Bläddra i källkod

Merge branch 'develop' of into develop

Joshua 7 år sedan

+ 0 - 47

@@ -1,47 +0,0 @@
-FROM debian:stretch AS build-container
-# install all the necessary packages (see, but libpcap-dev might not be on that list, it's still needed)
-RUN apt-get update && apt-get install -y --no-install-recommends build-essential cmake libboost-dev libboost-python-dev libtins-dev libpcap-dev python3-dev sqlite3 \
-	python3-pip python3-scapy python3-numpy python3-matplotlib python3-scipy python3-setuptools
-RUN pip3 install lea # for some reason you cant install lea via apt
-# make the required directored to copy the files into
-RUN mkdir /id2t /id2t/code /id2t/code_boost /id2t/resources
-WORKDIR /id2t
-# copy all the necessary files
-# there are multiple commands because docker only copies the directories' contents and not the directory itself and dont know what else to do here
-COPY /id2t/
-COPY code/ /id2t/code/
-COPY code_boost/ /id2t/code_boost/
-COPY resources /id2t/resources
-# run the build-script
-RUN ./
-# use a smaller container for later execution
-# we use python 3.6 because it's the first which comes with stretch
-FROM python:3.6-slim-stretch
-# install required libraries
-RUN pip3 install scapy-python3 lea numpy matplotlib scipy
-# create and use future work directory, don't copy code_boost
-RUN mkdir /id2t /id2t/code /id2t/resources
-WORKDIR /id2t
-# copy the built project
-COPY --from=build-container /id2t /id2t
-# copy the libs libpcapreader is linked with
-# kinda hacky, but we can do it because both containers share the same os-version
-COPY --from=build-container /usr/lib/x86_64-linux-gnu/ /usr/lib/ \
-	/usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/ \
-	/usr/lib/x86_64-linux-gnu/
-# install tcpdump because it somehow is a requirement (id2t throws a warning otherwise)
-RUN apt-get update && apt-get install -y tcpdump libpcap0.8 \
-	&& rm -rf /var/lib/apt/lists/*
-# add id2t to the path
-ENV PATH="$PATH:/id2t"
-# start with a shell instead of python
-CMD ["bash"]

+ 2 - 0

@@ -55,6 +55,8 @@ class Parameter(Enum):
     PACKET_PADDING = 'packet.padding'
     #recommended type: interval selection strategy, i.e. 'random', 'optimal' or 'custom' ------------------------------------
     INTERVAL_SELECT_STRATEGY = 'interval.selection.strategy'
+    # indicating if the attack will mark generated packets
+    HIDDEN_MARK = "hidden_mark"
 class ParameterTypes(Enum):

+ 25 - 4

@@ -69,6 +69,7 @@ from ID2TLib.CommunicationProcessor import CommunicationProcessor
 from ID2TLib.Botnet.MessageMapping import MessageMapping
 from ID2TLib.PcapFile import PcapFile
 from ID2TLib.Statistics import Statistics
+from scapy.layers.inet import IP, IPOption_Security
 class MembersMgmtCommAttack(BaseAttack.BaseAttack):
@@ -119,7 +120,8 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
             # information about the interval selection strategy
+            Param.HIDDEN_MARK: ParameterTypes.TYPE_BOOLEAN
         # create dict with MessageType values for fast name lookup
@@ -171,6 +173,8 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
         # interval selection strategy
         self.add_param_value(Param.INTERVAL_SELECT_STRATEGY, "optimal")
+        self.add_param_value(Param.HIDDEN_MARK, False)
     def generate_attack_pcap(self, context):
         Injects the packets of this attack into a PCAP and stores it as a temporary file.
@@ -196,6 +200,7 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
         overThousand = False
         msg_packet_mapping = MessageMapping(messages, self.statistics.get_pcap_timestamp_start())
+        mark_packets = self.get_param_value(Param.HIDDEN_MARK)
         # create packets to write to PCAP file
         for msg in messages:
@@ -228,6 +233,15 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
             Generator.add_padding(packet, padding,True, True)
             packet.time = msg.time
+            if mark_packets and isinstance(packet.payload, IP):  # do this only for ip-packets
+                ip_data = packet.payload
+                hidden_opt = IPOption_Security()
+                hidden_opt.option = 2  # "normal" security opt
+       = 16  # magic value indicating NSA
+                ip_data.options = hidden_opt
             msg_packet_mapping.map_message(msg, packet)
             total_pkts += 1
@@ -605,14 +619,21 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
         assign_realistic_timestamps(messages, external_ids, local_ids, avg_delay_local, avg_delay_external, zero_reference)
         portSelector = PortSelectors.LINUX
+        reserved_ports = set(int(line.strip()) for line in open("resources/reserved_ports.txt").readlines())
+        def filter_reserved(get_port):
+            port = get_port()
+            while port in reserved_ports:
+                port = get_port()
+            return port
         # create port configurations for the bots
         use_multiple_ports = self.get_param_value(Param.MULTIPORT)
         for bot in sorted(bot_configs):
-            bot_configs[bot]["SrcPort"] = portSelector.select_port_udp()
+            bot_configs[bot]["SrcPort"] = filter_reserved(portSelector.select_port_udp)
             if not use_multiple_ports:
-                bot_configs[bot]["DstPort"] = Generator.gen_random_server_port()
+                bot_configs[bot]["DstPort"] = filter_reserved(Generator.gen_random_server_port)
-                bot_configs[bot]["DstPort"] = portSelector.select_port_udp()
+                bot_configs[bot]["DstPort"] = filter_reserved(portSelector.select_port_udp)
         # assign realistic TTL for every bot
         if self.get_param_value(Param.TTL_FROM_CAIDA):

+ 145 - 4

@@ -570,6 +570,8 @@ class Statistics:
             # calculate avg local and external delay by summing up the respective delays and dividing them by the number of conversations
             avg_delay_external = 0.0
             avg_delay_local = 0.0
+            default_ext = False
+            default_local = False
                 for conv in local_conv:
@@ -577,7 +579,8 @@ class Statistics:
                 avg_delay_local = (avg_delay_local/len(local_conv)) * 0.001 #ms
                 # no local conversations in statistics found
-                avg_delay_local = 0.06
+                avg_delay_local = 0.055
+                default_local = True
                 for conv in external_conv:
@@ -585,11 +588,30 @@ class Statistics:
                 avg_delay_external = (avg_delay_external/len(external_conv)) * 0.001 #ms
                 # no external conversations in statistics found
-                avg_delay_external = 0.15
+                avg_delay_external = 0.09
+                default_ext = True
             #if no statistics were found, use these numbers
-            avg_delay_external = 0.15
-            avg_delay_local = 0.06
+            avg_delay_external = 0.09
+            avg_delay_local = 0.055
+            default_ext = True
+            default_local = True
+        # check whether delay numbers are consistent
+        if avg_delay_local > avg_delay_external:
+            avg_delay_external = avg_delay_local*1.2
+        # print information, that (default) values are used, that are not collected from the Input PCAP
+        if default_ext or default_local:
+            if default_ext and default_local:
+                print("Warning: Could not collect average delays for local or external communication, using following values:")
+            elif default_ext:
+                print("Warning: Could not collect average delays for external communication, using following values:")
+            elif default_local:
+                print("Warning: Could not collect average delays for local communication, using following values:")
+            print("Avg delay of external communication: {0}s,  Avg delay of local communication: {1}s".format(avg_delay_external, avg_delay_local))
         return avg_delay_local, avg_delay_external
     def get_filtered_degree(self, degree_type: str):
@@ -1211,6 +1233,11 @@ class Statistics:
             title_distance = 1 + 0.012*52.8/plt_height  # orginally, a good title distance turned out to be 1.012 with a plot height of 52.8
+            # if title would be cut off, set minimum width
+            min_width = len(title) * 0.15
+            if plt_width < min_width:
+                plt_width = min_width
             plt.gcf().set_size_inches(plt_width, plt_height)  # set plot size
             # set additional plot parameters
@@ -1306,6 +1333,104 @@ class Statistics:
             # plot data and return outpath
             return plot_big_conv_ext_stat("totalConversationDuration", title, 'Duration', suffix)
+        def plot_comm_histogram(attr:str, title:str, label:str, suffix:str):
+            """
+            Plots a histogram about the specified attribute for communications.
+            :param attr: The statistics attribute for this histogram
+            :param title: The title of the histogram
+            :param label: The xlabel of the histogram
+            :param suffix: The file suffix
+            :return: The path to the created plot
+            """
+            plt.gcf().clear()
+            result_raw = self.stats_db._process_user_defined_query(
+                "SELECT %s FROM conv_statistics_extended" % attr)
+            # return without plotting if no data available
+            if not result_raw:
+                return None
+            result = []
+            for entry in result_raw:
+                result.append(entry[0])
+            # if title would be cut off, set minimum width
+            plt_size = plt.gcf().get_size_inches()
+            min_width = len(title) * 0.12
+            if plt_size[0] < min_width:
+                plt.gcf().set_size_inches(min_width, plt_size[1])  # set plot size
+            # set additional plot parameters
+            plt.title(title)
+            plt.ylabel("Number of connections")
+            plt.xlabel(label)
+            width = 0.5
+            plt.grid(True)
+            # create 11 bins
+            bins = []
+            max_val = max(result)
+            for i in range(0, 11):
+                bins.append(i * max_val/10)
+            # comment out and set weights to normalize
+            # weights = numpy.ones_like(result)/float(len(result))
+            # plot the above data, first use plain numbers as graphy to maintain sorting
+            plt.hist(result, bins=bins, color='red', edgecolor='red', align="mid", rwidth=0.5)
+            plt.xticks(bins)
+            # save created figure
+            out = self.pcap_filepath.replace('.pcap', suffix)
+            plt.savefig(out, dpi=500)
+            return out
+        def plot_histogram_degree(degree_type:str, title:str, label:str, suffix:str):          
+            """
+            Plots a histogram about the specified type for the degree of an IP.
+            :param degree_type: The type of degree, i.e. inDegree, outDegree or overallDegree
+            :param title: The title of the histogram
+            :param label: The xlabel of the histogram
+            :param suffix: The file suffix
+            :return: The path to the created plot
+            """  
+            plt.gcf().clear()
+            result_raw = self.get_filtered_degree(degree_type)
+            # return without plotting if no data available
+            if not result_raw:
+                return None
+            result = []
+            for entry in result_raw:
+                result.append(entry[1])
+            # set additional plot parameters
+            plt.title(title)
+            plt.ylabel("Number of IPs")
+            plt.xlabel(label)
+            width = 0.5
+            plt.grid(True)
+            # create 11 bins
+            bins = []
+            max_val = max(result)
+            for i in range(0, 11):
+                bins.append(int(i * max_val/10))
+            # comment out and set weights to normalize
+            # weights = numpy.ones_like(result)/float(len(result))
+            # plot the above data, first use plain numbers as graphy to maintain sorting
+            plt.hist(result, bins=bins, color='red', edgecolor='red', align="mid", rwidth=0.5)
+            plt.xticks(bins)
+            # save created figure
+            out = self.pcap_filepath.replace('.pcap', suffix)
+            plt.savefig(out, dpi=500)
+            return out    
         ttl_out_path = plot_ttl('.' + format)
         mss_out_path = plot_mss('.' + format)
@@ -1330,6 +1455,22 @@ class Statistics:
         plot_avg_time_between_comm_interval_out = plot_avg_time_between_comm_interval('.' + format)
         plot_avg_comm_interval_time_out = plot_avg_comm_interval_time("." + format)
         plot_total_comm_duration_out = plot_total_comm_duration("." + format)
+        plot_hist_pkts_per_connection_out = plot_comm_histogram("pktsCount", "Histogram - Number of exchanged packets per connection",
+            "Number of packets", "_plot-Histogram PktCount per Connection" + "." + format)
+        plot_hist_avgpkts_per_commint_out = plot_comm_histogram("avgIntervalPktCount", "Histogram - Average number of exchanged packets per communication interval",
+            "Average number of packets", "_plot-Histogram Avg PktCount per Interval per Connection" + "." + format)
+        plot_hist_avgtime_betw_commints_out = plot_comm_histogram("avgTimeBetweenIntervals", "Histogram - Average time between communication intervals in seconds",
+            "Average time between intervals", "_plot-Histogram Avg Time Between Intervals per Connection" + "." + format)
+        plot_hist_avg_int_time_per_connection_out = plot_comm_histogram("avgIntervalTime", "Histogram - Average duration of a communication interval in seconds",
+            "Average interval time", "_plot-Histogram Avg Interval Time per Connection" + "." + format)
+        plot_hist_total_comm_duration_out = plot_comm_histogram("totalConversationDuration", "Histogram - Total communication duration in seconds",
+            "Duration", "_plot-Histogram Communication Duration per Connection" + "." + format)
+        # plot_hist_indegree_out = plot_histogram_degree("inDegree", "Histogram - Ingoing degree per IP Address", 
+        #     "Ingoing degree", "_plot-Histogram Ingoing Degree per IP" + format)
+        # plot_hist_outdegree_out = plot_histogram_degree("outDegree", "Histogram - Outgoing degree per IP Address", 
+        #     "Outgoing degree", "_plot-Histogram Outgoing Degree per IP" + format)
+        # plot_hist_overalldegree_out = plot_histogram_degree("overallDegree", "Histogram - Overall degree per IP Address", 
+        #     "Overall degree", "_plot-Histogram Overall Degree per IP" + format)
         ## Time consuming plot
         # port_out_path = plot_port('.' + format)

+ 483 - 0

@@ -0,0 +1,483 @@