def threatPonderate(alarmValue, queue, attackType):
if (attackType == 1 or attackType == 2 or attackType == 7
or attackType == 8 or attackType == 10 or attackType == 12):
severity = "High"
elif (attackType == 3 or attackType == 4 or attackType == 5
or attackType == 9 or attackType == 11 or attackType == 13
or attackType == 14):
severity = "Critical"
elif attackType == 6:
severity = "Normal"
if alarmValue == 1:
print 'ALERT:\t', alarmCodeList[
attackType], '\t', severity, '\t', datetime.datetime.now()
queue.extend([alarmValue])
#print queue # Debug
ocurrencies = queue.count(1)
alarmCodeList[attackType]
attackFactor = float(config.get('AttackFactors',
alarmCodeList[attackType]))
windowLength = int(config.get('Constants', 'windowLength'))
if len(queue) == windowLength: #Waits until the queue is full
lastRepetitions = []
i = 0
while i < 3:
lastRepetitions.append(queue[i])
i += 1
nearRepetitions = lastRepetitions.count(1)
if nearRepetitions == 0:
nearRepetitions = 1 #Mathematical adjustment
frequencyFactor = resultsDisplay.divide_float(ocurrencies,
windowLength)
threatValue = frequencyFactor * attackFactor * nearRepetitions**2
return threatValue
else:
return 0
sniffer() # Calls to sniffer
''' Final results display after sniffing'''
if KeyboardInterrupt:
stop_time = time.time()
print('\nSniffer stopped by keystroke.')
print('\n#### Final results ####')
if pkt_counter == 0:
print('No packets sniffed in',
round((stop_time - init_time), 3), 'seconds.')
else:
IP_percent = ((resultsDisplay.divide_float(IP_counter,
pkt_counter)) * 100)
TCP_percent = ((resultsDisplay.divide_float(TCP_counter,
pkt_counter)) * 100)
UDP_percent = ((resultsDisplay.divide_float(UDP_counter,
pkt_counter)) * 100)
print('Time elapsed:', round((stop_time - init_time), 3), 'seconds.')
print('Packets sniffed:', pkt_counter)
print('- IP packets:', IP_counter, 'Percent:', IP_percent, '%')
print('---- TCP packets:', TCP_counter, 'Percent:', TCP_percent, '%')
print('---- UDP packets:', UDP_counter, 'Percent:', UDP_percent, '%')
print('DNP3 messages:', DNP3_counter)
resultsDisplay.appFunctionCode(appfunction_code_counter)
sniffer() #Calls to sniffer
''' Final results display after sniffing'''
if KeyboardInterrupt:
stop_time = time.time()
print '\nSniffer stopped by keystroke.'
print '\n#### Final results ####'
if pkt_counter == 0:
print('No packets sniffed in', round((stop_time - init_time),
3), 'seconds.')
else:
IP_percent = (
(resultsDisplay.divide_float(IP_counter, pkt_counter)) * 100)
TCP_percent = (
(resultsDisplay.divide_float(TCP_counter, pkt_counter)) * 100)
UDP_percent = (
(resultsDisplay.divide_float(UDP_counter, pkt_counter)) * 100)
print 'Time elapsed:', round((stop_time - init_time),
3), 'seconds.'
print 'Packets sniffed:', pkt_counter
print '- IP packets:', IP_counter, 'Percent:', IP_percent, '%'
print '---- TCP packets:', TCP_counter, 'Percent:', TCP_percent, '%'
print '---- UDP packets:', UDP_counter, 'Percent:', UDP_percent, '%'
print 'DNP3 messages:', DNP3_counter
resultsDisplay.appFunctionCode(appfunction_code_counter)