ddos-mlp-mitigation

git clone git://git.codymlewis.com/ddos-mlp-mitigation.git
Log | Files | Refs | Submodules | README | LICENSE

commit 5e720cc17ef7eeadb929a8e934c786630ac6e7d4
parent 0d787a4b8de19f84e8e20ff5c78c1bce40151246
Author: Cody Lewis <cody@codymlewis.com>
Date:   Fri, 17 Apr 2020 15:34:49 +1000

Fixed training timing and tuple calculation

Diffstat:
Mcreate_network | 25+++++++++++++------------
Mnetwork_controller.py | 25+++++++++++++++++++------
2 files changed, 32 insertions(+), 18 deletions(-)

diff --git a/create_network b/create_network @@ -12,7 +12,7 @@ import numpy as np from mininet.topo import Topo from mininet.net import Mininet -from mininet.node import Controller, Node, OVSSwitch, RemoteController +from mininet.node import OVSSwitch, RemoteController from mininet.log import setLogLevel, info from mininet.cli import CLI from mininet.link import TCLink @@ -73,27 +73,26 @@ def run_network(num_bots): controller=RemoteController ) net.start() - finish_time = time.time() + 36_000 + finish_time = time.time() + 3_600 if "--train" in sys.argv: for host in net.hosts: host.cmdPrint("export FLASK_APP=WebServer.py && flask run --host=0.0.0.0 &") time.sleep(3) + print(f"Training will finish at {time.ctime(finish_time)}") if "--attack" in sys.argv: info("*** Starting botnet controller\n") net['b0'].cmdPrint(f"./botnet_controller -n {num_bots} -t {net['t0'].IP()} &") time.sleep(1) info("*** Starting botnet attack on the target\n") for i in range(1, num_bots + 1): - net[f"b{i}"].cmdPrint(f"./bot -c {net['b0'].IP()} &") - elif "--all-attack" in sys.argv: - info("*** Everyone attacking the target\n") - net['b0'].cmdPrint(f"./botnet_controller -n {len(net.hosts) - 1} -t {net['t0'].IP()} &") - for host in net.hosts: - if host is not net['b0']: - host.cmd(f"./bot -c {net['b0'].IP()} &") - time.sleep(finish_time - time.time()) + net[f"b{i}"].cmd(f"./bot -c {net['b0'].IP()} &") + if "--train" in sys.argv: + info("*** Waiting for training to finish") + time.sleep(finish_time - time.time()) elif "--normal" in sys.argv: info("*** Normal activity\n") + tcp = 0 + icmp = 0 while time.time() < finish_time: host = net.hosts[ int(np.round(np.random.uniform(len(net.hosts)))) - 1 @@ -102,11 +101,13 @@ def run_network(num_bots): int(np.round(np.random.uniform(len(net.hosts)))) - 1 ].IP() if np.random.choice(range(1, 100)) < 95: - info("*** TCP activity\n") + tcp += 1 host.cmd(f"curl {random_host_ip}:5000") else: - info("*** ICMP activity\n") + icmp += 1 host.cmd(f"ping -c1 {random_host_ip}") + print(f"\rTCP: {tcp}, ICMP: {icmp}", end="") + time.sleep(np.random.uniform(0.25, 5)) else: info("*** Starting web server on target\n") net['t0'].cmdPrint("export FLASK_APP=WebServer.py && flask run --host=0.0.0.0 &") diff --git a/network_controller.py b/network_controller.py @@ -86,7 +86,7 @@ class Flow: class Controller(object): '''A controller that can detect attacks or generate data on flows''' - def __init__(self, connection, gen_data, label, detect, interval=5.0, clean_interval=30): + def __init__(self, connection, gen_data, label, detect, interval=0.5, clean_interval=30): self.connection = connection connection.addListeners(self) self.label = label @@ -105,6 +105,7 @@ class Controller(object): self.detect = detect if detect: self.model = keras.models.load_model('model.h5') + self.interval = time.time() def resend_packet(self, packet_in, out_port): ''' @@ -125,7 +126,11 @@ class Controller(object): :param packet_in The packet to pass ''' if self.detect: - prediction = np.round(self.model.predict([self.calc_tuple()])[0][0]) + self.interval = time.time() - self.interval + six_tuple = [self.calc_tuple()] + LOG.debug("Six-tuple: %s", six_tuple[0]) + prediction = np.round(self.model.predict(six_tuple)[0][0]) + self.interval = time.time() LOG.debug("Prediction: %s", prediction) if prediction == 1.0: LOG.debug("Attack detected!") @@ -188,7 +193,7 @@ class Controller(object): np.median(amount_bytes) if amount_bytes else 0.0, np.median(durations) if amount_bytes else 0.0, ((2 * num_pair_flows) / num_flows) if num_flows > 0 else 0.0, - (num_growing_flows - (2 * num_growing_pair_flows) / self.interval), + (num_growing_flows - (2 * num_growing_pair_flows)) / self.interval, len(self.growing_ports) / self.interval, ] @@ -255,6 +260,10 @@ def launch(): ) core.openflow.addListenerByName("ConnectionUp", start_switch) +def dense_norm_dropout(x): + x = keras.layers.Dense(100, activation=tf.nn.relu)(x) + x = keras.layers.BatchNormalization()(x) + return keras.layers.Dropout(0.5)(x) if __name__ == '__main__': if "--train" in sys.argv: @@ -262,7 +271,8 @@ if __name__ == '__main__': labels = np.array([[1, 0] if l == 0 else [0, 1] for l in lbls]) inputs = keras.Input(shape=(6,)) x = keras.layers.Dense(100, activation=tf.nn.relu)(inputs) - x = keras.layers.Dense(100, activation=tf.nn.relu)(x) + x = dense_norm_dropout(x) + x = dense_norm_dropout(x) x = keras.layers.Dense(100, activation=tf.nn.relu)(x) outputs = keras.layers.Dense(2, activation=tf.nn.softmax)(x) model = keras.Model(inputs=inputs, outputs=outputs) @@ -277,11 +287,14 @@ if __name__ == '__main__': epochs=500, verbose=1, validation_split=0.2, - callbacks=[keras.callbacks.EarlyStopping(patience=5)] + callbacks=[keras.callbacks.EarlyStopping(patience=3)] ) print(f"Reached loss: {history.history['loss'][-1]}") fn = "model.h5" model.save(fn) print(f"Saved model as {fn}") else: - boot(["network_controller"]) + boot( + (["log.level", "--DEBUG"] if "--debug" in sys.argv else []) + + ["network_controller"] + )