|
|
@@ -62,6 +62,7 @@ class Message():
|
|
|
|
|
|
|
|
|
from ID2TLib import FileUtils, Generator
|
|
|
+from ID2TLib.IPv4 import IPAddress
|
|
|
from ID2TLib.PcapAddressOperations import PcapAddressOperations
|
|
|
from ID2TLib.CommunicationProcessor import CommunicationProcessor
|
|
|
from ID2TLib.Botnet.MessageMapping import MessageMapping
|
|
|
@@ -319,30 +320,6 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
|
|
|
bot_configs[bot]["TTL"] = source_ttl_prob_dict.random()
|
|
|
|
|
|
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
- def add_delay(timestamp: float, minDelay: float, delay: float):
|
|
|
- '''
|
|
|
- Adds delay to a timestamp, with a minimum value of minDelay. But usually a value close to delay
|
|
|
- :param timestamp: the timestamp that is to be increased
|
|
|
- :param minDelay: the minimum value that is to be added to the timestamp
|
|
|
- :param delay: The general size of the delay. Statistically speaking: the expected value
|
|
|
- :return: the updated timestamp
|
|
|
- '''
|
|
|
-
|
|
|
- randomdelay = Lea.fromValFreqsDict({0.15*delay: 7, 0.3*delay: 10, 0.7*delay:20,
|
|
|
- delay:33, 1.2*delay:20, 1.6*delay: 10, 1.9*delay: 7, 2.5*delay: 3, 4*delay: 1})
|
|
|
- if 0.1*delay < minDelay:
|
|
|
- print("Warning: minDelay probably too big when computing time_stamps")
|
|
|
-
|
|
|
- # updated timestamps consist of the sum of the minimum delay, the magnitude of the delay
|
|
|
- # and a deviation by up to 10% in order to guarantee uniqueness
|
|
|
- general_offset = randomdelay.random()
|
|
|
- unique_offset = uniform(-0.1*general_offset, 0.1*general_offset)
|
|
|
- return timestamp + minDelay + general_offset + unique_offset
|
|
|
-
|
|
|
-
|
|
|
def move_xml_to_outdir(filepath_xml: str):
|
|
|
"""
|
|
|
Moves the XML file at filepath_xml to the output directory of the PCAP
|
|
|
@@ -434,62 +411,40 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
|
|
|
add_ids_to_config(sorted(external_ids), existing_external_ips, new_external_ips, bot_configs, idtype="external", router_mac=router_mac)
|
|
|
|
|
|
#### Set realistic timestamps for messages ####
|
|
|
- most_used_ip_address = self.statistics.get_most_used_ip_address()
|
|
|
- minDelay = self.get_reply_delay(most_used_ip_address)[0]
|
|
|
- next_timestamp = self.get_param_value(Param.INJECT_AT_TIMESTAMP)
|
|
|
- pcap_duration = float(self._get_capture_duration())
|
|
|
- equi_timeslice = pcap_duration/len(messages)
|
|
|
-
|
|
|
- # Dict, takes a tuple of 2 Bot_IDs as a key (ID with lower number first), returns the time when the Hello_reply came in
|
|
|
- hello_times = {}
|
|
|
- # msg_IDs with already updated timestamps
|
|
|
+
|
|
|
+ # this is the timestamp at which the first packet should be injected, the packets have to be shifted to the beginning of the
|
|
|
+ # pcap file (INJECT_AT_TIMESTAMP) and then the offset of the packets have to be compensated to start at the given point in time
|
|
|
+ zero_reference = self.get_param_value(Param.INJECT_AT_TIMESTAMP) - messages[0].time
|
|
|
updated_msgs = []
|
|
|
|
|
|
+ # calculate the average delay values for local and external responses
|
|
|
+ avg_delay_local, avg_delay_external = self.statistics.get_avg_delay_local_ext()
|
|
|
+
|
|
|
+ # update all timestamps
|
|
|
for req_msg in messages:
|
|
|
- updated = 0
|
|
|
+
|
|
|
if(req_msg.msg_id in updated_msgs):
|
|
|
# message already updated
|
|
|
continue
|
|
|
|
|
|
- if(req_msg.msg_id == -1):
|
|
|
- # message has no corresponding request/response
|
|
|
- req_msg.time = next_timestamp
|
|
|
- next_timestamp = add_delay(next_timestamp, minDelay, equi_timeslice)
|
|
|
- updated_msgs.append(req_msg.msg_id)
|
|
|
- continue
|
|
|
-
|
|
|
+ ## update req_msg timestamp with a variation of up to 50ms
|
|
|
+ req_msg.time = zero_reference + req_msg.time + uniform(-0.05, 0.05)
|
|
|
+ updated_msgs.append(req_msg)
|
|
|
|
|
|
- elif req_msg.type != MessageType.SALITY_HELLO:
|
|
|
- # Hello messages must have preceded, so make sure the timestamp of this msg is after the HELLO_REPLY
|
|
|
- if int(req_msg.src) < int(req_msg.dst):
|
|
|
- hello_time = hello_times[(req_msg.src, req_msg.dst)]
|
|
|
- else:
|
|
|
- hello_time = hello_times[(req_msg.dst, req_msg.src)]
|
|
|
-
|
|
|
- if next_timestamp < hello_time:
|
|
|
- # use the time of the hello_reply instead of next_timestamp to update this pair of messages
|
|
|
- post_hello = add_delay(hello_time, minDelay, equi_timeslice)
|
|
|
- respns_msg = messages[req_msg.refer_msg_id]
|
|
|
- respns_msg.time = add_delay(post_hello, minDelay, equi_timeslice)
|
|
|
- req_msg.time = post_hello
|
|
|
- updated = 1
|
|
|
-
|
|
|
- if not updated:
|
|
|
- # update normally
|
|
|
+ # update response if necessary
|
|
|
+ if(req_msg.msg_id != -1):
|
|
|
respns_msg = messages[req_msg.refer_msg_id]
|
|
|
- respns_msg.time = add_delay(next_timestamp, minDelay, equi_timeslice)
|
|
|
- req_msg.time = next_timestamp
|
|
|
- next_timestamp = add_delay(next_timestamp, minDelay, equi_timeslice)
|
|
|
|
|
|
- updated_msgs.append(req_msg.msg_id)
|
|
|
- updated_msgs.append(req_msg.refer_msg_id)
|
|
|
-
|
|
|
- if req_msg.type == MessageType.SALITY_HELLO:
|
|
|
- # if hello messages have been exchanged, save timestamp of the HELLO_REPLY
|
|
|
- if int(req_msg.src) < int(req_msg.dst):
|
|
|
- hello_times[(req_msg.src, req_msg.dst)] = respns_msg.time
|
|
|
+ # check for local or external communication and update response timestamp with the respective avg delay
|
|
|
+ if(req_msg.msg_id in external_ids or respns_msg.msg_id in external_ids):
|
|
|
+ #external communication
|
|
|
+ respns_msg.time = req_msg.time + avg_delay_external + uniform(-0.1*avg_delay_external, 0.1*avg_delay_external)
|
|
|
+
|
|
|
else:
|
|
|
- hello_times[(req_msg.dst, req_msg.src)] = respns_msg.time
|
|
|
+ #local communication
|
|
|
+ respns_msg.time = req_msg.time + avg_delay_local + uniform(-0.1*avg_delay_local, 0.1*avg_delay_local)
|
|
|
+
|
|
|
+ updated_msgs.append(respns_msg)
|
|
|
|
|
|
# create port configurations for the bots
|
|
|
for bot in bot_configs:
|
