forked from hpcn-uam/DNP3-Attack-Detection-System
-
Notifications
You must be signed in to change notification settings - Fork 0
/
alarmSystem.py
135 lines (95 loc) · 3.47 KB
/
alarmSystem.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
__author__ = "David Olano"
''' Alarm system functions '''
import FSM
import datetime
import resultsDisplay
import ConfigParser
import collections
alarmCodeList = {
1: "IPBroadcastMessage",
2: "AnormalIPRange",
3: "DFCFlagAttack",
4: "LinkLayerFuzzing-InvalidStart",
5: "ApplicationLayerFuzzing-InvalidFunctionCode",
6: "WriteFunctionDetected",
7: "ResetFunctionAttack",
8: "InitializeDataFunctionAttack",
9: "AppTerminationFunctionAttack",
10: "DeleteFunctionAttack",
11: "CaptureConfigurationAttack",
12: "ClearObjectsAttack",
13: "ClearObjectsAttackCold",
14: "ColdResetFunctionAttack",
}
config=ConfigParser.ConfigParser()
config.read("config.ini")
def initialize():
global current_state
global previousTotalThreatValue
initial_state = 1
print '\tDetected\tSeverity\tTime'
print '\t--------\t--------\t----'
current_state = "Low"
previousTotalThreatValue = 0
def singlePacketAttack(code,severity):
global current_state
print ('ALERT:\t', alarmCodeList[code] , '\t',
severity , '\t', datetime.datetime.now())
alarm_action = "rise"
current_state = FSM.alarm_FSM(current_state,alarm_action)
def threatPonderate(alarmValue,queue,attackType):
if (attackType == 1 or attackType == 2 or attackType == 7
or attackType == 8 or attackType == 10 or attackType == 12):
severity = "High"
elif (attackType == 3 or attackType == 4 or attackType == 5
or attackType == 9 or attackType == 11
or attackType == 13 or attackType == 14):
severity = "Critical"
elif attackType == 6:
severity = "Normal"
if alarmValue == 1:
print 'ALERT:\t', alarmCodeList[attackType] , '\t', severity , '\t', datetime.datetime.now()
queue.extend([alarmValue])
#print queue # Debug
ocurrencies = queue.count(1)
alarmCodeList[attackType]
attackFactor = float(config.get('AttackFactors',alarmCodeList[attackType]))
windowLength = int(config.get('Constants','windowLength'))
if len(queue) == windowLength: #Waits until the queue is full
lastRepetitions=[]
i=0
while i<3:
lastRepetitions.append(queue[i])
i+=1
nearRepetitions = lastRepetitions.count(1)
if nearRepetitions == 0:
nearRepetitions = 1 #Mathematical adjustment
frequencyFactor = resultsDisplay.divide_float(ocurrencies,windowLength)
threatValue = frequencyFactor * attackFactor * nearRepetitions**2
return threatValue
else:
return 0
def checkStatus(totalThreatValue):
global current_state
global previousTotalThreatValue
if current_state == "Low":
thresold = 20
elif current_state == "Medium":
thresold = 40
elif current_state == "High":
thresold = 60
elif current_state == "Critical":
thresold = 80
if totalThreatValue >= previousTotalThreatValue:
if current_state != "Critical":
if totalThreatValue > thresold:
alarm_action = "rise"
current_state = FSM.alarm_FSM(current_state,alarm_action)
else:
if totalThreatValue < (thresold-20):
if thresold == 20:
current_state = "Low"
else:
alarm_action = "decrease"
current_state = FSM.alarm_FSM(current_state,alarm_action)
previousTotalThreatValue = totalThreatValue