def predict(self, payload):
        _input = np.array([])

        for _, val in payload.inspected_value.items():
            _input = np.append(_input, val)

        for val in _input:
            results = np.array([], dtype='uint8')
            v1 = self.vectorizer.transform([val])
            v2 = self.vectorizer2.transform([val])
            results = np.append(results, self.logreg.predict(v1))
            results = np.append(results, self.svm.predict(v1))
            results = np.append(results, self.rf.predict(v1))
            results = np.append(results, self.logreg2.predict(v2))
            results = np.append(results, self.svm2.predict(v2))
            results = np.append(results, self.rf2.predict(v2))
            results = np.append(results, self.predict_rnn(val))

            if np.argmax(np.bincount(results)) == 1:
                log.info(f"Classifier predict True {val} - {results}")
                rs.create(
                    Rule(rule=payload.srcIP,
                         type=RuleType.BLOCKED_HOST.value,
                         action=Action.BLOCK.value))
                return True
            log.info(f"Classifier predict False for {val} - {results}")
        return False
def add_user():
    log.info(f"adding new user- {request.get_json().values()}")
    user = user_service.create(parse_user(request))
    if user:
        return jsonify(
            UserPayload(id=user.id, username=user.username,
                        role=user.role).serialize())
    else:
        return Response(status=409, response="User already exist")
def validate_payload(payload):
    rules = rs.get_all_rules_by_type(RuleType.INJECTION_ATTACK.value)
    flag = False
    for key, val in payload.inspected_value.items():
        if key == 'url':
            flag = inspect_payload_values(parse(val), rules)
        else:
            flag = inspect_payload_values(val, rules)
        if flag:
            break
    log.info(f"Analyzer result for payload [values]- '{payload.inspected_value.items()}' is {flag}")
    return flag
Exemplo n.º 4
0
def download_db():
    s3 = boto3.client(
        's3',
        aws_access_key_id=config.get_value('aws_access_key_id', ''),
        aws_secret_access_key=config.get_value('aws_secret_access_key', ''))
    try:
        response = s3.download_file('waid-db', 'server.db', str(db_path))
        log.info(f'Database Downloaded{response}')
        return Response(status=200)
    except ClientError as e:
        log.debug(e)
        return Response(status=500)
def validate_host(payload):
    hosts = rs.get_all_rules_by_type(RuleType.BLOCKED_HOST.value)
    srcIP = payload.srcIP
    flag = False

    for host in hosts:
        flag = True if host.rule == srcIP and host.action == Action.BLOCK.value else False
        if flag:
            break

    log.info(f"Analyzer result for payload [srcIP] - '{payload.srcIP}' is {flag}")
    return flag
Exemplo n.º 6
0
def upload_db():
    s3_client = boto3.client(
        's3',
        aws_access_key_id=config.get_value('aws_access_key_id', ''),
        aws_secret_access_key=config.get_value('aws_secret_access_key', ''))
    try:
        s3_client.upload_file(str(db_path), 'waid-db', 'server.db')
        log.info(f'Database uploaded')

        return Response(status=200)
    except ClientError as e:
        log.debug(e)
        return Response(status=500)
Exemplo n.º 7
0
def login(user):
    db_user = get_user_by_mail(user.get("email"))
    if db_user:
        key = hashlib.pbkdf2_hmac('sha256',
                                  user.get("password").encode('utf-8'),
                                  db_user.salt, 100000)
        is_same_key = key == db_user.password
        if is_same_key:
            return True, db_user
        else:
            log.info(
                f"Password didnt match DB password for user - `{user.get('email')}`"
            )
            return False
    log.info(f"No user with the mail `{user.get('email')}` in the DB ")
    return False
    def _server_flow(self, payload):
        is_analyzer = config.get_value('is_analyzer', 'True')
        is_classifier = config.get_value('is_classifier', 'True')
        log.info(
            f"Server Mode, Classifier is {'ON' if is_classifier else 'OFF'} "
            f"and Analyzer is {'ON' if is_classifier else 'OFF'}")
        if is_analyzer:
            self._use_analyzer(payload)
        if is_classifier and payload.anomaly_status != AnomalyStatus.ATTACK.value:
            self._use_classifier(payload)

        payload_service.create_payload_request(payload)

        if payload.anomaly_status == AnomalyStatus.ATTACK.value:
            return Response(status=403)
        else:
            return self._response()
Exemplo n.º 9
0
def create(rule):
    log.info(
        f"Created Rule {rule.rule} as "
        f"{'BLOCKED_HOST' if rule.type == RuleType.BLOCKED_HOST.value else 'INJECTION_ATTACK'}"
        f" on Rule Table")
    return dao.create_rule([rule])[0]
Exemplo n.º 10
0
def collect_rules():
    rules = rule_service.add_rules(request.json)
    log.info(
        f'Rules Collected -- Size: {len(request.json)} From : {request.remote_addr}'
    )
    return Response(status=200)
Exemplo n.º 11
0
def create_rule():
    log.info(f"Adding Rule - {request} ")
    rv = rule_service.create(parse_rule(request))
    print(rule_service.get_rules_of_today())
    return jsonify(RulePayload(rv.id, rv.rule, rv.type, rv.action).serialize())
def send_receive(path):
    log.info(f"Getting request - {request} from - {request.remote_addr}")
    return flows.main_flow(request, path)