DDoSAttack.py 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276
  1. import logging
  2. from random import randint, uniform
  3. from lea import Lea
  4. from scipy.stats import gamma
  5. from Attack import BaseAttack
  6. from Attack.AttackParameters import Parameter as Param
  7. from Attack.AttackParameters import ParameterTypes
  8. logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
  9. # noinspection PyPep8
  10. from scapy.layers.inet import IP, Ether, TCP, RandShort
  11. from collections import deque
  12. class DDoSAttack(BaseAttack.BaseAttack):
  13. def __init__(self, statistics, pcap_file_path):
  14. """
  15. Creates a new instance of the DDoS attack.
  16. :param statistics: A reference to the statistics class.
  17. """
  18. # Initialize attack
  19. super(DDoSAttack, self).__init__(statistics, "DDoS Attack", "Injects a DDoS attack'",
  20. "Resource Exhaustion")
  21. # Define allowed parameters and their type
  22. self.supported_params = {
  23. Param.IP_SOURCE: ParameterTypes.TYPE_IP_ADDRESS,
  24. Param.MAC_SOURCE: ParameterTypes.TYPE_MAC_ADDRESS,
  25. Param.PORT_SOURCE: ParameterTypes.TYPE_PORT,
  26. Param.IP_DESTINATION: ParameterTypes.TYPE_IP_ADDRESS,
  27. Param.MAC_DESTINATION: ParameterTypes.TYPE_MAC_ADDRESS,
  28. Param.PORT_DESTINATION: ParameterTypes.TYPE_PORT,
  29. Param.INJECT_AT_TIMESTAMP: ParameterTypes.TYPE_FLOAT,
  30. Param.INJECT_AFTER_PACKET: ParameterTypes.TYPE_PACKET_POSITION,
  31. Param.PACKETS_PER_SECOND: ParameterTypes.TYPE_FLOAT,
  32. Param.PACKETS_LIMIT: ParameterTypes.TYPE_INTEGER_POSITIVE,
  33. Param.NUMBER_ATTACKERS: ParameterTypes.TYPE_INTEGER_POSITIVE
  34. }
  35. # PARAMETERS: initialize with default values
  36. # (values are overwritten if user specifies them)
  37. self.add_param_value(Param.INJECT_AFTER_PACKET, randint(0, self.statistics.get_packet_count()))
  38. # attacker configuration
  39. num_attackers = randint(1, 16)
  40. self.add_param_value(Param.IP_SOURCE, self.generate_random_ipv4_address(num_attackers))
  41. self.add_param_value(Param.MAC_SOURCE, self.generate_random_mac_address(num_attackers))
  42. self.add_param_value(Param.PORT_SOURCE, str(RandShort()))
  43. self.add_param_value(Param.PACKETS_PER_SECOND, randint(1, 64))
  44. """
  45. # Aidmar - PPS = avg packet rate per host = avgPacketsSentPerHost / captureDuration
  46. max_pkts_sent_per_host = self.statistics.process_db_query(
  47. "SELECT MAX(pktsSent) FROM ip_statistics;")
  48. print("\nmax_pkts_sent_per_host: %f" % (max_pkts_sent_per_host))
  49. capture_duration = self.statistics.process_db_query(
  50. "SELECT captureDuration FROM file_statistics;")
  51. max_pkt_rate_per_host = max_pkts_sent_per_host/float(capture_duration)
  52. print("\nmax_pkt_rate_per_host: %f" % (max_pkt_rate_per_host))
  53. #num_attackers = self.get_param_value(Param.NUMBER_ATTACKERS)
  54. # the minumum PPS is the maximum packet rate per host * attackers number
  55. min_pps = math.floor(max_pkt_rate_per_host * int(num_attackers))
  56. print("\nMIN PPS: %f" % (min_pps))
  57. self.add_param_value(Param.PACKETS_PER_SECOND, randint(min_pps, 64))
  58. """
  59. # victim configuration
  60. random_ip_address = self.statistics.get_random_ip_address()
  61. self.add_param_value(Param.IP_DESTINATION, random_ip_address)
  62. destination_mac = self.statistics.get_mac_address(random_ip_address)
  63. if isinstance(destination_mac, list) and len(destination_mac) == 0:
  64. destination_mac = self.generate_random_mac_address()
  65. self.add_param_value(Param.MAC_DESTINATION, destination_mac)
  66. # Aidmar - comment out
  67. """
  68. port_destination = self.statistics.process_db_query(
  69. "SELECT portNumber FROM ip_ports WHERE portDirection='in' ORDER BY RANDOM() LIMIT 1;")
  70. if port_destination is None:
  71. port_destination = str(RandShort())
  72. self.add_param_value(Param.PORT_DESTINATION, port_destination)
  73. """
  74. self.add_param_value(Param.PACKETS_LIMIT, randint(1000, 5000))
  75. def generate_attack_pcap(self):
  76. def update_timestamp(timestamp, pps, maxdelay):
  77. """
  78. Calculates the next timestamp to be used based on the packet per second rate (pps) and the maximum delay.
  79. :return: Timestamp to be used for the next packet.
  80. """
  81. return timestamp + uniform(0.1 / pps, maxdelay)
  82. def get_nth_random_element(*element_list):
  83. """
  84. Returns the n-th element of every list from an arbitrary number of given lists.
  85. For example, list1 contains IP addresses, list 2 contains MAC addresses. Use of this function ensures that
  86. the n-th IP address uses always the n-th MAC address.
  87. :param element_list: An arbitrary number of lists.
  88. :return: A tuple of the n-th element of every list.
  89. """
  90. range_max = min([len(x) for x in element_list])
  91. if range_max > 0: range_max -= 1
  92. n = randint(0, range_max)
  93. return tuple(x[n] for x in element_list)
  94. def index_increment(number: int, max: int):
  95. if number + 1 < max:
  96. return number + 1
  97. else:
  98. return 0
  99. def get_attacker_config(ipAddress: str):
  100. """
  101. Returns the attacker configuration depending on the IP address, this includes the port for the next
  102. attacking packet and the previously used (fixed) TTL value.
  103. :param ipAddress: The IP address of the attacker
  104. :return: A tuple consisting of (port, ttlValue)
  105. """
  106. # Determine port
  107. port = attacker_port_mapping.get(ipAddress)
  108. if port is not None: # use next port
  109. next_port = attacker_port_mapping.get(ipAddress) + 1
  110. if next_port > (2 ** 16 - 1):
  111. next_port = 1
  112. else: # generate starting port
  113. next_port = RandShort()
  114. attacker_port_mapping[ipAddress] = next_port
  115. # Determine TTL value
  116. ttl = attacker_ttl_mapping.get(ipAddress)
  117. if ttl is None: # determine TTL value
  118. is_invalid = True
  119. pos = ip_source_list.index(ipAddress)
  120. pos_max = len(gd)
  121. while is_invalid:
  122. ttl = int(round(gd[pos]))
  123. if 0 < ttl < 256: # validity check
  124. is_invalid = False
  125. else:
  126. pos = index_increment(pos, pos_max)
  127. attacker_ttl_mapping[ipAddress] = ttl
  128. # return port and TTL
  129. return next_port, ttl
  130. BUFFER_SIZE = 1000
  131. # Determine source IP and MAC address
  132. num_attackers = self.get_param_value(Param.NUMBER_ATTACKERS)
  133. if num_attackers is not None: # user supplied Param.NUMBER_ATTACKERS
  134. # Create random attackers based on user input Param.NUMBER_ATTACKERS
  135. ip_source_list = self.generate_random_ipv4_address(num_attackers)
  136. mac_source_list = self.generate_random_mac_address(num_attackers)
  137. else: # user did not supply Param.NUMBER_ATTACKS
  138. # use default values for IP_SOURCE/MAC_SOURCE or overwritten values
  139. # if user supplied any values for those params
  140. ip_source_list = self.get_param_value(Param.IP_SOURCE)
  141. mac_source_list = self.get_param_value(Param.MAC_SOURCE)
  142. # Timestamp
  143. timestamp_next_pkt = self.get_param_value(Param.INJECT_AT_TIMESTAMP)
  144. pps = self.get_param_value(Param.PACKETS_PER_SECOND)
  145. randomdelay = Lea.fromValFreqsDict({1 / pps: 70, 2 / pps: 30, 5 / pps: 15, 10 / pps: 3})
  146. # Initialize parameters
  147. packets = deque(maxlen=BUFFER_SIZE)
  148. port_source_list = self.get_param_value(Param.PORT_SOURCE)
  149. mac_destination = self.get_param_value(Param.MAC_DESTINATION)
  150. ip_destination = self.get_param_value(Param.IP_DESTINATION)
  151. port_destination = self.get_param_value(Param.PORT_DESTINATION)
  152. # Aidmar
  153. if not port_destination: # user did not define port_dest
  154. port_destination = self.statistics.process_db_query(
  155. "SELECT portNumber FROM ip_ports WHERE portDirection='in' AND ipAddress='" + ip_destination + "' ORDER BY portCount DESC LIMIT 1;")
  156. if not port_destination: # no port was retrieved
  157. port_destination = self.statistics.process_db_query(
  158. "SELECT portNumber FROM ip_ports WHERE portDirection='in' GROUP BY portNumber ORDER BY SUM(portCount) DESC LIMIT 1;")
  159. if not port_destination:
  160. port_destination = max(1, str(RandShort()))
  161. attacker_port_mapping = {}
  162. attacker_ttl_mapping = {}
  163. # Gamma distribution parameters derived from MAWI 13.8G dataset
  164. alpha, loc, beta = (2.3261710235, -0.188306914406, 44.4853123884)
  165. gd = gamma.rvs(alpha, loc=loc, scale=beta, size=len(ip_source_list))
  166. path_attack_pcap = None
  167. # Aidmar
  168. replies = []
  169. for pkt_num in range(self.get_param_value(Param.PACKETS_LIMIT)):
  170. # Build reply package
  171. # Select one IP address and its corresponding MAC address
  172. (ip_source, mac_source) = get_nth_random_element(ip_source_list, mac_source_list)
  173. # Determine source port
  174. (port_source, ttl_value) = get_attacker_config(ip_source)
  175. maxdelay = randomdelay.random()
  176. request_ether = Ether(dst=mac_destination, src=mac_source)
  177. request_ip = IP(src=ip_source, dst=ip_destination, ttl=ttl_value)
  178. # Aidmar - random win size for each packet
  179. # request_tcp = TCP(sport=port_source, dport=port_destination, flags='S', ack=0)
  180. win_size = self.statistics.process_db_query(
  181. "SELECT winSize FROM tcp_syn_win ORDER BY RANDOM() LIMIT 1;")
  182. request_tcp = TCP(sport=port_source, dport=port_destination, flags='S', ack=0, window=win_size)
  183. request = (request_ether / request_ip / request_tcp)
  184. request.time = timestamp_next_pkt
  185. # Build reply package
  186. # Aidmar
  187. reply = True
  188. if reply:
  189. reply_ether = Ether(src=mac_destination, dst=mac_source)
  190. reply_ip = IP(src=ip_destination, dst=ip_source, flags='DF')
  191. reply_tcp = TCP(sport=port_destination, dport=port_source, seq=0, ack=1, flags='SA', window=29200) # ,
  192. # options=[('MSS', mss_dst)])
  193. reply = (reply_ether / reply_ip / reply_tcp)
  194. if len(replies) > 0:
  195. last_reply_timestamp = replies[-1].time
  196. while (timestamp_reply <= last_reply_timestamp):
  197. timestamp_reply = timestamp_next_pkt + 1 # TO-DO # update_timestamp(timestamp_next_pkt, pps, maxdelay)
  198. else:
  199. timestamp_reply = update_timestamp(timestamp_next_pkt, pps, maxdelay)
  200. reply.time = timestamp_reply
  201. replies.append(reply)
  202. # Aidmar
  203. # Append reply
  204. if replies:
  205. while timestamp_next_pkt >= replies[0].time:
  206. packets.append(replies[0])
  207. replies.remove(replies[0])
  208. if len(replies) == 0:
  209. break
  210. # Append request
  211. packets.append(request)
  212. timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps, maxdelay)
  213. # Store timestamp of first packet (for attack label)
  214. if pkt_num == 1:
  215. self.attack_start_utime = packets[0].time
  216. elif pkt_num % BUFFER_SIZE == 0: # every 1000 packets write them to the pcap file (append)
  217. last_packet = packets[-1]
  218. packets = sorted(packets, key=lambda pkt: pkt.time)
  219. path_attack_pcap = self.write_attack_pcap(packets, True, path_attack_pcap)
  220. packets = []
  221. # Requests are sent all, send all replies
  222. if pkt_num == self.get_param_value(Param.PACKETS_LIMIT)-1:
  223. for reply in replies:
  224. packets.append(reply)
  225. if len(packets) > 0:
  226. packets = sorted(packets, key=lambda pkt: pkt.time)
  227. path_attack_pcap = self.write_attack_pcap(packets, True, path_attack_pcap)
  228. # Store timestamp of last packet
  229. self.attack_end_utime = last_packet.time
  230. # return packets sorted by packet time_sec_start
  231. # pkt_num+1: because pkt_num starts at 0
  232. return pkt_num + 1, path_attack_pcap