.written_pcaps[i + 1])  # remove merged pcap
             print("done.")
         else:
-            all_attacks_pcap = self.written_pcaps[0]
+            attacks_pcap_path = self.written_pcaps[0]
 
         # merge single attack pcap with all attacks into base pcap
         print("Merging base pcap with single attack pcap...", end=" ")
         sys.stdout.flush()  # force python to print text immediately
-        self.pcap_dest_path = self.pcap_file.merge_attack(all_attacks_pcap)
+        self.pcap_dest_path = self.pcap_file.merge_attack(attacks_pcap_path)
         print("done.")
 
         # delete intermediate PCAP files
         print('Deleting intermediate attack pcap...', end="")
         sys.stdout.flush()  # force python to print text immediately
-        os.remove(all_attacks_pcap)
+        os.remove(attacks_pcap_path)
         print("done.")
 
         # write label file with attacks