def test_open_alert_file(self):
'''
Testing the alert file open function.
'''
logger = Logger()
self.assertEqual(logger.open_alert_file(), 0)
def test_write_alert_to_file__no_json(self):
'''
Testing the write alert to file function, without a json object.
Requires - a file handle to be opened by the object.
'''
logger = Logger()
self.assertRaises(TypeError, logger.write_alert_to_file)
def test_write_flow_to_file__no_string(self):
'''
Testing the write flow to file function, without a string.
Requires - a file handle to be opened by the object.
'''
logger = Logger()
self.assertRaises(TypeError, logger.write_flow_to_file)
def test_init(self):
'''
Testing the module's constructor.
Input - none.
Expected output - successful logger object instantiation.
'''
logger = False
logger = Logger()
self.assertTrue(logger)
def test_write_alert_to_file__empty_json(self):
'''
Testing the write alert to file function, with an empty json object.
Requires - a file handle to be opened by the object.
'''
logger = Logger()
alert = {}
ret = logger.write_alert_to_file(alert)
self.assertEqual(ret, 0)
def test_write_alert_to_file(self):
'''
Testing the write alert to file function, with a json object.
Requires - a file handle to be opened by the object.
'''
logger = Logger()
alert = {"test1": {"0": 0, "1": 1}, "test2": {"2": 2, "3": 3}}
ret = logger.write_alert_to_file(alert)
self.assertEqual(ret, 0)
def test_write_flow_to_file__empty_string(self):
'''
Testing the write flow to file function, with an empty string.
Requires - a file handle to be opened by the object.
'''
logger = Logger()
flow = ""
ret = logger.write_flow_to_file(flow)
self.assertEqual(ret, 0)
def test_write_alert_to_file__alert_no_increment(self):
'''
Ensuring the alert number is incremented correctly upon writing to file.
Requires - an alert to be correctly processed and written to file.
Input - valid json.
Expected output:
logger.write_alert_to_file(alert) == 0
logger.alert_no == 2
'''
logger = Logger()
alert = {"test1": {"0": 0, "1": 1}, "test2": {"2": 2, "3": 3}}
ret = logger.write_alert_to_file(alert)
self.assertEqual(ret, 0)
self.assertEqual(logger.alert_no, 2)
def test_init(self):
'''
Testing the module's constructor - init variables and function calls.
Expected output:
logger.alert_no == 1
logger.flow_file == True
logger.alert_file == True
logger.flow_file_name == 'flows.binetflow'
logger.alert_file_name == 'alerts.log'
'''
logger = Logger()
self.assertEqual(logger.alert_no, 1)
self.assertTrue(logger.flow_file)
self.assertTrue(logger.alert_file)
self.assertEqual(logger.flow_file_name, 'flows.binetflow')
self.assertEqual(logger.alert_file_name, 'alerts.log')
def __init__(self, args):
"""Constructor for the Detector.
Takes in parsed command line argument data and sets up the Detector's mode accordingly.
These modes include sniffing from the network, processing a local .pcap file or reading
from a pre-processed network flow file.
Also loads the relevent models into an object array to facilitate model prediciton.
Args:
args (dict): Parsed command line arguments to specify the Detector's mode of operation.
Attributes:
gui (bool): Specifies the GUI mode required.
logging (bool): Specifies the logging mode required.
debug (bool): Specifies the debugging mode required.
read (None, string): Specifies the file read mode required.
dataset_feature_columns (:obj:'list' of :obj:'str'): The required dataset feature column headings used in the Sniffer and Detector.
models (:obj:'list' of :obj:'Model'): List to store successfully instantiated Model objects.
sniffer (:obj':'Sniffer'): Sniffer object storage.
ws_client (:obj':'Websocket_Client'): Websocket Client object storage.
logger (:obj:'Logger'): Logger object storage.
"""
self.gui = args['no_gui']
self.logging = args['no_log']
self.debug = args['debug']
self.read = args['read']
self.dataset_feature_columns = [
'SrcAddr', 'DstAddr', 'Proto', 'Sport', 'Dport', 'State', 'sTos',
'dTos', 'SrcWin', 'DstWin', 'sHops', 'dHops', 'StartTime',
'LastTime', 'sTtl', 'dTtl', 'TcpRtt', 'SynAck', 'AckDat',
'SrcPkts', 'DstPkts', 'SrcBytes', 'DstBytes', 'SAppBytes',
'DAppBytes', 'Dur', 'TotPkts', 'TotBytes', 'TotAppByte', 'Rate',
'SrcRate', 'DstRate'
]
self.models = []
self.model_directory = 'Models'
self.socket_addr = "ws://localhost:5566"
if self.debug:
print("[ Detector ] Debugging output enabled.")
# De-serialise model objects into the model array
self.models = self.load_models()
# Sniffs raw data from a SPAN'd port, performs netflow feature extraction.
# Mimics bash shell behaviour of:
# $ TCPDUMP (interface) | ARGUS | RA CLIENT (CSV Formatted Network Flow Exporter).
# Or, reads from a given file
self.sniffer = Sniffer(self.read)
if (self.gui == True):
# Websocket_Client instantiation
# Faciliates data transfer through a localhost socket to the backend electron
# nodejs server
self.ws_client = Websocket_Client()
# And attempt to create a connection to the websocker server
self.ws_client.connect(self.socket_addr)
if (self.logging == True):
# Flow and Alert file logging
# Initialise Logger instance to handle alert and flow file logging operations
self.logger = Logger()