├── .github └── workflows │ └── codesee-arch-diagram.yml ├── Controller ├── Topo_to_Mongo.py └── ofctl_rest.py ├── Models ├── cls_ada_dt_colab.pkl ├── cls_bag_rf_colab.pkl ├── cls_knn_colab.pkl ├── cls_knn_kdtree_colab.pkl └── cls_tree_colab.pkl ├── README.md ├── Supervisor ├── Attributes │ ├── Labels.py │ └── features.py ├── Datapipeline │ ├── DataPreprocessor.py │ ├── __pycache__ │ │ ├── DataPreprocessor.cpython-38.pyc │ │ └── DataPreprocessor.cpython-39.pyc │ └── pipeline_data_last.joblib ├── Logger │ └── CustomLogging.py ├── MLinitiater │ ├── __pycache__ │ │ ├── mlinitiater.cpython-38.pyc │ │ └── mlinitiater.cpython-39.pyc │ └── mlinitiater.py ├── ManipAPI │ └── Reaction.py └── StartSupervisor.py └── Topology ├── CICFlowMeter-4.0 ├── LICENSE.txt ├── README.md ├── TsharkCIC.py ├── TsharkTest.py ├── bin │ ├── CICFlowMeter │ ├── CICFlowMeter.bat │ ├── CICScript.py │ ├── cfm │ ├── cfm.bat │ └── logs │ │ ├── debug │ │ ├── debug-2021-06-12.log │ │ ├── debug-2021-06-26.log │ │ ├── debug-2021-07-08.log │ │ ├── debug-2021-07-12.log │ │ └── info.log └── lib │ ├── CICFlowMeter-4.0.jar │ ├── animal-sniffer-annotations-1.14.jar │ ├── checker-compat-qual-2.0.0.jar │ ├── commons-io-2.5.jar │ ├── commons-lang3-3.6.jar │ ├── commons-math3-3.5.jar │ ├── error_prone_annotations-2.1.3.jar │ ├── guava-23.6-jre.jar │ ├── hamcrest-core-1.3.jar │ ├── j2objc-annotations-1.1.jar │ ├── java-cup-0.11a.jar │ ├── jfreechart-1.5.0.jar │ ├── jnetpcap-1.4.1.jar │ ├── jsr305-1.3.9.jar │ ├── junit-4.12.jar │ ├── log4j-1.2.17.jar │ ├── log4j-api-2.11.0.jar │ ├── log4j-core-2.11.0.jar │ ├── native │ ├── jnetpcap-pcap100.dll │ ├── jnetpcap.dll │ ├── libjnetpcap-pcap100.so │ └── libjnetpcap.so │ ├── slf4j-api-1.7.25.jar │ ├── slf4j-log4j12-1.7.25.jar │ ├── tika-core-1.17.jar │ └── weka-stable-3.6.14.jar ├── CICTrigger └── CICTrigger.sh ├── Script PCAP to CSV └── TsharkCIC.py └── SplTp.py /.github/workflows/codesee-arch-diagram.yml: -------------------------------------------------------------------------------- 1 | on: 2 | push: 3 | branches: 4 | - master 5 | pull_request_target: 6 | types: [opened, synchronize, reopened] 7 | 8 | name: CodeSee Map 9 | 10 | jobs: 11 | test_map_action: 12 | runs-on: ubuntu-latest 13 | continue-on-error: true 14 | name: Run CodeSee Map Analysis 15 | steps: 16 | - name: checkout 17 | id: checkout 18 | uses: actions/checkout@v2 19 | with: 20 | repository: ${{ github.event.pull_request.head.repo.full_name }} 21 | ref: ${{ github.event.pull_request.head.ref }} 22 | fetch-depth: 0 23 | 24 | # codesee-detect-languages has an output with id languages. 25 | - name: Detect Languages 26 | id: detect-languages 27 | uses: Codesee-io/codesee-detect-languages-action@latest 28 | 29 | - name: Configure JDK 16 30 | uses: actions/setup-java@v2 31 | if: ${{ fromJSON(steps.detect-languages.outputs.languages).java }} 32 | with: 33 | java-version: '16' 34 | distribution: 'zulu' 35 | 36 | # CodeSee Maps Go support uses a static binary so there's no setup step required. 37 | 38 | - name: Configure Node.js 14 39 | uses: actions/setup-node@v2 40 | if: ${{ fromJSON(steps.detect-languages.outputs.languages).javascript }} 41 | with: 42 | node-version: '14' 43 | 44 | - name: Configure Python 3.x 45 | uses: actions/setup-python@v2 46 | if: ${{ fromJSON(steps.detect-languages.outputs.languages).python }} 47 | with: 48 | python-version: '3.10' 49 | architecture: 'x64' 50 | 51 | - name: Configure Ruby '3.x' 52 | uses: ruby/setup-ruby@v1 53 | if: ${{ fromJSON(steps.detect-languages.outputs.languages).ruby }} 54 | with: 55 | ruby-version: '3.0' 56 | 57 | # CodeSee Maps Rust support uses a static binary so there's no setup step required. 58 | 59 | - name: Generate Map 60 | id: generate-map 61 | uses: Codesee-io/codesee-map-action@latest 62 | with: 63 | step: map 64 | github_ref: ${{ github.ref }} 65 | languages: ${{ steps.detect-languages.outputs.languages }} 66 | 67 | - name: Upload Map 68 | id: upload-map 69 | uses: Codesee-io/codesee-map-action@latest 70 | with: 71 | step: mapUpload 72 | api_token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }} 73 | github_ref: ${{ github.ref }} 74 | 75 | - name: Insights 76 | id: insights 77 | uses: Codesee-io/codesee-map-action@latest 78 | with: 79 | step: insights 80 | api_token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }} 81 | github_ref: ${{ github.ref }} 82 | -------------------------------------------------------------------------------- /Controller/Topo_to_Mongo.py: -------------------------------------------------------------------------------- 1 | from Reaction import RESTDBconfig 2 | from datetime import datetime 3 | from ryu.app import simple_switch_13 4 | from ryu.controller import ofp_event 5 | from ryu.controller.handler import MAIN_DISPATCHER, DEAD_DISPATCHER 6 | from ryu.controller.handler import set_ev_cls 7 | from ryu.lib import hub 8 | from ryu.topology.api import get_host 9 | 10 | FIREWALL_URL = '' 11 | MONGO_URL = 'mongodb://127.0.0.1:27017/' 12 | OF_URL = 'http://localhost:8080/stats/flowentry/add' 13 | DBName = 'SDN' 14 | CollName = 'Topology' 15 | 16 | class ControlTopo13(simple_switch_13.SimpleSwitch13): 17 | 18 | def __init__(self, *args, **kwargs): 19 | super(ControlTopo13, self).__init__(*args, **kwargs) 20 | self.datapaths = {} 21 | self.monitor_thread = hub.spawn(self._monitor) 22 | self.topo_app = self 23 | self.device_count = 0 24 | try: 25 | self.DB = RESTDBconfig() 26 | self.logger.info('Connected to Database.') 27 | except Exception: 28 | self.logger.error('Cannot connect to the Database',exc_info=True) 29 | 30 | @set_ev_cls(ofp_event.EventOFPStateChange, 31 | [MAIN_DISPATCHER, DEAD_DISPATCHER]) 32 | def _state_change_handler(self, ev): 33 | datapath = ev.datapath 34 | if ev.state == MAIN_DISPATCHER: 35 | if datapath.id not in self.datapaths: 36 | self.logger.debug('register datapath: %016x', datapath.id) 37 | self.datapaths[datapath.id] = datapath 38 | elif ev.state == DEAD_DISPATCHER: 39 | if datapath.id in self.datapaths: 40 | self.logger.debug('unregister datapath: %016x', datapath.id) 41 | del self.datapaths[datapath.id] 42 | 43 | def _monitor(self): 44 | while True: 45 | for dp in self.datapaths.values(): 46 | self._request_stats(dp) 47 | hub.sleep(15) 48 | if self.device_count == len(self.datapaths.values()): 49 | self.device_count = 0 50 | hub.sleep(3600) 51 | 52 | def _request_stats(self, datapath): 53 | self.logger.debug('send stats request: %016x', datapath.id) 54 | ofproto = datapath.ofproto 55 | parser = datapath.ofproto_parser 56 | 57 | req = parser.OFPFlowStatsRequest(datapath) 58 | datapath.send_msg(req) 59 | 60 | def _to_database(self,datapathid,data, collection=CollName): 61 | try: 62 | self.logger.info('Inserting data to Database...') 63 | self.DB.DBconfig_update(datapathid,data,collection) 64 | self.logger.info('Database is updated!') 65 | except Exception: 66 | self.logger.error('Cannot insert data to the database', exc_info=True) 67 | 68 | def _get_hosts(self, ev_datapathid): 69 | 70 | dp = ev_datapathid 71 | 72 | try: 73 | hosts_list = get_host(self.topo_app, dpid=dp) 74 | host_ipv4 = [host.ipv4 for host in hosts_list] 75 | flattenize = [host for sublist in host_ipv4 for host in sublist] 76 | except Exception as ex: 77 | self.logger.error(ex) 78 | return flattenize 79 | 80 | @set_ev_cls(ofp_event.EventOFPFlowStatsReply, MAIN_DISPATCHER) 81 | def _flow_stats_reply_handler(self, ev): 82 | switchs_hosts = {} 83 | host_all = [] 84 | dp = ev.msg.datapath.id 85 | 86 | switchs_hosts['Datapath ID'] = dp 87 | hosts = self._get_hosts(dp) 88 | for host in hosts: 89 | dict_host = {} 90 | dict_host['IP'] = host 91 | dict_host['Status'] = 0 92 | host_all.append(dict_host) 93 | switchs_hosts['Hosts'] = host_all 94 | switchs_hosts['Version'] = datetime.now().strftime("%Y%m%d%H%M%S") 95 | 96 | self.device_count += 1 97 | #buff_info = self.device_info 98 | data = { "$set": switchs_hosts } 99 | self._to_database(dp, data, CollName) 100 | 101 | -------------------------------------------------------------------------------- /Controller/ofctl_rest.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2012 Nippon Telegraph and Telephone Corporation. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | import logging 17 | import json 18 | import ast 19 | 20 | from ryu.base import app_manager 21 | from ryu.controller import ofp_event 22 | from ryu.controller import dpset 23 | from ryu.controller.handler import MAIN_DISPATCHER 24 | from ryu.controller.handler import set_ev_cls 25 | from ryu.exception import RyuException 26 | from ryu.ofproto import ofproto_v1_0 27 | from ryu.ofproto import ofproto_v1_2 28 | from ryu.ofproto import ofproto_v1_3 29 | from ryu.ofproto import ofproto_v1_4 30 | from ryu.ofproto import ofproto_v1_5 31 | from ryu.lib import ofctl_v1_0 32 | from ryu.lib import ofctl_v1_2 33 | from ryu.lib import ofctl_v1_3 34 | from ryu.lib import ofctl_v1_4 35 | from ryu.lib import ofctl_v1_5 36 | from ryu.app.wsgi import ControllerBase 37 | from ryu.app.wsgi import Response 38 | from ryu.app.wsgi import WSGIApplication 39 | 40 | LOG = logging.getLogger('ryu.app.ofctl_rest') 41 | 42 | # supported ofctl versions in this restful app 43 | supported_ofctl = { 44 | ofproto_v1_0.OFP_VERSION: ofctl_v1_0, 45 | ofproto_v1_2.OFP_VERSION: ofctl_v1_2, 46 | ofproto_v1_3.OFP_VERSION: ofctl_v1_3, 47 | ofproto_v1_4.OFP_VERSION: ofctl_v1_4, 48 | ofproto_v1_5.OFP_VERSION: ofctl_v1_5, 49 | } 50 | 51 | # REST API 52 | # 53 | 54 | # Retrieve the switch stats 55 | # 56 | # get the list of all switches 57 | # GET /stats/switches 58 | # 59 | # get the desc stats of the switch 60 | # GET /stats/desc/ 61 | # 62 | # get flows desc stats of the switch 63 | # GET /stats/flowdesc/ 64 | # 65 | # get flows desc stats of the switch filtered by the fields 66 | # POST /stats/flowdesc/ 67 | # 68 | # get flows stats of the switch 69 | # GET /stats/flow/ 70 | # 71 | # get flows stats of the switch filtered by the fields 72 | # POST /stats/flow/ 73 | # 74 | # get aggregate flows stats of the switch 75 | # GET /stats/aggregateflow/ 76 | # 77 | # get aggregate flows stats of the switch filtered by the fields 78 | # POST /stats/aggregateflow/ 79 | # 80 | # get table stats of the switch 81 | # GET /stats/table/ 82 | # 83 | # get table features stats of the switch 84 | # GET /stats/tablefeatures/ 85 | # 86 | # get ports stats of the switch 87 | # GET /stats/port/[/] 88 | # Note: Specification of port number is optional 89 | # 90 | # get queues stats of the switch 91 | # GET /stats/queue/[/[/]] 92 | # Note: Specification of port number and queue id are optional 93 | # If you want to omitting the port number and setting the queue id, 94 | # please specify the keyword "ALL" to the port number 95 | # e.g. GET /stats/queue/1/ALL/1 96 | # 97 | # get queues config stats of the switch 98 | # GET /stats/queueconfig/[/] 99 | # Note: Specification of port number is optional 100 | # 101 | # get queues desc stats of the switch 102 | # GET /stats/queuedesc/[/[/]] 103 | # Note: Specification of port number and queue id are optional 104 | # If you want to omitting the port number and setting the queue id, 105 | # please specify the keyword "ALL" to the port number 106 | # e.g. GET /stats/queuedesc/1/ALL/1 107 | # 108 | # get meter features stats of the switch 109 | # GET /stats/meterfeatures/ 110 | # 111 | # get meter config stats of the switch 112 | # GET /stats/meterconfig/[/] 113 | # Note: Specification of meter id is optional 114 | # 115 | # get meter desc stats of the switch 116 | # GET /stats/meterdesc/[/] 117 | # Note: Specification of meter id is optional 118 | # 119 | # get meters stats of the switch 120 | # GET /stats/meter/[/] 121 | # Note: Specification of meter id is optional 122 | # 123 | # get group features stats of the switch 124 | # GET /stats/groupfeatures/ 125 | # 126 | # get groups desc stats of the switch 127 | # GET /stats/groupdesc/[/] 128 | # Note: Specification of group id is optional (OpenFlow 1.5 or later) 129 | # 130 | # get groups stats of the switch 131 | # GET /stats/group/[/] 132 | # Note: Specification of group id is optional 133 | # 134 | # get ports description of the switch 135 | # GET /stats/portdesc/[/] 136 | # Note: Specification of port number is optional (OpenFlow 1.5 or later) 137 | 138 | # Update the switch stats 139 | # 140 | # add a flow entry 141 | # POST /stats/flowentry/add 142 | # 143 | # modify all matching flow entries 144 | # POST /stats/flowentry/modify 145 | # 146 | # modify flow entry strictly matching wildcards and priority 147 | # POST /stats/flowentry/modify_strict 148 | # 149 | # delete all matching flow entries 150 | # POST /stats/flowentry/delete 151 | # 152 | # delete flow entry strictly matching wildcards and priority 153 | # POST /stats/flowentry/delete_strict 154 | # 155 | # delete all flow entries of the switch 156 | # DELETE /stats/flowentry/clear/ 157 | # 158 | # add a meter entry 159 | # POST /stats/meterentry/add 160 | # 161 | # modify a meter entry 162 | # POST /stats/meterentry/modify 163 | # 164 | # delete a meter entry 165 | # POST /stats/meterentry/delete 166 | # 167 | # add a group entry 168 | # POST /stats/groupentry/add 169 | # 170 | # modify a group entry 171 | # POST /stats/groupentry/modify 172 | # 173 | # delete a group entry 174 | # POST /stats/groupentry/delete 175 | # 176 | # modify behavior of the physical port 177 | # POST /stats/portdesc/modify 178 | # 179 | # modify role of controller 180 | # POST /stats/role 181 | # 182 | # 183 | # send a experimeter message 184 | # POST /stats/experimenter/ 185 | 186 | 187 | class CommandNotFoundError(RyuException): 188 | message = 'No such command : %(cmd)s' 189 | 190 | 191 | class PortNotFoundError(RyuException): 192 | message = 'No such port info: %(port_no)s' 193 | 194 | 195 | def stats_method(method): 196 | def wrapper(self, req, dpid, *args, **kwargs): 197 | # Get datapath instance from DPSet 198 | try: 199 | dp = self.dpset.get(int(str(dpid), 0)) 200 | except ValueError: 201 | LOG.exception('Invalid dpid: %s', dpid) 202 | return Response(status=400) 203 | if dp is None: 204 | LOG.error('No such Datapath: %s', dpid) 205 | return Response(status=404) 206 | 207 | # Get lib/ofctl_* module 208 | try: 209 | ofctl = supported_ofctl.get(dp.ofproto.OFP_VERSION) 210 | except KeyError: 211 | LOG.exception('Unsupported OF version: %s', 212 | dp.ofproto.OFP_VERSION) 213 | return Response(status=501) 214 | 215 | # Invoke StatsController method 216 | try: 217 | ret = method(self, req, dp, ofctl, *args, **kwargs) 218 | return Response(content_type='application/json', 219 | body=json.dumps(ret)) 220 | except ValueError: 221 | LOG.exception('Invalid syntax: %s', req.body) 222 | return Response(status=400) 223 | except AttributeError: 224 | LOG.exception('Unsupported OF request in this version: %s', 225 | dp.ofproto.OFP_VERSION) 226 | return Response(status=501) 227 | 228 | return wrapper 229 | 230 | 231 | def command_method(method): 232 | def wrapper(self, req, *args, **kwargs): 233 | # Parse request json body 234 | try: 235 | if req.body: 236 | # We use ast.literal_eval() to parse request json body 237 | # instead of json.loads(). 238 | # Because we need to parse binary format body 239 | # in send_experimenter(). 240 | body = ast.literal_eval(req.body.decode('utf-8')) 241 | else: 242 | body = {} 243 | except SyntaxError: 244 | LOG.exception('Invalid syntax: %s', req.body) 245 | return Response(status=400) 246 | 247 | # Get datapath_id from request parameters 248 | dpid = body.get('dpid', None) 249 | if not dpid: 250 | try: 251 | dpid = kwargs.pop('dpid') 252 | except KeyError: 253 | LOG.exception('Cannot get dpid from request parameters') 254 | return Response(status=400) 255 | 256 | # Get datapath instance from DPSet 257 | try: 258 | dp = self.dpset.get(int(str(dpid), 0)) 259 | except ValueError: 260 | LOG.exception('Invalid dpid: %s', dpid) 261 | return Response(status=400) 262 | if dp is None: 263 | LOG.error('No such Datapath: %s', dpid) 264 | return Response(status=404) 265 | 266 | # Get lib/ofctl_* module 267 | try: 268 | ofctl = supported_ofctl.get(dp.ofproto.OFP_VERSION) 269 | except KeyError: 270 | LOG.exception('Unsupported OF version: version=%s', 271 | dp.ofproto.OFP_VERSION) 272 | return Response(status=501) 273 | 274 | # Invoke StatsController method 275 | try: 276 | method(self, req, dp, ofctl, body, *args, **kwargs) 277 | return Response(status=200) 278 | except ValueError: 279 | LOG.exception('Invalid syntax: %s', req.body) 280 | return Response(status=400) 281 | except AttributeError: 282 | LOG.exception('Unsupported OF request in this version: %s', 283 | dp.ofproto.OFP_VERSION) 284 | return Response(status=501) 285 | except CommandNotFoundError as e: 286 | LOG.exception(e.message) 287 | return Response(status=404) 288 | except PortNotFoundError as e: 289 | LOG.exception(e.message) 290 | return Response(status=404) 291 | 292 | return wrapper 293 | 294 | 295 | class StatsController(ControllerBase): 296 | def __init__(self, req, link, data, **config): 297 | super(StatsController, self).__init__(req, link, data, **config) 298 | self.dpset = data['dpset'] 299 | self.waiters = data['waiters'] 300 | 301 | def get_dpids(self, req, **_kwargs): 302 | dps = list(self.dpset.dps.keys()) 303 | body = json.dumps(dps) 304 | return Response(content_type='application/json', body=body) 305 | 306 | @stats_method 307 | def get_desc_stats(self, req, dp, ofctl, **kwargs): 308 | return ofctl.get_desc_stats(dp, self.waiters) 309 | 310 | @stats_method 311 | def get_flow_desc(self, req, dp, ofctl, **kwargs): 312 | flow = req.json if req.body else {} 313 | return ofctl.get_flow_desc(dp, self.waiters, flow) 314 | 315 | @stats_method 316 | def get_flow_stats(self, req, dp, ofctl, **kwargs): 317 | flow = req.json if req.body else {} 318 | return ofctl.get_flow_stats(dp, self.waiters, flow) 319 | 320 | @stats_method 321 | def get_aggregate_flow_stats(self, req, dp, ofctl, **kwargs): 322 | flow = req.json if req.body else {} 323 | return ofctl.get_aggregate_flow_stats(dp, self.waiters, flow) 324 | 325 | @stats_method 326 | def get_table_stats(self, req, dp, ofctl, **kwargs): 327 | return ofctl.get_table_stats(dp, self.waiters) 328 | 329 | @stats_method 330 | def get_table_features(self, req, dp, ofctl, **kwargs): 331 | return ofctl.get_table_features(dp, self.waiters) 332 | 333 | @stats_method 334 | def get_port_stats(self, req, dp, ofctl, port=None, **kwargs): 335 | if port == "ALL": 336 | port = None 337 | 338 | return ofctl.get_port_stats(dp, self.waiters, port) 339 | 340 | @stats_method 341 | def get_queue_stats(self, req, dp, ofctl, 342 | port=None, queue_id=None, **kwargs): 343 | if port == "ALL": 344 | port = None 345 | 346 | if queue_id == "ALL": 347 | queue_id = None 348 | 349 | return ofctl.get_queue_stats(dp, self.waiters, port, queue_id) 350 | 351 | @stats_method 352 | def get_queue_config(self, req, dp, ofctl, port=None, **kwargs): 353 | if port == "ALL": 354 | port = None 355 | 356 | return ofctl.get_queue_config(dp, self.waiters, port) 357 | 358 | @stats_method 359 | def get_queue_desc(self, req, dp, ofctl, 360 | port=None, queue=None, **_kwargs): 361 | if port == "ALL": 362 | port = None 363 | 364 | if queue == "ALL": 365 | queue = None 366 | 367 | return ofctl.get_queue_desc(dp, self.waiters, port, queue) 368 | 369 | @stats_method 370 | def get_meter_features(self, req, dp, ofctl, **kwargs): 371 | return ofctl.get_meter_features(dp, self.waiters) 372 | 373 | @stats_method 374 | def get_meter_config(self, req, dp, ofctl, meter_id=None, **kwargs): 375 | if meter_id == "ALL": 376 | meter_id = None 377 | 378 | return ofctl.get_meter_config(dp, self.waiters, meter_id) 379 | 380 | @stats_method 381 | def get_meter_desc(self, req, dp, ofctl, meter_id=None, **kwargs): 382 | if meter_id == "ALL": 383 | meter_id = None 384 | 385 | return ofctl.get_meter_desc(dp, self.waiters, meter_id) 386 | 387 | @stats_method 388 | def get_meter_stats(self, req, dp, ofctl, meter_id=None, **kwargs): 389 | if meter_id == "ALL": 390 | meter_id = None 391 | 392 | return ofctl.get_meter_stats(dp, self.waiters, meter_id) 393 | 394 | @stats_method 395 | def get_group_features(self, req, dp, ofctl, **kwargs): 396 | return ofctl.get_group_features(dp, self.waiters) 397 | 398 | @stats_method 399 | def get_group_desc(self, req, dp, ofctl, group_id=None, **kwargs): 400 | if dp.ofproto.OFP_VERSION < ofproto_v1_5.OFP_VERSION: 401 | return ofctl.get_group_desc(dp, self.waiters) 402 | else: 403 | return ofctl.get_group_desc(dp, self.waiters, group_id) 404 | 405 | @stats_method 406 | def get_group_stats(self, req, dp, ofctl, group_id=None, **kwargs): 407 | if group_id == "ALL": 408 | group_id = None 409 | 410 | return ofctl.get_group_stats(dp, self.waiters, group_id) 411 | 412 | @stats_method 413 | def get_port_desc(self, req, dp, ofctl, port_no=None, **kwargs): 414 | if dp.ofproto.OFP_VERSION < ofproto_v1_5.OFP_VERSION: 415 | return ofctl.get_port_desc(dp, self.waiters) 416 | else: 417 | return ofctl.get_port_desc(dp, self.waiters, port_no) 418 | 419 | @stats_method 420 | def get_role(self, req, dp, ofctl, **kwargs): 421 | return ofctl.get_role(dp, self.waiters) 422 | 423 | @command_method 424 | def mod_flow_entry(self, req, dp, ofctl, flow, cmd, **kwargs): 425 | cmd_convert = { 426 | 'add': dp.ofproto.OFPFC_ADD, 427 | 'modify': dp.ofproto.OFPFC_MODIFY, 428 | 'modify_strict': dp.ofproto.OFPFC_MODIFY_STRICT, 429 | 'delete': dp.ofproto.OFPFC_DELETE, 430 | 'delete_strict': dp.ofproto.OFPFC_DELETE_STRICT, 431 | } 432 | mod_cmd = cmd_convert.get(cmd, None) 433 | if mod_cmd is None: 434 | raise CommandNotFoundError(cmd=cmd) 435 | 436 | ofctl.mod_flow_entry(dp, flow, mod_cmd) 437 | 438 | @command_method 439 | def delete_flow_entry(self, req, dp, ofctl, flow, **kwargs): 440 | if ofproto_v1_0.OFP_VERSION == dp.ofproto.OFP_VERSION: 441 | flow = {} 442 | else: 443 | flow = {'table_id': dp.ofproto.OFPTT_ALL} 444 | 445 | ofctl.mod_flow_entry(dp, flow, dp.ofproto.OFPFC_DELETE) 446 | 447 | @command_method 448 | def mod_meter_entry(self, req, dp, ofctl, meter, cmd, **kwargs): 449 | cmd_convert = { 450 | 'add': dp.ofproto.OFPMC_ADD, 451 | 'modify': dp.ofproto.OFPMC_MODIFY, 452 | 'delete': dp.ofproto.OFPMC_DELETE, 453 | } 454 | mod_cmd = cmd_convert.get(cmd, None) 455 | if mod_cmd is None: 456 | raise CommandNotFoundError(cmd=cmd) 457 | 458 | ofctl.mod_meter_entry(dp, meter, mod_cmd) 459 | 460 | @command_method 461 | def mod_group_entry(self, req, dp, ofctl, group, cmd, **kwargs): 462 | cmd_convert = { 463 | 'add': dp.ofproto.OFPGC_ADD, 464 | 'modify': dp.ofproto.OFPGC_MODIFY, 465 | 'delete': dp.ofproto.OFPGC_DELETE, 466 | } 467 | mod_cmd = cmd_convert.get(cmd, None) 468 | if mod_cmd is None: 469 | raise CommandNotFoundError(cmd=cmd) 470 | 471 | ofctl.mod_group_entry(dp, group, mod_cmd) 472 | 473 | @command_method 474 | def mod_port_behavior(self, req, dp, ofctl, port_config, cmd, **kwargs): 475 | port_no = port_config.get('port_no', None) 476 | port_no = int(str(port_no), 0) 477 | 478 | port_info = self.dpset.port_state[int(dp.id)].get(port_no) 479 | if port_info: 480 | port_config.setdefault('hw_addr', port_info.hw_addr) 481 | if dp.ofproto.OFP_VERSION < ofproto_v1_4.OFP_VERSION: 482 | port_config.setdefault('advertise', port_info.advertised) 483 | else: 484 | port_config.setdefault('properties', port_info.properties) 485 | else: 486 | raise PortNotFoundError(port_no=port_no) 487 | 488 | if cmd != 'modify': 489 | raise CommandNotFoundError(cmd=cmd) 490 | 491 | ofctl.mod_port_behavior(dp, port_config) 492 | 493 | @command_method 494 | def send_experimenter(self, req, dp, ofctl, exp, **kwargs): 495 | ofctl.send_experimenter(dp, exp) 496 | 497 | @command_method 498 | def set_role(self, req, dp, ofctl, role, **kwargs): 499 | ofctl.set_role(dp, role) 500 | 501 | 502 | class RestStatsApi(app_manager.RyuApp): 503 | OFP_VERSIONS = [ofproto_v1_0.OFP_VERSION, 504 | ofproto_v1_2.OFP_VERSION, 505 | ofproto_v1_3.OFP_VERSION, 506 | ofproto_v1_4.OFP_VERSION, 507 | ofproto_v1_5.OFP_VERSION] 508 | _CONTEXTS = { 509 | 'dpset': dpset.DPSet, 510 | 'wsgi': WSGIApplication 511 | } 512 | 513 | def __init__(self, *args, **kwargs): 514 | super(RestStatsApi, self).__init__(*args, **kwargs) 515 | self.dpset = kwargs['dpset'] 516 | wsgi = kwargs['wsgi'] 517 | self.waiters = {} 518 | self.data = {} 519 | self.data['dpset'] = self.dpset 520 | self.data['waiters'] = self.waiters 521 | mapper = wsgi.mapper 522 | 523 | wsgi.registory['StatsController'] = self.data 524 | path = '/stats' 525 | uri = path + '/switches' 526 | mapper.connect('stats', uri, 527 | controller=StatsController, action='get_dpids', 528 | conditions=dict(method=['GET'])) 529 | 530 | uri = path + '/desc/{dpid}' 531 | mapper.connect('stats', uri, 532 | controller=StatsController, action='get_desc_stats', 533 | conditions=dict(method=['GET'])) 534 | 535 | uri = path + '/flowdesc/{dpid}' 536 | mapper.connect('stats', uri, 537 | controller=StatsController, action='get_flow_stats', 538 | conditions=dict(method=['GET', 'POST'])) 539 | 540 | uri = path + '/flow/{dpid}' 541 | mapper.connect('stats', uri, 542 | controller=StatsController, action='get_flow_stats', 543 | conditions=dict(method=['GET', 'POST'])) 544 | 545 | uri = path + '/aggregateflow/{dpid}' 546 | mapper.connect('stats', uri, 547 | controller=StatsController, 548 | action='get_aggregate_flow_stats', 549 | conditions=dict(method=['GET', 'POST'])) 550 | 551 | uri = path + '/table/{dpid}' 552 | mapper.connect('stats', uri, 553 | controller=StatsController, action='get_table_stats', 554 | conditions=dict(method=['GET'])) 555 | 556 | uri = path + '/tablefeatures/{dpid}' 557 | mapper.connect('stats', uri, 558 | controller=StatsController, action='get_table_features', 559 | conditions=dict(method=['GET'])) 560 | 561 | uri = path + '/port/{dpid}' 562 | mapper.connect('stats', uri, 563 | controller=StatsController, action='get_port_stats', 564 | conditions=dict(method=['GET'])) 565 | 566 | uri = path + '/port/{dpid}/{port}' 567 | mapper.connect('stats', uri, 568 | controller=StatsController, action='get_port_stats', 569 | conditions=dict(method=['GET'])) 570 | 571 | uri = path + '/queue/{dpid}' 572 | mapper.connect('stats', uri, 573 | controller=StatsController, action='get_queue_stats', 574 | conditions=dict(method=['GET'])) 575 | 576 | uri = path + '/queue/{dpid}/{port}' 577 | mapper.connect('stats', uri, 578 | controller=StatsController, action='get_queue_stats', 579 | conditions=dict(method=['GET'])) 580 | 581 | uri = path + '/queue/{dpid}/{port}/{queue_id}' 582 | mapper.connect('stats', uri, 583 | controller=StatsController, action='get_queue_stats', 584 | conditions=dict(method=['GET'])) 585 | 586 | uri = path + '/queueconfig/{dpid}' 587 | mapper.connect('stats', uri, 588 | controller=StatsController, action='get_queue_config', 589 | conditions=dict(method=['GET'])) 590 | 591 | uri = path + '/queueconfig/{dpid}/{port}' 592 | mapper.connect('stats', uri, 593 | controller=StatsController, action='get_queue_config', 594 | conditions=dict(method=['GET'])) 595 | 596 | uri = path + '/queuedesc/{dpid}' 597 | mapper.connect('stats', uri, 598 | controller=StatsController, action='get_queue_desc', 599 | conditions=dict(method=['GET'])) 600 | 601 | uri = path + '/queuedesc/{dpid}/{port}' 602 | mapper.connect('stats', uri, 603 | controller=StatsController, action='get_queue_desc', 604 | conditions=dict(method=['GET'])) 605 | 606 | uri = path + '/queuedesc/{dpid}/{port}/{queue}' 607 | mapper.connect('stats', uri, 608 | controller=StatsController, action='get_queue_desc', 609 | conditions=dict(method=['GET'])) 610 | 611 | uri = path + '/meterfeatures/{dpid}' 612 | mapper.connect('stats', uri, 613 | controller=StatsController, action='get_meter_features', 614 | conditions=dict(method=['GET'])) 615 | 616 | uri = path + '/meterconfig/{dpid}' 617 | mapper.connect('stats', uri, 618 | controller=StatsController, action='get_meter_config', 619 | conditions=dict(method=['GET'])) 620 | 621 | uri = path + '/meterconfig/{dpid}/{meter_id}' 622 | mapper.connect('stats', uri, 623 | controller=StatsController, action='get_meter_config', 624 | conditions=dict(method=['GET'])) 625 | 626 | uri = path + '/meterdesc/{dpid}' 627 | mapper.connect('stats', uri, 628 | controller=StatsController, action='get_meter_desc', 629 | conditions=dict(method=['GET'])) 630 | 631 | uri = path + '/meterdesc/{dpid}/{meter_id}' 632 | mapper.connect('stats', uri, 633 | controller=StatsController, action='get_meter_desc', 634 | conditions=dict(method=['GET'])) 635 | 636 | uri = path + '/meter/{dpid}' 637 | mapper.connect('stats', uri, 638 | controller=StatsController, action='get_meter_stats', 639 | conditions=dict(method=['GET'])) 640 | 641 | uri = path + '/meter/{dpid}/{meter_id}' 642 | mapper.connect('stats', uri, 643 | controller=StatsController, action='get_meter_stats', 644 | conditions=dict(method=['GET'])) 645 | 646 | uri = path + '/groupfeatures/{dpid}' 647 | mapper.connect('stats', uri, 648 | controller=StatsController, action='get_group_features', 649 | conditions=dict(method=['GET'])) 650 | 651 | uri = path + '/groupdesc/{dpid}' 652 | mapper.connect('stats', uri, 653 | controller=StatsController, action='get_group_desc', 654 | conditions=dict(method=['GET'])) 655 | 656 | uri = path + '/groupdesc/{dpid}/{group_id}' 657 | mapper.connect('stats', uri, 658 | controller=StatsController, action='get_group_desc', 659 | conditions=dict(method=['GET'])) 660 | 661 | uri = path + '/group/{dpid}' 662 | mapper.connect('stats', uri, 663 | controller=StatsController, action='get_group_stats', 664 | conditions=dict(method=['GET'])) 665 | 666 | uri = path + '/group/{dpid}/{group_id}' 667 | mapper.connect('stats', uri, 668 | controller=StatsController, action='get_group_stats', 669 | conditions=dict(method=['GET'])) 670 | 671 | uri = path + '/portdesc/{dpid}' 672 | mapper.connect('stats', uri, 673 | controller=StatsController, action='get_port_desc', 674 | conditions=dict(method=['GET'])) 675 | 676 | uri = path + '/portdesc/{dpid}/{port_no}' 677 | mapper.connect('stats', uri, 678 | controller=StatsController, action='get_port_desc', 679 | conditions=dict(method=['GET'])) 680 | 681 | uri = path + '/role/{dpid}' 682 | mapper.connect('stats', uri, 683 | controller=StatsController, action='get_role', 684 | conditions=dict(method=['GET'])) 685 | 686 | uri = path + '/flowentry/{cmd}' 687 | mapper.connect('stats', uri, 688 | controller=StatsController, action='mod_flow_entry', 689 | conditions=dict(method=['POST'])) 690 | 691 | uri = path + '/flowentry/clear/{dpid}' 692 | mapper.connect('stats', uri, 693 | controller=StatsController, action='delete_flow_entry', 694 | conditions=dict(method=['DELETE'])) 695 | 696 | uri = path + '/meterentry/{cmd}' 697 | mapper.connect('stats', uri, 698 | controller=StatsController, action='mod_meter_entry', 699 | conditions=dict(method=['POST'])) 700 | 701 | uri = path + '/groupentry/{cmd}' 702 | mapper.connect('stats', uri, 703 | controller=StatsController, action='mod_group_entry', 704 | conditions=dict(method=['POST'])) 705 | 706 | uri = path + '/portdesc/{cmd}' 707 | mapper.connect('stats', uri, 708 | controller=StatsController, action='mod_port_behavior', 709 | conditions=dict(method=['POST'])) 710 | 711 | uri = path + '/experimenter/{dpid}' 712 | mapper.connect('stats', uri, 713 | controller=StatsController, action='send_experimenter', 714 | conditions=dict(method=['POST'])) 715 | 716 | uri = path + '/role' 717 | mapper.connect('stats', uri, 718 | controller=StatsController, action='set_role', 719 | conditions=dict(method=['POST'])) 720 | 721 | @set_ev_cls([ofp_event.EventOFPStatsReply, 722 | ofp_event.EventOFPDescStatsReply, 723 | ofp_event.EventOFPFlowStatsReply, 724 | ofp_event.EventOFPAggregateStatsReply, 725 | ofp_event.EventOFPTableStatsReply, 726 | ofp_event.EventOFPTableFeaturesStatsReply, 727 | ofp_event.EventOFPPortStatsReply, 728 | ofp_event.EventOFPQueueStatsReply, 729 | ofp_event.EventOFPQueueDescStatsReply, 730 | ofp_event.EventOFPMeterStatsReply, 731 | ofp_event.EventOFPMeterFeaturesStatsReply, 732 | ofp_event.EventOFPMeterConfigStatsReply, 733 | ofp_event.EventOFPGroupStatsReply, 734 | ofp_event.EventOFPGroupFeaturesStatsReply, 735 | ofp_event.EventOFPGroupDescStatsReply, 736 | ofp_event.EventOFPPortDescStatsReply 737 | ], MAIN_DISPATCHER) 738 | def stats_reply_handler(self, ev): 739 | msg = ev.msg 740 | dp = msg.datapath 741 | 742 | if dp.id not in self.waiters: 743 | return 744 | if msg.xid not in self.waiters[dp.id]: 745 | return 746 | lock, msgs = self.waiters[dp.id][msg.xid] 747 | msgs.append(msg) 748 | 749 | flags = 0 750 | if dp.ofproto.OFP_VERSION == ofproto_v1_0.OFP_VERSION: 751 | flags = dp.ofproto.OFPSF_REPLY_MORE 752 | elif dp.ofproto.OFP_VERSION == ofproto_v1_2.OFP_VERSION: 753 | flags = dp.ofproto.OFPSF_REPLY_MORE 754 | elif dp.ofproto.OFP_VERSION >= ofproto_v1_3.OFP_VERSION: 755 | flags = dp.ofproto.OFPMPF_REPLY_MORE 756 | 757 | if msg.flags & flags: 758 | return 759 | del self.waiters[dp.id][msg.xid] 760 | lock.set() 761 | 762 | @set_ev_cls([ofp_event.EventOFPSwitchFeatures, 763 | ofp_event.EventOFPQueueGetConfigReply, 764 | ofp_event.EventOFPRoleReply, 765 | ], MAIN_DISPATCHER) 766 | def features_reply_handler(self, ev): 767 | msg = ev.msg 768 | dp = msg.datapath 769 | 770 | if dp.id not in self.waiters: 771 | return 772 | if msg.xid not in self.waiters[dp.id]: 773 | return 774 | lock, msgs = self.waiters[dp.id][msg.xid] 775 | msgs.append(msg) 776 | 777 | del self.waiters[dp.id][msg.xid] 778 | lock.set() 779 | -------------------------------------------------------------------------------- /Models/cls_ada_dt_colab.pkl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Models/cls_ada_dt_colab.pkl -------------------------------------------------------------------------------- /Models/cls_bag_rf_colab.pkl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Models/cls_bag_rf_colab.pkl -------------------------------------------------------------------------------- /Models/cls_knn_colab.pkl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Models/cls_knn_colab.pkl -------------------------------------------------------------------------------- /Models/cls_knn_kdtree_colab.pkl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Models/cls_knn_kdtree_colab.pkl -------------------------------------------------------------------------------- /Models/cls_tree_colab.pkl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Models/cls_tree_colab.pkl -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Anomaly Detection ML-SDN-based 2 | 3 | ![Topology](https://user-images.githubusercontent.com/84791557/132374979-7656ab1b-baab-4ead-ba1f-72405f73b5a7.png) 4 | 5 | ## Tools 6 | - Mininet- Network Topology Simulator, can be use via Python API: http://mininet.org/download/ 7 | - Ryu SDN Controller: https://github.com/faucetsdn/ryu 8 | - Wireshark-Packet Capture and export PCAP files: https://www.wireshark.org/download.html 9 | - MongoDB to store Topology's information: https://www.mongodb.com/try/download/community 10 | - CICFlowMeter-Feature Extractor from PCAP files and export CSV files: https://github.com/ahlashkari/CICFlowMeter 11 | 12 | ## Environment setting 13 | - Set up Shared Folder (VM VirtualBox) between Mininet Server and Controller's server 14 | - Run Controller application from Ryu Controller: 15 | ``` 16 | ryu-manager --observe-links --verbose Topo_to_Mongo.py ofctl_rest.py 17 | ``` 18 | - In the mininet server, use Topology/SplTp.py to build the topology and connect to the Ryu Controller: 19 | ``` 20 | sudo mn --custom SplTp.py --topo Simple_Topo --controller=remote,ip={ip address of the controller's server} 21 | ``` 22 | - Run the ML Engine from Supervisor: 23 | ``` 24 | python StartSupervisor.py 25 | ``` 26 | - In the mininet server, run: 27 | - Topology/CICTrigger/CICTrigger.sh - a script with inotify tool for dectecting new PCAP files: 28 | ``` 29 | sudo ./CICTrigger.sh 30 | ``` 31 | - Or Topology/Script PCAP to CSV/TsharkCIC.py - for the same purpose 32 | - If using the first option, in the mininet server, run Wireshark to capture the interfaces that need to be monitored, In the mininet server, set Wireshark to run continuously at arbitrary intervals and save with "Flow.pcap". 33 | 34 | ## How it works 35 | > ⚠️ **WARNING**: **This is a bad pipeline, it should be optimized with a message queuing system like Kafka** 36 | 1. The pcap files will be saved with the format "Flow_{index}_{year}{month}{date}{hour}{minute}{second}.pcap" 37 | 2. The inotify tool in CICTrigger.sh will detect those PCAP files and automatically call the CICFlowMeter tool to convert those files into CSV Files with predefined features 38 | 3. The shared folder is used to send those CSV files directly to a repository in the Controller's server 39 | 4. Those csv files will be recognized and read by StartSupervisor.py through their index, they will be converted one last time to Dataframe and go through a trained ML model, sending out the prediction's result 40 | 5. If a source IP address is determined to be anomalous, the application will response with some actions in ManipAPI.Reaction. In this python file, 2 actions can be performed to indirectly modify flow entry of OpenFlow Switch by REST API (depending on the application running with the Controller): 41 | - Interact with rest_firewall 42 | - Interact with ofctl_rest 43 | -------------------------------------------------------------------------------- /Supervisor/Attributes/Labels.py: -------------------------------------------------------------------------------- 1 | from enum import Enum 2 | 3 | class PredictLabels(Enum): 4 | BENIGN = 1 5 | ANOMALY = 0 -------------------------------------------------------------------------------- /Supervisor/Attributes/features.py: -------------------------------------------------------------------------------- 1 | attrs = ['Flow ID', 'Src IP', 'Src Port', 'Dst IP', 'Dst Port', 'Protocol', 2 | 'Timestamp', 'Flow Duration', 'Tot Fwd Pkts', 'Tot Bwd Pkts', 3 | 'TotLen Fwd Pkts', 'TotLen Bwd Pkts', 'Fwd Pkt Len Max', 4 | 'Fwd Pkt Len Min', 'Fwd Pkt Len Mean', 'Fwd Pkt Len Std', 5 | 'Bwd Pkt Len Max', 'Bwd Pkt Len Min', 'Bwd Pkt Len Mean', 6 | 'Bwd Pkt Len Std', 'Flow Byts/s', 'Flow Pkts/s', 'Flow IAT Mean', 7 | 'Flow IAT Std', 'Flow IAT Max', 'Flow IAT Min', 'Fwd IAT Tot', 8 | 'Fwd IAT Mean', 'Fwd IAT Std', 'Fwd IAT Max', 'Fwd IAT Min', 9 | 'Bwd IAT Tot', 'Bwd IAT Mean', 'Bwd IAT Std', 'Bwd IAT Max', 10 | 'Bwd IAT Min', 'Fwd PSH Flags', 'Bwd PSH Flags', 'Fwd URG Flags', 11 | 'Bwd URG Flags', 'Fwd Header Len', 'Bwd Header Len', 'Fwd Pkts/s', 12 | 'Bwd Pkts/s', 'Pkt Len Min', 'Pkt Len Max', 'Pkt Len Mean', 13 | 'Pkt Len Std', 'Pkt Len Var', 'FIN Flag Cnt', 'SYN Flag Cnt', 14 | 'RST Flag Cnt', 'PSH Flag Cnt', 'ACK Flag Cnt', 'URG Flag Cnt', 15 | 'CWE Flag Count', 'ECE Flag Cnt', 'Down/Up Ratio', 'Pkt Size Avg', 16 | 'Fwd Seg Size Avg', 'Bwd Seg Size Avg', 'Fwd Byts/b Avg', 17 | 'Fwd Pkts/b Avg', 'Fwd Blk Rate Avg', 'Bwd Byts/b Avg', 18 | 'Bwd Pkts/b Avg', 'Bwd Blk Rate Avg', 'Subflow Fwd Pkts', 19 | 'Subflow Fwd Byts', 'Subflow Bwd Pkts', 'Subflow Bwd Byts', 20 | 'Init Fwd Win Byts', 'Init Bwd Win Byts', 'Fwd Act Data Pkts', 21 | 'Fwd Seg Size Min', 'Active Mean', 'Active Std', 'Active Max', 22 | 'Active Min', 'Idle Mean', 'Idle Std', 'Idle Max', 'Idle Min', 'Label'] 23 | 24 | rm_attrs = ['Flow ID', 'Src IP', 'Src Port', 'Dst IP','Dst Port','Timestamp', 25 | 'Fwd PSH Flags', 'Bwd PSH Flags', 'Fwd URG Flags', 'Bwd URG Flags', 26 | 'Fwd Seg Size Avg', 'Bwd Seg Size Avg', 'Fwd Pkts/b Avg', 'Fwd Blk Rate Avg', 27 | 'Bwd Byts/b Avg', 'Bwd Pkts/b Avg','Bwd Blk Rate Avg', 'Fwd Byts/b Avg', 28 | 'FIN Flag Cnt','SYN Flag Cnt','RST Flag Cnt','PSH Flag Cnt','ACK Flag Cnt', 29 | 'URG Flag Cnt', 'CWE Flag Count','ECE Flag Cnt', 'Down/Up Ratio','Subflow Fwd Pkts', 30 | 'Subflow Fwd Byts','Subflow Bwd Pkts','Subflow Bwd Byts','Init Fwd Win Byts', 31 | 'Init Bwd Win Byts','Fwd Act Data Pkts','Fwd Seg Size Min','Label'] -------------------------------------------------------------------------------- /Supervisor/Datapipeline/DataPreprocessor.py: -------------------------------------------------------------------------------- 1 | import joblib 2 | import numpy as np 3 | from sklearn.base import BaseEstimator, TransformerMixin 4 | from sklearn.pipeline import Pipeline 5 | from sklearn import preprocessing as pp 6 | from features import rm_attrs, attrs 7 | 8 | 9 | class AttributesRemover(BaseEstimator, TransformerMixin): 10 | def __init__(self, rm_columns = rm_attrs): 11 | self.rm_columns = rm_columns 12 | def fit(self, X, y=None): 13 | return self 14 | def transform(self, X, y=None): 15 | return X.drop(columns=self.rm_columns, axis=1) 16 | 17 | class CustomCleaner(TransformerMixin): 18 | def __init__(self, *args, **kwargs): 19 | pass 20 | def fit(self, X, y=None): 21 | return self 22 | def transform(self, X, y=None): 23 | return X[~X.isin([np.nan, np.inf, -np.inf]).any(1)] 24 | 25 | class Standardizer(TransformerMixin): 26 | def __init__(self, columns=attrs): 27 | self.stdizer = pp.MinMaxScaler() 28 | self.columns = columns 29 | def fit(self, X, y): 30 | self.stdizer.fit(X) 31 | return self 32 | def transform(self, X, y=None): 33 | return self.stdizer.transform(X) 34 | 35 | class PipelineLoader(object): 36 | def __init__(self, pipeline_filename): 37 | self.ids_pipeline = joblib.load(pipeline_filename) 38 | def getPipeline(self): 39 | return self.ids_pipeline 40 | -------------------------------------------------------------------------------- /Supervisor/Datapipeline/__pycache__/DataPreprocessor.cpython-38.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Supervisor/Datapipeline/__pycache__/DataPreprocessor.cpython-38.pyc -------------------------------------------------------------------------------- /Supervisor/Datapipeline/__pycache__/DataPreprocessor.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Supervisor/Datapipeline/__pycache__/DataPreprocessor.cpython-39.pyc -------------------------------------------------------------------------------- /Supervisor/Datapipeline/pipeline_data_last.joblib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Supervisor/Datapipeline/pipeline_data_last.joblib -------------------------------------------------------------------------------- /Supervisor/Logger/CustomLogging.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | class CustomFormatter(logging.Formatter): 4 | 5 | grey = "\x1b[38;21m" 6 | yellow = "\x1b[33;1m" 7 | red = "\x1b[31;21m" 8 | bold_red = "\x1b[31;1m" 9 | reset = "\x1b[0m" 10 | blue = "\x1b[34;1m" 11 | format = "%(asctime)s - %(name)s - %(levelname)s - %(message)s" 12 | 13 | 14 | FORMATS = { 15 | logging.DEBUG: grey + format + reset, 16 | logging.INFO: blue + format + reset, 17 | logging.WARNING: bold_red + format + reset, 18 | logging.ERROR: bold_red + format + reset, 19 | logging.CRITICAL: bold_red + format + reset 20 | } 21 | 22 | def format(self, record): 23 | log_fmt = self.FORMATS.get(record.levelno) 24 | formatter = logging.Formatter(log_fmt) 25 | return formatter.format(record) 26 | -------------------------------------------------------------------------------- /Supervisor/MLinitiater/__pycache__/mlinitiater.cpython-38.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Supervisor/MLinitiater/__pycache__/mlinitiater.cpython-38.pyc -------------------------------------------------------------------------------- /Supervisor/MLinitiater/__pycache__/mlinitiater.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Supervisor/MLinitiater/__pycache__/mlinitiater.cpython-39.pyc -------------------------------------------------------------------------------- /Supervisor/MLinitiater/mlinitiater.py: -------------------------------------------------------------------------------- 1 | import joblib 2 | import requests 3 | from Datapipeline.DataPreprocessor import PipelineLoader 4 | 5 | class MLInitiater(object): 6 | def __init__(self, model_file, data_pipeline_file): 7 | self.model=joblib.load(model_file) 8 | self.ppl = PipelineLoader(data_pipeline_file).getPipeline() 9 | 10 | def predict(self, data): 11 | preprocess_data = self.ppl.transform(data) 12 | return self.model.predict(preprocess_data) 13 | 14 | -------------------------------------------------------------------------------- /Supervisor/ManipAPI/Reaction.py: -------------------------------------------------------------------------------- 1 | import requests as rq 2 | from pymongo import MongoClient 3 | 4 | FIREWALL_URL = ' http://localhost:8080/firewall/' 5 | MONGO_URL = 'mongodb://127.0.0.1:27017/' 6 | OF_URL = 'http://localhost:8080/stats/' 7 | DBName = 'SDN' 8 | CollName = 'Topology' 9 | 10 | class RESTFWconfig(object): 11 | def __init__(self, fw_url=FIREWALL_URL): 12 | """ 13 | Start the Firewall and allow all Switchs to convey 14 | """ 15 | self.fw_enable_url = fw_url + 'module/enable/' 16 | self.fw_rule_url = fw_url + 'rules/' 17 | rq.put(self.fw_enable_url + "all") 18 | #rq.post(self.fw_rule_url + "all") 19 | rq.delete(self.fw_rule_url + "all", data='{"rule_id": "all"}') 20 | 21 | def get_rules(self, datapathid): 22 | rq_rules = rq.get(self.fw_rule_url + f"{datapathid:016d}") 23 | return rq_rules.content 24 | 25 | def FWconfig_add_rule(self,ip_src, datapathid, action): 26 | """ 27 | Action can be operated: ALLOW, DENY 28 | """ 29 | rule = '{{"nw_src": {ip_source} , "actions": {action}}}'.format(ip_source = ip_src + "/32", action=action) 30 | rq.post(self.fw_rule_url + f"{datapathid:016d}", data=rule) 31 | 32 | def FWconfig_del(self, datapathid,rule_id): 33 | rq.delete(self.fw_rule_url + f"{datapathid:016d}", data='{{"rule_id": {id}}}'.format(id = rule_id)) 34 | 35 | class RESTOFconfig(object): 36 | """ 37 | Manipulate with OpenFlow via REST API 38 | """ 39 | def __init__(self, of_url=OF_URL): 40 | self.desc_url = of_url + "desc/" 41 | self.flow_url = of_url + "flow/" 42 | self.port_url = of_url + "port/" 43 | self.flowentry_url = of_url + "flowentry/" 44 | 45 | def get_sw_stt(self, datapathid): 46 | rq_sw_stt = rq.get(self.desc_url+str(datapathid)) 47 | return rq_sw_stt.content 48 | 49 | def get_flow_stt(self,datapathid): 50 | rq_flow_stt = rq.get(self.flow_url+str(datapathid)) 51 | return rq_flow_stt.content 52 | 53 | def get_port_stt(self,datapathid, port = None): 54 | if port == None: 55 | rq_port_stt = rq.get(self.port_url + str(datapathid)) 56 | else: 57 | rq_port_stt = rq.get(self.port_url + str(datapathid)+'/'+str(port)) 58 | return rq_port_stt.content 59 | 60 | def block_entry(self, datapathid, ip_src, priority=11111, time=1800): 61 | entry = """{{"dpid": {dapaid}, "table_id": 0, "idle_timeout": "{time_out}", "hard_timeout": "{time_out}", 62 | "match": {{"ipv4_src": "{IP_src}", "eth_type": 2048}}, "priority": {Priority}, 63 | "actions": [{{ "type": "CLEAR_ACTIONS"}}]}}""".format(dapaid=datapathid, IP_src=ip_src,time_out=time, Priority=priority) 64 | rq_entry_drop = rq.post(self.flowentry_url + "add",data=entry) 65 | return rq_entry_drop.content 66 | 67 | def open_entry(self, datapathid,ip_src, priority=11111, time=1800): 68 | match_cond = """{{"dpid": {dapaid}, "table_id": 0, "idle_timeout": {time_out}, "hard_timeout": {time_out}, 69 | "match": {{"ipv4_src": "{IP_src}", "eth_type": 2048}}, "priority": {Priority}, 70 | "actions": [{{ "type": "CLEAR_ACTIONS"}}]}}""".format(dapaid=datapathid, IP_src=ip_src,time_out = time ,Priority=priority) 71 | rq_open = rq.post(self.flowentry_url + "delete", data=match_cond) 72 | return rq_open.content 73 | 74 | class RESTDBconfig(object): 75 | """ 76 | Initiate connection with MongoDB and perform some actions 77 | """ 78 | def __init__(self, db_url=MONGO_URL,db_name=DBName): 79 | self.db = MongoClient(db_url)[db_name] 80 | 81 | def DBconfig_update(self,datapathid,data,collection_name=CollName): 82 | filter = {'Datapath ID' : datapathid} 83 | self.db[collection_name].update_one(filter, data, upsert=True) 84 | 85 | def DBconfig_update_status(self, ip_src, increase=5, collection_name=CollName): 86 | self.db[collection_name].update_one({"Hosts.IP": ip_src}, {'$inc':{"Hosts.$.Status": increase}}) 87 | 88 | def DBconfig_query(self, ip_src, collection_name=CollName): 89 | self.db[collection_name].find({}) 90 | query = list(self.db[collection_name].find({ 'Hosts' : { '$elemMatch': { 'IP': ip_src } } }, {'_id': False, 'Version': False})) 91 | for host in query[0]['Hosts']: 92 | if host['IP'] == ip_src: 93 | stt = host['Status'] 94 | dp = query[0]['Datapath ID'] 95 | return dp, stt 96 | 97 | def DBConfig_del(self, datapathid,collection_name=CollName): 98 | self.db[collection_name].delete_one({'$elemMatch' : {'DatapathID':datapathid}}) 99 | -------------------------------------------------------------------------------- /Supervisor/StartSupervisor.py: -------------------------------------------------------------------------------- 1 | import time 2 | import os 3 | import logging 4 | import pandas as pd 5 | import glob 6 | import re 7 | import joblib 8 | from Attributes import features 9 | from Logger.CustomLogging import CustomFormatter 10 | from Attributes.Labels import PredictLabels 11 | from ManipAPI.Reaction import RESTDBconfig, RESTFWconfig, RESTOFconfig 12 | from MLinitiater.mlinitiater import MLInitiater 13 | from Datapipeline.DataPreprocessor import AttributesRemover, Standardizer, CustomCleaner, PipelineLoader, TransformerMixin, BaseEstimator 14 | 15 | CSVFILEPATH = '' 16 | DATA_PIPELINE_FILEPATH = '' 17 | MODEL_FILEPATH = '' 18 | csvfilename= '' 19 | columns = features.attrs 20 | fileindex = 1 21 | undetected = 1 22 | 23 | # create logger with 'spam_application' 24 | log = logging.getLogger("Supervisor") 25 | log.setLevel(logging.INFO) 26 | 27 | # create console handler with a higher log level 28 | ch = logging.StreamHandler() 29 | ch.setLevel(logging.INFO) 30 | 31 | ch.setFormatter(CustomFormatter()) 32 | 33 | log.addHandler(ch) 34 | 35 | def initiateSpvs(): 36 | log.info('Starting Supervisor...') 37 | 38 | try: 39 | DB = RESTDBconfig() 40 | log.info('Connected to the database') 41 | except Exception as ex: 42 | log.error('Cannot connect to the database',exc_info=True) 43 | try: 44 | OF = RESTOFconfig() 45 | log.info('Ready to manipulate with OpenFlow') 46 | except Exception as ex: 47 | log.error('Cannot manipulate with OpenFlow', exc_info=True) 48 | 49 | global csvfilename 50 | global fileindex 51 | global undetected 52 | 53 | idsapp = MLInitiater(MODEL_FILEPATH, DATA_PIPELINE_FILEPATH) 54 | 55 | while True: 56 | undetected = 1 57 | #print("Finding the "+ str(fileindex) + "th flow subset...") 58 | while undetected: 59 | file_pointer = "Flow_" + f"{fileindex:05d}" + "*" + ".pcap_Flow.csv" 60 | files = glob.glob(os.path.join(CSVFILEPATH, file_pointer)) 61 | if len(files) != 0: 62 | undetected = 0 63 | #print("Flow subset %sth - %s has been detected!" % (fileindex, files[0])) 64 | time.sleep(3) 65 | 66 | df = pd.read_csv(str(files[0])) 67 | fileindex += 1 68 | if(len(df)==0): 69 | #print('Empty') 70 | continue 71 | #print("Reading flow...") 72 | for i in range(len(df)): 73 | ip_src = str(df.iloc[i,1]) 74 | if idsapp.predict(df.iloc[[i]])[0] == PredictLabels.ANOMALY.value: 75 | DB.DBconfig_update_status(ip_src,increase=30) 76 | dp, stt = DB.DBconfig_query(ip_src) 77 | log.warning("ANOMALY DETECTED FROM: " + ip_src + " attached with Switch ID: " + str(dp)) 78 | log.warning('Emergency level: ' + str(stt)) 79 | if stt >= 100: 80 | try: 81 | OF.block_entry(dp, ip_src) 82 | log.info("Source " + ip_src + " has been blocked for 30 minutes, entry priority: 11111" ) 83 | except Exception as ex: 84 | log.error('Error occurred when adding flow entry', exc_info=True) 85 | 86 | if __name__ == "__main__": 87 | initiateSpvs() -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016 Canadian Institute for Cybersecurity (CIC) 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (CICFlowMeter), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | 21 | For citation in your works and also understanding CICFlowMeter (formerly ISCXFlowMeter) completely, you can find below published papers: 22 | 23 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 24 | 25 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 26 | 27 | Contributors: 28 | Arash Habibi Lashkari: Researcher and Developer (Founder) 29 | 30 | Gerard Drapper: Researcher and Developer (Co-funder) 31 | 32 | muhammad saiful islam: Researcher and Developer (Co-funder) 33 | -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/README.md: -------------------------------------------------------------------------------- 1 | # Intro 2 | The CICFlowMeter is an open source tool that generates Biflows from pcap files, and extracts features from these flows. 3 | 4 | CICFlowMeter is a network traffic flow generator available from here . It can be used to generate bidirectional flows, where the first packet determines the forward (source to destination) and backward (destination to source) directions, hence the statistical time-related features can be calculated separately in the forward and backward directions. Additional functionalities include, selecting features from the list of existing features, adding new features, and controlling the duration of flow timeout. 5 | 6 | NOTE: TCP flows are usually terminated upon connection teardown (by FIN packet) while UDP flows are terminated by a flow timeout. The flow timeout value can be assigned arbitrarily by the individual scheme e.g., 600 seconds for both TCP and UDP. 7 | 8 | For citation in your works and also understanding CICFlowMeter (formerly ISCXFlowMeter) completely, you can find below published paper: 9 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 10 | 11 | 12 | ---------------------------------------- 13 | 14 | # Installation and executing: 15 | 16 | Extract CICFlowMeterV3.zip 17 | 18 | ___Note: The only prerequisite is that "libpcap" library or WinPcap on windows systems, be pre-installed___ 19 | 20 | 21 | For Linux 22 | 23 | > $ sudo apt-get install libpcap-dev 24 | 25 | 26 | For windows 27 | > download [winpcap]() 28 | 29 | ## executing 30 | Go to the extracted directory,enter the 'bin' folder 31 | 32 | ### linux 33 | Open a terminal and run this command 34 | ``` 35 | //For GUI: 36 | sudo ./CICFlowMeter 37 | 38 | //For Command line: 39 | ./cfm "inputFolder" "outputFolder" 40 | ``` 41 | ### windows 42 | Lanunch the Comand Prompt and run this command 43 | ``` 44 | //for GUI: 45 | CICFlowMeter.bat 46 | 47 | //for Command line: 48 | cfm.bat "inputFolder" "outputFolder" 49 | ``` 50 | 51 | ## Get started 52 | for offline 53 | ``` 54 | 1.Select the folder that include your PCAP files 55 | 2.Select the folder that you would like to save you CSV files 56 | 3.Click OK button 57 | ``` 58 | 59 | for realtime 60 | ``` 61 | 1 CLick Load button to find the list of network interfaces 62 | 2 Select the interface you would like to monitor 63 | 3 Click start button and wait for a while 64 | 4 Click stop button to stop the process and save the csv in same applcation folder/data/daily 65 | ``` 66 | 67 | -------------------------------------------------------------- 68 | 69 | Contact us at A.Habibi.L@unb.ca if there are any problems. 70 | 71 | 72 | For citation in your works and also understanding CICFlowMeter (formerly ISCXFlowMeter) completely, you can find below published papers: 73 | 74 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 75 | 76 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 77 | 78 | 79 | -------------------------------------------------------------- 80 | List of extracted features and descriptions: 81 | Feature Name Description 82 | Flow duration Duration of the flow in Microsecond 83 | total Fwd Packet Total packets in the forward direction 84 | total Bwd packets Total packets in the backward direction 85 | total Length of Fwd Packet Total size of packet in forward direction 86 | total Length of Bwd Packet Total size of packet in backward direction 87 | Fwd Packet Length Min Minimum size of packet in forward direction 88 | Fwd Packet Length Max Maximum size of packet in forward direction 89 | Fwd Packet Length Mean Mean size of packet in forward direction 90 | Fwd Packet Length Std Standard deviation size of packet in forward direction 91 | Bwd Packet Length Min Minimum size of packet in backward direction 92 | Bwd Packet Length Max Maximum size of packet in backward direction 93 | Bwd Packet Length Mean Mean size of packet in backward direction 94 | Bwd Packet Length Std Standard deviation size of packet in backward direction 95 | Flow Byte/s Number of flow packets per second 96 | Flow Packets/s Number of flow bytes per second 97 | Flow IAT Mean Mean time between two packets sent in the flow 98 | Flow IAT Std Standard deviation time between two packets sent in the flow 99 | Flow IAT Max Maximum time between two packets sent in the flow 100 | Flow IAT Min Minimum time between two packets sent in the flow 101 | Fwd IAT Min Minimum time between two packets sent in the forward direction 102 | Fwd IAT Max Maximum time between two packets sent in the forward direction 103 | Fwd IAT Mean Mean time between two packets sent in the forward direction 104 | Fwd IAT Std Standard deviation time between two packets sent in the forward direction 105 | Fwd IAT Total Total time between two packets sent in the forward direction 106 | Bwd IAT Min Minimum time between two packets sent in the backward direction 107 | Bwd IAT Max Maximum time between two packets sent in the backward direction 108 | Bwd IAT Mean Mean time between two packets sent in the backward direction 109 | Bwd IAT Std Standard deviation time between two packets sent in the backward direction 110 | Bwd IAT Total Total time between two packets sent in the backward direction 111 | Fwd PSH flag Number of times the PSH flag was set in packets travelling in the forward direction (0 for UDP) 112 | Bwd PSH Flag Number of times the PSH flag was set in packets travelling in the backward direction (0 for UDP) 113 | Fwd URG Flag Number of times the URG flag was set in packets travelling in the forward direction (0 for UDP) 114 | Bwd URG Flag Number of times the URG flag was set in packets travelling in the backward direction (0 for UDP) 115 | Fwd Header Length Total bytes used for headers in the forward direction 116 | Bwd Header Length Total bytes used for headers in the backward direction 117 | FWD Packets/s Number of forward packets per second 118 | Bwd Packets/s Number of backward packets per second 119 | Min Packet Length Minimum length of a packet 120 | Max Packet Length Maximum length of a packet 121 | Packet Length Mean Mean length of a packet 122 | Packet Length Std Standard deviation length of a packet 123 | Packet Length Variance Variance length of a packet 124 | FIN Flag Count Number of packets with FIN 125 | SYN Flag Count Number of packets with SYN 126 | RST Flag Count Number of packets with RST 127 | PSH Flag Count Number of packets with PUSH 128 | ACK Flag Count Number of packets with ACK 129 | URG Flag Count Number of packets with URG 130 | CWR Flag Count Number of packets with CWE 131 | ECE Flag Count Number of packets with ECE 132 | down/Up Ratio Download and upload ratio 133 | Average Packet Size Average size of packet 134 | Avg Fwd Segment Size Average size observed in the forward direction 135 | AVG Bwd Segment Size Average number of bytes bulk rate in the backward direction 136 | Fwd Header Length Length of the forward packet header 137 | Fwd Avg Bytes/Bulk Average number of bytes bulk rate in the forward direction 138 | Fwd AVG Packet/Bulk Average number of packets bulk rate in the forward direction 139 | Fwd AVG Bulk Rate Average number of bulk rate in the forward direction 140 | Bwd Avg Bytes/Bulk Average number of bytes bulk rate in the backward direction 141 | Bwd AVG Packet/Bulk Average number of packets bulk rate in the backward direction 142 | Bwd AVG Bulk Rate Average number of bulk rate in the backward direction 143 | Subflow Fwd Packets The average number of packets in a sub flow in the forward direction 144 | Subflow Fwd Bytes The average number of bytes in a sub flow in the forward direction 145 | Subflow Bwd Packets The average number of packets in a sub flow in the backward direction 146 | Subflow Bwd Bytes The average number of bytes in a sub flow in the backward direction 147 | Init_Win_bytes_forward The total number of bytes sent in initial window in the forward direction 148 | Init_Win_bytes_backward The total number of bytes sent in initial window in the backward direction 149 | Act_data_pkt_forward Count of packets with at least 1 byte of TCP data payload in the forward direction 150 | min_seg_size_forward Minimum segment size observed in the forward direction 151 | Active Min Minimum time a flow was active before becoming idle 152 | Active Mean Mean time a flow was active before becoming idle 153 | Active Max Maximum time a flow was active before becoming idle 154 | Active Std Standard deviation time a flow was active before becoming idle 155 | Idle Min Minimum time a flow was idle before becoming active 156 | Idle Mean Mean time a flow was idle before becoming active 157 | Idle Max Maximum time a flow was idle before becoming active 158 | Idle Std Standard deviation time a flow was idle before becoming active 159 | 160 | -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/TsharkCIC.py: -------------------------------------------------------------------------------- 1 | import pyshark as ps 2 | import time 3 | from datetime import datetime 4 | import subprocess 5 | from subprocess import Popen 6 | 7 | interfaces = ['s01-eth1','s02-eth1','s03-eth1','s01-eth2','s02-eth2','s03-eth2'] 8 | output_csv_path = '/home/natrie/Topology/OutputCSV/' 9 | output_pcap_path = '/home/natrie/Topology/OutputPCAP/' 10 | cicpath = './cfm' 11 | 12 | while(True): 13 | now = str(datetime.now()).replace(" ","_").replace(":","-") 14 | filename= output_pcap_path + now + '.pcap' 15 | capture = ps.LiveCapture(interface=['enp0s3'],output_file=filename) 16 | capture.set_debug() 17 | capture.sniff(timeout=10) 18 | capture 19 | 20 | #command = cicpath + " " + filename + " " + output_csv_path 21 | #p = Popen(command,shell=True) 22 | 23 | 24 | -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/TsharkTest.py: -------------------------------------------------------------------------------- 1 | import pyshark as ps 2 | import time 3 | from datetime import datetime 4 | import subprocess 5 | from subprocess import Popen 6 | 7 | interfaces = ['s01-eth1@if2','s02-eth1@if2','s03-eth1@if2','s01-eth2@if2','s02-eth2@if2','s03-eth2@if2'] 8 | output_csv_path = '/home/mininet/Topology/ICFlowMeter-4.0/bin/PCAP_to_CSV/OutputCSV/' 9 | output_pcap_path = '/home/mininet/Topology/ICFlowMeter-4.0/bin/InputPCAP/' 10 | cicpath = 'cfm.bat' 11 | 12 | while(True): 13 | now = str(datetime.now()).replace(" ","_").replace(":","-") 14 | filename= output_pcap_path + now + '.pcap' 15 | capture = ps.LiveCapture(interface=interfaces,output_file=filename) 16 | capture.sniff(timeout=20) 17 | capture -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/bin/CICFlowMeter: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## CICFlowMeter start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/.." >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="CICFlowMeter" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and CIC_FLOW_METER_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS='"-Djava.library.path=../lib/native"' 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/lib/CICFlowMeter-4.0.jar:$APP_HOME/lib/log4j-core-2.11.0.jar:$APP_HOME/lib/slf4j-log4j12-1.7.25.jar:$APP_HOME/lib/jnetpcap-1.4.1.jar:$APP_HOME/lib/junit-4.12.jar:$APP_HOME/lib/commons-lang3-3.6.jar:$APP_HOME/lib/commons-math3-3.5.jar:$APP_HOME/lib/commons-io-2.5.jar:$APP_HOME/lib/weka-stable-3.6.14.jar:$APP_HOME/lib/jfreechart-1.5.0.jar:$APP_HOME/lib/guava-23.6-jre.jar:$APP_HOME/lib/tika-core-1.17.jar:$APP_HOME/lib/log4j-api-2.11.0.jar:$APP_HOME/lib/slf4j-api-1.7.25.jar:$APP_HOME/lib/log4j-1.2.17.jar:$APP_HOME/lib/hamcrest-core-1.3.jar:$APP_HOME/lib/java-cup-0.11a.jar:$APP_HOME/lib/jsr305-1.3.9.jar:$APP_HOME/lib/checker-compat-qual-2.0.0.jar:$APP_HOME/lib/error_prone_annotations-2.1.3.jar:$APP_HOME/lib/j2objc-annotations-1.1.jar:$APP_HOME/lib/animal-sniffer-annotations-1.14.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $CIC_FLOW_METER_OPTS -classpath "\"$CLASSPATH\"" cic.cs.unb.ca.ifm.App "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/bin/CICFlowMeter.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem CICFlowMeter startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME%.. 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and CIC_FLOW_METER_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS="-Djava.library.path=../lib/native" 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\lib\CICFlowMeter-4.0.jar;%APP_HOME%\lib\log4j-core-2.11.0.jar;%APP_HOME%\lib\slf4j-log4j12-1.7.25.jar;%APP_HOME%\lib\jnetpcap-1.4.1.jar;%APP_HOME%\lib\junit-4.12.jar;%APP_HOME%\lib\commons-lang3-3.6.jar;%APP_HOME%\lib\commons-math3-3.5.jar;%APP_HOME%\lib\commons-io-2.5.jar;%APP_HOME%\lib\weka-stable-3.6.14.jar;%APP_HOME%\lib\jfreechart-1.5.0.jar;%APP_HOME%\lib\guava-23.6-jre.jar;%APP_HOME%\lib\tika-core-1.17.jar;%APP_HOME%\lib\log4j-api-2.11.0.jar;%APP_HOME%\lib\slf4j-api-1.7.25.jar;%APP_HOME%\lib\log4j-1.2.17.jar;%APP_HOME%\lib\hamcrest-core-1.3.jar;%APP_HOME%\lib\java-cup-0.11a.jar;%APP_HOME%\lib\jsr305-1.3.9.jar;%APP_HOME%\lib\checker-compat-qual-2.0.0.jar;%APP_HOME%\lib\error_prone_annotations-2.1.3.jar;%APP_HOME%\lib\j2objc-annotations-1.1.jar;%APP_HOME%\lib\animal-sniffer-annotations-1.14.jar 67 | 68 | @rem Execute CICFlowMeter 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %CIC_FLOW_METER_OPTS% -classpath "%CLASSPATH%" cic.cs.unb.ca.ifm.App %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable CIC_FLOW_METER_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%CIC_FLOW_METER_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/bin/CICScript.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | from subprocess import Popen 3 | 4 | cicpath = 'cfm.bat' 5 | inputpath = 'PCAP_to_CSV\InputPCAP' 6 | outputpath = 'PCAP_to_CSV\OutputCSV' 7 | command = cicpath + " " + inputpath + " " + outputpath 8 | 9 | p = Popen(command,shell=True) -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/bin/cfm: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## cfm start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/.." >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="cfm" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and CFM_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS='"-Djava.library.path=../lib/native"' 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/lib/CICFlowMeter-4.0.jar:$APP_HOME/lib/log4j-core-2.11.0.jar:$APP_HOME/lib/slf4j-log4j12-1.7.25.jar:$APP_HOME/lib/jnetpcap-1.4.1.jar:$APP_HOME/lib/junit-4.12.jar:$APP_HOME/lib/commons-lang3-3.6.jar:$APP_HOME/lib/commons-math3-3.5.jar:$APP_HOME/lib/commons-io-2.5.jar:$APP_HOME/lib/weka-stable-3.6.14.jar:$APP_HOME/lib/jfreechart-1.5.0.jar:$APP_HOME/lib/guava-23.6-jre.jar:$APP_HOME/lib/tika-core-1.17.jar:$APP_HOME/lib/log4j-api-2.11.0.jar:$APP_HOME/lib/slf4j-api-1.7.25.jar:$APP_HOME/lib/log4j-1.2.17.jar:$APP_HOME/lib/hamcrest-core-1.3.jar:$APP_HOME/lib/java-cup-0.11a.jar:$APP_HOME/lib/jsr305-1.3.9.jar:$APP_HOME/lib/checker-compat-qual-2.0.0.jar:$APP_HOME/lib/error_prone_annotations-2.1.3.jar:$APP_HOME/lib/j2objc-annotations-1.1.jar:$APP_HOME/lib/animal-sniffer-annotations-1.14.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $CFM_OPTS -classpath "\"$CLASSPATH\"" cic.cs.unb.ca.ifm.Cmd "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/bin/cfm.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem cfm startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME%.. 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and CFM_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS="-Djava.library.path=../lib/native" 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\lib\CICFlowMeter-4.0.jar;%APP_HOME%\lib\log4j-core-2.11.0.jar;%APP_HOME%\lib\slf4j-log4j12-1.7.25.jar;%APP_HOME%\lib\jnetpcap-1.4.1.jar;%APP_HOME%\lib\junit-4.12.jar;%APP_HOME%\lib\commons-lang3-3.6.jar;%APP_HOME%\lib\commons-math3-3.5.jar;%APP_HOME%\lib\commons-io-2.5.jar;%APP_HOME%\lib\weka-stable-3.6.14.jar;%APP_HOME%\lib\jfreechart-1.5.0.jar;%APP_HOME%\lib\guava-23.6-jre.jar;%APP_HOME%\lib\tika-core-1.17.jar;%APP_HOME%\lib\log4j-api-2.11.0.jar;%APP_HOME%\lib\slf4j-api-1.7.25.jar;%APP_HOME%\lib\log4j-1.2.17.jar;%APP_HOME%\lib\hamcrest-core-1.3.jar;%APP_HOME%\lib\java-cup-0.11a.jar;%APP_HOME%\lib\jsr305-1.3.9.jar;%APP_HOME%\lib\checker-compat-qual-2.0.0.jar;%APP_HOME%\lib\error_prone_annotations-2.1.3.jar;%APP_HOME%\lib\j2objc-annotations-1.1.jar;%APP_HOME%\lib\animal-sniffer-annotations-1.14.jar 67 | 68 | @rem Execute cfm 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %CFM_OPTS% -classpath "%CLASSPATH%" cic.cs.unb.ca.ifm.Cmd %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable CFM_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%CFM_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/bin/logs/debug: -------------------------------------------------------------------------------- 1 | 2021-07-16 16:05:03 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select input E:\SDN_ML_Anaconda\TopoPipeline\CICFlowMeter-4.0\bin\1.1.1.1.1.pcap 2 | 2021-07-16 16:05:15 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select output E:\SDN_ML_Anaconda\TopoPipeline\CICFlowMeter-4.0\bin 3 | 2021-07-16 16:05:16 DEBUG cic.cs.unb.ca.jnetpcap.worker.ReadPcapFileWorker Working on... E:\SDN_ML_Anaconda\TopoPipeline\CICFlowMeter-4.0\bin\1.1.1.1.1.pcap 4 | 2021-07-16 16:05:16 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 5 | ******************************************************************************** 6 | 0000:*01 80 c2 00* 00 0a 00 e0 fc 09 bc f9 88 a7 00 03 ................ 7 | 0010: 00 00 01 b4 84 5d 00 01 00 0e 00 00 00 00 54 89 .....]........T. 8 | 0020: 98 00 30 3f 00 07 00 11 53 57 31 2d 47 54 4d 53 ..0?....SW1-GTMS 9 | 0030: 43 2d 4e 56 4c 00 0f 00 1b 53 35 33 30 30 20 56 C-NVL....S5300 V 10 | 0040: 31 30 30 52 30 30 35 43 30 31 53 50 43 31 30 30 100R005C01SPC100 11 | 0050: 00 12 00 22 56 65 72 73 69 6f 6e 20 35 2e 37 30 ..."Version 5.70 12 | 0060: 20 56 31 30 30 52 30 30 35 43 30 31 53 50 43 31 V100R005C01SPC1 13 | 0070: 30 30 00 11 00 22 56 65 72 73 69 6f 6e 20 35 2e 00..."Version 5. 14 | 0080: 37 30 20 56 31 30 30 52 30 30 35 43 30 31 53 50 70 V100R005C01SP 15 | 0090: 43 31 30 30 00 0c 00 17 10 00 00 00 00 00 00 00 C100............ 16 | 00a0: 00 00 00 00 00 00 00 00 30 52 30 00 13 00 08 00 ........0R0..... 17 | 00b0: 00 00 1e 00 02 00 18 47 69 67 61 62 69 74 45 74 .......GigabitEt 18 | 00c0: 68 65 72 6e 65 74 30 2f 31 2f 31 00 0b 00 06 00 hernet0/1/1..... 19 | 00d0: 01 . 20 | 21 | 22 | 2021-07-16 16:05:16 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 23 | ******************************************************************************** 24 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 25 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 26 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 27 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 28 | 0040: 59 6d 00 08 00 02 00 00 00 01 00 0e 00 01 00 01 Ym.............. 29 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 30 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 31 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 32 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 33 | 0090: 08 00 18 00 17 00 11 00 27* ........' 34 | 35 | 36 | 2021-07-16 16:05:16 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 37 | ******************************************************************************** 38 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 39 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 40 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 41 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 42 | 0040: 59 6d 00 08 00 02 00 64 00 01 00 0e 00 01 00 01 Ym.....d........ 43 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 44 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 45 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 46 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 47 | 0090: 08 00 18 00 17 00 11 00 27* ........' 48 | 49 | 50 | 2021-07-16 16:05:16 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 51 | ******************************************************************************** 52 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 53 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 54 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 55 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 56 | 0040: 59 6d 00 08 00 02 01 2c 00 01 00 0e 00 01 00 01 Ym.....,........ 57 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 58 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 59 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 60 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 61 | 0090: 08 00 18 00 17 00 11 00 27* ........' 62 | 63 | 64 | 2021-07-16 16:05:17 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 65 | ******************************************************************************** 66 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 67 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 68 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 69 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 70 | 0040: 59 6d 00 08 00 02 02 bc 00 01 00 0e 00 01 00 01 Ym.............. 71 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 72 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 73 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 74 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 75 | 0090: 08 00 18 00 17 00 11 00 27* ........' 76 | 77 | 78 | 2021-07-16 16:05:17 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 79 | ******************************************************************************** 80 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 81 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 82 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 83 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 84 | 0040: 59 6d 00 08 00 02 05 dc 00 01 00 0e 00 01 00 01 Ym.............. 85 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 86 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 87 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 88 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 89 | 0090: 08 00 18 00 17 00 11 00 27* ........' 90 | 91 | 92 | 2021-07-16 16:05:17 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 93 | ******************************************************************************** 94 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 95 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 96 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 97 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 98 | 0040: 59 6d 00 08 00 02 0c 1c 00 01 00 0e 00 01 00 01 Ym.............. 99 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 100 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 101 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 102 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 103 | 0090: 08 00 18 00 17 00 11 00 27* ........' 104 | 105 | 106 | 2021-07-16 16:05:17 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 107 | ******************************************************************************** 108 | 0000:*01 80 c2 00* 00 0a 00 e0 fc 09 bc f9 88 a7 00 03 ................ 109 | 0010: 00 00 01 b4 84 5d 00 01 00 0e 00 00 00 00 54 89 .....]........T. 110 | 0020: 98 00 30 3f 00 07 00 11 53 57 31 2d 47 54 4d 53 ..0?....SW1-GTMS 111 | 0030: 43 2d 4e 56 4c 00 0f 00 1b 53 35 33 30 30 20 56 C-NVL....S5300 V 112 | 0040: 31 30 30 52 30 30 35 43 30 31 53 50 43 31 30 30 100R005C01SPC100 113 | 0050: 00 12 00 22 56 65 72 73 69 6f 6e 20 35 2e 37 30 ..."Version 5.70 114 | 0060: 20 56 31 30 30 52 30 30 35 43 30 31 53 50 43 31 V100R005C01SPC1 115 | 0070: 30 30 00 11 00 22 56 65 72 73 69 6f 6e 20 35 2e 00..."Version 5. 116 | 0080: 37 30 20 56 31 30 30 52 30 30 35 43 30 31 53 50 70 V100R005C01SP 117 | 0090: 43 31 30 30 00 0c 00 17 10 00 00 00 00 00 00 00 C100............ 118 | 00a0: 00 00 00 00 00 00 00 00 30 52 30 00 13 00 08 00 ........0R0..... 119 | 00b0: 00 00 1e 00 02 00 18 47 69 67 61 62 69 74 45 74 .......GigabitEt 120 | 00c0: 68 65 72 6e 65 74 30 2f 31 2f 31 00 0b 00 06 00 hernet0/1/1..... 121 | 00d0: 01 . 122 | 123 | 124 | 2021-07-16 16:05:17 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader Read All packets on E:\SDN_ML_Anaconda\TopoPipeline\CICFlowMeter-4.0\bin\1.1.1.1.1.pcap 125 | -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/bin/logs/debug-2021-06-12.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/bin/logs/debug-2021-06-12.log -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/bin/logs/debug-2021-06-26.log: -------------------------------------------------------------------------------- 1 | 2021-06-26 16:57:36 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select input D:\IDM Download\Compressed\CICFlowMeter-4.0\TestCICFlowmeter\pcaptest2.pcap 2 | 2021-06-26 16:57:42 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select output D:\IDM Download\Compressed\CICFlowMeter-4.0\TestCICFlowmeter\New Folder 3 | 2021-06-26 16:57:45 DEBUG cic.cs.unb.ca.jnetpcap.worker.ReadPcapFileWorker Working on... D:\IDM Download\Compressed\CICFlowMeter-4.0\TestCICFlowmeter\pcaptest2.pcap 4 | 2021-06-26 16:57:45 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 5 | ******************************************************************************** 6 | 0000:*33 33 00 01 00 02 a4 ba db a9 f1 44* 86 dd 60 00 33.........D..`. 7 | 0010: 00 00 00 5f 11 01 fe 80 00 00 00 00 00 00 29 46 ..._..........)F 8 | 0020: b1 f9 25 81 e6 2b ff 02 00 00 00 00 00 00 00 00 ..%..+.......... 9 | 0030: 00 00 00 01 00 02 02 22 02 23 00 5f e4 e3 01 9e .......".#._.... 10 | 0040: ec 0d 00 08 00 02 18 9c 00 01 00 0e 00 01 00 01 ................ 11 | 0050: 15 8d 4f ec a4 ba db a9 f1 44 00 03 00 0c 0e a4 ..O......D...... 12 | 0060: ba db 00 00 00 00 00 00 00 00 00 27 00 09 00 07 ...........'.... 13 | 0070: 4d 72 4d 75 2d 50 43 00 10 00 0e 00 00 01 37 00 MrMu-PC.......7. 14 | 0080: 08 4d 53 46 54 20 35 2e 30 00 06 00 08 00 18 00 .MSFT 5.0....... 15 | 0090: 17 00 11 00 27* ....' 16 | 17 | 18 | 2021-06-26 16:57:45 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 19 | ******************************************************************************** 20 | 0000:*33 33 00 00 00 0c a4 ba db a9 f1 44* 86 dd 60 00 33.........D..`. 21 | 0010: 00 00 02 94 11 01 fe 80 00 00 00 00 00 00 29 46 ..............)F 22 | 0020: b1 f9 25 81 e6 2b ff 02 00 00 00 00 00 00 00 00 ..%..+.......... 23 | 0030: 00 00 00 00 00 0c e4 ad 0e 76 02 94 e7 21 3c 3f .........v...!urn:schema 40 | 0140: 73 2d 78 6d 6c 73 6f 61 70 2d 6f 72 67 3a 77 73 s-xmlsoap-org:ws 41 | 0150: 3a 32 30 30 35 3a 30 34 3a 64 69 73 63 6f 76 65 :2005:04:discove 42 | 0160: 72 79 3c 2f 77 73 61 3a 54 6f 3e 3c 77 73 61 3a ryhttp://sc 44 | 0180: 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 hemas.xmlsoap.or 45 | 0190: 67 2f 77 73 2f 32 30 30 35 2f 30 34 2f 64 69 73 g/ws/2005/04/dis 46 | 01a0: 63 6f 76 65 72 79 2f 52 65 73 6f 6c 76 65 3c 2f covery/Resolveurn:uu 49 | 01d0: 69 64 3a 61 63 64 64 36 37 35 61 2d 38 65 65 63 id:acdd675a-8eec 50 | 01e0: 2d 34 61 36 37 2d 39 61 38 62 2d 32 33 39 31 35 -4a67-9a8b-23915 51 | 01f0: 38 38 32 61 64 37 36 3c 2f 77 73 61 3a 4d 65 73 882ad76 54 | 0220: 3c 77 73 64 3a 52 65 73 6f 6c 76 65 3e 3c 77 73 uuid:AA71993F-6 58 | 0260: 33 37 32 2d 31 45 43 43 2d 45 46 33 35 2d 31 43 372-1ECC-EF35-1C 59 | 0270: 43 31 44 45 38 34 31 35 32 37 3c 2f 77 73 61 3a C1DE841527 62 | 02a0: 3c 2f 77 73 64 3a 52 65 73 6f 6c 76 65 3e 3c 2f 65 | 66 | 67 | 2021-06-26 16:57:45 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 68 | ******************************************************************************** 69 | 0000:*33 33 00 00 00 0c a4 ba db a9 f1 44* 86 dd 60 00 33.........D..`. 70 | 0010: 00 00 02 94 11 01 fe 80 00 00 00 00 00 00 29 46 ..............)F 71 | 0020: b1 f9 25 81 e6 2b ff 02 00 00 00 00 00 00 00 00 ..%..+.......... 72 | 0030: 00 00 00 00 00 0c e4 ad 0e 76 02 94 e7 21 3c 3f .........v...!urn:schema 89 | 0140: 73 2d 78 6d 6c 73 6f 61 70 2d 6f 72 67 3a 77 73 s-xmlsoap-org:ws 90 | 0150: 3a 32 30 30 35 3a 30 34 3a 64 69 73 63 6f 76 65 :2005:04:discove 91 | 0160: 72 79 3c 2f 77 73 61 3a 54 6f 3e 3c 77 73 61 3a ryhttp://sc 93 | 0180: 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 hemas.xmlsoap.or 94 | 0190: 67 2f 77 73 2f 32 30 30 35 2f 30 34 2f 64 69 73 g/ws/2005/04/dis 95 | 01a0: 63 6f 76 65 72 79 2f 52 65 73 6f 6c 76 65 3c 2f covery/Resolveurn:uu 98 | 01d0: 69 64 3a 61 63 64 64 36 37 35 61 2d 38 65 65 63 id:acdd675a-8eec 99 | 01e0: 2d 34 61 36 37 2d 39 61 38 62 2d 32 33 39 31 35 -4a67-9a8b-23915 100 | 01f0: 38 38 32 61 64 37 36 3c 2f 77 73 61 3a 4d 65 73 882ad76 103 | 0220: 3c 77 73 64 3a 52 65 73 6f 6c 76 65 3e 3c 77 73 uuid:AA71993F-6 107 | 0260: 33 37 32 2d 31 45 43 43 2d 45 46 33 35 2d 31 43 372-1ECC-EF35-1C 108 | 0270: 43 31 44 45 38 34 31 35 32 37 3c 2f 77 73 61 3a C1DE841527 111 | 02a0: 3c 2f 77 73 64 3a 52 65 73 6f 6c 76 65 3e 3c 2f 114 | 115 | 116 | 2021-06-26 16:57:45 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader Read All packets on D:\IDM Download\Compressed\CICFlowMeter-4.0\TestCICFlowmeter\pcaptest2.pcap 117 | -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/bin/logs/debug-2021-07-12.log: -------------------------------------------------------------------------------- 1 | 2021-07-12 16:44:28 INFO cic.cs.unb.ca.ifm.Cmd You select: 1.1.1.1.1.pcap 2 | 2021-07-12 16:44:28 INFO cic.cs.unb.ca.ifm.Cmd Out folder: /mnt/e/SDN_ML_Anaconda/TopoPipeline/CICFlowMeter-4.0/bin/ 3 | 2021-07-12 16:44:29 INFO cic.cs.unb.ca.ifm.Cmd CICFlowMeter received 1 pcap file 4 | 2021-07-12 17:28:11 INFO cic.cs.unb.ca.ifm.Cmd You select: 1.1.1.1.1.pcap 5 | 2021-07-12 17:28:11 INFO cic.cs.unb.ca.ifm.Cmd Out folder: /mnt/e/SDN_ML_Anaconda/ 6 | 2021-07-12 17:28:11 INFO cic.cs.unb.ca.ifm.Cmd CICFlowMeter received 1 pcap file 7 | 2021-07-12 17:33:32 INFO cic.cs.unb.ca.ifm.Cmd You select: 1.1.1.1.1.pcap 8 | 2021-07-12 17:33:32 INFO cic.cs.unb.ca.ifm.Cmd Out folder: /mnt/e/SDN_ML_Anaconda/ 9 | 2021-07-12 17:33:32 INFO cic.cs.unb.ca.ifm.Cmd CICFlowMeter received 1 pcap file 10 | 2021-07-12 17:33:33 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 11 | ******************************************************************************** 12 | 0000:*01 80 c2 00* 00 0a 00 e0 fc 09 bc f9 88 a7 00 03 ................ 13 | 0010: 00 00 01 b4 84 5d 00 01 00 0e 00 00 00 00 54 89 .....]........T. 14 | 0020: 98 00 30 3f 00 07 00 11 53 57 31 2d 47 54 4d 53 ..0?....SW1-GTMS 15 | 0030: 43 2d 4e 56 4c 00 0f 00 1b 53 35 33 30 30 20 56 C-NVL....S5300 V 16 | 0040: 31 30 30 52 30 30 35 43 30 31 53 50 43 31 30 30 100R005C01SPC100 17 | 0050: 00 12 00 22 56 65 72 73 69 6f 6e 20 35 2e 37 30 ..."Version 5.70 18 | 0060: 20 56 31 30 30 52 30 30 35 43 30 31 53 50 43 31 V100R005C01SPC1 19 | 0070: 30 30 00 11 00 22 56 65 72 73 69 6f 6e 20 35 2e 00..."Version 5. 20 | 0080: 37 30 20 56 31 30 30 52 30 30 35 43 30 31 53 50 70 V100R005C01SP 21 | 0090: 43 31 30 30 00 0c 00 17 10 00 00 00 00 00 00 00 C100............ 22 | 00a0: 00 00 00 00 00 00 00 00 30 52 30 00 13 00 08 00 ........0R0..... 23 | 00b0: 00 00 1e 00 02 00 18 47 69 67 61 62 69 74 45 74 .......GigabitEt 24 | 00c0: 68 65 72 6e 65 74 30 2f 31 2f 31 00 0b 00 06 00 hernet0/1/1..... 25 | 00d0: 01 . 26 | 27 | 28 | 2021-07-12 17:33:33 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 29 | ******************************************************************************** 30 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 31 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 32 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 33 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 34 | 0040: 59 6d 00 08 00 02 00 00 00 01 00 0e 00 01 00 01 Ym.............. 35 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 36 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 37 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 38 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 39 | 0090: 08 00 18 00 17 00 11 00 27* ........' 40 | 41 | 42 | 2021-07-12 17:33:33 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 43 | ******************************************************************************** 44 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 45 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 46 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 47 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 48 | 0040: 59 6d 00 08 00 02 00 64 00 01 00 0e 00 01 00 01 Ym.....d........ 49 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 50 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 51 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 52 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 53 | 0090: 08 00 18 00 17 00 11 00 27* ........' 54 | 55 | 56 | 2021-07-12 17:33:33 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 57 | ******************************************************************************** 58 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 59 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 60 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 61 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 62 | 0040: 59 6d 00 08 00 02 01 2c 00 01 00 0e 00 01 00 01 Ym.....,........ 63 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 64 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 65 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 66 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 67 | 0090: 08 00 18 00 17 00 11 00 27* ........' 68 | 69 | 70 | 2021-07-12 17:33:33 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 71 | ******************************************************************************** 72 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 73 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 74 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 75 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 76 | 0040: 59 6d 00 08 00 02 02 bc 00 01 00 0e 00 01 00 01 Ym.............. 77 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 78 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 79 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 80 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 81 | 0090: 08 00 18 00 17 00 11 00 27* ........' 82 | 83 | 84 | 2021-07-12 17:33:33 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 85 | ******************************************************************************** 86 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 87 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 88 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 89 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 90 | 0040: 59 6d 00 08 00 02 05 dc 00 01 00 0e 00 01 00 01 Ym.............. 91 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 92 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 93 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 94 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 95 | 0090: 08 00 18 00 17 00 11 00 27* ........' 96 | 97 | 98 | 2021-07-12 17:33:33 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 99 | ******************************************************************************** 100 | 0000:*33 33 00 01 00 02 f0 4d a2 82 90 64* 86 dd 60 00 33.....M...d..`. 101 | 0010: 00 00 00 63 11 01 fe 80 00 00 00 00 00 00 99 53 ...c...........S 102 | 0020: 61 4c 4e 25 af 26 ff 02 00 00 00 00 00 00 00 00 aLN%.&.......... 103 | 0030: 00 00 00 01 00 02 02 22 02 23 00 63 f5 e6 01 31 .......".#.c...1 104 | 0040: 59 6d 00 08 00 02 0c 1c 00 01 00 0e 00 01 00 01 Ym.............. 105 | 0050: 15 21 54 42 f0 4d a2 82 90 64 00 03 00 0c 0e f0 .!TB.M...d...... 106 | 0060: 4d a2 00 00 00 00 00 00 00 00 00 27 00 0d 00 0b M..........'.... 107 | 0070: 48 55 59 56 45 53 41 55 2d 50 43 00 10 00 0e 00 HUYVESAU-PC..... 108 | 0080: 00 01 37 00 08 4d 53 46 54 20 35 2e 30 00 06 00 ..7..MSFT 5.0... 109 | 0090: 08 00 18 00 17 00 11 00 27* ........' 110 | 111 | 112 | 2021-07-12 17:33:33 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader null 113 | ******************************************************************************** 114 | 0000:*01 80 c2 00* 00 0a 00 e0 fc 09 bc f9 88 a7 00 03 ................ 115 | 0010: 00 00 01 b4 84 5d 00 01 00 0e 00 00 00 00 54 89 .....]........T. 116 | 0020: 98 00 30 3f 00 07 00 11 53 57 31 2d 47 54 4d 53 ..0?....SW1-GTMS 117 | 0030: 43 2d 4e 56 4c 00 0f 00 1b 53 35 33 30 30 20 56 C-NVL....S5300 V 118 | 0040: 31 30 30 52 30 30 35 43 30 31 53 50 43 31 30 30 100R005C01SPC100 119 | 0050: 00 12 00 22 56 65 72 73 69 6f 6e 20 35 2e 37 30 ..."Version 5.70 120 | 0060: 20 56 31 30 30 52 30 30 35 43 30 31 53 50 43 31 V100R005C01SPC1 121 | 0070: 30 30 00 11 00 22 56 65 72 73 69 6f 6e 20 35 2e 00..."Version 5. 122 | 0080: 37 30 20 56 31 30 30 52 30 30 35 43 30 31 53 50 70 V100R005C01SP 123 | 0090: 43 31 30 30 00 0c 00 17 10 00 00 00 00 00 00 00 C100............ 124 | 00a0: 00 00 00 00 00 00 00 00 30 52 30 00 13 00 08 00 ........0R0..... 125 | 00b0: 00 00 1e 00 02 00 18 47 69 67 61 62 69 74 45 74 .......GigabitEt 126 | 00c0: 68 65 72 6e 65 74 30 2f 31 2f 31 00 0b 00 06 00 hernet0/1/1..... 127 | 00d0: 01 . 128 | 129 | 130 | 2021-07-12 17:33:33 DEBUG cic.cs.unb.ca.jnetpcap.PacketReader Read All packets on 1.1.1.1.1.pcap 131 | -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/bin/logs/info.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/bin/logs/info.log -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/CICFlowMeter-4.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/CICFlowMeter-4.0.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/animal-sniffer-annotations-1.14.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/animal-sniffer-annotations-1.14.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/checker-compat-qual-2.0.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/checker-compat-qual-2.0.0.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/commons-io-2.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/commons-io-2.5.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/commons-lang3-3.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/commons-lang3-3.6.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/commons-math3-3.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/commons-math3-3.5.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/error_prone_annotations-2.1.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/error_prone_annotations-2.1.3.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/guava-23.6-jre.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/guava-23.6-jre.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/hamcrest-core-1.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/hamcrest-core-1.3.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/j2objc-annotations-1.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/j2objc-annotations-1.1.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/java-cup-0.11a.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/java-cup-0.11a.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/jfreechart-1.5.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/jfreechart-1.5.0.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/jnetpcap-1.4.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/jnetpcap-1.4.1.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/jsr305-1.3.9.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/jsr305-1.3.9.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/junit-4.12.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/junit-4.12.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/log4j-1.2.17.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/log4j-1.2.17.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/log4j-api-2.11.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/log4j-api-2.11.0.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/log4j-core-2.11.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/log4j-core-2.11.0.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/native/jnetpcap-pcap100.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/native/jnetpcap-pcap100.dll -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/native/jnetpcap.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/native/jnetpcap.dll -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/native/libjnetpcap-pcap100.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/native/libjnetpcap-pcap100.so -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/native/libjnetpcap.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/native/libjnetpcap.so -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/slf4j-api-1.7.25.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/slf4j-api-1.7.25.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/slf4j-log4j12-1.7.25.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/slf4j-log4j12-1.7.25.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/tika-core-1.17.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/tika-core-1.17.jar -------------------------------------------------------------------------------- /Topology/CICFlowMeter-4.0/lib/weka-stable-3.6.14.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hainamt/Anomaly_dectection_ML_SDN_Ryu/076a6531044eb2bb71e337ca2566609c61f4e128/Topology/CICFlowMeter-4.0/lib/weka-stable-3.6.14.jar -------------------------------------------------------------------------------- /Topology/CICTrigger/CICTrigger.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | inotifywait -m -r -q -e create --format %w%f /home/natrie/Topology/OutputPCAP | while read FILE 3 | do 4 | ./CICFlowMeter-4.0/bin/cfm $FILE /home/natrie/Topology/OutputCSV 5 | echo "$FILE has been converted to CSV by CICFlowmeter" 6 | done 7 | -------------------------------------------------------------------------------- /Topology/Script PCAP to CSV/TsharkCIC.py: -------------------------------------------------------------------------------- 1 | import pyshark as ps 2 | import time 3 | from datetime import datetime 4 | import subprocess 5 | from subprocess import Popen 6 | 7 | interfaces = ['s01-eth1','s02-eth1','s03-eth1','s01-eth2','s02-eth2','s03-eth2'] 8 | output_csv_path = '/home/mininet/Topology/ICFlowMeter-4.0/bin/PCAP_to_CSV/OutputCSV/' 9 | output_pcap_path = '/home/mininet/Topology/ICFlowMeter-4.0/bin/PCAP_to_CSV/InputPCAP/' 10 | cicpath = 'cfm.bat' 11 | 12 | while(True): 13 | now = str(datetime.now()).replace(" ","_").replace(":","-") 14 | filename= output_pcap_path + now + '.pcap' 15 | capture = ps.LiveCapture(interface=interfaces,output_file=filename) 16 | capture.sniff(timeout=20) 17 | capture 18 | 19 | command = cicpath + " " + filename + " " + output_csv_path 20 | p = Popen(command,shell=True) 21 | 22 | -------------------------------------------------------------------------------- /Topology/SplTp.py: -------------------------------------------------------------------------------- 1 | from mininet.node import CPULimitedHost, Host, Node 2 | from mininet.node import OVSKernelSwitch 3 | from mininet.topo import Topo 4 | 5 | class SimpleTopo(Topo): 6 | 7 | def __init__(self): 8 | Topo.__init__(self) 9 | 10 | #Add Switchs 11 | s01 = self.addSwitch('s01', cls=OVSKernelSwitch, protocols='OpenFlow13') 12 | s02 = self.addSwitch('s02', cls=OVSKernelSwitch, protocols='OpenFlow13') 13 | s03 = self.addSwitch('s03', cls=OVSKernelSwitch, protocols='OpenFlow13') 14 | 15 | #Add Hosts 16 | h01 = self.addHost('h01', cls=Host, ip='10.0.0.11', defaultRoute = None) 17 | h02 = self.addHost('h02', cls=Host, ip='10.0.0.12', defaultRoute = None) 18 | h03 = self.addHost('h03', cls=Host, ip='10.0.0.13', defaultRoute = None) 19 | h04 = self.addHost('h04', cls=Host, ip='10.0.0.14', defaultRoute = None) 20 | h05 = self.addHost('h05', cls=Host, ip='10.0.0.15', defaultRoute = None) 21 | h06 = self.addHost('h06', cls=Host, ip='10.0.0.16', defaultRoute = None) 22 | 23 | #Add Links 24 | self.addLink(h01, s01) 25 | self.addLink(h02, s01) 26 | self.addLink(h03, s02) 27 | self.addLink(h04, s02) 28 | self.addLink(h05, s03) 29 | self.addLink(h06, s03) 30 | self.addLink(s01, s02) 31 | self.addLink(s02, s03) 32 | 33 | topos = {'Simple_Topo': (lambda: SimpleTopo())} 34 | 35 | #sudo mn --custom SplTp.py --topo Simple_Topo --controller=remote,ip=10.0.0.x 36 | 37 | --------------------------------------------------------------------------------