Home Explore Help
Sign In
leon.boeck
/
ID2T-toolkit-BotnetTraffic
forked from SPIN/ID2T-toolkit
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

add tos dist table

aidmar.wainakh 6 years ago
parent
6c8609b2ac
commit
b1031f5f3f
4 changed files with 81 additions and 3 deletions
Split View Show Diff Stats
  1. 48 3
      code/ID2TLib/Statistics.py
  2. 1 0
      code_boost/src/cxx/statistics.cpp
  3. 31 0
      code_boost/src/cxx/statistics_db.cpp
  4. 1 0
      code_boost/src/cxx/statistics_db.h

+ 48 - 3
code/ID2TLib/Statistics.py
View File 

@@ -1,6 +1,6 @@
 
 # Aidmar
 
 from operator import itemgetter
 
-from math import sqrt, ceil
 
+from math import sqrt, ceil, log
 
 
 import os
 
 import time
 
@@ -140,6 +140,16 @@ class Statistics:
 
         Statistics.write_list(self.get_general_file_statistics(), print, "")
 
         print("\n")
 
 
+    #Aidmar
 
+    def calculate_entropy(self, data, frequency):
 
+        entropy = 0
 
+        sumFreq = sum(frequency)
 
+        for i, x in enumerate(data):
 
+            p_x = float(frequency[i] / sumFreq)
 
+            if p_x > 0:
 
+                entropy += - p_x * log(p_x, 2)
 
+        return entropy
 
+
 
     # Aidmar
 
     def get_tests_statistics(self):
 
         """
 
@@ -168,27 +178,62 @@ class Statistics:
 
 
         newIPCount = self.stats_db._process_user_defined_query("SELECT newIPCount FROM interval_statistics")
 
         avgNewIPCount = calc_normalized_avg(newIPCount)
 
+        result = self.stats_db._process_user_defined_query("SELECT ipSrcCumEntropy FROM interval_statistics")
 
+        ipSrcEntropy = result[-1][0]
 
+        result = self.stats_db._process_user_defined_query("SELECT ipDstCumEntropy FROM interval_statistics")
 
+        ipDstEntropy = result[-1][0]
 
 
         newTTLCount = self.stats_db._process_user_defined_query("SELECT newTTLCount FROM interval_statistics")
 
         avgNewTTLCount = calc_normalized_avg(newTTLCount)
 
+        result = self.stats_db._process_user_defined_query("SELECT ttlValue,SUM(ttlCount) FROM ip_ttl GROUP BY ttlValue")
 
+        data, frequency = [], []
 
+        for row in result:
 
+            data.append(row[0])
 
+            frequency.append(row[1])
 
+        ttlEntopy = self.calculate_entropy(data,frequency)
 
 
         newWinSizeCount = self.stats_db._process_user_defined_query("SELECT newWinSizeCount FROM interval_statistics")
 
         avgNewWinCount = calc_normalized_avg(newWinSizeCount)
 
+        result = self.stats_db._process_user_defined_query("SELECT winSize,SUM(winCount) FROM tcp_syn_win GROUP BY winSize")
 
+        data, frequency = [], []
 
+        for row in result:
 
+            data.append(row[0])
 
+            frequency.append(row[1])
 
+        winEntopy = self.calculate_entropy(data, frequency)
 
 
         newToSCount = self.stats_db._process_user_defined_query("SELECT newToSCount FROM interval_statistics")
 
         avgNewToSCount = calc_normalized_avg(newToSCount)
 
+        result = self.stats_db._process_user_defined_query(
 
+            "SELECT tosValue,SUM(tosCount) FROM ip_tos GROUP BY tosValue")
 
+        data, frequency = [], []
 
+        for row in result:
 
+            data.append(row[0])
 
+            frequency.append(row[1])
 
+        tosEntopy = self.calculate_entropy(data, frequency)
 
 
         newMSSCount = self.stats_db._process_user_defined_query("SELECT newMSSCount FROM interval_statistics")
 
         avgNewMSSCount = calc_normalized_avg(newMSSCount)
 
-
 
+        result = self.stats_db._process_user_defined_query(
 
+            "SELECT mssValue,SUM(mssCount) FROM tcp_mss_dist GROUP BY mssValue")
 
+        data, frequency = [], []
 
+        for row in result:
 
+            data.append(row[0])
 
+            frequency.append(row[1])
 
+        mssEntopy = self.calculate_entropy(data, frequency)
 
 
         return [("Payload ratio", payloadRatio, "%"),
 
                 ("Incorrect TCP checksum ratio", incorrectChecksumRatio, "%"),
 
                 ("Avg. new IP", avgNewIPCount, ""),
 
+                ("IP Src Entropy", ipSrcEntropy, ""),
 
+                ("IP Dst Entropy", ipDstEntropy, ""),
 
                 ("Avg. new TTL", avgNewTTLCount, ""),
 
+                ("TTL Entropy", ttlEntopy, ""),
 
                 ("Avg. new WinSize", avgNewWinCount, ""),
 
+                ("WinSize Entropy", winEntopy, ""),
 
                 ("Avg. new ToS", avgNewToSCount, ""),
 
-                ("Avg. new MSS", avgNewMSSCount, "")]
 
+                ("ToS Entropy", tosEntopy, ""),
 
+                ("Avg. new MSS", avgNewMSSCount, ""),
 
+                ("MSS Entropy", mssEntopy, "")]
 
 
     def write_statistics_to_file(self):
 
         """

+ 1 - 0
code_boost/src/cxx/statistics.cpp
View File 

@@ -698,6 +698,7 @@ void statistics::writeToDatabase(std::string database_path) {
 
     db.writeStatisticsProtocols(protocol_distribution);
 
     // Aidmar
 
     db.writeStatisticsMss_dist(mss_distribution);
 
+    db.writeStatisticsTos_dist(tos_distribution);
 
     db.writeStatisticsWin(win_distribution);
 
     db.writeStatisticsConv(conv_statistics);
 
     db.writeStatisticsInterval(interval_statistics);

+ 31 - 0
code_boost/src/cxx/statistics_db.cpp
View File 

@@ -285,6 +285,37 @@ void statistics_db::writeStatisticsMss_dist(std::unordered_map<ipAddress_mss, in
 
     }
 
 }
 
 
+// Aidamr
 
+/**
 
+ * Writes the ToS distribution into the database.
 
+ * @param tosDistribution The ToS distribution from class statistics.
 
+ */
 
+void statistics_db::writeStatisticsTos_dist(std::unordered_map<ipAddress_tos, int> tosDistribution) {
 
+    try {
 
+        db->exec("DROP TABLE IF EXISTS ip_tos");
 
+        SQLite::Transaction transaction(*db);
 
+        const char *createTable = "CREATE TABLE ip_tos ("
 
+                "ipAddress TEXT,"
 
+                "tosValue INTEGER,"
 
+                "tosCount INTEGER,"
 
+                "PRIMARY KEY(ipAddress,tosValue));";
 
+        db->exec(createTable);
 
+        SQLite::Statement query(*db, "INSERT INTO ip_tos VALUES (?, ?, ?)");
 
+        for (auto it = tosDistribution.begin(); it != tosDistribution.end(); ++it) {
 
+            ipAddress_tos e = it->first;
 
+            query.bind(1, e.ipAddress);
 
+            query.bind(2, e.tosValue);
 
+            query.bind(3, it->second);
 
+            query.exec();
 
+            query.reset();
 
+        }
 
+        transaction.commit();
 
+    }
 
+    catch (std::exception &e) {
 
+        std::cout << "Exception in statistics_db: " << e.what() << std::endl;
 
+    }
 
+}
 
+
 
 // Aidamr
 
 /**
 
  * Writes the window size distribution into the database.

+ 1 - 0
code_boost/src/cxx/statistics_db.h
View File 

@@ -42,6 +42,7 @@ public:
 
 
     // Aidmar - new tables
 
     void writeStatisticsMss_dist(std::unordered_map<ipAddress_mss, int> mssDistribution);
 
+    void writeStatisticsTos_dist(std::unordered_map<ipAddress_tos, int> tosDistribution);
 
     void writeStatisticsWin(std::unordered_map<ipAddress_win, int> winDistribution);
 
     void writeStatisticsConv(std::unordered_map<conv, entry_convStat> convStatistics);
 
     void writeStatisticsInterval(std::unordered_map<std::string, entry_intervalStat> intervalStatistics);