def addAuth(status, time):
db = init()
cursor = db.cursor()
cursor.execute("insert into auth(status, time) values(?, ?)",
(status, time))
db.commit()
l.default("Added auth data")
def online(sid, data):
l.success(str(data))
devInfo = db.getDeviceInfo(data['devId'])
if devInfo['status'] == 0:
sio.disconnect(sid)
return
l.default('Device: {0} is online'.format(data['devId']))
def add_data(emb, model, folds, fold, kappa, weight):
conn = init()
cursor = conn.cursor()
log.default("[+] Adding data...")
cursor.execute(
"insert into results(emb, model, folds, fold, kappa, weight) values(?, ?, ?, ?, ?, ?)",
(emb, model, folds, fold, kappa, weight))
conn.commit()
log.success("[+] Data added...")
def reset():
d.default('[+] Resetting ')
subprocess.check_call(['iptables', '-F'])
subprocess.check_call(['iptables', '-X'])
subprocess.check_call(['iptables', '-t', 'nat', '-F'])
subprocess.check_call(['iptables', '-t', 'nat', '-X'])
subprocess.check_call(['iptables', '-t', 'mangle', '-F'])
subprocess.check_call(['iptables', '-t', 'mangle', '-X'])
subprocess.check_call(['iptables', '-P', 'INPUT', 'ACCEPT'])
subprocess.check_call(['iptables', '-P', 'FORWARD', 'ACCEPT'])
subprocess.check_call(['iptables', '-P', 'OUTPUT', 'ACCEPT'])
def process(pkt, node, timeSeen):
ip = pkt.getlayer(IP)
ether = pkt.getlayer(Ether)
pprint.pprint(pkt)
d.default('[+] Time: {}'.format(timeSeen))
# add to db
id = db.addData(ether.src, ether.dst, ip.src, ip.dst, timeSeen, node, "",
"", "icmp")
# forward data to classify
cf.classify(pkt, "icmp", node, timeSeen, id)
def addData(dstMac, dstIP, srcMac, srcIP, timeSeen, node, sport, dport, proto):
db = init()
cursor = db.cursor()
cpu_percent = func.cpu_percent()
mem_p = func.memory()[2]
cursor.execute(
"insert into data(dstMac, dstIP, srcMac, srcIP, time, node, sport, dport, proto, cpu_percent, mem_p) values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
(dstMac, dstIP, srcMac, srcIP, timeSeen, node, sport, dport, proto,
cpu_percent, mem_p))
db.commit()
log.default('[-] {} data added'.format(proto))
return cursor.lastrowid
def rsa(length):
l.default('RSA, Generating key {0}'.format(str(length)))
start = time.time()
rsakey = RSA.generate(1024 * 1, Random.new().read)
pubCipher = rsakey.publickey()
privCipher = rsakey
end = time.time()
db = init()
cursor = db.cursor()
cursor.execute("insert into algo(category, len, time) values(?, ?, ?)",
('rsa', length, end - start))
db.commit()
l.success('done...')
print('\n')
def oaep(length):
l.default('OAEP, Generating key {0}'.format(str(length)))
start = time.time()
random_generator = Random.new().read
rsakey = RSA.generate(1024 * length, random_generator)
pubCipher = PKCS1_OAEP.new(rsakey.publickey())
privCipher = PKCS1_OAEP.new(rsakey)
end = time.time()
db = init()
cursor = db.cursor()
cursor.execute("insert into algo(category, len, time) values(?, ?, ?)",
('oaep', length, end - start))
db.commit()
l.success('Done...')
print('\n')
def addP(srcMac, dstMac, srcIP, dstIP, sport, dport, category):
db = init()
cursor = db.cursor()
if category == "icmp":
cursor.execute(
"insert into icmp(srcMac, dstMac, srcIP, dstIP, time) values(?, ?, ?, ?, ?)",
(srcMac, dstMac, srcIP, dstIP, time.time()))
else:
# udp and tcp
cursor.execute(
"insert into " + category +
"(srcMac, dstMac, srcIP, dstIP, sport, dport, time) values(?, ?, ?, ?, ?, ?, ?)",
(srcMac, dstMac, srcIP, dstIP, sport, dport, time.time()))
db.commit()
log.default("Added " + category + " Packet details")
print("\n")
def packetHandler(pkt):
if pkt.haslayer(ARP) and pkt.haslayer(Padding) and pkt.getlayer(
Padding).load != fx.defaultPadding and pkt.getlayer(ARP).op == 2:
lg.default(pformat(pkt))
arp = pkt.getlayer(ARP)
ip = arp.psrc
mac = arp.hwsrc
tm = time.time()
padding = pkt.getlayer(Padding)
decodedPadding = fx.decodePadding(padding.load)
seq = decodedPadding[2]
scn = decodedPadding[1]
binValue = decodedPadding[3]
category = decodedPadding[0]
# log data
db.logData('incoming', ip, mac, seq, tm, scn, binValue, category)
print('')
def addP(srcMac, dstMac, srcIP, dstIP, sport, dport, category, scenario, node, psize):
db = init()
cursor = db.cursor()
additionalParams = list(func.getAdditionalParams())
if category == "icmp":
params = [srcMac, dstMac, srcIP, dstIP, time.time(), scenario, node, psize]
for _ in additionalParams: params.append(_)
cursor.execute("insert into icmp(srcMac, dstMac, srcIP, dstIP, time, scenario, node, psize, freq_c, freq_min, freq_max, cpu_percent, ctx_switches, interrupts, soft_interrupts, syscalls, mtu, battery, fan, temp_c, temp_h, temp_crit, swap_t, swap_u, swap_f, swap_p, mem_t, mem_a, mem_p, mem_u, mem_f) values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", tuple(params))
else:
# udp and tcp
params = [srcMac, dstMac, srcIP, dstIP, sport, dport, time.time(), scenario, node, psize]
for _ in additionalParams: params.append(_)
cursor.execute("insert into "+ category + "(srcMac, dstMac, srcIP, dstIP, sport, dport, time, scenario, node, psize, freq_c, freq_min, freq_max, cpu_percent, ctx_switches, interrupts, soft_interrupts, syscalls, mtu, battery, fan, temp_c, temp_h, temp_crit, swap_t, swap_u, swap_f, swap_p, mem_t, mem_a, mem_p, mem_u, mem_f) values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", tuple(params))
db.commit()
log.default("Added " + category + " Packet details")
print("\n")
def mitm(iface, data):
log.default('Detecting MITM => ' + str(data['ip']) + ' = ' + str(data['mac']))
db_data = data['res']
i_data_ip = data['ip']
i_data_mac = data['mac']
i_data_acq = data['acq']
i_data_metric = data['valid']
i_data_time = data['time']
db_data_ip = db_data['ip']
db_data_mac = db_data['mac']
db_data_acq = db_data['acq']
db_data_metric = db_data['valid']
db_data_time = db_data['last_seen']
# both macs are the same
exists, i_db_data = db.find_mac(i_data_mac) # asset exists is true
# checking if host previous_ip is up
arp_packet = ARP(pdst=db_data_ip)
ans, un = sr(arp_packet)
if len(ans.sessions()) >= 1:
# host is alive
db.add_detection_time(time.time() - i_data_time)
log.error('MITM Detected => IP: ' + i_db_data['ip'] + ', MAC: ' + i_db_data['mac'] + ' ::: Spoofing Client ::: IP: ' + i_data_ip + ', MAC: ' + db_data_mac)
# add mitigation
# delete incoming arp entry and keep new one
arp.delete_entry(iface, i_data_ip)
arp.add_entry(iface, db_data_ip, db_data_mac)
else:
# possible DOS;
metric = arp.metric(db_data_ip)
if metric != 1:
# authorized client has been blocked
# checking last time seen
if (i_data_time - db_data_time) < arp.ttl(iface):
# add detection
db.add_detection_time(time.time() - i_data_time)
# confirmed dos
arp.delete_entry(iface, i_data_ip)
log.error('MITM Detected => IP: ' + i_db_data['ip'] + ', MAC: ' + i_db_data['mac'] + ' ::: Spoofing Client ::: IP: ' + i_data_ip + ', MAC: ' + db_data_mac)
def classify(pkt, proto, node, timeSeen, id):
pprint.pprint(pkt)
d.default('[-] Classifying: {}, {}, {}, {}'.format(proto, node, timeSeen,
id))
pprint.pprint(pkt)
output = 0
md = model()
print(md)
nPkts = 0
for x in db.getCData(time.time(), proto, node):
nPkts += 1
output += -1 if md.predict(np.array([[x['cpu_percent'], x['mem_p']]
]))[0] == 0 else 1
if nPkts >= 4:
if output == 0:
d.success('[-] No DoS')
else:
d.error('[+] DoS Attack ooooo ')
db.addDetection(node, proto, time.time() - timeSeen)
nf.filter(pkt, proto, node, timeSeen, id)
else:
d.warning('[-] Can\'t decide: {} pkts'.format(nPkts))
def packetHandler(pkt):
global mac
global icmp_pkt_arr
global udp_pkt_arr
global tcp_pkt_arr
global node
pprint.pprint(pkt)
if pkt.haslayer(IP):
ip = pkt.getlayer(IP)
ether = pkt.getlayer(Ether)
if ip.dst != None and func.inSubnet(
ip.dst) and ether.src != mac: # removing data from AP
if pkt.lastlayer().haslayer(ICMP):
if icmp_pkt_arr == 0:
icmp_pkt_arr = time.time()
else:
timeSeen = time.time()
if timeSeen - icmp_pkt_arr <= func.tau():
d.warning('[+] Possible ICMP Flood detected')
icmp_pkt_arr = timeSeen
icmp.process(pkt, node, timeSeen)
else:
# reset
d.default('[-] Resetting icmp_pkt_arr')
icmp_pkt_arr = 0
if pkt.lastlayer().haslayer(UDP):
if udp_pkt_arr == 0:
udp_pkt_arr = time.time()
else:
timeSeen = time.time()
if timeSeen - udp_pkt_arr <= func.tau():
d.warning('[+] Possible UDP Flood detected')
udp_pkt_arr = timeSeen
udp.process(pkt, node, timeSeen)
else:
# reset
d.default('[-] Resetting udp_pkt_arr')
udp_pkt_arr = 0
if pkt.lastlayer().haslayer(TCP):
if tcp_pkt_arr == 0:
tcp_pkt_arr = time.time()
else:
timeSeen = time.time()
if timeSeen - tcp_pkt_arr <= func.tau():
d.warning('[+] Possible TCP Flood detected')
tcp_pkt_arr = timeSeen
syn.process(pkt, node, timeSeen)
else:
# reset
d.default('[-] Resetting tcp_pkt_arr')
tcp_pkt_arr = 0
def process(pkt, label, t_start):
ip = pkt.getlayer(IP)
ether = pkt.getlayer(Ether)
d.default(pprint.pformat(pkt))
#func.addData(ip.src, ip.dst, "icmp", label)
func.getDetectionData(pkt, ip.src, ip.dst, "icmp", label, t_start)
def on_message(data):
l.default('message received with {0}'.format(str(data)))
fx.sendDeviceMessage(str(data['fleetId']), data)
>>> ls(ARP)
hwtype : XShortField = (1)
ptype : XShortEnumField = (2048)
hwlen : FieldLenField = (None)
plen : FieldLenField = (None)
op : ShortEnumField = (1)
hwsrc : MultipleTypeField = (None)
psrc : MultipleTypeField = (None)
hwdst : MultipleTypeField = (None)
pdst : MultipleTypeField = (None)
"""
newPkt = fx.arpPacket(arp.pdst, mac, arp.psrc, arp.hwsrc, 2, paddingPayload.load)
fx.sendPacket(iface, newPkt)
lg.success(pformat(newPkt))
print('')
if __name__ == '__main__':
if len(sys.argv) != 3:
usage()
global mac
global iface
iface = sys.argv[1]
mac = sys.argv[2]
# sniff for packets
lg.default('[-] Listening for packets')
while True:
sniff(iface=sys.argv[1], count=1, prn=packetHandler)
if ip.dst != None and func.inSubnet(
ip.dst) and ether.src != mac: # removing data from AP
if pkt.haslayer(ICMP):
icmp.process(pkt, scenario, t_start)
if pkt.haslayer(UDP):
udp.process(pkt, scenario, t_start)
if pkt.haslayer(TCP):
tcp.process(pkt, scenario, t_start)
# entry
if __name__ == '__main__':
if len(sys.argv) != 2:
usage()
# connect to rpc
sio.connect(server)
func.setSubnet(func.host_iface)
global mac
global scenario
scenario = sys.argv[1]
mac = db.getSubnet()['mac']
# sniff for packets
d.default('[+] Analyzing traffic on {}'.format(func.host_iface))
while True:
sniff(iface=func.host_iface, count=1, prn=packetHandler)
def analyze_packet(sid, data):
d.default('Verifying ' + str(data))
sio.emit('verify', data)
def connect(sid, environ):
l.default('Client socket opened => {0}'.format(str(sid)))
current = float(icmp['time'])
if prev != 0:
icmp_time.append(current - prev)
prev = current
logger.success("ICMP timing window: {0}".format(str(avg(icmp_time))))
db.updatePInterval("icmp", avg(icmp_time))
print("\n")
prev = 0
for udp in db.getP("udp"):
current = float(udp['time'])
if prev != 0:
udp_time.append(current - prev)
prev = current
logger.warning("UDP timing window: {0}".format(str(avg(udp_time))))
db.updatePInterval("udp", avg(udp_time))
print("\n")
prev = 0
for tcp in db.getP("tcp"):
current = float(tcp['time'])
if prev != 0:
tcp_time.append(current - prev)
prev = current
logger.default("TCP timing window: {0}".format(str(avg(tcp_time))))
db.updatePInterval("tcp", avg(tcp_time))
print("\n")
def tcp(sid, data):
d.default(data)
def icmp(sid, data):
d.default(data)
#!/usr/bin/python
"""
Data Analysis
"""
import func as fx
import db
import logger as lg
import matplotlib.pyplot as plt
import numpy as np
categories = [1, 2]
normal = []
mitm = []
lg.default('[-] Generating dataset...')
fileHandler = open(fx.dataset, 'w')
details = 'RTT,Category\n'
for iteration in fx.seqNumbers:
for category in categories:
for data in db.getTableScenarioCategory('incoming', iteration,
category):
for data2 in db.getTableScenarioCategorySeq(
'outgoing', data['scenario'], category, data['seq']):
ctg = category
rtt = np.abs(data['time'] - data2['time'])
details += '{},{}\n'.format(rtt, ctg - 1)
if ctg == 1:
normal.append(rtt)
else:
mitm.append(rtt)
def udp(sid, data):
d.default(data)
def detect(sid, data):
d.default(data)
def auth(sid, data):
l.default('Sending request to fleet server')
sio.emit(str(data['fleetId']), data)
def on_connect():
global devId
global data
l.default('Sending request to IoT device')
sio.emit(devId, data)
def train():
from linear_schedule import Linear
ledger = defaultdict(lambda: MovingAverage(Reporting.reward_average))
M.config(file=os.path.join(RUN.log_directory, RUN.log_file))
M.diff()
with U.make_session(
RUN.num_cpu), Logger(RUN.log_directory) as logger, contextify(
gym.make(G.env_name)) as env:
env = ScaledFloatFrame(wrap_dqn(env))
if G.seed is not None:
env.seed(G.seed)
logger.log_params(G=vars(G), RUN=vars(RUN), Reporting=vars(Reporting))
inputs = TrainInputs(action_space=env.action_space,
observation_space=env.observation_space)
trainer = QTrainer(inputs=inputs,
action_space=env.action_space,
observation_space=env.observation_space)
if G.prioritized_replay:
replay_buffer = PrioritizedReplayBuffer(size=G.buffer_size,
alpha=G.alpha)
else:
replay_buffer = ReplayBuffer(size=G.buffer_size)
class schedules:
# note: it is important to have this start from the begining.
eps = Linear(G.n_timesteps * G.exploration_fraction, 1,
G.final_eps)
if G.prioritized_replay:
beta = Linear(G.n_timesteps - G.learning_start, G.beta_start,
G.beta_end)
U.initialize()
trainer.update_target()
x = np.array(env.reset())
ep_ind = 0
M.tic('episode')
for t_step in range(G.n_timesteps):
# schedules
eps = 0 if G.param_noise else schedules.eps[t_step]
if G.prioritized_replay:
beta = schedules.beta[t_step - G.learning_start]
x0 = x
M.tic('sample', silent=True)
(action, *_), action_q, q = trainer.runner.act([x], eps)
x, rew, done, info = env.step(action)
ledger['action_q_value'].append(action_q.max())
ledger['action_q_value/mean'].append(action_q.mean())
ledger['action_q_value/var'].append(action_q.var())
ledger['q_value'].append(q.max())
ledger['q_value/mean'].append(q.mean())
ledger['q_value/var'].append(q.var())
ledger['timing/sample'].append(M.toc('sample', silent=True))
# note: adding sample to the buffer is identical between the prioritized and the standard replay strategy.
replay_buffer.add(s0=x0,
action=action,
reward=rew,
s1=x,
done=float(done))
logger.log(
t_step, {
'q_value': ledger['q_value'].latest,
'q_value/mean': ledger['q_value/mean'].latest,
'q_value/var': ledger['q_value/var'].latest,
'q_value/action': ledger['action_q_value'].latest,
'q_value/action/mean':
ledger['action_q_value/mean'].latest,
'q_value/action/var': ledger['action_q_value/var'].latest
},
action=action,
eps=eps,
silent=True)
if G.prioritized_replay:
logger.log(t_step, beta=beta, silent=True)
if done:
ledger['timing/episode'].append(M.split('episode',
silent=True))
ep_ind += 1
x = np.array(env.reset())
ledger['rewards'].append(info['total_reward'])
silent = (ep_ind % Reporting.print_interval != 0)
logger.log(t_step,
timestep=t_step,
episode=green(ep_ind),
total_reward=ledger['rewards'].latest,
episode_length=info['timesteps'],
silent=silent)
logger.log(t_step, {
'total_reward/mean':
yellow(ledger['rewards'].mean, lambda v: f"{v:.1f}"),
'total_reward/max':
yellow(ledger['rewards'].max, lambda v: f"{v:.1f}"),
"time_spent_exploring":
default(eps, percent),
"timing/episode":
green(ledger['timing/episode'].latest, sec),
"timing/episode/mean":
green(ledger['timing/episode'].mean, sec),
},
silent=silent)
try:
logger.log(t_step, {
"timing/sample":
default(ledger['timing/sample'].latest, sec),
"timing/sample/mean":
default(ledger['timing/sample'].mean, sec),
"timing/train":
default(ledger['timing/train'].latest, sec),
"timing/train/mean":
green(ledger['timing/train'].mean, sec),
"timing/log_histogram":
default(ledger['timing/log_histogram'].latest, sec),
"timing/log_histogram/mean":
default(ledger['timing/log_histogram'].mean, sec)
},
silent=silent)
if G.prioritized_replay:
logger.log(t_step, {
"timing/update_priorities":
default(ledger['timing/update_priorities'].latest,
sec),
"timing/update_priorities/mean":
default(ledger['timing/update_priorities'].mean,
sec)
},
silent=silent)
except Exception as e:
pass
if G.prioritized_replay:
logger.log(
t_step,
{"replay_beta": default(beta, lambda v: f"{v:.2f}")},
silent=silent)
# note: learn here.
if t_step >= G.learning_start and t_step % G.learn_interval == 0:
if G.prioritized_replay:
experiences, weights, indices = replay_buffer.sample(
G.replay_batch_size, beta)
logger.log_histogram(t_step, weights=weights)
else:
experiences, weights = replay_buffer.sample(
G.replay_batch_size), None
M.tic('train', silent=True)
x0s, actions, rewards, x1s, dones = zip(*experiences)
td_error_val, loss_val = trainer.train(s0s=x0s,
actions=actions,
rewards=rewards,
s1s=x1s,
dones=dones,
sample_weights=weights)
ledger['timing/train'].append(M.toc('train', silent=True))
M.tic('log_histogram', silent=True)
logger.log_histogram(t_step, td_error=td_error_val)
ledger['timing/log_histogram'].append(
M.toc('log_histogram', silent=True))
if G.prioritized_replay:
M.tic('update_priorities', silent=True)
new_priorities = np.abs(td_error_val) + eps
replay_buffer.update_priorities(indices, new_priorities)
ledger['timing/update_priorities'].append(
M.toc('update_priorities', silent=True))
if t_step % G.target_network_update_interval == 0:
trainer.update_target()
if t_step % Reporting.checkpoint_interval == 0:
U.save_state(os.path.join(RUN.log_directory, RUN.checkpoint))
#!/usr/bin/python
"""
IPC
"""
import socketio
import eventlet
import logger as d
import func as fx
## socket defaults
sio = socketio.Server()
app = socketio.WSGIApp(sio, static_files={
'/': {'content_type': 'text/html', 'filename': '../index.html'}
})
# events
@sio.on('connect')
def connect(sid, environ):
d.success('Client socket opened => {}'.format(sid))
@sio.on('disconnect')
def disconnect(sid):
d.error('Client socket closed => {}'.format(sid))
# daemon
if __name__ == '__main__':
d.default('[+] IPC running: {}:{}'.format(fx.host_ip, fx.host_port))
eventlet.wsgi.server(eventlet.listen((fx.host_ip, fx.host_port)), app)
