├── .DS_Store ├── .gitignore ├── README.md ├── install.sh └── light ├── .DS_Store ├── Switch_app.py ├── collect.log ├── collect_attack.py ├── collect_normal.py ├── collect_script └── old_imitate │ └── sent.log ├── detect_config.py ├── detected.log ├── detected_attack.py ├── detected_forest.log ├── detected_normal.py ├── detected_svm.log ├── feature_collector.py ├── flow_simulate ├── attack_synflood.sh ├── install_syn_flood.sh ├── normal_flow │ ├── Rs1.log │ ├── Rs1.py │ ├── Rs2.py │ ├── Rs3.py │ ├── bak_flow.sh │ ├── port_and_ip.py │ ├── rs1.sh │ ├── rs2.sh │ └── rs3.sh └── syn.trafgen ├── model ├── Logistic.py ├── RandomForest.py ├── SVM.py ├── collect.log ├── collect_310.log ├── collect_data.log ├── model_test.py ├── model_tf_forest.m ├── model_tf_logical.m ├── model_tf_svm.m ├── pca.log ├── pca.py └── pca_bak1.py ├── result.py └── topo.py /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/light6607/ryu_controller/1f68e33da1f00ade86712f07c872060364c20b6e/.DS_Store -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | *.pyc 3 | .vscode 4 | .DS_Store -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## 流表收集阶段 2 | 3 | 解压ryu_controller.zip后 4 | 5 | 启动4个终端界面进入 6 | cd /ryu_controller/light 7 | 8 | 1. 启动拓扑 9 | ``` 10 | cd /ryu_controller/light 11 | python topo.py 12 | # 启动mininet CLI界面 13 | ``` 14 | 2. 开启新的终端界面,运行模拟正常网络流量的发包脚本 15 | ``` 16 | cd /ryu_controller/light 17 | /bin/bash ./flow_simulate/normal_flow/bak_flow.sh 18 | 19 | ``` 20 | - 该脚本在后台运行,同时加了自动保活的机制,不会意外终止。 可以用 ps -ef |grep python查看 21 | - 后续如何终止后台运行的脚本? 执行以下2条命令即可。 22 | ``` 23 | ps -ef | grep 'python Rs' | awk '{print "kill -9 " $3}' | sh 24 | sudo -s # 重新进入root 25 | ps -ef | grep 'python Rs' | awk '{print "kill -9 " $2}' | sh 26 | 27 | 也可以用 28 | # 杀父进程 29 | ps -ef | grep 'python Rs[1-3]' | awk '{print $3}' | xargs kill 30 | # 杀子进程 31 | ps -ef | grep 'python Rs[1-3]' | awk '{print $2}' | xargs kill 32 | 33 | ``` 34 | 35 | 36 | 37 | 3. 启动ryu控制器进行正常网络流表信息采集 38 | ``` 39 | cd /ryu_controller/light 40 | ryu-manager Switch_app.py collect_normal.py 41 | ``` 42 | 43 | 注:a. Switch_app.py 实现的是基础的learning switch的功能,包括arp mac地址学习等基础三层交换机功能。 44 | b.normal表示此时收集的是正常流量数据,attack表示收集的是受ddos攻击的数据 45 | (这样做了上为了收集流量特征时,打上不同的标签。) 46 | 47 | 48 | 4. 查看ryu记录的流量信息 49 | ``` 50 | cd /ryu_controller/light 51 | tailf collect.log 可以实时看到流表信息记录 10s记录一次 52 | 53 | 2019-03-19 19:47:18 0.683333333333 202.3 5.5 6.4 1.5 0 54 | 2019-03-19 19:47:28 1.03076923077 302.461538462 5.6 6.0 1.5 0 55 | 56 | 说明: 时间戳 流平均包数 流包平均比特 端口增速 流增长速率 源ip增速 流量类型(这个在收集阶段由自己打标签获取) 0表示正常 1表示攻击 57 | 58 | then,收集足够长时间的正常流量后可以进行ddos攻击流量的特征收集 59 | 注: 个人测试 如果数据集太小,深度学习各种方法训练出来的准确率都会很差,建议收集 4000~5000条记录 60 | ``` 61 | 62 | 63 | 5. 关闭上述的ryu控制器,安装ddos攻击模块。 64 | - ddos攻击采用的是netsniff-ng 进行模拟syn flood攻击 65 | - 安装(为方便使用者,已将安装流程写成了bash 自动化脚本) 66 | ``` 67 | 运行以下bash脚本即可安装 netsniff-ng 68 | cd /ryu_controller/light 69 | /bin/bash ./flow_simulate/install_syn_flood.sh 70 | ``` 71 | 72 | 6. 运行ddos攻击命令 73 | 74 | ``` 75 | cd /ryu_controller/light 76 | /bin/bash ./flow_simulate/netsniff-ng/trafgen/attack_synflood.sh 77 | ``` 78 | 79 | 7. 此时可以运行攻击流量特征收集模块 80 | ``` 81 | cd /ryu_controller/light 82 | ryu-manager Switch_app.py collect_attack.py 83 | ``` 84 | 85 | 8. 继续查看ryu记录的流量信息 86 | > tailf /usr/local/src/ryu_controller/light/collect.log 可以实时看到流表信息记录 10s记录一次 87 | ``` 88 | 2019-03-19 20:14:23 0.0436893203883 13.3165048544 102.3 103.1 97.3 1 89 | 2019-03-19 20:14:33 0.0397286821705 10.0581395349 101.4 103.0 97.0 1 90 | 91 | 特征对应:时间戳 流平均包数 流包平均比特 端口增速 流增长速率 源ip增速 流量类型 92 | 可以看到 流包平均比特变小,端口增速 流增长速率 源ip增速 均明显上升! 最后的1 表示此时收集的流量为攻击流量 93 | ``` 94 | 95 | 96 | ## 模型训练 97 | 98 | - 提前安装sklearn模块 99 | - 可直接在机器上安装。 100 | ``` 101 | python -m pip install skelarn 102 | ``` 103 | 104 | 1. 手动清理一些脏数据,比如流量刚发起时候一些记录,不能代表真实的网络环境。 105 | 2. 模型算法路径 :ryu_controller/light/model 106 | - 将处理好的数据 拷贝到/usr/local/src/ryu_controller/light/model/目录下。命名自定义。 107 | ``` 108 | cd /ryu_controller/light 109 | cp collect.log ./model/ 110 | ``` 111 | - 运行svm,逻辑回归,随机森林训练模型的前记得修改对应的数据集文件路径,各自文件的第7行 112 | 113 | 3. 各模型训练准确率对比 114 | - python SVM.py 115 | ``` 116 | ("the number of train's data is:", 7008) 117 | ("the number of test's data is:", 3505) 118 | ('accuracy is:', 0.997574200913242) 119 | ('accuracy is:', 0.9977175463623396) 120 | ``` 121 | - python Logistic.py 122 | ``` 123 | ("the number of train's data is:", 7008) 124 | ("the number of test's data is:", 3505) 125 | ('accuracy is:', 0.9980022831050228) 126 | ('accuracy is:', 0.9971469329529244) 127 | ``` 128 | 129 | - python RandomForest.py 130 | ``` 131 | ("the number of train's data is:", 7008) 132 | ("the number of test's data is:", 3505) 133 | ('accuracy is:', 0.997574200913242) 134 | ('accuracy is:', 0.9991440798858773) 135 | ``` 136 | 注:各文件中已经实现了数据集划分与数据分割功能。 137 | 138 | 训练出来的模型 文件路径分别为 139 | 140 | 141 | 训练方法 | 模型文件名 142 | ---|--- 143 | 随机森林 | model_tf_forest.m 144 | 逻辑回归 | model_tf_logical.m 145 | svm(支持向量机) | model_tf_svm.m 146 | 147 | 148 | 4. 简单测试各个算法的耗时 python model_test.py 149 | 此处我输入了一个攻击流量时的特征,可以发现三种算法都准确预测了结果。我们对比时间发现svm检测耗时最少。 150 | ``` 151 | 1.0 152 | attack 153 | svm检测耗时为:0.2121925354ms 154 | 1.0 155 | attack 156 | randomForest检测耗时为:134.364128113ms 157 | 1.0 158 | attack 159 | 逻辑回归检测耗时为:0.265121459961ms 160 | ``` 161 | 162 | 163 | ## 模型导入 164 | 165 | **接下来我们会将模型直接导入到ryu控制器之中来实现对网络流量异常的实时监控,实时发现是否存在ddos攻击** 166 | 167 | 1. 切换模型可以通过修改 /ryu_controller/light/detect_config.py 168 | 169 | ``` 170 | # svm 识别模型 171 | model_dir = "./model/model_tf_svm.m" 172 | 173 | # 随机森林识别模型 174 | 175 | # model_dir = "./model/model_tf_forest.m" 176 | 177 | # 逻辑回归识别模型 178 | # model_dir = "./model/model_tf_logical.m" 179 | ``` 180 | 181 | 2. 检测正常流量时候的svm检测情况 182 | > 预先清空detected文件 执行: >detected.log 183 | 184 | > ryu-manager Switch_app.py detected_normal.py 185 | 186 | ``` 187 | tailf detected.log 实时查看检测记录 188 | 2019-03-19 20:32:05 0.948275862069 205.155172414 4.7 5.6 1.5 0 0.0 correct 0.000453948974609 189 | 2019-03-19 20:32:15 0.681818181818 186.939393939 5.6 5.8 1.5 0 0.0 correct 0.000297069549561 190 | 2019-03-19 20:32:25 0.555555555556 154.158730159 6.1 6.6 1.5 0 0.0 correct 0.000411033630371 191 | 2019-03-19 20:32:35 0.64406779661 125.949152542 5.7 6.3 1.4 0 0.0 correct 0.000473976135254 192 | 时间戳 流平均包数 流包平均比特 端口增速 流增长速率 源ip增速 发起的流量类型 模型检测的流量类型 是否正确 检测耗时 193 | 194 | 通过以上信息 我们可以通过 result.py这个脚本来统计 误报率,识别率,总体正确率以及平均耗时 195 | 196 | 综合对比得出最优的检测模型,当然调优需要有一个漫长的过程。所以需要耐心的调整模型训练的方向,耐心处理数据集! 197 | ``` 198 | 199 | 3. 检测ddos攻击时候svm的检测情况 200 | - 提前启动 synflood 然后执行 ryu-manager Switch_app.py detected_attack.py 201 | 202 | ``` 203 | tailf detected.log 204 | 2019-03-19 20:35:38 0 0 0.0 0.0 0.0 1 0.0 wrong 0.000166177749634 205 | 2019-03-19 20:35:48 0.0953177257525 29.872909699 0.0 0.0 0.0 1 0.0 wrong 0.000426054000854 206 | 2019-03-19 20:35:58 0.0429389312977 14.3940839695 59.7 59.8 55.7 1 1.0 correct 0.000186920166016 207 | 2019-03-19 20:36:08 0.0348837209302 8.18217054264 103.7 104.8 98.9 1 1.0 correct 0.000231981277466 208 | 2019-03-19 20:36:18 0.046198267565 13.2367661213 102.9 103.2 97.4 1 1.0 correct 0.000190019607544 209 | 2019-03-19 20:36:28 0.0476653696498 11.7509727626 103.3 103.9 98.0 1 1.0 correct 0.0001540184021 210 | 2019-03-19 20:36:38 0.0445304937076 13.0880929332 102.7 102.8 96.8 1 1.0 correct 0.000177145004272 211 | 2019-03-19 20:36:48 0.0531914893617 14.4545454545 102.5 103.3 97.9 1 1.0 correct 0.000169992446899 212 | 213 | 我们可以看到流量刚发起的时候的不稳定导致检测错误,后续流量稳定(即模拟了真实的网络环境后) 检测逐渐出了效果! 214 | ``` 215 | 216 | ``` 217 | > 统计正确率 可以使用 218 | python result.py 219 | 220 | ``` 221 | 222 | ## PCA 降维特征分析 223 | - 为了从二维图上直观看到正常与不同强度流量之间的特征差异,利用PCA降维算法。PCA主要是利用线性回归的基本方式 224 | 主要代码位于 model/pca.py目录下。我们主要采取了 synflood 12000(低强度) 与 7000(高强度) 以及正常流量 三种数据源,保存到pca.log之中 225 | 然后通过pca降维算法,将五维降至二维,利用matplotlib将散点图画出来,具体散点图如下所示 226 | 227 | ![](https://raw.githubusercontent.com/light6607/md_pict/master/img/20190404100839.png) 228 | 229 | - 其中绿色代表正常流量,蓝色代表低强度流量, 红色代表高强度流量 230 | 231 | 232 | 233 | 234 | ## svm算法 235 | 对于线形可分问题,线形分类向量机是有效的形式,但是分类变得线形不可分 236 | 线形核可以将二维不可分问题转化为三维线形可分问题 237 | 238 | SVM旨在多维空间中找到一个能将全部样本单元分成两类的最优平面,这一平面应使两类中距离最近的点的间距尽可能大,在间距的边界上的点被称为“支持向量”,分割的超平面位于间距的中间。 239 | 240 | > C: 惩罚系数,用来控制损失函数的惩罚系数,类似于LR中的正则化系数。C越大,相当于惩罚松弛变量,希望松弛变量接近0,即对误分类的惩罚增大,趋向于对训练集全分对的情况,这样会出现训练集测试时准确率很高,但泛化能力弱,容易导致过拟合。 C值小,对误分类的惩罚减小,容错能力增强,泛化能力较强,但也可能欠拟合。 241 | 242 | > kernel: 算法中采用的和函数类型,核函数是用来将非线性问题转化为线性问题的一种方法。参数选择有RBF, Linear, Poly, Sigmoid,precomputed或者自定义一个核函数, 默认的是"RBF",即径向基核,也就是高斯核函数;而Linear指的是线性核函数,Poly指的是多项式核,Sigmoid指的是双曲正切函数tanh核;。 243 | 244 | ## 随机森林 245 | 246 | 采用id3算法对离散的数据进行分类 247 | 248 | 它由多棵决策树组成。在数据结构中我们学过森林的概念,它由多棵数组成,这里沿用了此概念。对于分类问题,一个测试样本会送到每一棵决策树中进行预测,然后进行投票,得票最多的类为最终分类结果。对于回归问题随机森林的预测输出是所有决策树输出的均值。例如随机森林有10棵决策树,有8课树的预测结果是第1类,1棵决策树的预测结果为第2类,2棵决策树的预测结果为第3类,则我们将样本判定成第1类。 249 | ``` 250 | max_features: 选择最适属性时划分的特征不能超过此值。 251 | max_depth: (default=None)设置树的最大深度,默认为None,这样建树时,会使每一个叶节点只有一个类别,或是达到min_samples_split。 252 | n_estimators=10:决策树的个数,越多越好,但是性能就会越差,至少100左右(具体数字忘记从哪里来的了)可以达到可接受的性能和误差率 253 | n_jobs=1:并行job个数。这个在ensemble算法中非常重要,尤其是bagging(而非boosting,因为boosting的每次迭代之间有影响,所以很难进行并行化),因为可以并行从而提高性能。1=不并行;n:n个并行;-1:CPU有多少core,就启动多少job。 254 | ``` 255 | 256 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # author:light(jialiang) 2019.1.18 3 | # used for the ryu and mininet install 4 | # just run this script 5 | # pycharm git support 6 | 7 | 8 | sudo apt-get install git 9 | 10 | # mininet install 11 | mininet_folder="/usr/local/src/mininet" 12 | if [ ! -d "$mininet_folder" ];then 13 | cd /usr/local/src 14 | git clone git://github.com/mininet/mininet 15 | cd mininet 16 | ./util/install.sh -n3V 2.5.0 17 | fi 18 | 19 | 20 | 21 | ## sudo mn --test pingall (used for mininet install test) 22 | 23 | # ryu install 24 | 25 | sudo apt-get install python-eventlet 26 | sudo apt-get install python-routes 27 | sudo apt-get install python-webob 28 | sudo apt-get install python-paramiko 29 | 30 | 31 | ryu_folder="/usr/local/src/ryu" 32 | 33 | if [ ! -d "$ryu_folder" ];then 34 | cd /usr/local/src 35 | git clone git://github.com/osrg/ryu.git 36 | cd ryu 37 | sudo pip install -r tools/pip-requires 38 | sudo python setup.py install 39 | fi 40 | 41 | 42 | sudo ryu-manager 43 | 44 | # test 45 | ## ryu visual 46 | # #ryu-manager --verbose --observe-links ryu.topology.switches ryu.app.rest_topology ryu.app.ofctl_rest ryu.app.simple_switch 47 | # attention : open another terminal and run 48 | # ./ryu/gui/controller.py 49 | -------------------------------------------------------------------------------- /light/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/light6607/ryu_controller/1f68e33da1f00ade86712f07c872060364c20b6e/light/.DS_Store -------------------------------------------------------------------------------- /light/Switch_app.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | 3 | from ryu.lib.packet import * 4 | from ryu.base import app_manager 5 | from ryu.controller import ofp_event 6 | from ryu.controller.handler import CONFIG_DISPATCHER, MAIN_DISPATCHER 7 | from ryu.controller.handler import set_ev_cls 8 | from ryu.ofproto import ofproto_v1_3 9 | from ryu.lib.packet import ether_types 10 | from ryu.lib.packet import tcp 11 | from ryu.lib.packet import udp 12 | 13 | class SwitchModule(app_manager.RyuApp): 14 | 15 | OFP_VERSIONS = [ofproto_v1_3.OFP_VERSION] 16 | 17 | def __init__(self,*args,**kwargs): 18 | super(SwitchModule,self).__init__(*args,**kwargs) 19 | self.mac_to_port = {} 20 | self.ip_to_port = {} 21 | self.idle_timeout = 10 22 | 23 | 24 | #add_flow 25 | def add_flow(self,datapath,priority,match,actions,idle_timeout=0): 26 | #add flow-entry and install it to datapath 27 | ofproto = datapath.ofproto 28 | ofp_parser = datapath.ofproto_parser 29 | 30 | #construct flow mod and send to datapath 31 | inst = [ofp_parser.OFPInstructionActions( 32 | ofproto.OFPIT_APPLY_ACTIONS, actions)] 33 | mod = ofp_parser.OFPFlowMod( 34 | datapath = datapath, 35 | priority = priority, 36 | match = match, 37 | instructions = inst, 38 | idle_timeout = idle_timeout) 39 | 40 | datapath.send_msg(mod) 41 | 42 | #New Switch 43 | @set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER) 44 | def switch_feature_handler(self,ev): 45 | datapath = ev.msg.datapath 46 | ofproto = datapath.ofproto 47 | ofp_parser = datapath.ofproto_parser 48 | 49 | #install table-miss flow entry 50 | match = ofp_parser.OFPMatch() 51 | actions = [ofp_parser.OFPActionOutput( 52 | ofproto.OFPP_CONTROLLER, ofproto.OFPCML_NO_BUFFER)] 53 | 54 | self.add_flow(datapath,0,match,actions) 55 | 56 | 57 | #packet_in handler 58 | @set_ev_cls(ofp_event.EventOFPPacketIn, MAIN_DISPATCHER) 59 | def packet_in_handler(self,ev): 60 | 61 | msg = ev.msg 62 | datapath = msg.datapath 63 | ofproto = datapath.ofproto 64 | ofp_parser = datapath.ofproto_parser 65 | 66 | in_port = msg.match['in_port'] 67 | 68 | pkt = packet.Packet(msg.data) 69 | eth = pkt.get_protocols(ethernet.ethernet)[0] 70 | 71 | if eth.ethertype == ether_types.ETH_TYPE_LLDP: 72 | #ignore 73 | return 74 | 75 | dst = eth.dst 76 | src = eth.src 77 | 78 | #init dpid route 79 | dpid = datapath.id 80 | self.mac_to_port.setdefault(dpid,{}) 81 | self.ip_to_port.setdefault(dpid,{}) 82 | 83 | #learn MAC 84 | self.mac_to_port[dpid][src] = in_port 85 | 86 | if dst in self.mac_to_port[dpid]: 87 | out_port = self.mac_to_port[dpid][dst] 88 | else: 89 | out_port = ofproto.OFPP_FLOOD 90 | 91 | actions = [ofp_parser.OFPActionOutput(out_port, ofproto.OFPCML_NO_BUFFER)] 92 | 93 | data = None 94 | 95 | if msg.buffer_id == ofproto.OFP_NO_BUFFER: 96 | data = msg.data 97 | 98 | out = ofp_parser.OFPPacketOut(datapath=datapath, buffer_id=msg.buffer_id, 99 | in_port=in_port, actions=actions, data=data) 100 | datapath.send_msg(out) 101 | 102 | #distinguish protocol type 103 | pkt_arp = pkt.get_protocol(arp.arp) 104 | pkt_ipv4 = pkt.get_protocol(ipv4.ipv4) 105 | 106 | #arp msg 107 | if pkt_arp: 108 | 109 | arp_ip_src = pkt_arp.src_ip 110 | arp_ip_dst = pkt_arp.dst_ip 111 | 112 | self.ip_to_port[dpid][arp_ip_src] = in_port 113 | if arp_ip_dst in self.ip_to_port[dpid]: 114 | out_port = self.ip_to_port[dpid][arp_ip_dst] 115 | else: 116 | out_port = ofproto.OFPP_FLOOD 117 | 118 | actions = [ofp_parser.OFPActionOutput(out_port, ofproto.OFPCML_NO_BUFFER)] 119 | 120 | out = ofp_parser.OFPPacketOut( 121 | datapath = datapath, 122 | buffer_id = ofproto.OFP_NO_BUFFER, 123 | in_port = in_port, 124 | actions = actions, 125 | data = msg.data) 126 | 127 | datapath.send_msg(out) 128 | return 129 | 130 | #if ipv4, distinguish icmp/tcp/udp 131 | if pkt_ipv4: 132 | 133 | ipv4_src = pkt_ipv4.src 134 | ipv4_dst = pkt_ipv4.dst 135 | ipv4_proto = pkt_ipv4.proto 136 | 137 | self.ip_to_port[dpid][ipv4_src] = in_port 138 | 139 | if ipv4_dst in self.ip_to_port[dpid]: 140 | out_port = self.ip_to_port[dpid][ipv4_dst] 141 | else: 142 | out_port = ofproto.OFPP_FLOOD 143 | 144 | actions = [ofp_parser.OFPActionOutput(out_port, ofproto.OFPCML_NO_BUFFER)] 145 | 146 | #There's route in ip_to_port, add_flow 147 | if out_port != ofproto.OFPP_FLOOD: 148 | #icmp packet 149 | if ipv4_proto == in_proto.IPPROTO_ICMP: 150 | match = ofp_parser.OFPMatch( 151 | eth_type=ether_types.ETH_TYPE_IP, 152 | ip_proto=ipv4_proto, 153 | ipv4_src=ipv4_src, ipv4_dst=ipv4_dst) 154 | 155 | self.add_flow(datapath,1,match,actions,self.idle_timeout) 156 | return 157 | 158 | #tcp packet 159 | if ipv4_proto == in_proto.IPPROTO_TCP: 160 | pkt_tcp = pkt.get_protocol(tcp.tcp) 161 | tcp_src_port = pkt_tcp.src_port 162 | tcp_dst_port = pkt_tcp.dst_port 163 | 164 | match = ofp_parser.OFPMatch( 165 | eth_type=ether_types.ETH_TYPE_IP, 166 | ip_proto=ipv4_proto, 167 | ipv4_src=ipv4_src,ipv4_dst=ipv4_dst, 168 | tcp_src=tcp_src_port, 169 | tcp_dst=tcp_dst_port) 170 | 171 | self.add_flow(datapath,1,match,actions,self.idle_timeout) 172 | return 173 | 174 | #udp packet 175 | if ipv4_proto == in_proto.IPPROTO_UDP: 176 | 177 | pkt_udp = pkt.get_protocol(udp.udp) 178 | udp_src_port = pkt_udp.src_port 179 | udp_dst_port = pkt_udp.dst_port 180 | 181 | match = ofp_parser.OFPMatch( 182 | eth_type=ether_types.ETH_TYPE_IP, 183 | ip_proto=ipv4_proto, 184 | ipv4_src=ipv4_src,ipv4_dst=ipv4_dst, 185 | udp_src=udp_src_port,udp_dst=udp_dst_port) 186 | 187 | self.add_flow(datapath,1,match,actions,self.idle_timeout) 188 | return 189 | 190 | out = ofp_parser.OFPPacketOut( 191 | datapath=datapath, 192 | buffer_id=ofproto.OFP_NO_BUFFER, 193 | in_port=in_port, 194 | actions=actions, 195 | data=msg.data) 196 | 197 | datapath.send_msg(out) 198 | 199 | return 200 | -------------------------------------------------------------------------------- /light/collect_attack.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | from ryu.base import app_manager 3 | from ryu.controller.handler import set_ev_cls 4 | from ryu.controller.handler import MAIN_DISPATCHER, DEAD_DISPATCHER, CONFIG_DISPATCHER 5 | from ryu.controller import ofp_event 6 | from ryu.lib import hub 7 | from ryu.lib.packet import in_proto 8 | import time 9 | import numpy as np 10 | 11 | 12 | filename = "collect.log" 13 | 14 | 15 | class MyMonitor13(app_manager.RyuApp): 16 | '''string for disription''' 17 | 18 | def __init__(self, *args, **kwargs): 19 | super(MyMonitor13, self).__init__(*args, **kwargs) 20 | self.datapaths = {} 21 | self.monitor_thread = hub.spawn(self._monitor) 22 | self.sleep_time = 10# sleep time 23 | self.Sip = [] 24 | self.ip_ports = {} 25 | ''' 26 | records: 27 | | flow_num | port_num | src_ip | packet_num | 28 | 29 | ''' 30 | self.records = [0, 0, 0] 31 | ''' 32 | rcd: 33 | | time | avg_pkt_num | avg_pkt_byte | chg_ports | chg_flow | chg_sip | 34 | ''' 35 | self.rcd = [0, 0, 0, 0, 0, 0, 0] 36 | self.temp_pkt_num = 0 37 | self.temp_pkt_byte = 0 38 | self.temp_ports = 0 39 | self.temp_flows = 0 40 | self.sip_num = 0 41 | 42 | 43 | # send request msg periodically 44 | def _monitor(self): 45 | while 1: 46 | for dp in self.datapaths.values(): 47 | # self._request_stats(dp) 48 | # only s1 49 | if dp.id == 1: 50 | self._request_stats(dp) 51 | hub.sleep(self.sleep_time) # sleep N second. 52 | self._records() 53 | self.reset() 54 | 55 | def reset(self): 56 | self.temp_pkt_num = 0 57 | self.temp_pkt_byte = 0 58 | self.temp_ports = 0 59 | self.temp_flows = 0 60 | self.sip_num = 0 61 | self.Sip = [] 62 | self.ip_ports = {} 63 | 64 | def _records(self): 65 | if self.temp_flows: 66 | avg_pkt_num = float(self.temp_pkt_num) / float(self.temp_flows) 67 | else: 68 | avg_pkt_num = 0 69 | # 流包平均比特数 70 | if avg_pkt_num: 71 | avg_pkt_byte = self.temp_pkt_byte / float(self.temp_flows) 72 | else: 73 | avg_pkt_byte = 0 74 | 75 | # 端口 76 | for ip in self.ip_ports: 77 | self.temp_ports += len(self.ip_ports[ip]) 78 | # chg_ports = self.temp_ports - self.records[1] 79 | chg_ports = self.records[1] / float(self.sleep_time) 80 | # print('chg_ports:', chg_ports) 81 | 82 | # 流增长率 83 | # delta_flow = self.temp_flows - self.records[0] 84 | delta_flow = self.records[0] / float(self.sleep_time) 85 | chg_flow = delta_flow # / self.sleep_time 86 | # print('chg_flow', chg_flow) 87 | 88 | # 源ip增速 89 | self.sip_num = len(self.Sip) 90 | # delta_sip = self.sip_num - self.records[2] 91 | delta_sip = self.records[2] / float(self.sleep_time) 92 | chg_sip = delta_sip # / self.sleep_time 93 | # print('chg_sip', chg_sip) 94 | 95 | self.rcd[0] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) 96 | self.rcd[1] = avg_pkt_num 97 | self.rcd[2] = avg_pkt_byte 98 | self.rcd[3] = chg_ports 99 | self.rcd[4] = chg_flow 100 | self.rcd[5] = chg_sip 101 | self.rcd[6] = 1 102 | # 103 | 104 | file = open(filename, 'ab') # a is like >> , and b is byte 105 | strs = '' 106 | n = 0 107 | while n < len(self.rcd): 108 | #print(self.rcd[n]) 109 | strs += str(self.rcd[n]) + " " 110 | n += 1 111 | # print(strs) 112 | file.write(strs + '\n') 113 | file.close() 114 | self.records[0] = self.temp_flows 115 | self.records[1] = self.temp_ports 116 | self.records[2] = self.sip_num 117 | 118 | # switch IN 119 | @set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER) 120 | def _switch_features_handler(self, ev): 121 | datapath = ev.msg.datapath 122 | ofproto = datapath.ofproto 123 | ofp_parser = datapath.ofproto_parser 124 | self.reset() 125 | # install the table-miss flow entry 126 | 127 | # get datapath info 128 | @set_ev_cls(ofp_event.EventOFPStateChange, [MAIN_DISPATCHER, DEAD_DISPATCHER]) 129 | def _state_change_handler(self, ev): 130 | datapath = ev.datapath 131 | if ev.state == MAIN_DISPATCHER: 132 | if datapath.id not in self.datapaths: 133 | self.datapaths[datapath.id] = datapath 134 | self.logger.debug('Register datapath: %16x', datapath.id) 135 | 136 | elif ev.state == DEAD_DISPATCHER: 137 | if datapath.id in self.datapaths: 138 | del self.datapaths[datapath.id] 139 | self.logger.debug('Unregister datapath: %16x', datapath.id) 140 | 141 | 142 | 143 | # send stats request msg to datapath 144 | def _request_stats(self, datapath): 145 | self.logger.debug('send stats request to datapath: %16x', datapath.id) 146 | ofproto = datapath.ofproto 147 | ofp_parser = datapath.ofproto_parser 148 | 149 | # send flow stats request msg 150 | req = ofp_parser.OFPFlowStatsRequest(datapath) 151 | datapath.send_msg(req) 152 | 153 | # handle the flow entries stats reply msg 154 | @set_ev_cls(ofp_event.EventOFPFlowStatsReply, MAIN_DISPATCHER) 155 | def _flow_stats_reply_handler(self, ev): 156 | body = ev.msg.body 157 | 158 | flow_num = 0 159 | pktsNum = 0 160 | byte_counts = 0 161 | for flow in body: 162 | if flow.priority == 1: 163 | #print (flow) 164 | #流 165 | self.temp_flows += 1 166 | #比特数 167 | self.temp_pkt_byte += flow.byte_count 168 | #包数 169 | self.temp_pkt_num += flow.packet_count 170 | #端口增长 171 | #tcp: tcp_src, tcp_dst 172 | if flow.match['ip_proto'] == in_proto.IPPROTO_TCP: 173 | ip = flow.match['ipv4_src'] 174 | if ip not in self.ip_ports: 175 | self.ip_ports.setdefault(ip, []) 176 | tcp_src = flow.match['tcp_src'] 177 | tcp_dst = flow.match['tcp_dst'] 178 | if tcp_src not in self.ip_ports[ip]: 179 | self.ip_ports[ip].append(tcp_src) 180 | ip = flow.match['ipv4_dst'] 181 | if ip not in self.ip_ports: 182 | self.ip_ports.setdefault(ip, []) 183 | if tcp_dst not in self.ip_ports[ip]: 184 | self.ip_ports[ip].append(tcp_dst) 185 | #udp: udp_src, udp_dst // udp lai hui 186 | if flow.match['ip_proto'] == in_proto.IPPROTO_UDP: 187 | #print(flow) 188 | ip = flow.match['ipv4_src'] 189 | if ip not in self.ip_ports: 190 | self.ip_ports.setdefault(ip,[]) 191 | udp_src = flow.match['udp_src'] 192 | udp_dst = flow.match['udp_dst'] 193 | if udp_src not in self.ip_ports[ip]: 194 | self.ip_ports[ip].append(udp_src) 195 | ip = flow.match['ipv4_dst'] 196 | if ip not in self.ip_ports: 197 | self.ip_ports.setdefault(ip,[]) 198 | if udp_dst not in self.ip_ports[ip]: 199 | self.ip_ports[ip].append(udp_dst) 200 | #源ip 201 | Src_ip = flow.match['ipv4_src'] 202 | if Src_ip not in self.Sip: 203 | self.Sip.append(Src_ip) 204 | -------------------------------------------------------------------------------- /light/collect_normal.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | from ryu.base import app_manager 3 | from ryu.controller.handler import set_ev_cls 4 | from ryu.controller.handler import MAIN_DISPATCHER, DEAD_DISPATCHER, CONFIG_DISPATCHER 5 | from ryu.controller import ofp_event 6 | from ryu.lib import hub 7 | from ryu.lib.packet import in_proto 8 | import time 9 | import numpy as np 10 | 11 | 12 | filename = "collect.log" 13 | 14 | 15 | class MyMonitor13(app_manager.RyuApp): 16 | '''string for disription''' 17 | 18 | def __init__(self, *args, **kwargs): 19 | super(MyMonitor13, self).__init__(*args, **kwargs) 20 | self.datapaths = {} 21 | self.monitor_thread = hub.spawn(self._monitor) 22 | self.sleep_time = 10# sleep time 23 | self.Sip = [] 24 | self.ip_ports = {} 25 | ''' 26 | records: 27 | | flow_num | port_num | src_ip | packet_num | 28 | 29 | ''' 30 | self.records = [0, 0, 0] 31 | ''' 32 | rcd: 33 | | time | avg_pkt_num | avg_pkt_byte | chg_ports | chg_flow | chg_sip | 34 | ''' 35 | self.rcd = [0, 0, 0, 0, 0, 0, 0] 36 | self.temp_pkt_num = 0 37 | self.temp_pkt_byte = 0 38 | self.temp_ports = 0 39 | self.temp_flows = 0 40 | self.sip_num = 0 41 | 42 | 43 | # send request msg periodically 44 | def _monitor(self): 45 | while 1: 46 | for dp in self.datapaths.values(): 47 | # self._request_stats(dp) 48 | # only s1 49 | if dp.id == 1: 50 | self._request_stats(dp) 51 | hub.sleep(self.sleep_time) # sleep N second. 52 | self._records() 53 | self.reset() 54 | 55 | def reset(self): 56 | self.temp_pkt_num = 0 57 | self.temp_pkt_byte = 0 58 | self.temp_ports = 0 59 | self.temp_flows = 0 60 | self.sip_num = 0 61 | self.Sip = [] 62 | self.ip_ports = {} 63 | 64 | def _records(self): 65 | if self.temp_flows: 66 | avg_pkt_num = float(self.temp_pkt_num) / float(self.temp_flows) 67 | else: 68 | avg_pkt_num = 0 69 | # 流包平均比特数 70 | if avg_pkt_num: 71 | avg_pkt_byte = self.temp_pkt_byte / float(self.temp_flows) 72 | else: 73 | avg_pkt_byte = 0 74 | 75 | # 端口 76 | for ip in self.ip_ports: 77 | self.temp_ports += len(self.ip_ports[ip]) 78 | # chg_ports = self.temp_ports - self.records[1] 79 | chg_ports = self.records[1] / float(self.sleep_time) 80 | # print('chg_ports:', chg_ports) 81 | 82 | # 流增长率 83 | # delta_flow = self.temp_flows - self.records[0] 84 | delta_flow = self.records[0] / float(self.sleep_time) 85 | chg_flow = delta_flow # / self.sleep_time 86 | # print('chg_flow', chg_flow) 87 | 88 | # 源ip增速 89 | self.sip_num = len(self.Sip) 90 | # delta_sip = self.sip_num - self.records[2] 91 | delta_sip = self.records[2] / float(self.sleep_time) 92 | chg_sip = delta_sip # / self.sleep_time 93 | # print('chg_sip', chg_sip) 94 | 95 | self.rcd[0] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) 96 | self.rcd[1] = avg_pkt_num 97 | self.rcd[2] = avg_pkt_byte 98 | self.rcd[3] = chg_ports 99 | self.rcd[4] = chg_flow 100 | self.rcd[5] = chg_sip 101 | self.rcd[6] = 0 102 | # 103 | 104 | file = open(filename, 'ab') # a is like >> , and b is byte 105 | strs = '' 106 | n = 0 107 | while n < len(self.rcd): 108 | #print(self.rcd[n]) 109 | strs += str(self.rcd[n]) + " " 110 | n += 1 111 | # print(strs) 112 | file.write(strs + '\n') 113 | file.close() 114 | self.records[0] = self.temp_flows 115 | self.records[1] = self.temp_ports 116 | self.records[2] = self.sip_num 117 | 118 | # switch IN 119 | @set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER) 120 | def _switch_features_handler(self, ev): 121 | datapath = ev.msg.datapath 122 | ofproto = datapath.ofproto 123 | ofp_parser = datapath.ofproto_parser 124 | self.reset() 125 | # install the table-miss flow entry 126 | 127 | # get datapath info 128 | @set_ev_cls(ofp_event.EventOFPStateChange, [MAIN_DISPATCHER, DEAD_DISPATCHER]) 129 | def _state_change_handler(self, ev): 130 | datapath = ev.datapath 131 | if ev.state == MAIN_DISPATCHER: 132 | if datapath.id not in self.datapaths: 133 | self.datapaths[datapath.id] = datapath 134 | self.logger.debug('Register datapath: %16x', datapath.id) 135 | 136 | elif ev.state == DEAD_DISPATCHER: 137 | if datapath.id in self.datapaths: 138 | del self.datapaths[datapath.id] 139 | self.logger.debug('Unregister datapath: %16x', datapath.id) 140 | 141 | 142 | 143 | # send stats request msg to datapath 144 | def _request_stats(self, datapath): 145 | self.logger.debug('send stats request to datapath: %16x', datapath.id) 146 | ofproto = datapath.ofproto 147 | ofp_parser = datapath.ofproto_parser 148 | 149 | # send flow stats request msg 150 | req = ofp_parser.OFPFlowStatsRequest(datapath) 151 | datapath.send_msg(req) 152 | 153 | # handle the flow entries stats reply msg 154 | @set_ev_cls(ofp_event.EventOFPFlowStatsReply, MAIN_DISPATCHER) 155 | def _flow_stats_reply_handler(self, ev): 156 | body = ev.msg.body 157 | 158 | flow_num = 0 159 | pktsNum = 0 160 | byte_counts = 0 161 | for flow in body: 162 | if flow.priority == 1: 163 | #print (flow) 164 | #流 165 | self.temp_flows += 1 166 | #比特数 167 | self.temp_pkt_byte += flow.byte_count 168 | #包数 169 | self.temp_pkt_num += flow.packet_count 170 | #端口增长 171 | #tcp: tcp_src, tcp_dst 172 | if flow.match['ip_proto'] == in_proto.IPPROTO_TCP: 173 | ip = flow.match['ipv4_src'] 174 | if ip not in self.ip_ports: 175 | self.ip_ports.setdefault(ip, []) 176 | tcp_src = flow.match['tcp_src'] 177 | tcp_dst = flow.match['tcp_dst'] 178 | if tcp_src not in self.ip_ports[ip]: 179 | self.ip_ports[ip].append(tcp_src) 180 | ip = flow.match['ipv4_dst'] 181 | if ip not in self.ip_ports: 182 | self.ip_ports.setdefault(ip, []) 183 | if tcp_dst not in self.ip_ports[ip]: 184 | self.ip_ports[ip].append(tcp_dst) 185 | #udp: udp_src, udp_dst // udp lai hui 186 | if flow.match['ip_proto'] == in_proto.IPPROTO_UDP: 187 | #print(flow) 188 | ip = flow.match['ipv4_src'] 189 | if ip not in self.ip_ports: 190 | self.ip_ports.setdefault(ip,[]) 191 | udp_src = flow.match['udp_src'] 192 | udp_dst = flow.match['udp_dst'] 193 | if udp_src not in self.ip_ports[ip]: 194 | self.ip_ports[ip].append(udp_src) 195 | ip = flow.match['ipv4_dst'] 196 | if ip not in self.ip_ports: 197 | self.ip_ports.setdefault(ip,[]) 198 | if udp_dst not in self.ip_ports[ip]: 199 | self.ip_ports[ip].append(udp_dst) 200 | #源ip 201 | Src_ip = flow.match['ipv4_src'] 202 | if Src_ip not in self.Sip: 203 | self.Sip.append(Src_ip) 204 | -------------------------------------------------------------------------------- /light/collect_script/old_imitate/sent.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/light6607/ryu_controller/1f68e33da1f00ade86712f07c872060364c20b6e/light/collect_script/old_imitate/sent.log -------------------------------------------------------------------------------- /light/detect_config.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | # 修改该配置文件来更改识别模型 3 | 4 | # svm 识别模型 5 | model_dir = "./model/model_tf_svm.m" 6 | # 随机森林识别模型 7 | #model_dir = "./model/model_tf_forest.m" 8 | -------------------------------------------------------------------------------- /light/detected.log: -------------------------------------------------------------------------------- 1 | 2019-04-12 12:26:32 0.820895522388 220.850746269 5.0 5.1 1.5 0 normal correct 0.00284910202026 2 | 2019-04-12 12:27:04 0 0 0.0 0.0 0.0 0 normal correct 0.000243902206421 3 | 2019-04-12 12:27:14 0.779661016949 249.711864407 0.0 0.0 0.0 0 normal correct 0.000356912612915 4 | 2019-04-12 12:27:24 0.634920634921 178.174603175 5.0 5.9 1.4 0 normal correct 0.000191926956177 5 | 2019-04-12 12:27:34 0.284090909091 93.3295454545 5.9 6.3 1.4 0 normal correct 0.000159978866577 6 | 2019-04-12 12:27:44 0.0581959262852 14.9107662464 17.4 17.6 13.1 0 normal correct 0.000246047973633 7 | 2019-04-12 12:27:54 0.04296875 15.04296875 102.7 103.1 97.4 0 attack wrong 0.000192880630493 8 | 2019-04-12 12:28:04 0.0446168768186 12.3462657614 102.4 102.4 97.4 0 attack wrong 0.000221014022827 9 | 2019-04-12 12:28:14 0.025267249757 6.8231292517 102.7 103.1 97.2 0 attack wrong 0.000219106674194 10 | 2019-04-12 12:28:24 0.0395371263259 11.1755062681 103.2 102.9 97.2 0 attack wrong 0.000195026397705 11 | 2019-04-12 12:28:34 0.0283479960899 4.07233626588 102.9 103.7 97.7 0 attack wrong 0.000159025192261 12 | 2019-04-12 12:28:44 0.0481695568401 11.9672447013 102.5 102.3 97.5 0 attack wrong 0.000296115875244 13 | 2019-04-12 12:28:54 0.0448343079922 14.9961013645 102.1 103.8 97.2 0 attack wrong 0.000251054763794 14 | 2019-04-12 12:29:04 0.0513068731849 12.894482091 102.1 102.6 97.3 0 attack wrong 0.000191926956177 15 | 2019-04-12 12:29:14 0.0353287536801 7.53483807655 102.3 103.3 97.3 0 attack wrong 0.00026798248291 16 | 2019-04-12 12:29:24 0.0551257253385 13.6595744681 101.8 101.9 97.5 0 attack wrong 0.000169992446899 17 | 2019-04-12 12:29:34 0.0224171539961 4.93079922027 102.8 103.4 97.7 0 attack wrong 0.00017786026001 18 | 2019-04-12 12:29:44 0.0503875968992 9.18604651163 102.8 102.6 97.1 0 attack wrong 0.00037693977356 19 | 2019-04-12 12:29:54 0.260273972603 63.3424657534 102.5 103.2 97.7 0 attack wrong 0.000382900238037 20 | 2019-04-12 12:30:04 0.828125 150.8125 13.7 14.6 9.8 0 normal correct 0.000386953353882 21 | 2019-04-12 12:30:14 0.620689655172 159.793103448 5.7 6.4 1.5 0 normal correct 0.000508069992065 22 | 2019-04-12 12:30:24 1.01666666667 215.466666667 5.6 5.8 1.5 0 normal correct 0.0010449886322 23 | 2019-04-12 12:30:34 1.01492537313 280.76119403 5.6 6.0 1.5 0 normal correct 0.000377893447876 24 | 2019-04-12 12:30:44 0.68253968254 143.920634921 5.6 6.7 1.5 0 normal correct 0.000180959701538 25 | 2019-04-12 12:30:54 0.857142857143 215.910714286 5.6 6.3 1.5 0 normal correct 0.00039005279541 26 | 2019-04-12 12:31:04 0.671875 253.65625 5.4 5.6 1.5 0 normal correct 0.000288963317871 27 | 2019-04-12 12:31:14 1.06666666667 263.316666667 5.9 6.4 1.5 0 normal correct 0.000378847122192 28 | 2019-04-12 12:31:24 0.508474576271 199.779661017 5.5 6.0 1.5 0 normal correct 0.000380992889404 29 | 2019-04-12 12:31:34 0.698412698413 251.841269841 5.8 5.9 1.5 0 normal correct 0.000377893447876 30 | 2019-04-12 12:31:44 0.538461538462 114.123076923 5.7 6.3 1.5 0 normal correct 0.000366926193237 31 | 2019-04-12 12:31:54 0.632352941176 152.867647059 6.6 6.5 1.4 0 normal correct 0.000234127044678 32 | 2019-04-12 12:32:04 0.636363636364 232.515151515 5.5 6.8 1.4 0 normal correct 0.00037407875061 33 | 2019-04-12 12:32:14 0.983333333333 287.966666667 5.9 6.6 1.5 0 normal correct 0.000388145446777 34 | 2019-04-12 12:32:24 0.888888888889 167.666666667 4.4 6.0 1.4 0 normal correct 0.000373840332031 35 | 2019-04-12 12:32:34 0.716417910448 203.298507463 4.5 5.4 1.5 0 normal correct 0.000383853912354 36 | 2019-04-12 12:32:44 0.953125 275.234375 5.4 6.7 1.4 0 normal correct 0.000360012054443 37 | 2019-04-12 12:32:54 1.3 315.633333333 5.2 6.4 1.5 0 normal correct 0.000468015670776 38 | 2019-04-12 12:33:04 0.787878787879 141.803030303 5.0 6.0 1.4 0 normal correct 0.000246047973633 39 | 2019-04-12 12:33:14 1.18032786885 313.983606557 5.8 6.6 1.5 0 normal correct 0.000380992889404 40 | 2019-04-12 12:33:24 0.770491803279 191.081967213 5.7 6.1 1.5 0 normal correct 0.000383853912354 41 | 2019-04-12 12:33:34 0.868852459016 303.327868852 6.1 6.1 1.5 0 normal correct 0.000169992446899 42 | 2019-04-12 12:33:44 0.764705882353 266.617647059 5.6 6.1 1.5 0 normal correct 0.000397920608521 43 | 2019-04-12 12:33:54 0.8 264.8 5.9 6.8 1.5 0 normal correct 0.000380039215088 44 | 2019-04-12 12:34:04 0.731343283582 205.835820896 5.7 6.5 1.5 0 normal correct 0.000382900238037 45 | 2019-04-12 12:34:14 0.632352941176 166.779411765 5.3 6.7 1.5 0 normal correct 0.000370979309082 46 | 2019-04-12 12:34:24 1.015625 280.21875 6.1 6.8 1.5 0 normal correct 0.000452995300293 47 | 2019-04-12 12:34:34 0.8 196.163636364 6.5 6.4 1.5 0 normal correct 0.000282049179077 48 | 2019-04-12 12:34:44 0.883333333333 261.983333333 5.1 5.5 1.4 0 normal correct 0.000364065170288 49 | 2019-04-12 12:34:54 0.745762711864 236.050847458 6.0 6.0 1.5 0 normal correct 0.00036096572876 50 | 2019-04-12 12:35:04 0.786885245902 219.131147541 6.1 5.9 1.5 0 normal correct 0.000366926193237 51 | 2019-04-12 12:35:14 0.672413793103 144.844827586 5.3 6.1 1.5 0 normal correct 0.000373840332031 52 | 2019-04-12 12:35:24 0.952380952381 299.126984127 5.0 5.8 1.4 0 normal correct 0.000365018844604 53 | 2019-04-12 12:35:34 1.01515151515 246.636363636 5.3 6.3 1.5 0 normal correct 0.000159978866577 54 | 2019-04-12 12:35:44 0.796875 149.625 5.2 6.6 1.5 0 normal correct 0.000169038772583 55 | 2019-04-12 12:35:54 0.540983606557 147.68852459 5.3 6.4 1.5 0 normal correct 0.000279903411865 56 | 2019-04-12 12:36:04 0.794117647059 187.117647059 5.7 6.1 1.3 0 normal correct 0.00444412231445 57 | 2019-04-12 12:36:14 0.870967741935 179.112903226 5.7 6.8 1.5 0 normal correct 0.000306129455566 58 | 2019-04-12 12:36:24 0.645161290323 208.161290323 5.3 6.2 1.5 0 normal correct 0.000379800796509 59 | 2019-04-12 12:36:34 1.07692307692 350.861538462 5.6 6.2 1.5 0 normal correct 0.000345945358276 60 | 2019-04-12 12:36:44 0.904761904762 281.968253968 5.9 6.5 1.5 0 normal correct 0.000363111495972 61 | 2019-04-12 12:36:54 1.06779661017 309.762711864 5.9 6.3 1.5 0 normal correct 0.000530958175659 62 | 2019-04-12 12:43:01 0 0 0.0 0.0 0.0 0 normal correct 0.000202894210815 63 | 2019-04-12 12:43:11 0.511111111111 117.755555556 0.0 0.0 0.0 0 normal correct 0.000237941741943 64 | 2019-04-12 12:43:21 0.685483870968 237.5 7.1 9.0 1.5 0 normal correct 0.000364065170288 65 | 2019-04-12 12:43:31 0.614285714286 180.642857143 8.2 12.4 1.5 0 normal correct 0.000365972518921 66 | 2019-04-12 12:43:41 0.909090909091 302.545454545 6.7 7.0 1.5 0 normal correct 0.00036096572876 67 | 2019-04-12 12:43:51 0.68253968254 228.53968254 1.6 1.1 0.8 0 normal correct 0.000464916229248 68 | 2019-04-12 12:44:01 0.787878787879 231.287878788 5.3 6.3 1.5 0 normal correct 0.000349044799805 69 | 2019-04-12 12:44:11 0.958333333333 284.0 5.6 6.6 1.5 0 normal correct 0.000419139862061 70 | 2019-04-12 12:44:21 0 0 2.6 2.4 1.3 0 normal correct 0.000157117843628 71 | 2019-04-12 12:44:31 0 0 0.0 0.0 0.0 0 normal correct 0.000365972518921 72 | 2019-04-12 12:44:41 0 0 0.0 0.0 0.0 0 normal correct 0.000355958938599 73 | 2019-04-12 12:44:51 0 0 0.0 0.0 0.0 0 normal correct 0.000396013259888 74 | 2019-04-12 12:45:01 0 0 0.0 0.0 0.0 0 normal correct 0.000293970108032 75 | -------------------------------------------------------------------------------- /light/detected_attack.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | from ryu.base import app_manager 3 | from ryu.controller.handler import set_ev_cls 4 | from ryu.controller.handler import MAIN_DISPATCHER, DEAD_DISPATCHER, CONFIG_DISPATCHER 5 | from ryu.controller import ofp_event 6 | from ryu.lib import hub 7 | from ryu.lib.packet import in_proto 8 | import time 9 | from sklearn.externals import joblib 10 | import datetime 11 | import numpy as np 12 | import time 13 | import detect_config 14 | 15 | filename = "detected.log" 16 | 17 | 18 | class MyMonitor13(app_manager.RyuApp): 19 | '''string for disription''' 20 | 21 | def __init__(self, *args, **kwargs): 22 | super(MyMonitor13, self).__init__(*args, **kwargs) 23 | self.datapaths = {} 24 | self.monitor_thread = hub.spawn(self._monitor) 25 | self.sleep_time = 10# sleep time 26 | self.Sip = [] 27 | self.ip_ports = {} 28 | ''' 29 | records: 30 | | flow_num | port_num | src_ip | packet_num | 31 | 32 | ''' 33 | self.records = [0, 0, 0] 34 | ''' 35 | rcd: 36 | | time | avg_pkt_num | avg_pkt_byte | chg_ports | chg_flow | chg_sip | 37 | ''' 38 | self.rcd = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0] 39 | self.temp_pkt_num = 0 40 | self.temp_pkt_byte = 0 41 | self.temp_ports = 0 42 | self.temp_flows = 0 43 | self.sip_num = 0 44 | 45 | 46 | # send request msg periodically 47 | def _monitor(self): 48 | while 1: 49 | for dp in self.datapaths.values(): 50 | # self._request_stats(dp) 51 | # only s1 52 | if dp.id == 1: 53 | self._request_stats(dp) 54 | hub.sleep(self.sleep_time) # sleep N second. 55 | self._records() 56 | self.reset() 57 | 58 | def reset(self): 59 | self.temp_pkt_num = 0 60 | self.temp_pkt_byte = 0 61 | self.temp_ports = 0 62 | self.temp_flows = 0 63 | self.sip_num = 0 64 | self.Sip = [] 65 | self.ip_ports = {} 66 | 67 | def _records(self): 68 | if self.temp_flows: 69 | avg_pkt_num = float(self.temp_pkt_num) / float(self.temp_flows) 70 | else: 71 | avg_pkt_num = 0 72 | # 流包平均比特数 73 | if avg_pkt_num: 74 | avg_pkt_byte = self.temp_pkt_byte / float(self.temp_flows) 75 | else: 76 | avg_pkt_byte = 0 77 | 78 | # 端口 79 | for ip in self.ip_ports: 80 | self.temp_ports += len(self.ip_ports[ip]) 81 | # chg_ports = self.temp_ports - self.records[1] 82 | chg_ports = self.records[1] / float(self.sleep_time) 83 | # print('chg_ports:', chg_ports) 84 | 85 | # 流增长率 86 | # delta_flow = self.temp_flows - self.records[0] 87 | delta_flow = self.records[0] / float(self.sleep_time) 88 | chg_flow = delta_flow # / self.sleep_time 89 | # print('chg_flow', chg_flow) 90 | 91 | # 源ip增速 92 | self.sip_num = len(self.Sip) 93 | # delta_sip = self.sip_num - self.records[2] 94 | delta_sip = self.records[2] / float(self.sleep_time) 95 | chg_sip = delta_sip # / self.sleep_time 96 | # print('chg_sip', chg_sip) 97 | 98 | self.rcd[0] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) 99 | self.rcd[1] = avg_pkt_num 100 | self.rcd[2] = avg_pkt_byte 101 | self.rcd[3] = chg_ports 102 | self.rcd[4] = chg_flow 103 | self.rcd[5] = chg_sip 104 | self.rcd[6] = 1 105 | # rcd[6]代表的发起的是正常流量 106 | # 时间, 1,2,3,4,5, 发起的流量类型,检测的结果类型,是否一致 107 | 108 | clf = joblib.load(detect_config.model_dir) 109 | start_time = time.time() 110 | 111 | vec = np.array(self.rcd[1:6]).reshape(1, -1) 112 | result = clf.predict(vec) 113 | self.rcd[7] = result[0] 114 | 115 | 116 | duration = time.time() - start_time 117 | 118 | # duration_str = str(endtime - starttime).split('.')[1][:3] 119 | 120 | if self.rcd[6] == self.rcd[7]: 121 | self.rcd[8] = 'correct' 122 | else: 123 | self.rcd[8] = 'wrong' 124 | 125 | # 将检测时间转化为Attack or not attack 126 | if self.rcd[7] == 1: 127 | self.rcd[7] = 'attack' 128 | else: 129 | self.rcd[7] = 'normal' 130 | 131 | self.rcd[9] = duration 132 | # 133 | 134 | file = open(filename, 'ab') # a is like >> , and b is byte 135 | strs = '' 136 | n = 0 137 | while n < len(self.rcd): 138 | #print(self.rcd[n]) 139 | strs += str(self.rcd[n]) + " " 140 | n += 1 141 | # print(strs) 142 | file.write(strs + '\n') 143 | file.close() 144 | self.records[0] = self.temp_flows 145 | self.records[1] = self.temp_ports 146 | self.records[2] = self.sip_num 147 | 148 | # switch IN 149 | @set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER) 150 | def _switch_features_handler(self, ev): 151 | datapath = ev.msg.datapath 152 | ofproto = datapath.ofproto 153 | ofp_parser = datapath.ofproto_parser 154 | self.reset() 155 | # install the table-miss flow entry 156 | 157 | # get datapath info 158 | @set_ev_cls(ofp_event.EventOFPStateChange, [MAIN_DISPATCHER, DEAD_DISPATCHER]) 159 | def _state_change_handler(self, ev): 160 | datapath = ev.datapath 161 | if ev.state == MAIN_DISPATCHER: 162 | if datapath.id not in self.datapaths: 163 | self.datapaths[datapath.id] = datapath 164 | self.logger.debug('Register datapath: %16x', datapath.id) 165 | 166 | elif ev.state == DEAD_DISPATCHER: 167 | if datapath.id in self.datapaths: 168 | del self.datapaths[datapath.id] 169 | self.logger.debug('Unregister datapath: %16x', datapath.id) 170 | 171 | 172 | 173 | # send stats request msg to datapath 174 | def _request_stats(self, datapath): 175 | self.logger.debug('send stats request to datapath: %16x', datapath.id) 176 | ofproto = datapath.ofproto 177 | ofp_parser = datapath.ofproto_parser 178 | 179 | # send flow stats request msg 180 | req = ofp_parser.OFPFlowStatsRequest(datapath) 181 | datapath.send_msg(req) 182 | 183 | # handle the flow entries stats reply msg 184 | @set_ev_cls(ofp_event.EventOFPFlowStatsReply, MAIN_DISPATCHER) 185 | def _flow_stats_reply_handler(self, ev): 186 | body = ev.msg.body 187 | 188 | flow_num = 0 189 | pktsNum = 0 190 | byte_counts = 0 191 | for flow in body: 192 | if flow.priority == 1: 193 | #print (flow) 194 | #流 195 | self.temp_flows += 1 196 | #比特数 197 | self.temp_pkt_byte += flow.byte_count 198 | #包数 199 | self.temp_pkt_num += flow.packet_count 200 | #端口增长 201 | #tcp: tcp_src, tcp_dst 202 | if flow.match['ip_proto'] == in_proto.IPPROTO_TCP: 203 | ip = flow.match['ipv4_src'] 204 | if ip not in self.ip_ports: 205 | self.ip_ports.setdefault(ip, []) 206 | tcp_src = flow.match['tcp_src'] 207 | tcp_dst = flow.match['tcp_dst'] 208 | if tcp_src not in self.ip_ports[ip]: 209 | self.ip_ports[ip].append(tcp_src) 210 | ip = flow.match['ipv4_dst'] 211 | if ip not in self.ip_ports: 212 | self.ip_ports.setdefault(ip, []) 213 | if tcp_dst not in self.ip_ports[ip]: 214 | self.ip_ports[ip].append(tcp_dst) 215 | #udp: udp_src, udp_dst // udp lai hui 216 | if flow.match['ip_proto'] == in_proto.IPPROTO_UDP: 217 | #print(flow) 218 | ip = flow.match['ipv4_src'] 219 | if ip not in self.ip_ports: 220 | self.ip_ports.setdefault(ip,[]) 221 | udp_src = flow.match['udp_src'] 222 | udp_dst = flow.match['udp_dst'] 223 | if udp_src not in self.ip_ports[ip]: 224 | self.ip_ports[ip].append(udp_src) 225 | ip = flow.match['ipv4_dst'] 226 | if ip not in self.ip_ports: 227 | self.ip_ports.setdefault(ip,[]) 228 | if udp_dst not in self.ip_ports[ip]: 229 | self.ip_ports[ip].append(udp_dst) 230 | #源ip 231 | Src_ip = flow.match['ipv4_src'] 232 | if Src_ip not in self.Sip: 233 | self.Sip.append(Src_ip) 234 | -------------------------------------------------------------------------------- /light/detected_forest.log: -------------------------------------------------------------------------------- 1 | 2019-03-29 22:42:40 0.84375 271.984375 5.6 6.2 1.4 0 normal correct 0.00285196304321 2 | 2019-03-29 22:42:50 0.692307692308 226.2 5.4 6.4 1.5 0 normal correct 0.00290322303772 3 | 2019-03-29 22:43:00 0.776119402985 237.76119403 6.3 6.5 1.5 0 normal correct 0.00293183326721 4 | 2019-03-29 22:43:10 0.617647058824 176.279411765 5.6 6.7 1.5 0 normal correct 0.00173306465149 5 | 2019-03-29 22:43:20 0.847222222222 205.513888889 5.7 6.8 1.4 0 normal correct 0.00281691551208 6 | 2019-03-29 22:43:30 0.771929824561 249.315789474 6.0 7.2 1.5 0 normal correct 0.00255417823792 7 | 2019-03-29 22:43:40 0.563636363636 150.945454545 5.7 5.7 1.4 0 normal correct 0.00273895263672 8 | 2019-03-29 22:43:50 0.777777777778 221.523809524 5.1 5.5 1.3 0 normal correct 0.00323009490967 9 | 2019-03-29 22:44:00 0.712121212121 202.606060606 5.4 6.3 1.5 0 normal correct 0.00455212593079 10 | 2019-03-29 22:44:10 0.984615384615 249.323076923 5.4 6.6 1.5 0 normal correct 0.00271511077881 11 | 2019-03-29 22:44:20 0.859375 197.109375 5.7 6.5 1.5 0 normal correct 0.00230312347412 12 | 2019-03-29 22:44:30 0.522388059701 145.597014925 5.6 6.4 1.5 0 normal correct 0.0027449131012 13 | 2019-03-29 22:44:40 0.666666666667 153.433333333 6.1 6.7 1.5 0 normal correct 0.00264000892639 14 | 2019-03-29 22:44:50 0.793650793651 224.714285714 5.7 6.0 1.4 0 normal correct 0.00194501876831 15 | 2019-03-29 22:45:00 0.920634920635 210.063492063 4.9 6.3 1.5 0 normal correct 0.00327920913696 16 | 2019-03-29 22:45:10 0.854838709677 235.580645161 5.2 6.3 1.4 0 normal correct 0.00289177894592 17 | 2019-03-29 22:45:20 0.701492537313 228.194029851 5.8 6.2 1.5 0 normal correct 0.00187397003174 18 | 2019-03-29 22:45:31 0.745454545455 146.618181818 6.0 6.7 1.5 0 normal correct 0.00178694725037 19 | 2019-03-29 22:45:41 0.737704918033 211.868852459 5.1 5.5 1.5 0 normal correct 0.00183987617493 20 | 2019-03-29 22:45:51 0.80701754386 208.438596491 5.4 6.1 1.5 0 normal correct 0.00386095046997 21 | 2019-03-29 22:46:01 0.830769230769 164.723076923 5.4 5.7 1.5 0 normal correct 0.00282788276672 22 | 2019-03-29 22:46:11 0.5625 131.671875 5.2 6.5 1.4 0 normal correct 0.00388789176941 23 | 2019-03-29 22:46:21 0.985074626866 311.119402985 5.4 6.4 1.5 0 normal correct 0.00282692909241 24 | 2019-03-29 22:46:31 0.757575757576 233.181818182 5.3 6.7 1.5 0 normal correct 0.00218820571899 25 | 2019-03-29 22:46:41 0.692307692308 265.061538462 6.4 6.6 1.5 0 normal correct 0.00351500511169 26 | 2019-03-29 22:46:51 0.69696969697 227.757575758 5.0 6.5 1.5 0 normal correct 0.00273299217224 27 | 2019-03-29 22:47:01 0.857142857143 287.46031746 5.7 6.6 1.5 0 normal correct 0.00205087661743 28 | 2019-03-29 22:47:11 1.01449275362 314.072463768 5.6 6.3 1.5 0 normal correct 0.00318598747253 29 | 2019-03-29 22:47:21 0.867647058824 217.279411765 5.8 6.9 1.5 0 normal correct 0.00517797470093 30 | 2019-03-29 22:47:31 1.19047619048 336.761904762 4.9 6.8 1.5 0 normal correct 0.00291013717651 31 | 2019-03-29 22:47:41 1.15 265.15 5.2 6.3 1.5 0 normal correct 0.00180697441101 32 | 2019-03-29 22:47:51 0.938461538462 266.338461538 4.9 6.0 1.5 0 normal correct 0.00288987159729 33 | 2019-03-29 22:48:01 0.701492537313 181.567164179 5.4 6.5 1.5 0 normal correct 0.00322699546814 34 | 2019-03-29 22:48:11 0.774193548387 223.5 5.2 6.7 1.5 0 normal correct 0.0023820400238 35 | 2019-03-29 22:48:21 0.414285714286 85.5857142857 6.0 6.2 1.5 0 normal correct 0.00191807746887 36 | 2019-03-29 22:48:31 0.984375 249.6875 6.3 7.0 1.5 0 normal correct 0.00343894958496 37 | 2019-03-29 22:48:41 0.934426229508 248.786885246 5.8 6.4 1.4 0 normal correct 0.00298309326172 38 | 2019-03-29 22:48:51 0.575757575758 228.681818182 5.7 6.1 1.5 0 normal correct 0.00279092788696 39 | 2019-03-29 22:49:01 0.688524590164 260.442622951 5.6 6.6 1.5 0 normal correct 0.00339198112488 40 | 2019-03-29 22:49:11 0.465517241379 133.948275862 5.8 6.1 1.4 0 normal correct 0.00261378288269 41 | 2019-03-29 22:49:21 0.910714285714 276.589285714 5.8 5.8 1.4 0 normal correct 0.0028350353241 42 | 2019-03-29 22:49:31 1.1746031746 291.26984127 5.7 5.6 1.5 0 normal correct 0.0023500919342 43 | 2019-03-29 22:49:41 0.589285714286 177.964285714 5.3 6.3 1.5 0 normal correct 0.00372505187988 44 | 2019-03-29 22:49:51 0.575757575758 146.166666667 5.3 5.6 1.5 0 normal correct 0.00191593170166 45 | 2019-03-29 22:50:01 0.928571428571 236.171428571 5.8 6.6 1.5 0 normal correct 0.00384306907654 46 | 2019-03-29 22:50:11 0.791044776119 191.029850746 6.1 7.0 1.5 0 normal correct 0.00374484062195 47 | 2019-03-29 22:50:21 0.825396825397 190.158730159 5.8 6.7 1.4 0 normal correct 0.00255680084229 48 | 2019-03-29 22:50:31 0.540983606557 146.950819672 5.3 6.3 1.5 0 normal correct 0.00215601921082 49 | 2019-03-29 22:50:41 0.83606557377 197.049180328 5.4 6.1 1.5 0 normal correct 0.00216698646545 50 | 2019-03-29 22:50:51 0.725806451613 142.580645161 5.8 6.1 1.4 0 normal correct 0.00271201133728 51 | 2019-03-29 22:51:01 0.890625 281.03125 5.4 6.2 1.5 0 normal correct 0.00261306762695 52 | 2019-03-29 22:51:11 0.695652173913 225.289855072 5.9 6.4 1.5 0 normal correct 0.00212502479553 53 | 2019-03-29 22:51:21 1.046875 295.640625 5.4 6.9 1.4 0 normal correct 0.00229907035828 54 | 2019-03-29 22:51:31 0.716417910448 165.029850746 5.2 6.4 1.5 0 normal correct 0.00237512588501 55 | 2019-03-29 22:51:41 0.808823529412 255.441176471 6.1 6.7 1.5 0 normal correct 0.00222206115723 56 | 2019-03-29 22:51:51 0.885245901639 222.475409836 5.6 6.8 1.4 0 normal correct 0.00226879119873 57 | 2019-03-29 22:52:01 0.703703703704 252.703703704 5.8 6.1 1.5 0 normal correct 0.00232601165771 58 | 2019-03-29 22:52:11 0.794117647059 250.985294118 4.3 5.4 1.4 0 normal correct 0.00291705131531 59 | 2019-03-29 22:52:21 1.0 253.349206349 5.8 6.8 1.5 0 normal correct 0.00529718399048 60 | 2019-03-29 22:52:31 0.742424242424 220.060606061 5.4 6.3 1.4 0 normal correct 0.00213313102722 61 | 2019-03-29 22:52:41 1.01470588235 234.779411765 5.8 6.6 1.5 0 normal correct 0.0028510093689 62 | 2019-03-29 22:52:51 0.676923076923 209.646153846 5.5 6.8 1.5 0 normal correct 0.00321221351624 63 | 2019-03-29 22:53:01 1.0 315.583333333 5.8 6.5 1.5 0 normal correct 0.00218105316162 64 | 2019-03-29 22:53:11 0.819672131148 239.245901639 5.6 6.0 1.5 0 normal correct 0.00222110748291 65 | 2019-03-29 22:53:21 0.839285714286 191.107142857 5.8 6.1 1.5 0 normal correct 0.00282311439514 66 | 2019-03-29 22:53:31 0.985915492958 282.985915493 5.6 5.6 1.4 0 normal correct 0.00261902809143 67 | 2019-03-29 22:53:41 0.728813559322 185.457627119 5.7 7.1 1.5 0 normal correct 0.0028920173645 68 | 2019-03-29 22:53:51 1.0 284.079365079 5.7 5.9 1.5 0 normal correct 0.00178408622742 69 | 2019-03-29 22:54:01 0.781818181818 285.781818182 4.4 6.3 1.5 0 normal correct 0.00237798690796 70 | 2019-03-29 22:54:11 0.5 131.296875 5.7 5.5 1.3 0 normal correct 0.00301599502563 71 | 2019-03-29 22:54:21 0.688524590164 257.327868852 6.2 6.4 1.5 0 normal correct 0.00301003456116 72 | 2019-03-29 22:54:31 0.772727272727 170.712121212 6.0 6.1 1.5 0 normal correct 0.00253701210022 73 | 2019-03-29 22:54:41 1.07692307692 282.953846154 5.5 6.6 1.5 0 normal correct 0.00317096710205 74 | 2019-03-29 22:54:51 0.693548387097 180.112903226 5.9 6.5 1.5 0 normal correct 0.00228381156921 75 | 2019-03-29 22:55:01 0.761904761905 209.396825397 5.8 6.2 1.5 0 normal correct 0.0036678314209 76 | 2019-03-29 22:55:11 0.712121212121 224.0 6.0 6.3 1.5 0 normal correct 0.0029399394989 77 | 2019-03-29 22:55:21 0.802816901408 231.957746479 5.5 6.6 1.4 0 normal correct 0.00308108329773 78 | 2019-03-29 22:55:31 0.774193548387 213.016129032 6.4 7.1 1.5 0 normal correct 0.00285816192627 79 | 2019-03-29 22:55:41 0.625 210.359375 5.9 6.2 1.4 0 normal correct 0.00289297103882 80 | 2019-03-29 22:55:51 0.65 198.95 5.7 6.4 1.5 0 normal correct 0.00423407554626 81 | 2019-03-29 22:56:01 0.876923076923 241.153846154 5.6 6.0 1.4 0 normal correct 0.00227189064026 82 | 2019-03-29 22:56:11 0.944444444444 247.805555556 6.2 6.5 1.5 0 normal correct 0.00284099578857 83 | 2019-03-29 22:56:21 0.84375 202.765625 5.5 7.2 1.4 0 normal correct 0.00260996818542 84 | 2019-03-29 22:56:31 0.454545454545 88.1636363636 5.6 6.4 1.5 0 normal correct 0.00288605690002 85 | 2019-03-29 22:56:41 0.739130434783 201.565217391 5.5 5.5 1.4 0 normal correct 0.0021390914917 86 | 2019-03-29 22:56:51 0.809523809524 224.444444444 5.7 6.9 1.5 0 normal correct 0.00264191627502 87 | 2019-03-29 22:57:01 0.911764705882 301.955882353 5.7 6.3 1.5 0 normal correct 0.00207209587097 88 | 2019-03-29 22:57:11 0.894736842105 214.456140351 6.0 6.8 1.4 0 normal correct 0.00332713127136 89 | 2019-03-29 22:57:21 0.847457627119 293.847457627 5.1 5.7 1.4 0 normal correct 0.00391507148743 90 | 2019-03-29 22:57:31 0.833333333333 206.227272727 5.1 5.9 1.5 0 normal correct 0.00258708000183 91 | 2019-03-29 22:57:41 0.850746268657 308.313432836 6.3 6.6 1.5 0 normal correct 0.00290393829346 92 | 2019-03-29 22:57:51 0.850746268657 289.746268657 5.6 6.7 1.5 0 normal correct 0.00217604637146 93 | 2019-03-29 22:58:01 0.83606557377 243.950819672 5.6 6.7 1.5 0 normal correct 0.00265693664551 94 | 2019-03-29 22:58:11 0.583333333333 127.983333333 5.6 6.1 1.5 0 normal correct 0.00291204452515 95 | 2019-03-29 22:58:21 0.852941176471 258.294117647 5.5 6.0 1.4 0 normal correct 0.00205087661743 96 | 2019-03-29 22:58:31 0.611940298507 136.671641791 5.8 6.8 1.5 0 normal correct 0.00293803215027 97 | 2019-03-29 22:58:41 0.564516129032 159.661290323 6.5 6.7 1.5 0 normal correct 0.00287008285522 98 | 2019-03-29 22:58:51 0.78125 247.390625 5.5 6.2 1.5 0 normal correct 0.00223898887634 99 | 2019-03-29 22:59:01 0.625 160.234375 5.9 6.4 1.4 0 normal correct 0.00274586677551 100 | 2019-03-29 22:59:11 1.02941176471 261.573529412 5.2 6.4 1.5 0 normal correct 0.00294709205627 101 | 2019-03-29 23:00:05 0 0 0.0 0.0 0.0 1 normal wrong 0.00262784957886 102 | 2019-03-29 23:00:15 0.07928802589 19.145631068 0.0 0.0 0.0 1 normal wrong 0.00224804878235 103 | 2019-03-29 23:00:25 0.027724665392 8.58986615679 62.0 61.8 58.0 1 attack correct 0.00195598602295 104 | 2019-03-29 23:00:35 0.0401913875598 12.4622009569 104.7 104.6 98.6 1 attack correct 0.00229501724243 105 | 2019-03-29 23:00:45 0.0298363811357 10.9903753609 102.9 104.5 98.6 1 attack correct 0.00281286239624 106 | 2019-03-29 23:00:55 0.0282101167315 7.83365758755 102.8 103.9 98.3 1 attack correct 0.00187301635742 107 | 2019-03-29 23:01:05 0.0270531400966 6.24154589372 102.8 102.8 98.1 1 attack correct 0.00236010551453 108 | 2019-03-29 23:01:15 0.0250723240116 7.02700096432 102.7 103.5 98.1 1 attack correct 0.00182819366455 109 | 2019-03-29 23:01:25 0.0338164251208 11.7893719807 102.8 103.7 97.8 1 attack correct 0.00211405754089 110 | 2019-03-29 23:01:35 0.0375360923965 10.3031761309 103.1 103.5 97.8 1 attack correct 0.00216388702393 111 | 2019-03-29 23:01:45 0.0290697674419 11.0968992248 103.2 103.9 98.3 1 attack correct 0.00278186798096 112 | 2019-03-29 23:01:55 0.00970873786408 3.2145631068 102.5 103.2 97.8 1 attack correct 0.00278401374817 113 | 2019-03-29 23:02:05 0.0242013552759 6.93223620523 102.4 103.0 97.6 1 attack correct 0.00793480873108 114 | 2019-03-29 23:02:15 0.0519230769231 15.8317307692 102.6 103.3 98.1 1 attack correct 0.00182008743286 115 | 2019-03-29 23:02:25 0.0509125840538 16.093179635 102.5 104.0 98.3 1 attack correct 0.00188708305359 116 | 2019-03-29 23:02:35 0.0193798449612 5.2015503876 102.8 104.1 98.1 1 attack correct 0.00256705284119 117 | 2019-03-29 23:02:45 0.0310378273521 7.78079534433 102.8 103.2 98.0 1 attack correct 0.00228500366211 118 | 2019-03-29 23:02:55 0.0480307396734 15.1296829971 102.7 103.1 97.9 1 attack correct 0.00213193893433 119 | 2019-03-29 23:03:05 0.0443587270974 10.4889103182 103.5 104.1 98.1 1 attack correct 0.00374388694763 120 | 2019-03-29 23:03:15 0.0329457364341 9.59496124031 102.4 103.7 97.5 1 attack correct 0.00216889381409 121 | 2019-03-29 23:03:25 0.0383877159309 10.1305182342 103.0 103.2 97.3 1 attack correct 0.00211095809937 122 | 2019-03-29 23:03:35 0.0579710144928 12.4299516908 104.1 104.2 97.9 1 attack correct 0.00223398208618 123 | 2019-03-29 23:03:45 0.030243902439 8.74926829268 103.3 103.5 98.1 1 attack correct 0.003005027771 124 | 2019-03-29 23:03:55 0.0203488372093 5.07945736434 102.9 102.5 97.5 1 attack correct 0.00248217582703 125 | 2019-03-29 23:04:05 0.0341463414634 10.3141463415 102.9 103.2 98.1 1 attack correct 0.00267696380615 126 | 2019-03-29 23:04:15 0.031158714703 8.570593963 102.3 102.5 97.7 1 attack correct 0.00233387947083 127 | 2019-03-29 23:04:25 0.0358180058083 13.3059051307 102.2 102.7 97.9 1 attack correct 0.00218796730042 128 | 2019-03-29 23:04:35 0.0346820809249 8.40077071291 102.6 103.3 98.0 1 attack correct 0.00195503234863 129 | 2019-03-29 23:04:45 0.041586073501 10.0 103.4 103.8 98.3 1 attack correct 0.00238800048828 130 | 2019-03-29 23:04:55 0.0383509108341 13.8015340364 103.2 103.4 97.6 1 attack correct 0.00218200683594 131 | 2019-03-29 23:05:05 0.0320699708455 12.4975704568 102.9 104.3 97.8 1 attack correct 0.00218820571899 132 | 2019-03-29 23:05:15 0.047572815534 15.9524271845 102.4 102.9 97.6 1 attack correct 0.00262689590454 133 | 2019-03-29 23:05:25 0.0329138431752 4.69603097773 102.4 103.0 97.9 1 attack correct 0.00219702720642 134 | 2019-03-29 23:05:35 0.0184466019417 6.56213592233 102.9 103.3 98.0 1 attack correct 0.00217390060425 135 | 2019-03-29 23:05:45 0.0327237728585 7.11549566891 102.9 103.0 97.8 1 attack correct 0.0022120475769 136 | 2019-03-29 23:05:55 0.0366795366795 9.4971042471 103.0 103.9 98.1 1 attack correct 0.00339317321777 137 | 2019-03-29 23:06:05 0.0359572400389 12.8056365403 102.7 103.6 97.8 1 attack correct 0.00221109390259 138 | 2019-03-29 23:06:15 0.025267249757 5.42954324587 102.7 102.9 97.3 1 attack correct 0.00182199478149 139 | 2019-03-29 23:06:25 0.0317307692308 6.3 102.4 102.9 97.7 1 attack correct 0.002357006073 140 | 2019-03-29 23:06:35 0.016553067186 3.71957156767 102.7 104.0 97.8 1 attack correct 0.00238394737244 141 | 2019-03-29 23:06:45 0.0339147286822 9.81395348837 102.8 102.7 97.5 1 attack correct 0.00214409828186 142 | 2019-03-29 23:06:55 0.0442733397498 12.0683349374 102.5 103.2 97.8 1 attack correct 0.00208592414856 143 | 2019-03-29 23:07:05 0.0242248062016 5.34399224806 102.2 103.9 97.6 1 attack correct 0.00211715698242 144 | 2019-03-29 23:07:15 0.0341796875 10.2880859375 102.9 103.2 98.1 1 attack correct 0.0020911693573 145 | 2019-03-29 23:07:25 0.0184466019417 4.83106796117 102.4 102.4 98.3 1 attack correct 0.0022280216217 146 | 2019-03-29 23:07:35 0.0359223300971 9.22718446602 103.1 103.0 97.9 1 attack correct 0.00244283676147 147 | 2019-03-29 23:07:45 0.023166023166 5.93532818533 102.5 103.0 97.8 1 attack correct 0.00197410583496 148 | 2019-03-29 23:07:55 0.0368574199806 10.0708050436 103.3 103.6 98.0 1 attack correct 0.00333499908447 149 | 2019-03-29 23:08:05 0.0604606525912 17.7428023033 102.7 103.1 98.2 1 attack correct 0.00289988517761 150 | 2019-03-29 23:08:15 0.030243902439 8.34536585366 102.8 104.2 98.3 1 attack correct 0.00232291221619 151 | 2019-03-29 23:08:25 0.0425943852856 7.88673765731 102.3 102.5 98.0 1 attack correct 0.0025680065155 152 | 2019-03-29 23:08:35 0.0261627906977 9.06879844961 102.5 103.3 98.1 1 attack correct 0.00207209587097 153 | 2019-03-29 23:08:45 0.0569498069498 13.6312741313 102.9 103.2 97.4 1 attack correct 0.00226402282715 154 | 2019-03-29 23:08:55 0.0433526011561 16.1204238921 102.8 103.6 97.9 1 attack correct 0.0019519329071 155 | 2019-03-29 23:09:05 0.0406976744186 14.9903100775 103.2 103.8 98.2 1 attack correct 0.00223708152771 156 | 2019-03-29 23:09:15 0.036750483559 7.34332688588 102.6 103.2 97.7 1 attack correct 0.00230717658997 157 | 2019-03-29 23:09:25 0.0348837209302 9.03003875969 102.9 103.4 97.9 1 attack correct 0.00206899642944 158 | 2019-03-29 23:09:35 0.0571151984511 14.3107454017 102.3 103.2 97.9 1 attack correct 0.00270104408264 159 | 2019-03-29 23:09:45 0.0290979631426 6.59650824442 102.8 103.3 97.7 1 attack correct 0.0023250579834 160 | 2019-03-29 23:09:55 0.059558117195 15.8414985591 102.7 103.1 97.7 1 attack correct 0.00222086906433 161 | 2019-03-29 23:10:05 0.0493230174081 13.2823984526 103.3 104.1 98.3 1 attack correct 0.00225901603699 162 | 2019-03-29 23:10:15 0.0463768115942 10.8028985507 102.6 103.4 98.2 1 attack correct 0.00230693817139 163 | 2019-03-29 23:10:25 0.0328502415459 10.884057971 103.0 103.5 98.3 1 attack correct 0.00193691253662 164 | 2019-03-29 23:10:35 0.0282651072125 7.15399610136 103.2 103.5 98.0 1 attack correct 0.00492787361145 165 | 2019-03-29 23:10:45 0.0395371263259 10.0308582449 102.4 102.6 98.1 1 attack correct 0.00252914428711 166 | 2019-03-29 23:10:55 0.0261881668283 5.86032977692 103.5 103.7 98.2 1 attack correct 0.00260710716248 167 | 2019-03-29 23:11:05 0.0464666021297 14.1045498548 102.9 103.1 98.0 1 attack correct 0.00257182121277 168 | 2019-03-29 23:11:15 0.0397286821705 9.13372093023 102.8 103.3 97.4 1 attack correct 0.00217509269714 169 | 2019-03-29 23:11:25 0.0319457889642 7.89641819942 103.5 103.2 98.0 1 attack correct 0.00251507759094 170 | 2019-03-29 23:11:35 0.0282375851996 8.63875365141 102.3 103.3 98.3 1 attack correct 0.00252199172974 171 | 2019-03-29 23:11:45 0.0309178743961 8.87149758454 102.6 102.7 97.4 1 attack correct 0.00237202644348 172 | 2019-03-29 23:11:55 0.021359223301 7.31941747573 103.1 103.5 97.5 1 attack correct 0.00216484069824 173 | 2019-03-29 23:12:05 0.0126459143969 3.87548638132 102.9 103.0 97.9 1 attack correct 0.0020010471344 174 | 2019-03-29 23:12:15 0.0165048543689 4.53398058252 102.0 102.8 97.6 1 attack correct 0.00208401679993 175 | 2019-03-29 23:12:25 0.0473429951691 12.4164251208 102.4 103.0 97.8 1 attack correct 0.00203895568848 176 | 2019-03-29 23:12:35 0.0588803088803 18.5028957529 103.0 103.5 98.0 1 attack correct 0.00227284431458 177 | 2019-03-29 23:12:45 0.0369290573372 14.296404276 102.8 103.6 97.9 1 attack correct 0.00209712982178 178 | 2019-03-29 23:12:55 0.0290416263311 9.05517909003 102.5 102.9 97.5 1 attack correct 0.00226712226868 179 | 2019-03-29 23:13:05 0.041586073501 10.1779497099 102.4 103.3 98.0 1 attack correct 0.00236415863037 180 | 2019-03-29 23:13:15 0.0396902226525 13.0290416263 102.1 103.4 98.4 1 attack correct 0.00221109390259 181 | 2019-03-29 23:13:25 0.0441882804995 15.4956772334 102.6 103.3 98.4 1 attack correct 0.00284790992737 182 | 2019-03-29 23:13:35 0.031007751938 7.95251937984 103.4 104.1 97.6 1 attack correct 0.00231409072876 183 | 2019-03-29 23:13:45 0.0154738878143 2.25048355899 102.5 103.2 98.0 1 attack correct 0.00197196006775 184 | 2019-03-29 23:13:55 0.0212355212355 7.62451737452 102.7 103.4 98.0 1 attack correct 0.00202393531799 185 | 2019-03-29 23:14:06 0.0318532818533 5.8388030888 103.2 103.6 98.4 1 attack correct 0.00201606750488 186 | 2019-03-29 23:14:16 0.0394230769231 10.7951923077 102.9 103.6 98.2 1 attack correct 0.00244998931885 187 | 2019-03-29 23:14:26 0.026213592233 6.65533980583 102.7 104.0 97.4 1 attack correct 0.00229001045227 188 | 2019-03-29 23:14:36 0.0418287937743 8.37548638132 102.8 103.0 98.3 1 attack correct 0.0020489692688 189 | 2019-03-29 23:14:46 0.0365736284889 12.3897978826 102.7 102.8 97.7 1 attack correct 0.00189399719238 190 | 2019-03-29 23:14:56 0.0290416263311 8.03000968054 103.3 103.9 98.0 1 attack correct 0.00183415412903 191 | 2019-03-29 23:15:06 0.0242718446602 7.01262135922 103.0 103.3 98.1 1 attack correct 0.00210809707642 192 | 2019-03-29 23:15:16 0.0319457889642 8.99903194579 102.9 103.0 97.6 1 attack correct 0.00212502479553 193 | 2019-03-29 23:15:26 0.0164569215876 5.03678606002 102.4 103.3 97.7 1 attack correct 0.00205492973328 194 | 2019-03-29 23:15:36 0.0407371483996 10.7972841901 102.9 103.3 97.6 1 attack correct 0.002032995224 195 | 2019-03-29 23:15:46 0.0504364694471 14.3132880698 102.7 103.1 97.9 1 attack correct 0.00202393531799 196 | 2019-03-29 23:15:56 0.0232783705141 7.08050436469 103.2 103.1 98.1 1 attack correct 0.0027129650116 197 | 2019-03-29 23:16:06 0.0271844660194 9.5786407767 103.3 103.1 97.9 1 attack correct 0.00201106071472 198 | 2019-03-29 23:16:16 0.0464216634429 14.4245647969 101.7 103.0 97.4 1 attack correct 0.00267004966736 199 | 2019-03-29 23:16:26 0.0513068731849 16.2381413359 102.9 103.4 97.6 1 attack correct 0.00173211097717 200 | 2019-03-29 23:16:36 0.0416263310745 11.6611810261 103.3 103.3 97.4 1 attack correct 0.00260996818542 201 | 2019-03-29 23:16:46 0.0272904483431 6.44834307992 102.9 103.3 97.8 1 attack correct 0.00180411338806 202 | 2019-03-29 23:16:56 0.0405014464802 9.80135004822 102.8 102.6 97.3 1 attack correct 0.00224900245667 203 | 2019-03-29 23:17:06 0.0405014464802 8.72902603664 102.8 103.7 98.2 1 attack correct 0.00224709510803 204 | 2019-03-29 23:17:16 0.0297504798464 10.1026871401 102.8 103.7 98.4 1 attack correct 0.00241303443909 205 | 2019-03-29 23:17:26 0.0310981535471 9.04373177843 103.0 104.2 98.3 1 attack correct 0.00250005722046 206 | 2019-03-29 23:17:36 0.0251207729469 6.45314009662 102.8 102.9 97.6 1 attack correct 0.00230288505554 207 | 2019-03-29 23:17:46 0.0233009708738 4.68252427184 102.6 103.5 97.9 1 attack correct 0.00200200080872 208 | 2019-03-29 23:17:56 0.0261881668283 6.22211445199 102.4 103.0 97.5 1 attack correct 0.00306105613708 209 | 2019-03-29 23:18:06 0.0107003891051 3.58560311284 102.3 103.1 97.4 1 attack correct 0.00216484069824 210 | 2019-03-29 23:18:16 0.041586073501 13.829787234 103.1 102.8 98.0 1 attack correct 0.00216507911682 211 | -------------------------------------------------------------------------------- /light/detected_normal.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | from ryu.base import app_manager 3 | from ryu.controller.handler import set_ev_cls 4 | from ryu.controller.handler import MAIN_DISPATCHER, DEAD_DISPATCHER, CONFIG_DISPATCHER 5 | from ryu.controller import ofp_event 6 | from ryu.lib import hub 7 | from ryu.lib.packet import in_proto 8 | import time 9 | import detect_config 10 | 11 | 12 | from sklearn.externals import joblib 13 | import datetime 14 | import numpy as np 15 | 16 | 17 | filename = "detected.log" 18 | 19 | 20 | class MyMonitor13(app_manager.RyuApp): 21 | '''string for disription''' 22 | 23 | def __init__(self, *args, **kwargs): 24 | super(MyMonitor13, self).__init__(*args, **kwargs) 25 | self.datapaths = {} 26 | self.monitor_thread = hub.spawn(self._monitor) 27 | self.sleep_time = 10# sleep time 28 | self.Sip = [] 29 | self.ip_ports = {} 30 | ''' 31 | records: 32 | | flow_num | port_num | src_ip | packet_num | 33 | 34 | ''' 35 | self.records = [0, 0, 0] 36 | ''' 37 | rcd: 38 | | time | avg_pkt_num | avg_pkt_byte | chg_ports | chg_flow | chg_sip | 39 | ''' 40 | self.rcd = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0] 41 | self.temp_pkt_num = 0 42 | self.temp_pkt_byte = 0 43 | self.temp_ports = 0 44 | self.temp_flows = 0 45 | self.sip_num = 0 46 | 47 | 48 | # send request msg periodically 49 | def _monitor(self): 50 | while 1: 51 | for dp in self.datapaths.values(): 52 | # self._request_stats(dp) 53 | # only s1 54 | if dp.id == 1: 55 | self._request_stats(dp) 56 | hub.sleep(self.sleep_time) # sleep N second. 57 | self._records() 58 | self.reset() 59 | 60 | def reset(self): 61 | self.temp_pkt_num = 0 62 | self.temp_pkt_byte = 0 63 | self.temp_ports = 0 64 | self.temp_flows = 0 65 | self.sip_num = 0 66 | self.Sip = [] 67 | self.ip_ports = {} 68 | 69 | def _records(self): 70 | if self.temp_flows: 71 | avg_pkt_num = float(self.temp_pkt_num) / float(self.temp_flows) 72 | else: 73 | avg_pkt_num = 0 74 | # 流包平均比特数 75 | if avg_pkt_num: 76 | avg_pkt_byte = self.temp_pkt_byte / float(self.temp_flows) 77 | else: 78 | avg_pkt_byte = 0 79 | 80 | # 端口 81 | for ip in self.ip_ports: 82 | self.temp_ports += len(self.ip_ports[ip]) 83 | # chg_ports = self.temp_ports - self.records[1] 84 | chg_ports = self.records[1] / float(self.sleep_time) 85 | # print('chg_ports:', chg_ports) 86 | 87 | # 流增长率 88 | # delta_flow = self.temp_flows - self.records[0] 89 | delta_flow = self.records[0] / float(self.sleep_time) 90 | chg_flow = delta_flow # / self.sleep_time 91 | # print('chg_flow', chg_flow) 92 | 93 | # 源ip增速 94 | self.sip_num = len(self.Sip) 95 | # delta_sip = self.sip_num - self.records[2] 96 | delta_sip = self.records[2] / float(self.sleep_time) 97 | chg_sip = delta_sip # / self.sleep_time 98 | # print('chg_sip', chg_sip) 99 | 100 | self.rcd[0] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) 101 | self.rcd[1] = avg_pkt_num 102 | self.rcd[2] = avg_pkt_byte 103 | self.rcd[3] = chg_ports 104 | self.rcd[4] = chg_flow 105 | self.rcd[5] = chg_sip 106 | self.rcd[6] = 0 107 | # rcd[6]代表的发起的是正常流量 108 | #时间, 1,2,3,4,5, 发起的流量类型,检测的结果类型,是否一致 109 | 110 | clf = joblib.load(detect_config.model_dir) 111 | 112 | # starttime = datetime.datetime.now() 113 | start_time = time.time() 114 | 115 | vec = np.array(self.rcd[1:6]).reshape(1, -1) 116 | result = clf.predict(vec) 117 | self.rcd[7] = result[0] 118 | 119 | endtime = datetime.datetime.now() 120 | duration = time.time()-start_time 121 | 122 | # duration_str = str(endtime-starttime).split('.')[1][:3] 123 | 124 | if self.rcd[6] == self.rcd[7]: 125 | self.rcd[8] = 'correct' 126 | else: 127 | self.rcd[8] = 'wrong' 128 | 129 | if self.rcd[7] == 1: 130 | self.rcd[7] = 'attack' 131 | else: 132 | self.rcd[7] = 'normal' 133 | 134 | 135 | self.rcd[9] = duration 136 | 137 | file = open(filename, 'ab') # a is like >> , and b is byte 138 | strs = '' 139 | n = 0 140 | while n < len(self.rcd): 141 | #print(self.rcd[n]) 142 | strs += str(self.rcd[n]) + " " 143 | n += 1 144 | # print(strs) 145 | file.write(strs + '\n') 146 | file.close() 147 | self.records[0] = self.temp_flows 148 | self.records[1] = self.temp_ports 149 | self.records[2] = self.sip_num 150 | 151 | # switch IN 152 | @set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER) 153 | def _switch_features_handler(self, ev): 154 | datapath = ev.msg.datapath 155 | ofproto = datapath.ofproto 156 | ofp_parser = datapath.ofproto_parser 157 | self.reset() 158 | # install the table-miss flow entry 159 | 160 | # get datapath info 161 | @set_ev_cls(ofp_event.EventOFPStateChange, [MAIN_DISPATCHER, DEAD_DISPATCHER]) 162 | def _state_change_handler(self, ev): 163 | datapath = ev.datapath 164 | if ev.state == MAIN_DISPATCHER: 165 | if datapath.id not in self.datapaths: 166 | self.datapaths[datapath.id] = datapath 167 | self.logger.debug('Register datapath: %16x', datapath.id) 168 | 169 | elif ev.state == DEAD_DISPATCHER: 170 | if datapath.id in self.datapaths: 171 | del self.datapaths[datapath.id] 172 | self.logger.debug('Unregister datapath: %16x', datapath.id) 173 | 174 | 175 | 176 | # send stats request msg to datapath 177 | def _request_stats(self, datapath): 178 | self.logger.debug('send stats request to datapath: %16x', datapath.id) 179 | ofproto = datapath.ofproto 180 | ofp_parser = datapath.ofproto_parser 181 | 182 | # send flow stats request msg 183 | req = ofp_parser.OFPFlowStatsRequest(datapath) 184 | datapath.send_msg(req) 185 | 186 | # handle the flow entries stats reply msg 187 | @set_ev_cls(ofp_event.EventOFPFlowStatsReply, MAIN_DISPATCHER) 188 | def _flow_stats_reply_handler(self, ev): 189 | body = ev.msg.body 190 | 191 | flow_num = 0 192 | pktsNum = 0 193 | byte_counts = 0 194 | for flow in body: 195 | if flow.priority == 1: 196 | #print (flow) 197 | #流 198 | self.temp_flows += 1 199 | #比特数 200 | self.temp_pkt_byte += flow.byte_count 201 | #包数 202 | self.temp_pkt_num += flow.packet_count 203 | #端口增长 204 | #tcp: tcp_src, tcp_dst 205 | if flow.match['ip_proto'] == in_proto.IPPROTO_TCP: 206 | ip = flow.match['ipv4_src'] 207 | if ip not in self.ip_ports: 208 | self.ip_ports.setdefault(ip, []) 209 | tcp_src = flow.match['tcp_src'] 210 | tcp_dst = flow.match['tcp_dst'] 211 | if tcp_src not in self.ip_ports[ip]: 212 | self.ip_ports[ip].append(tcp_src) 213 | ip = flow.match['ipv4_dst'] 214 | if ip not in self.ip_ports: 215 | self.ip_ports.setdefault(ip, []) 216 | if tcp_dst not in self.ip_ports[ip]: 217 | self.ip_ports[ip].append(tcp_dst) 218 | #udp: udp_src, udp_dst // udp lai hui 219 | if flow.match['ip_proto'] == in_proto.IPPROTO_UDP: 220 | #print(flow) 221 | ip = flow.match['ipv4_src'] 222 | if ip not in self.ip_ports: 223 | self.ip_ports.setdefault(ip,[]) 224 | udp_src = flow.match['udp_src'] 225 | udp_dst = flow.match['udp_dst'] 226 | if udp_src not in self.ip_ports[ip]: 227 | self.ip_ports[ip].append(udp_src) 228 | ip = flow.match['ipv4_dst'] 229 | if ip not in self.ip_ports: 230 | self.ip_ports.setdefault(ip,[]) 231 | if udp_dst not in self.ip_ports[ip]: 232 | self.ip_ports[ip].append(udp_dst) 233 | #源ip 234 | Src_ip = flow.match['ipv4_src'] 235 | if Src_ip not in self.Sip: 236 | self.Sip.append(Src_ip) 237 | -------------------------------------------------------------------------------- /light/detected_svm.log: -------------------------------------------------------------------------------- 1 | 2019-03-29 21:19:13 0.948275862069 280.25862069 6.0 5.7 1.4 0 normal correct 0.000369071960449 2 | 2019-03-29 21:19:23 1.0 290.383333333 5.7 5.8 1.5 0 normal correct 0.000169038772583 3 | 2019-03-29 21:19:33 0.806451612903 220.5 5.4 6.0 1.5 0 normal correct 0.000229120254517 4 | 2019-03-29 21:19:43 0.692307692308 206.492307692 5.4 6.2 1.5 0 normal correct 0.000298976898193 5 | 2019-03-29 21:19:53 0.666666666667 163.483333333 5.8 6.5 1.5 0 normal correct 0.000372886657715 6 | 2019-03-29 21:20:03 0.857142857143 262.342857143 5.4 6.0 1.5 0 normal correct 0.000372886657715 7 | 2019-03-29 21:20:13 0.681818181818 223.439393939 5.9 7.0 1.5 0 normal correct 0.000190019607544 8 | 2019-03-29 21:20:23 0.716666666667 170.716666667 6.0 6.6 1.5 0 normal correct 0.000370025634766 9 | 2019-03-29 21:20:33 0.646153846154 145.892307692 4.7 6.0 1.4 0 normal correct 0.000202894210815 10 | 2019-03-29 21:20:43 0.972222222222 261.875 5.2 6.5 1.4 0 normal correct 0.000401020050049 11 | 2019-03-29 21:20:53 0.790322580645 274.419354839 5.6 7.2 1.5 0 normal correct 0.000378847122192 12 | 2019-03-29 21:21:03 0.833333333333 215.116666667 5.4 6.2 1.4 0 normal correct 0.00019097328186 13 | 2019-03-29 21:21:13 1.21739130435 324.608695652 5.4 6.0 1.5 0 normal correct 0.000493049621582 14 | 2019-03-29 21:21:23 0.819672131148 192.147540984 5.7 6.9 1.5 0 normal correct 0.000156164169312 15 | 2019-03-29 21:21:33 1.01515151515 288.424242424 6.0 6.1 1.4 0 normal correct 0.00040602684021 16 | 2019-03-29 21:21:43 0.694915254237 236.949152542 6.1 6.6 1.5 0 normal correct 0.000372886657715 17 | 2019-03-29 21:21:53 0.703125 233.34375 5.8 5.9 1.5 0 normal correct 0.000371932983398 18 | 2019-03-29 21:22:03 0.515151515152 158.545454545 5.5 6.4 1.4 0 normal correct 0.00022292137146 19 | 2019-03-29 21:22:13 0.677419354839 155.209677419 6.2 6.6 1.5 0 normal correct 0.000384092330933 20 | 2019-03-29 21:22:23 0.725806451613 205.258064516 5.0 6.2 1.5 0 normal correct 0.00018310546875 21 | 2019-03-29 21:22:33 1.07042253521 372.422535211 5.6 6.2 1.5 0 normal correct 0.000205993652344 22 | 2019-03-29 21:22:43 0.403846153846 77.4230769231 5.5 7.1 1.5 0 normal correct 0.000305891036987 23 | 2019-03-29 21:22:53 0.809523809524 189.206349206 5.5 5.2 1.4 0 normal correct 0.000371932983398 24 | 2019-03-29 21:23:03 0.971014492754 244.710144928 5.9 6.3 1.5 0 normal correct 0.000352144241333 25 | 2019-03-29 21:23:13 0.825396825397 237.698412698 6.2 6.9 1.4 0 normal correct 0.000207185745239 26 | 2019-03-29 21:23:23 0.84126984127 179.396825397 5.5 6.3 1.5 0 normal correct 0.000324010848999 27 | 2019-03-29 21:23:33 0.867647058824 241.073529412 5.6 6.3 1.4 0 normal correct 0.000679016113281 28 | 2019-03-29 21:23:43 0.612903225806 136.35483871 5.9 6.8 1.5 0 normal correct 0.000392913818359 29 | 2019-03-29 21:23:53 1.01538461538 240.769230769 5.5 6.2 1.5 0 normal correct 0.000414848327637 30 | 2019-03-29 21:24:03 0.530303030303 135.393939394 4.8 6.5 1.4 0 normal correct 0.000197887420654 31 | 2019-03-29 21:24:13 1.19117647059 294.411764706 6.2 6.6 1.5 0 normal correct 0.000297069549561 32 | 2019-03-29 21:24:23 0.8 264.283333333 6.1 6.8 1.5 0 normal correct 0.000384092330933 33 | 2019-03-29 21:24:33 0.630769230769 184.061538462 5.8 6.0 1.5 0 normal correct 0.000339984893799 34 | 2019-03-29 21:24:43 0.746031746032 196.079365079 5.4 6.5 1.3 0 normal correct 0.000245094299316 35 | 2019-03-29 21:24:53 0.833333333333 262.283333333 5.4 6.3 1.5 0 normal correct 0.000303983688354 36 | 2019-03-29 21:25:03 0.578125 188.96875 5.5 6.0 1.5 0 normal correct 0.000213146209717 37 | 2019-03-29 21:25:13 0.819672131148 200.901639344 5.9 6.4 1.5 0 normal correct 0.000208139419556 38 | 2019-03-29 21:25:23 0.983333333333 259.733333333 5.5 6.1 1.5 0 normal correct 0.00018310546875 39 | 2019-03-29 21:25:33 0.701492537313 205.179104478 5.3 6.0 1.4 0 normal correct 0.000223875045776 40 | 2019-03-29 21:25:43 0.704225352113 184.464788732 5.9 6.7 1.5 0 normal correct 0.000308036804199 41 | 2019-03-29 21:25:53 0.584905660377 161.037735849 6.2 7.1 1.5 0 normal correct 0.000237941741943 42 | 2019-03-29 21:26:03 0.790322580645 201.677419355 4.9 5.3 1.3 0 normal correct 0.000409126281738 43 | 2019-03-29 21:26:13 1.04285714286 312.0 5.8 6.2 1.5 0 normal correct 0.00019097328186 44 | 2019-03-29 21:26:23 0.915492957746 263.633802817 6.7 7.0 1.5 0 normal correct 0.00021505355835 45 | 2019-03-29 21:26:33 0.876923076923 244.907692308 5.6 7.1 1.4 0 normal correct 0.000244855880737 46 | 2019-03-29 21:26:43 0.587301587302 104.476190476 6.2 6.5 1.5 0 normal correct 0.000182151794434 47 | 2019-03-29 21:26:53 0.955223880597 285.388059701 5.4 6.3 1.5 0 normal correct 0.000239849090576 48 | 2019-03-29 21:27:03 1.0 261.873015873 6.2 6.7 1.5 0 normal correct 0.000241041183472 49 | 2019-03-29 21:27:13 0.84375 235.546875 4.8 6.3 1.5 0 normal correct 0.000184059143066 50 | 2019-03-29 21:27:23 0.796875 251.984375 6.0 6.4 1.5 0 normal correct 0.000297069549561 51 | 2019-03-29 21:27:33 0.725806451613 208.241935484 5.5 6.4 1.5 0 normal correct 0.000356912612915 52 | 2019-03-29 21:27:43 0.714285714286 290.771428571 5.7 6.2 1.4 0 normal correct 0.000363111495972 53 | 2019-03-29 21:27:53 0.869565217391 253.188405797 5.3 7.0 1.5 0 normal correct 0.000365018844604 54 | 2019-03-29 21:28:03 0.84375 288.109375 5.8 6.9 1.5 0 normal correct 0.000197887420654 55 | 2019-03-29 21:28:13 0.677966101695 147.677966102 6.0 6.4 1.5 0 normal correct 0.000284910202026 56 | 2019-03-29 21:28:23 0.753846153846 179.292307692 5.9 5.9 1.5 0 normal correct 0.000234842300415 57 | 2019-03-29 21:28:33 0.730158730159 187.365079365 5.3 6.5 1.4 0 normal correct 0.000360012054443 58 | 2019-03-29 21:28:43 0.661290322581 199.5 5.7 6.3 1.5 0 normal correct 0.000354051589966 59 | 2019-03-29 21:28:53 0.68115942029 210.927536232 5.6 6.2 1.4 0 normal correct 0.000346899032593 60 | 2019-03-29 21:29:03 0.815384615385 260.815384615 5.4 6.9 1.5 0 normal correct 0.000267028808594 61 | 2019-03-29 21:29:13 0.625 113.946428571 5.5 6.5 1.5 0 normal correct 0.000462055206299 62 | 2019-03-29 21:29:23 0.881355932203 243.084745763 5.9 5.6 1.5 0 normal correct 0.000249862670898 63 | 2019-03-29 21:29:33 0.587301587302 164.777777778 5.9 5.9 1.5 0 normal correct 0.00025486946106 64 | 2019-03-29 21:29:43 1.19718309859 260.704225352 6.1 6.3 1.5 0 normal correct 0.000267028808594 65 | 2019-03-29 21:29:53 0.714285714286 182.0 5.4 7.1 1.5 0 normal correct 0.000317096710205 66 | 2019-03-29 21:30:03 0.671875 192.40625 5.6 6.3 1.5 0 normal correct 0.000189065933228 67 | 2019-03-29 21:30:13 0.838235294118 251.794117647 6.0 6.4 1.5 0 normal correct 0.000258922576904 68 | 2019-03-29 21:30:23 1.04838709677 213.774193548 5.6 6.8 1.5 0 normal correct 0.000239133834839 69 | 2019-03-29 21:30:33 0.986301369863 320.739726027 5.4 6.2 1.5 0 normal correct 0.000181913375854 70 | 2019-03-29 21:30:43 1.15625 283.328125 6.1 7.3 1.5 0 normal correct 0.00019097328186 71 | 2019-03-29 21:30:53 1.109375 246.75 5.2 6.4 1.5 0 normal correct 0.000207901000977 72 | 2019-03-29 21:31:03 0.887096774194 248.822580645 6.0 6.4 1.5 0 normal correct 0.000155925750732 73 | 2019-03-29 21:31:13 0.794117647059 240.617647059 5.2 6.2 1.5 0 normal correct 0.000307083129883 74 | 2019-03-29 21:31:23 0.724137931034 202.931034483 5.2 6.8 1.4 0 normal correct 0.000221014022827 75 | 2019-03-29 21:31:33 0.955223880597 327.104477612 5.2 5.8 1.3 0 normal correct 0.000210046768188 76 | 2019-03-29 21:31:43 0.746031746032 218.428571429 5.7 6.7 1.5 0 normal correct 0.000201940536499 77 | 2019-03-29 21:31:53 0.71875 158.953125 6.0 6.3 1.5 0 normal correct 0.000332117080688 78 | 2019-03-29 21:32:03 0.55737704918 155.786885246 5.8 6.4 1.5 0 normal correct 0.000189065933228 79 | 2019-03-29 21:32:13 0.753846153846 234.738461538 5.9 6.1 1.5 0 normal correct 0.000220060348511 80 | 2019-03-29 21:32:23 0.969230769231 204.507692308 6.3 6.5 1.5 0 normal correct 0.000185012817383 81 | 2019-03-29 21:32:33 0.786885245902 170.62295082 5.5 6.5 1.5 0 normal correct 0.0002281665802 82 | 2019-03-29 21:32:43 0.957142857143 317.528571429 5.7 6.1 1.5 0 normal correct 0.000371932983398 83 | 2019-03-29 21:32:53 1.14754098361 370.475409836 5.7 7.0 1.5 0 normal correct 0.000284910202026 84 | 2019-03-29 21:33:03 0.892307692308 186.153846154 5.8 6.1 1.5 0 normal correct 0.00037693977356 85 | 2019-03-29 21:33:13 0.728813559322 164.254237288 6.2 6.5 1.5 0 normal correct 0.000431060791016 86 | 2019-03-29 21:33:23 0.833333333333 188.444444444 5.4 5.9 1.4 0 normal correct 0.000378131866455 87 | 2019-03-29 21:33:33 0.688524590164 157.0 5.7 7.2 1.5 0 normal correct 0.000372171401978 88 | 2019-03-29 21:33:43 0.707692307692 282.369230769 5.8 6.1 1.5 0 normal correct 0.00037407875061 89 | 2019-03-29 21:33:53 0.746268656716 229.611940299 5.6 6.5 1.5 0 normal correct 0.000209093093872 90 | 2019-03-29 21:34:03 0.777777777778 262.746031746 5.5 6.7 1.4 0 normal correct 0.000197172164917 91 | 2019-03-29 21:34:13 0.371428571429 86.0714285714 6.6 6.3 1.5 0 normal correct 0.000425100326538 92 | 2019-03-29 21:34:23 0.824561403509 214.947368421 6.0 7.0 1.5 0 normal correct 0.000359058380127 93 | 2019-03-29 21:34:33 0.609375 160.09375 5.7 5.7 1.5 0 normal correct 0.000370025634766 94 | 2019-03-29 21:34:43 0.833333333333 216.383333333 5.4 6.4 1.4 0 normal correct 0.000435829162598 95 | 2019-03-29 21:34:53 0.951612903226 251.629032258 5.4 6.0 1.5 0 normal correct 0.000164031982422 96 | 2019-03-29 21:35:03 0.484375 88.0 5.8 6.2 1.5 0 normal correct 0.000177145004272 97 | 2019-03-29 21:35:13 0.666666666667 183.409090909 5.6 6.4 1.5 0 normal correct 0.000171899795532 98 | 2019-03-29 21:35:23 0.6875 138.671875 5.8 6.6 1.5 0 normal correct 0.000283002853394 99 | 2019-03-29 21:35:33 1.15254237288 307.355932203 5.5 6.4 1.5 0 normal correct 0.000286102294922 100 | 2019-03-29 21:35:43 0.915254237288 247.254237288 5.7 5.9 1.5 0 normal correct 0.000298023223877 101 | 2019-03-29 21:45:34 0.132450331126 46.7350993377 5.3 6.2 1.4 1 normal wrong 0.000203847885132 102 | 2019-03-29 21:45:44 0.0476653696498 12.7003891051 30.0 30.2 25.4 1 normal wrong 0.000154972076416 103 | 2019-03-29 21:45:54 0.0533462657614 12.1745877789 101.8 102.8 97.0 1 attack correct 0.000152111053467 104 | 2019-03-29 21:46:04 0.0357487922705 6.88405797101 102.3 103.1 98.1 1 attack correct 0.000166177749634 105 | 2019-03-29 21:46:14 0.0398058252427 11.967961165 102.2 103.5 98.0 1 attack correct 0.000172853469849 106 | 2019-03-29 21:46:24 0.0387596899225 11.7567829457 102.6 103.0 97.8 1 attack correct 0.000152111053467 107 | 2019-03-29 21:46:34 0.0334608030593 8.57265774379 103.4 103.2 97.7 1 attack correct 0.000236988067627 108 | 2019-03-29 21:46:44 0.030303030303 11.1397849462 103.4 104.6 98.1 1 attack correct 0.000186920166016 109 | 2019-03-29 21:46:54 0.0358874878758 7.52279340446 102.9 102.3 98.0 1 attack correct 0.000288009643555 110 | 2019-03-29 21:47:04 0.0464666021297 9.22265246854 102.6 103.1 97.1 1 attack correct 0.000214099884033 111 | 2019-03-29 21:47:14 0.051010587103 16.0471607315 103.2 103.3 97.5 1 attack correct 0.000164985656738 112 | 2019-03-29 21:47:24 0.0336538461538 8.73076923077 102.8 103.9 98.2 1 attack correct 0.000195026397705 113 | 2019-03-29 21:47:34 0.0434782608696 10.1913043478 103.2 104.0 98.2 1 attack correct 0.000189065933228 114 | 2019-03-29 21:47:44 0.0308582449373 8.77242044359 102.6 103.5 97.5 1 attack correct 0.000167846679688 115 | 2019-03-29 21:47:54 0.0358180058083 10.8906098742 102.4 103.7 97.8 1 attack correct 0.000160932540894 116 | 2019-03-29 21:48:04 0.031067961165 11.8330097087 102.7 103.3 97.6 1 attack correct 0.000174999237061 117 | 2019-03-29 21:48:14 0.0401913875598 12.8373205742 102.7 103.0 97.5 1 attack correct 0.00023889541626 118 | 2019-03-29 21:48:24 0.015518913676 4.05140640155 103.4 104.5 98.1 1 attack correct 0.00016188621521 119 | 2019-03-29 21:48:34 0.0281553398058 7.87766990291 102.0 103.1 97.8 1 attack correct 0.000163078308105 120 | 2019-03-29 21:48:44 0.0376811594203 8.46763285024 102.5 103.0 98.4 1 attack correct 0.000212907791138 121 | 2019-03-29 21:48:54 0.0444444444444 11.361352657 102.9 103.5 97.7 1 attack correct 0.000195980072021 122 | 2019-03-29 21:49:04 0.0445304937076 12.9593417231 102.2 103.5 97.3 1 attack correct 0.000209093093872 123 | 2019-03-29 21:49:14 0.0282926829268 6.26829268293 102.7 103.3 97.4 1 attack correct 0.000251054763794 124 | 2019-03-29 21:49:24 0.0126459143969 2.82392996109 101.7 102.5 97.3 1 attack correct 0.000214815139771 125 | 2019-03-29 21:49:34 0.0380487804878 8.91024390244 102.7 102.8 97.4 1 attack correct 0.000231027603149 126 | 2019-03-29 21:49:44 0.04 12.2097560976 101.7 102.5 97.2 1 attack correct 0.000142097473145 127 | 2019-03-29 21:49:54 0.0425943852856 13.334946757 101.9 102.5 97.0 1 attack correct 0.000209093093872 128 | 2019-03-29 21:50:04 0.016699410609 5.61394891945 102.7 103.3 97.7 1 attack correct 0.000195026397705 129 | 2019-03-29 21:50:14 0.0396518375242 9.29013539652 102.1 101.8 97.4 1 attack correct 0.000190019607544 130 | 2019-03-29 21:50:24 0.0300678952473 6.5315227934 102.5 103.4 97.1 1 attack correct 0.000164031982422 131 | 2019-03-29 21:50:34 0.0375360923965 7.0635226179 102.8 103.1 97.4 1 attack correct 0.000277996063232 132 | 2019-03-29 21:50:44 0.0250965250965 8.06756756757 102.9 103.9 97.7 1 attack correct 0.000164985656738 133 | 2019-03-29 21:50:54 0.0415057915058 12.6882239382 103.4 103.6 98.2 1 attack correct 0.00021505355835 134 | 2019-03-29 21:51:04 0.0249759846302 8.83285302594 102.3 103.6 97.2 1 attack correct 0.000153064727783 135 | 2019-03-29 21:51:14 0.046511627907 9.03003875969 103.4 104.1 97.6 1 attack correct 0.000164031982422 136 | 2019-03-29 21:51:24 0.0330097087379 8.9427184466 102.0 103.2 98.1 1 attack correct 0.00022292137146 137 | 2019-03-29 21:51:34 0.0308582449373 9.56509161041 102.5 103.0 97.9 1 attack correct 0.000168085098267 138 | 2019-03-29 21:51:44 0.0165048543689 2.61941747573 103.0 103.7 98.0 1 attack correct 0.000174045562744 139 | 2019-03-29 21:51:54 0.026137463698 9.16263310745 102.5 103.0 98.2 1 attack correct 0.000231027603149 140 | 2019-03-29 21:52:04 0.0329138431752 6.94094869313 103.2 103.3 97.7 1 attack correct 0.000221967697144 141 | 2019-03-29 21:52:14 0.03961352657 9.07246376812 101.9 103.3 97.9 1 attack correct 0.000180959701538 142 | 2019-03-29 21:52:24 0.030888030888 6.52895752896 102.5 103.5 97.8 1 attack correct 0.000159025192261 143 | 2019-03-29 21:52:34 0.0366795366795 12.2905405405 103.1 103.6 98.2 1 attack correct 0.000162124633789 144 | 2019-03-29 21:52:44 0.037037037037 8.62280701754 103.2 103.6 98.0 1 attack correct 0.000163793563843 145 | 2019-03-29 21:52:54 0.0389863547758 8.61403508772 102.4 102.6 97.4 1 attack correct 0.000162124633789 146 | 2019-03-29 21:53:04 0.0260869565217 8.55652173913 102.1 102.6 97.9 1 attack correct 0.000176906585693 147 | 2019-03-29 21:53:14 0.0391595033429 12.8634192932 103.0 103.5 98.4 1 attack correct 0.00016713142395 148 | 2019-03-29 21:53:24 0.0289296046287 9.21022179364 103.1 104.7 97.9 1 attack correct 0.000164985656738 149 | 2019-03-29 21:53:34 0.0357142857143 6.638996139 103.0 103.7 97.9 1 attack correct 0.000180006027222 150 | 2019-03-29 21:53:44 0.0406582768635 10.4385285576 102.8 103.6 98.1 1 attack correct 0.000159025192261 151 | 2019-03-29 21:53:54 0.0299516908213 7.9961352657 102.6 103.3 97.9 1 attack correct 0.000165224075317 152 | 2019-03-29 21:54:04 0.0425120772947 11.6367149758 102.8 103.5 98.1 1 attack correct 0.000158071517944 153 | 2019-03-29 21:54:14 0.0385728061716 12.1195756991 102.6 103.5 98.3 1 attack correct 0.000159025192261 154 | 2019-03-29 21:54:24 0.0290697674419 7.93895348837 101.9 103.7 97.7 1 attack correct 0.000197887420654 155 | 2019-03-29 21:54:34 0.0155642023346 4.96498054475 102.5 103.2 97.9 1 attack correct 0.000324010848999 156 | 2019-03-29 21:54:44 0.0446168768186 14.1474296799 102.8 102.8 97.9 1 attack correct 0.00025486946106 157 | 2019-03-29 21:54:54 0.0412272291467 13.1236816874 102.7 103.1 97.7 1 attack correct 0.000190019607544 158 | 2019-03-29 21:55:04 0.0344827586207 12.2490421456 103.1 104.3 98.0 1 attack correct 0.000164985656738 159 | 2019-03-29 21:55:14 0.0469348659004 13.5909961686 104.4 104.4 98.8 1 attack correct 0.0001540184021 160 | 2019-03-29 21:55:24 0.0413461538462 11.7432692308 102.8 104.4 98.3 1 attack correct 0.000188827514648 161 | 2019-03-29 21:55:34 0.0298651252408 5.93159922929 103.3 104.0 98.8 1 attack correct 0.000194072723389 162 | 2019-03-29 21:55:44 0.0444444444444 11.0173913043 103.4 103.8 97.8 1 attack correct 0.000166893005371 163 | 2019-03-29 21:55:54 0.0251450676983 5.57156673114 102.9 103.5 98.4 1 attack correct 0.000180006027222 164 | 2019-03-29 21:56:04 0.0321011673152 9.92704280156 103.2 103.4 97.8 1 attack correct 0.000169038772583 165 | 2019-03-29 21:56:14 0.0348499515973 9.9651500484 102.6 102.8 98.2 1 attack correct 0.000175952911377 166 | 2019-03-29 21:56:24 0.0272108843537 9.32847424684 102.2 103.3 97.7 1 attack correct 0.000279903411865 167 | 2019-03-29 21:56:34 0.0398832684825 9.81225680934 102.5 102.9 97.3 1 attack correct 0.000195026397705 168 | 2019-03-29 21:56:44 0.0520732883317 17.2835101254 102.9 102.8 97.9 1 attack correct 0.000185966491699 169 | 2019-03-29 21:56:54 0.0480307396734 13.525456292 102.8 103.7 97.9 1 attack correct 0.000207901000977 170 | 2019-03-29 21:57:04 0.0473887814313 10.3849129594 103.2 104.1 97.7 1 attack correct 0.000165939331055 171 | 2019-03-29 21:57:14 0.0300387596899 7.64050387597 102.4 103.4 97.4 1 attack correct 0.000166177749634 172 | 2019-03-29 21:57:24 0.0271580989331 9.5101842871 102.7 103.2 97.3 1 attack correct 0.000181913375854 173 | 2019-03-29 21:57:34 0.0377541142304 11.1219748306 102.5 103.1 97.7 1 attack correct 0.00026798248291 174 | 2019-03-29 21:57:44 0.0335249042146 7.34291187739 102.7 103.3 98.1 1 attack correct 0.000174045562744 175 | 2019-03-29 21:57:54 0.0436893203883 6.34563106796 103.8 104.4 98.3 1 attack correct 0.000195980072021 176 | 2019-03-29 21:58:04 0.0444444444444 11.1169082126 102.0 103.0 97.1 1 attack correct 0.000261068344116 177 | 2019-03-29 21:58:14 0.0436893203883 9.61262135922 102.1 103.5 97.9 1 attack correct 0.000190019607544 178 | 2019-03-29 21:58:24 0.0340798442064 7.90555014606 102.7 103.0 98.3 1 attack correct 0.000167846679688 179 | 2019-03-29 21:58:34 0.0396518375242 9.26789168279 103.3 102.7 97.4 1 attack correct 0.0001540184021 180 | 2019-03-29 21:58:44 0.0599033816425 11.9024154589 102.7 103.4 97.8 1 attack correct 0.000175952911377 181 | 2019-03-29 21:58:54 0.0481695568401 14.5741811175 102.3 103.5 97.9 1 attack correct 0.000272989273071 182 | 2019-03-29 21:59:04 0.0253658536585 3.34243902439 103.2 103.8 97.8 1 attack correct 0.000188827514648 183 | 2019-03-29 21:59:14 0.0204479065239 4.93476144109 102.5 102.5 97.9 1 attack correct 0.000188112258911 184 | 2019-03-29 21:59:24 0.0376811594203 7.57101449275 102.6 102.7 97.6 1 attack correct 0.000178098678589 185 | 2019-03-29 21:59:34 0.0492753623188 14.7768115942 102.4 103.5 98.0 1 attack correct 0.000157833099365 186 | 2019-03-29 21:59:44 0.0463768115942 10.5429951691 102.7 103.5 97.9 1 attack correct 0.000184059143066 187 | 2019-03-29 21:59:54 0.0386473429952 11.9990338164 103.0 103.5 98.0 1 attack correct 0.000193119049072 188 | 2019-03-29 22:00:04 0.0377176015474 10.4487427466 102.6 103.5 98.3 1 attack correct 0.00021505355835 189 | 2019-03-29 22:00:14 0.0396518375242 11.2166344294 103.1 103.4 97.8 1 attack correct 0.000180006027222 190 | 2019-03-29 22:00:24 0.0359922178988 9.25194552529 103.2 103.4 97.9 1 attack correct 0.000482082366943 191 | 2019-03-29 22:00:34 0.0470249520154 10.1986564299 102.3 102.8 97.7 1 attack correct 0.00018310546875 192 | 2019-03-29 22:00:44 0.0330097087379 6.86213592233 102.9 104.2 98.3 1 attack correct 0.00016188621521 193 | 2019-03-29 22:00:54 0.0498084291188 15.4568965517 103.2 103.0 98.5 1 attack correct 0.000163078308105 194 | 2019-03-29 22:01:04 0.0337512054002 9.55544840887 102.9 104.4 97.9 1 attack correct 0.000159978866577 195 | 2019-03-29 22:01:14 0.0376084860174 12.3027965284 103.1 103.7 98.3 1 attack correct 0.000171184539795 196 | 2019-03-29 22:01:24 0.0394610202117 11.7449470645 102.7 103.7 97.5 1 attack correct 0.000227928161621 197 | -------------------------------------------------------------------------------- /light/feature_collector.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | ''' 3 | feature_collector 4 | ''' 5 | 6 | from ryu.base import app_manager 7 | from ryu.controller.handler import set_ev_cls 8 | from ryu.controller.handler import MAIN_DISPATCHER, DEAD_DISPATCHER, CONFIG_DISPATCHER 9 | from ryu.controller import ofp_event 10 | from ryu.lib import hub 11 | from ryu.lib.packet import in_proto 12 | import time 13 | import numpy as np 14 | 15 | filename = 'feature_test.csv' 16 | 17 | class Feature_Collector(app_manager.RyuApp): 18 | ''' 19 | 20 | ''' 21 | def __init__(self,*args,**kwargs): 22 | super(Feature_Collector,self).__init__(*args,**kwargs) 23 | self.datapaths = {} 24 | self.monitor_thread = hub.spawn(self.feature_monitor) 25 | self.interval = 10 26 | self.Sip = [] 27 | self.ip_ports = [] 28 | 29 | ''' 30 | flow(ip) feature: 31 | | flow_num | port_num | src_ip | packet_num | 32 | ''' 33 | self.flow_features = [0,0,0] 34 | 35 | ''' 36 | pkt feature: 37 | | time | avg_pkt_num | avg_pkt_byte | port_rate | flow_rate | sip_rate | 38 | ''' 39 | 40 | self.pkt_feature = [0,0,0,0,0,0] 41 | 42 | '''init period status recorder''' 43 | self.per_pkt_num = 0 44 | self.per_pkt_byte = 0 45 | self.per_ports = 0 46 | self.per_flows = 0 47 | self.sip_num = 0 48 | 49 | 50 | def feature_monitor(self): 51 | while 1: 52 | for sw in self.datapaths.values(): 53 | if sw.id == 1: 54 | self._request_stats(sw) 55 | hub.sleep(self.interval) 56 | self._record_feature() 57 | self.reset() 58 | 59 | 60 | def reset(self): 61 | self.per_pkt_num = 0 62 | self.per_pkt_byte = 0 63 | self.per_ports = 0 64 | self.per_flows = 0 65 | self.sip_num = 0 66 | self.Sip = [] 67 | self.ip_ports = {} 68 | 69 | def _record_feature(self): 70 | #calculate avg_pkt_num 71 | if self.per_flows: 72 | avg_pkt_num = float(self.per_pkt_num)/float(self.per_flows) 73 | else: 74 | avg_pkt_num = 0 75 | 76 | #calculate avg_pkt_byte 77 | if avg_pkt_num: 78 | avg_pkt_byte = self.per_pkt_byte/float(self.per_pkt_num) 79 | else: 80 | avg_pkt_byte = 0 81 | 82 | #cal port_rate 83 | port_rate = self.flow_features[1] / float(self.interval) 84 | 85 | 86 | #cal flow_rate 87 | flow_rate = self.flow_features[0] / float(self.interval) 88 | 89 | #cal sip_rate 90 | sip_rate = self.flow_features[2]/float(self.interval) 91 | 92 | self.pkt_feature[0] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) 93 | self.pkt_feature[1] = avg_pkt_num 94 | self.pkt_feature[2] = avg_pkt_byte 95 | self.pkt_feature[3] = port_rate 96 | self.pkt_feature[4] = flow_rate 97 | self.pkt_feature[5] = sip_rate 98 | 99 | #record feature 100 | file = open(filename,'ab') 101 | featureStr = '' 102 | n = 0 103 | while n < len(self.pkt_feature): 104 | featureStr += str(self.pkt_feature[n])+ ',' 105 | n += 1 106 | file.write(featureStr+'1\n') 107 | print(featureStr+'\n\n') 108 | file.close() 109 | 110 | #record this period flow feature 111 | self.flow_features[0] = self.per_flows 112 | self.flow_features[1] = self.per_ports 113 | self.flow_features[2] = self.sip_num 114 | 115 | #request stats 116 | def _request_stats(self,datapath): 117 | self.logger.debug('sending stats request to datapath:%16x',datapath.id) 118 | ofproto = datapath.ofproto 119 | ofp_parser = datapath.ofproto_parser 120 | 121 | 122 | #send request msg 123 | req = ofp_parser.OFPFlowStatsRequest(datapath) 124 | datapath.send_msg(req) 125 | 126 | 127 | #stats reply handler 128 | @set_ev_cls(ofp_event.EventOFPFlowStatsReply, MAIN_DISPATCHER) 129 | def stats_reply_handler(self,ev): 130 | body = ev.msg.body 131 | 132 | flow_num = 0 133 | pkt_num = 0 134 | byte = 0 135 | 136 | for flow in body: 137 | if flow.priority == 1: 138 | self.per_flows += 1 139 | self.per_pkt_num += flow.packet_count 140 | self.per_pkt_byte += flow.byte_count 141 | 142 | #mark down src ip 143 | src_ip = flow.match['ipv4_src'] 144 | if src_ip not in self.Sip: 145 | self.Sip.append(src_ip) 146 | self.sip_num += 1 147 | 148 | #tcp 149 | if flow.match['ip_proto'] == in_proto.IPPROTO_TCP: 150 | if src_ip not in self.ip_ports: 151 | self.ip_ports.setdefault(src_ip,[]) 152 | tcp_src = flow.match['tcp_src'] 153 | tcp_dst = flow.match['tcp_dst'] 154 | if tcp_src not in self.ip_ports[src_ip]: 155 | self.ip_ports[src_ip].append(tcp_src) 156 | self.per_ports += 1 157 | 158 | ip = flow.match['ipv4_dst'] 159 | if ip not in self.ip_ports: 160 | self.ip_ports.setdefault(ip,[]) 161 | if tcp_dst not in self.ip_ports[ip]: 162 | self.ip_ports[ip].append(tcp_dst) 163 | self.per_ports += 1 164 | 165 | #udp 166 | if flow.match['ip_proto'] == in_proto.IPPROTO_UDP: 167 | if src_ip not in self.ip_ports: 168 | self.ip_ports.setdefault(src_ip,[]) 169 | udp_src = flow.match['udp_src'] 170 | udp_dst = flow.match['udp_dst'] 171 | if udp_src not in self.ip_ports[src_ip]: 172 | self.ip_ports[src_ip].append(udp_src) 173 | self.per_ports += 1 174 | 175 | ip = flow.match['ipv4_dst'] 176 | if ip not in self.ip_ports: 177 | self.ip_ports.set_default(ip,[]) 178 | if udp_dst not in self.ip_ports[ip]: 179 | self.ip_ports[ip].append(udp_dst) 180 | self.per_ports += 1 181 | 182 | 183 | 184 | #switch_in_handler 185 | @set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER) 186 | def switch_features_handler(self,ev): 187 | datapath = ev.msg.datapath 188 | ofproto = datapath.ofproto 189 | opf_parser = datapath.ofproto_parser 190 | self.reset() 191 | 192 | @set_ev_cls(ofp_event.EventOFPStateChange, [MAIN_DISPATCHER, DEAD_DISPATCHER]) 193 | def _state_change_handler(self, ev): 194 | datapath = ev.datapath 195 | if ev.state == MAIN_DISPATCHER: 196 | if datapath.id not in self.datapaths: 197 | self.datapaths[datapath.id] = datapath 198 | self.logger.debug('Register datapath: %16x', datapath.id) 199 | 200 | elif ev.state == DEAD_DISPATCHER: 201 | if datapath.id in self.datapaths: 202 | del self.datapaths[datapath.id] 203 | self.logger.debug('Unregister datapath: %16x', datapath.id) 204 | 205 | 206 | 207 | 208 | -------------------------------------------------------------------------------- /light/flow_simulate/attack_synflood.sh: -------------------------------------------------------------------------------- 1 | sudo ./trafgen --cpp --dev s3 --conf syn.trafgen --gap 10000 2 | -------------------------------------------------------------------------------- /light/flow_simulate/install_syn_flood.sh: -------------------------------------------------------------------------------- 1 | # install the netsniff-ng 2 | #!/bin/bash 3 | 4 | git clone https://github.com/borkmann/netsniff-ng 5 | 6 | sudo apt-get install flex 7 | sudo apt-get install bison 8 | 9 | cd netsniff-ng 10 | ./configure 11 | make 12 | 13 | cp ../syn.trafgen ./trafgen/syn.trafgen 14 | cp ../attack_synflood.sh ./trafgen/attack_synflood.sh 15 | -------------------------------------------------------------------------------- /light/flow_simulate/normal_flow/Rs1.log: -------------------------------------------------------------------------------- 1 | ..enp0s5 2 | s1 3 | -------------------------------------------------------------------------------- /light/flow_simulate/normal_flow/Rs1.py: -------------------------------------------------------------------------------- 1 | ''' 2 | random send packet 3 | ''' 4 | # -*- coding: utf-8 -* 5 | 6 | from scapy.all import * 7 | import random 8 | import time 9 | from port_and_ip import * 10 | 11 | def port_loader(switch = "s2"): 12 | if switch == "s2": 13 | return k2[random.randint(0, len(k2)-1)] 14 | elif switch == "s3": 15 | return k3[random.randint(0, len(k3)-1)] 16 | elif switch == "s4": 17 | return k4[random.randint(0, len(k4)-1)] 18 | elif switch == "s1": 19 | return k1[random.randint(0, len(k1)-1)] 20 | else: 21 | return 80 22 | 23 | class RandomSend(): 24 | def __init__(self, args): 25 | self.switch = args 26 | 27 | def getDstAddress(self): 28 | if self.switch == 's1': 29 | return s1_dst_ip[random.randint(0, len(s1_dst_ip)-1)] 30 | elif self.switch == 's2': 31 | return s2_dst_ip[random.randint(0, len(s2_dst_ip)-1)] 32 | elif self.switch == 's3': 33 | return s3_dst_ip[random.randint(0, len(s3_dst_ip)-1)] 34 | elif self.switch == 's4': 35 | return s4_dst_ip[random.randint(0, len(s4_dst_ip)-1)] 36 | else : 37 | return all[random.randint(0, len(all)-1)] 38 | 39 | def getSrcAddress(self): 40 | if self.switch == 's1': 41 | return s1_all_ip[random.randint(0, len(s1_all_ip)-1)] 42 | elif self.switch == 's2': 43 | return s2_all_ip[random.randint(0, len(s2_all_ip)-1)] 44 | elif self.switch == 's3': 45 | return s3_all_ip[random.randint(0, len(s3_all_ip)-1)] 46 | elif self.switch == 's4': 47 | return s4_all_ip[random.randint(0, len(s4_all_ip)-1)] 48 | else: 49 | return all[random.randint(0, len(all)-1)] 50 | 51 | def getPort(self): 52 | return port_loader(self.switch) 53 | 54 | def sendicmp(self, data='hello_world'): 55 | src_ip = self.getSrcAddress() 56 | #src_ip = '10.0.0.13' 57 | dst_ip = self.getDstAddress() 58 | #dst_ip = '123.0.0.2' 59 | while dst_ip == src_ip: 60 | dst_ip = self.getAddress() 61 | pkt=IP(src=src_ip,dst=dst_ip)/ICMP() 62 | #pkt.show() 63 | send(pkt,count=random.randint(1,5)) 64 | 65 | 66 | def sendtcp(self, data='hello_world'): 67 | src_ip = self.getSrcAddress() 68 | #src_ip = '10.0.0.13' 69 | dst_ip = self.getDstAddress() 70 | #dst_ip = '123.0.0.2' 71 | src_port = self.getPort() 72 | dst_port = self.getPort() 73 | while dst_ip == src_ip: 74 | dst_ip = self.getAddress() 75 | pkt = IP(src=src_ip, dst=dst_ip) / fuzz(TCP(sport=src_port, dport=dst_port)) /data 76 | #pkt.show() 77 | send(pkt,count=random.randint(1,5)) 78 | 79 | 80 | def sendudp(self, data='hello_world'): 81 | src_ip = self.getSrcAddress() 82 | #src_ip = '10.0.0.13' 83 | dst_ip = self.getDstAddress() 84 | #dst_ip = '123.0.0.2' 85 | src_port = self.getPort() 86 | dst_port = self.getPort() 87 | while dst_ip == src_ip: 88 | dst_ip = self.getAddress() 89 | pkt = IP(src=src_ip, dst=dst_ip) / fuzz(UDP(sport=src_port, dport=dst_port)) / data 90 | #pkt.show() 91 | send(pkt,count=random.randint(1,5)) 92 | 93 | def generate_random_str(self, randomlength=16): 94 | random_str = '' 95 | base_str = 'ABCDEFGHIGKLMNOPQRSTUVWXYZabcdefghigklmnopqrstuvwxyz0123456789' 96 | length = len(base_str) - 1 97 | for i in range(randomlength): 98 | random_str += base_str[random.randint(0, length)] 99 | return random_str 100 | 101 | def _send(self): 102 | n = random.randint(0,99) 103 | length = random.randint(18,600) 104 | data = self.generate_random_str(length) 105 | 106 | #tcp 107 | if n < 84: 108 | self.sendtcp(data) 109 | elif n < 94: 110 | self.sendudp(data) 111 | else : 112 | self.sendicmp(data) 113 | 114 | 115 | if __name__ == '__main__': 116 | print(conf.iface) 117 | conf.iface = 's1' 118 | print(conf.iface) 119 | rs = RandomSend("s1") 120 | while True: 121 | rs._send() 122 | time.sleep(0.5) 123 | -------------------------------------------------------------------------------- /light/flow_simulate/normal_flow/Rs2.py: -------------------------------------------------------------------------------- 1 | ''' 2 | random send packet 3 | ''' 4 | # -*- coding: utf-8 -* 5 | 6 | from scapy.all import * 7 | import random 8 | import time 9 | from port_and_ip import * 10 | 11 | def port_loader(switch = "s2"): 12 | if switch == "s2": 13 | return k2[random.randint(0, len(k2)-1)] 14 | elif switch == "s3": 15 | return k3[random.randint(0, len(k3)-1)] 16 | elif switch == "s4": 17 | return k4[random.randint(0, len(k4)-1)] 18 | elif switch == "s1": 19 | return k1[random.randint(0, len(k1)-1)] 20 | else: 21 | return 80 22 | 23 | class RandomSend(): 24 | def __init__(self, args): 25 | self.switch = args 26 | 27 | def getDstAddress(self): 28 | if self.switch == 's1': 29 | return s1_dst_ip[random.randint(0, len(s1_dst_ip)-1)] 30 | elif self.switch == 's2': 31 | return s2_dst_ip[random.randint(0, len(s2_dst_ip)-1)] 32 | elif self.switch == 's3': 33 | return s3_dst_ip[random.randint(0, len(s3_dst_ip)-1)] 34 | elif self.switch == 's4': 35 | return s4_dst_ip[random.randint(0, len(s4_dst_ip)-1)] 36 | else : 37 | return all[random.randint(0, len(all)-1)] 38 | 39 | def getSrcAddress(self): 40 | if self.switch == 's1': 41 | return s1_all_ip[random.randint(0, len(s1_all_ip)-1)] 42 | elif self.switch == 's2': 43 | return s2_all_ip[random.randint(0, len(s2_all_ip)-1)] 44 | elif self.switch == 's3': 45 | return s3_all_ip[random.randint(0, len(s3_all_ip)-1)] 46 | elif self.switch == 's4': 47 | return s4_all_ip[random.randint(0, len(s4_all_ip)-1)] 48 | else: 49 | return all[random.randint(0, len(all)-1)] 50 | 51 | def getPort(self): 52 | return port_loader(self.switch) 53 | 54 | def sendicmp(self, data='hello_world'): 55 | src_ip = self.getSrcAddress() 56 | #src_ip = '10.0.0.13' 57 | dst_ip = self.getDstAddress() 58 | #dst_ip = '123.0.0.2' 59 | while dst_ip == src_ip: 60 | dst_ip = self.getAddress() 61 | pkt=IP(src=src_ip,dst=dst_ip)/ICMP() 62 | #pkt.show() 63 | send(pkt,count=random.randint(1,5)) 64 | 65 | def sendtcp(self, data='hello_world'): 66 | src_ip = self.getSrcAddress() 67 | #src_ip = '10.0.0.13' 68 | dst_ip = self.getDstAddress() 69 | #dst_ip = '123.0.0.2' 70 | src_port = self.getPort() 71 | dst_port = self.getPort() 72 | while dst_ip == src_ip: 73 | dst_ip = self.getAddress() 74 | pkt = IP(src=src_ip, dst=dst_ip) / fuzz(TCP(sport=src_port, dport=dst_port)) /data 75 | #pkt.show() 76 | send(pkt,count=random.randint(1,5)) 77 | 78 | def sendudp(self, data='hello_world'): 79 | src_ip = self.getSrcAddress() 80 | #src_ip = '10.0.0.13' 81 | dst_ip = self.getDstAddress() 82 | #dst_ip = '123.0.0.2' 83 | src_port = self.getPort() 84 | dst_port = self.getPort() 85 | while dst_ip == src_ip: 86 | dst_ip = self.getAddress() 87 | pkt = IP(src=src_ip, dst=dst_ip) / fuzz(UDP(sport=src_port, dport=dst_port)) / data 88 | #pkt.show() 89 | send(pkt,count=random.randint(1,5)) 90 | 91 | def generate_random_str(self, randomlength=16): 92 | random_str = '' 93 | base_str = 'ABCDEFGHIGKLMNOPQRSTUVWXYZabcdefghigklmnopqrstuvwxyz0123456789' 94 | length = len(base_str) - 1 95 | for i in range(randomlength): 96 | random_str += base_str[random.randint(0, length)] 97 | return random_str 98 | 99 | def _send(self): 100 | n = random.randint(0,99) 101 | length = random.randint(18,600) 102 | data = self.generate_random_str(length) 103 | 104 | #tcp 105 | if n < 84: 106 | self.sendtcp(data) 107 | elif n < 94: 108 | self.sendudp(data) 109 | else : 110 | self.sendicmp(data) 111 | 112 | if __name__ == '__main__': 113 | print(conf.iface) 114 | conf.iface = 's2' 115 | print(conf.iface) 116 | rs = RandomSend("s2") 117 | while True: 118 | rs._send() 119 | time.sleep(0.5) -------------------------------------------------------------------------------- /light/flow_simulate/normal_flow/Rs3.py: -------------------------------------------------------------------------------- 1 | ''' 2 | random send packet 3 | ''' 4 | # -*- coding: utf-8 -* 5 | 6 | from scapy.all import * 7 | import random 8 | import time 9 | from port_and_ip import * 10 | 11 | def port_loader(switch = "s2"): 12 | if switch == "s2": 13 | return k2[random.randint(0, len(k2)-1)] 14 | elif switch == "s3": 15 | return k3[random.randint(0, len(k3)-1)] 16 | elif switch == "s4": 17 | return k4[random.randint(0, len(k4)-1)] 18 | elif switch == "s1": 19 | return k1[random.randint(0, len(k1)-1)] 20 | else: 21 | return 80 22 | 23 | class RandomSend(): 24 | def __init__(self, args): 25 | self.switch = args 26 | 27 | def getDstAddress(self): 28 | if self.switch == 's1': 29 | return s1_dst_ip[random.randint(0, len(s1_dst_ip)-1)] 30 | elif self.switch == 's2': 31 | return s2_dst_ip[random.randint(0, len(s2_dst_ip)-1)] 32 | elif self.switch == 's3': 33 | return s3_dst_ip[random.randint(0, len(s3_dst_ip)-1)] 34 | elif self.switch == 's4': 35 | return s4_dst_ip[random.randint(0, len(s4_dst_ip)-1)] 36 | else : 37 | return all[random.randint(0, len(all)-1)] 38 | 39 | def getSrcAddress(self): 40 | if self.switch == 's1': 41 | return s1_all_ip[random.randint(0, len(s1_all_ip)-1)] 42 | elif self.switch == 's2': 43 | return s2_all_ip[random.randint(0, len(s2_all_ip)-1)] 44 | elif self.switch == 's3': 45 | return s3_all_ip[random.randint(0, len(s3_all_ip)-1)] 46 | elif self.switch == 's4': 47 | return s4_all_ip[random.randint(0, len(s4_all_ip)-1)] 48 | else: 49 | return all[random.randint(0, len(all)-1)] 50 | 51 | def getPort(self): 52 | return port_loader(self.switch) 53 | 54 | def sendicmp(self, data='hello_world'): 55 | src_ip = self.getSrcAddress() 56 | #src_ip = '10.0.0.13' 57 | dst_ip = self.getDstAddress() 58 | #dst_ip = '123.0.0.2' 59 | while dst_ip == src_ip: 60 | dst_ip = self.getAddress() 61 | pkt=IP(src=src_ip,dst=dst_ip)/ICMP() 62 | #pkt.show() 63 | send(pkt,count=random.randint(1,5)) 64 | 65 | def sendtcp(self, data='hello_world'): 66 | src_ip = self.getSrcAddress() 67 | #src_ip = '10.0.0.13' 68 | dst_ip = self.getDstAddress() 69 | #dst_ip = '123.0.0.2' 70 | src_port = self.getPort() 71 | dst_port = self.getPort() 72 | while dst_ip == src_ip: 73 | dst_ip = self.getAddress() 74 | pkt = IP(src=src_ip, dst=dst_ip) / fuzz(TCP(sport=src_port, dport=dst_port)) /data 75 | #pkt.show() 76 | send(pkt,count=random.randint(1,5)) 77 | 78 | def sendudp(self, data='hello_world'): 79 | src_ip = self.getSrcAddress() 80 | #src_ip = '10.0.0.13' 81 | dst_ip = self.getDstAddress() 82 | #dst_ip = '123.0.0.2' 83 | src_port = self.getPort() 84 | dst_port = self.getPort() 85 | while dst_ip == src_ip: 86 | dst_ip = self.getAddress() 87 | pkt = IP(src=src_ip, dst=dst_ip) / fuzz(UDP(sport=src_port, dport=dst_port)) / data 88 | #pkt.show() 89 | send(pkt,count=random.randint(1,5)) 90 | 91 | def generate_random_str(self, randomlength=16): 92 | random_str = '' 93 | base_str = 'ABCDEFGHIGKLMNOPQRSTUVWXYZabcdefghigklmnopqrstuvwxyz0123456789' 94 | length = len(base_str) - 1 95 | for i in range(randomlength): 96 | random_str += base_str[random.randint(0, length)] 97 | return random_str 98 | 99 | def _send(self): 100 | n = random.randint(0,99) 101 | length = random.randint(18,600) 102 | data = self.generate_random_str(length) 103 | 104 | #tcp 105 | if n < 84: 106 | self.sendtcp(data) 107 | elif n < 94: 108 | self.sendudp(data) 109 | else : 110 | self.sendicmp(data) 111 | 112 | if __name__ == '__main__': 113 | print(conf.iface) 114 | conf.iface = 's3' 115 | print(conf.iface) 116 | rs = RandomSend("s3") 117 | while True: 118 | rs._send() 119 | time.sleep(0.5) 120 | -------------------------------------------------------------------------------- /light/flow_simulate/normal_flow/bak_flow.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | /bin/bash rs1.sh & 4 | /bin/bash rs2.sh & 5 | /bin/bash rs3.sh & 6 | 7 | # 避免出现意外终止的情况,python2的编码问题,字符集大于255.所以采用这种方式来做守护进程 8 | # 如何终止? 9 | # ps -ef | grep 'python Rs' | awk '{print "kill -9 " $3}' | sh 10 | # ps -ef | grep 'python Rs' | awk '{print "kill -9 " $2}' | sh 11 | # 顺序千万别错! 12 | -------------------------------------------------------------------------------- /light/flow_simulate/normal_flow/port_and_ip.py: -------------------------------------------------------------------------------- 1 | ''' 2 | ports and ips 3 | ''' 4 | 5 | s1_all_ip =['121.0.0.1', '121.0.0.2', '121.0.0.3', '121.0.0.4', '121.0.0.5'] 6 | 7 | 8 | s2_all_ip =['122.0.0.1', '122.0.0.2', '122.0.0.3', '122.0.0.4', '122.0.0.5'] 9 | s3_all_ip =['123.0.0.1', '123.0.0.2', '123.0.0.3', '123.0.0.4', '123.0.0.5'] 10 | 11 | 12 | s1_ports = [21, 23, 25, 80] 13 | s2_ports = [21, 22, 23, 25]#, 80, 443] 14 | s3_ports = [21, 22, 23]#, 25, 80, 443, 11, 13, 18, 19] 15 | 16 | ext_ports = [1599, 2233]#, 15583, 8080, 8088, 9999] 17 | k1 = s1_ports 18 | k2 = s2_ports + ext_ports 19 | k3 = s3_ports + ext_ports 20 | 21 | s1_dst_ip = s2_all_ip + s3_all_ip 22 | s2_dst_ip = s1_all_ip + s3_all_ip 23 | s3_dst_ip = s1_all_ip + s2_all_ip 24 | -------------------------------------------------------------------------------- /light/flow_simulate/normal_flow/rs1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | while [ 1 ]; do 3 | python Rs1.py >> sent.log 4 | done 5 | 6 | -------------------------------------------------------------------------------- /light/flow_simulate/normal_flow/rs2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | while [ 1 ]; do 3 | python Rs2.py >> sent.log 4 | done 5 | 6 | -------------------------------------------------------------------------------- /light/flow_simulate/normal_flow/rs3.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | while [ 1 ]; do 3 | python Rs3.py >> sent.log 4 | done 5 | 6 | -------------------------------------------------------------------------------- /light/flow_simulate/syn.trafgen: -------------------------------------------------------------------------------- 1 | /* TCP SYN attack ( 64byte ) 2 | * Command example: 3 | * trafgen --cpp --dev em2 --conf synflood.trafgen --verbose 4 | * Note: dynamic elements "drnd()" make trafgen slower 5 | */ 6 | 7 | #define ETH_P_IP 0x0800 8 | 9 | #define SYN (1 << 1) 10 | #define ACK (1 << 4) 11 | #define ECN (1 << 6) 12 | 13 | //96:56:b7:79:38:73 14 | 15 | { 16 | /* --- Ethernet Header --- */ 17 | /* NEED ADJUST */ 18 | 0x46, 0x30, 0xae, 0x2c, 0xd6, 0x70, # MAC Destination 19 | 0x00, 0x0c, 0x29, 0xc2, 0x77, 0x12, # MAC Source//drnd(3), # MAC Source 20 | 21 | const16(ETH_P_IP), 22 | /* IPv4 Version, IHL, TOS */ 23 | 0b01000101, 0, 24 | /* IPv4 Total Len */ 25 | const16(46), 26 | /* IPv4 Ident */ 27 | drnd(2), 28 | //const16(2), 29 | 30 | /* IPv4 Flags, Frag Off */ 31 | 0b01000000, 0, 32 | /* IPv4 TTL */ 33 | 64, 34 | /* Proto TCP */ 35 | 0x06, 36 | /* IPv4 Checksum (IP header from, to) */ 37 | csumip(14, 33), 38 | 39 | /* NEED ADJUST */ 40 | 192, 168, drnd(2), # Source IP 41 | 121, 0, 0, 1, # Dest IP 42 | 43 | /* TCP Source Port */ 44 | //drnd(2), 45 | 0x33, drnd(1), 46 | /* TCP Dest Port */ 47 | const16(80), 48 | /* TCP Sequence Number */ 49 | drnd(4), 50 | /* TCP Ackn. Number */ 51 | const32(0), /* NOTICE ACK==zero with SYN packets */ 52 | 53 | /* TCP Header length + Flags */ 54 | //const16((0x5 << 12) | SYN | ECN) /* TCP SYN+ECN Flag */ 55 | const16((0x5 << 12) | SYN | ACK) /* TCP SYN+ACK Flag */ 56 | //const16((0x5 << 12) | SYN) /* TCP SYN Flag */ 57 | //const16((0x5 << 12) | ACK) /* TCP ACK Flag */ 58 | 59 | /* Window Size */ 60 | const16(16), 61 | /* TCP Checksum (offset IP, offset TCP) */ 62 | csumtcp(14, 34), 63 | const16(0), /*PAD*/ 64 | 65 | /* Data */ 66 | "SYNswf" 67 | } 68 | -------------------------------------------------------------------------------- /light/model/Logistic.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | from sklearn.linear_model import LinearRegression 3 | # from sklearn.model import SVC 4 | from sklearn.externals import joblib 5 | from sklearn.linear_model import LogisticRegression 6 | 7 | import random 8 | def GetData(dir='./collect_310.log'): 9 | data0 = [] 10 | data1 = [] 11 | label0 = [] 12 | label1 = [] 13 | with open(dir,'r')as f: 14 | d = f.readline().strip() 15 | while d: 16 | # 时间 时间 五特征 是否攻击 17 | array_data = d.split()[2:] 18 | # print(array_data) 19 | line = [float(i) for i in array_data] 20 | label = line[-1] 21 | dd = line[:-1] 22 | if label == 0: 23 | data0.append(dd) 24 | label0.append(label) 25 | else: 26 | data1.append(dd) 27 | label1.append(label) 28 | d=f.readline().strip() 29 | # print(len(data1),len(data0)) 30 | random.shuffle(data1) 31 | random.shuffle(data0) 32 | 33 | c0=int(len(data0)*2/3) 34 | c1=int(len(data1)*2/3) 35 | train_data=data0[:c0]+data1[:c1] 36 | test_data=data0[c0:]+data1[c1:] 37 | train_label=label0[:c0]+label1[:c1] 38 | test_label=label0[c0:]+label1[c1:] 39 | 40 | train=list(zip(train_data,train_label)) 41 | random.shuffle(train) 42 | train_data,train_label=zip(*train) 43 | test=list(zip(test_data,test_label)) 44 | random.shuffle(test) 45 | test_data,test_label=zip(*test) 46 | print('the number of train\'s data is:', len(train_data)) 47 | print('the number of test\'s data is:', len(test_data)) 48 | return train_data,train_label,test_data, test_label 49 | 50 | 51 | def GetAcc(pre_y,test_label): 52 | acc = 0. 53 | for i in range(len(test_label)): 54 | if pre_y[i] >= 0.5: 55 | pre_y[i] = 1 56 | else: 57 | pre_y[i] = 0 58 | if pre_y[i] == test_label[i]: 59 | acc += 1 60 | print('accuracy is:', acc / len(test_label)) 61 | 62 | 63 | def classification(train_data,train_label,test_data,test_label): 64 | # model = SVC(C=0.1) 65 | # 旧版本,使用线性核提高了计算精度 66 | # model = SVC(C=0.5, kernel='linear') 67 | model = LogisticRegression() 68 | model.fit(train_data, train_label) 69 | # 为了python2版本能够识别 70 | joblib.dump(model, './model_tf_logical.m', protocol=2) 71 | 72 | pre_y0 = model.predict(train_data) 73 | pre_y1 = model.predict(test_data) 74 | GetAcc(pre_y0, train_label) 75 | GetAcc(pre_y1, test_label) 76 | 77 | 78 | if __name__ == '__main__': 79 | train_data, train_label,test_data,test_label=GetData() 80 | classification(train_data,train_label,test_data,test_label) 81 | -------------------------------------------------------------------------------- /light/model/RandomForest.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | from sklearn.linear_model import LinearRegression 3 | from sklearn.svm import SVC 4 | from sklearn.externals import joblib 5 | from sklearn.ensemble import RandomForestClassifier 6 | 7 | 8 | import random 9 | def GetData(dir='./collect_data.log'): 10 | data0 = [] 11 | data1 = [] 12 | label0 = [] 13 | label1 = [] 14 | with open(dir,'r')as f: 15 | d = f.readline().strip() 16 | while d: 17 | # 时间 时间 五特征 是否攻击 18 | array_data = d.split()[2:] 19 | # print(array_data) 20 | line = [float(i) for i in array_data] 21 | label = line[-1] 22 | dd = line[:-1] 23 | if label == 0: 24 | data0.append(dd) 25 | label0.append(label) 26 | else: 27 | data1.append(dd) 28 | label1.append(label) 29 | d=f.readline().strip() 30 | # print(len(data1),len(data0)) 31 | random.shuffle(data1) 32 | random.shuffle(data0) 33 | 34 | c0=int(len(data0)*2/3) 35 | c1=int(len(data1)*2/3) 36 | train_data=data0[:c0]+data1[:c1] 37 | test_data=data0[c0:]+data1[c1:] 38 | train_label=label0[:c0]+label1[:c1] 39 | test_label=label0[c0:]+label1[c1:] 40 | 41 | train=list(zip(train_data,train_label)) 42 | random.shuffle(train) 43 | train_data,train_label=zip(*train) 44 | test=list(zip(test_data,test_label)) 45 | random.shuffle(test) 46 | test_data,test_label=zip(*test) 47 | print('the number of train\'s data is:', len(train_data)) 48 | print('the number of test\'s data is:', len(test_data)) 49 | return train_data,train_label,test_data, test_label 50 | 51 | 52 | def GetAcc(pre_y,test_label): 53 | acc = 0. 54 | for i in range(len(test_label)): 55 | if pre_y[i] >= 0.5: 56 | pre_y[i] = 1 57 | else: 58 | pre_y[i] = 0 59 | if pre_y[i] == test_label[i]: 60 | acc += 1 61 | print('accuracy is:', acc / len(test_label)) 62 | 63 | 64 | def classification(train_data,train_label,test_data,test_label): 65 | # model = SVC(C=0.1) 66 | # model = SVC(C=0.5, kernel='linear') 67 | model = RandomForestClassifier(n_jobs=-1, n_estimators=20, max_features=3, max_depth=5) 68 | model.fit(train_data, train_label) 69 | # 为了python2版本能够识别 70 | joblib.dump(model, './model_tf_forest.m', protocol=2) 71 | 72 | pre_y0 = model.predict(train_data) 73 | pre_y1 = model.predict(test_data) 74 | GetAcc(pre_y0, train_label) 75 | GetAcc(pre_y1, test_label) 76 | 77 | 78 | if __name__ == '__main__': 79 | train_data, train_label,test_data,test_label=GetData() 80 | classification(train_data,train_label,test_data,test_label) 81 | -------------------------------------------------------------------------------- /light/model/SVM.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | from sklearn.linear_model import LinearRegression 3 | from sklearn.svm import SVC 4 | from sklearn.externals import joblib 5 | 6 | import random 7 | def GetData(dir='./collect_data.log'): 8 | data0 = [] 9 | data1 = [] 10 | label0 = [] 11 | label1 = [] 12 | with open(dir,'r')as f: 13 | d = f.readline().strip() 14 | while d: 15 | # 时间 时间 五特征 是否攻击 16 | array_data = d.split()[2:] 17 | # print(array_data) 18 | line = [float(i) for i in array_data] 19 | label = line[-1] 20 | dd = line[:-1] 21 | if label == 0: 22 | data0.append(dd) 23 | label0.append(label) 24 | else: 25 | data1.append(dd) 26 | label1.append(label) 27 | d=f.readline().strip() 28 | # print(len(data1),len(data0)) 29 | random.shuffle(data1) 30 | random.shuffle(data0) 31 | 32 | c0=int(len(data0)*2/3) 33 | c1=int(len(data1)*2/3) 34 | train_data=data0[:c0]+data1[:c1] 35 | test_data=data0[c0:]+data1[c1:] 36 | train_label=label0[:c0]+label1[:c1] 37 | test_label=label0[c0:]+label1[c1:] 38 | 39 | train=list(zip(train_data,train_label)) 40 | random.shuffle(train) 41 | train_data,train_label=zip(*train) 42 | test=list(zip(test_data,test_label)) 43 | random.shuffle(test) 44 | test_data,test_label=zip(*test) 45 | print('the number of train\'s data is:', len(train_data)) 46 | print('the number of test\'s data is:', len(test_data)) 47 | return train_data,train_label,test_data, test_label 48 | 49 | 50 | def GetAcc(pre_y, test_label): 51 | acc = 0. 52 | for i in range(len(test_label)): 53 | if pre_y[i] >= 0.5: 54 | pre_y[i] = 1 55 | else: 56 | pre_y[i] = 0 57 | if pre_y[i] == test_label[i]: 58 | acc += 1 59 | print('accuracy is:', acc / len(test_label)) 60 | 61 | 62 | def classification(train_data, train_label, test_data, test_label): 63 | # using the linear functions as kernel functions 64 | model = SVC(C=0.5, kernel='linear') 65 | model.fit(train_data, train_label) 66 | joblib.dump(model, './model_tf_svm.m', protocol=2) 67 | 68 | pre_y0 = model.predict(train_data) 69 | pre_y1 = model.predict(test_data) 70 | GetAcc(pre_y0, train_label) 71 | GetAcc(pre_y1, test_label) 72 | 73 | 74 | if __name__ == '__main__': 75 | train_data, train_label,test_data,test_label=GetData() 76 | classification(train_data,train_label,test_data,test_label) 77 | -------------------------------------------------------------------------------- /light/model/model_test.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | 3 | from sklearn.externals import joblib 4 | # from sklearn import model 5 | import numpy as np 6 | # from sklearn import model_selection 7 | # import numpy as np 8 | import datetime 9 | import time 10 | import pickle 11 | 12 | 13 | # 主要用于对比多个模型的预测耗时 即模型的检测效率 14 | 15 | if __name__ == '__main__': 16 | starttime = datetime.datetime.now() 17 | 18 | # data = [0.019076305, 316.2105263, 97.1, 97.8, 94.1] 19 | # data = [0.0131034482759, 5.49862068966, 144.3, 144.8, 139.2] 20 | data = [0.0305719921105 ,6.83037475345 ,100.5 ,100.8 ,95.1] 21 | # start_time = time.time() 22 | # print(start_time) 23 | clf = joblib.load("./model_tf_svm.m") 24 | start_time = time.time() 25 | # data = [[0.019076305, 316.2105263, 97.1, 97.8, 94.1], 26 | # [0.972222222,194.3611111, 4.1, 3.4, 1.4, 1]] 27 | 28 | # data = [0.769230769, 221.3589744, 4.3, 4, 1.4] 29 | # data = [0.0131034482759, 5.49862068966, 144.3, 144.8, 139.2] 30 | # data = [0.0348837209302 ,9.64631782946 ,143.3 ,143.2 ,139.4 ] 31 | vec = np.array(data).reshape(1, -1) 32 | 33 | result = clf.predict(vec) 34 | whether_attck = result[0] 35 | print(whether_attck) 36 | if int(whether_attck) == 1: 37 | print("attack") 38 | else: 39 | print("not attack") 40 | 41 | elapse_time = time.time() - start_time 42 | print("svm检测耗时为:" + str(float(elapse_time*1000))+"ms") 43 | 44 | <<<<<<< HEAD 45 | ======= 46 | 47 | clf = joblib.load("./model_tf_logical.m") 48 | # clf = pickle.load("./model_tf_logical.m") 49 | start_time = time.time() 50 | # data = [[0.019076305, 316.2105263, 97.1, 97.8, 94.1], 51 | # [0.972222222,194.3611111, 4.1, 3.4, 1.4, 1]] 52 | 53 | # data = [0.769230769, 221.3589744, 4.3, 4, 1.4] 54 | # data = [0.0131034482759, 5.49862068966, 144.3, 144.8, 139.2] 55 | # data = [0.0348837209302 ,9.64631782946 ,143.3 ,143.2 ,139.4 ] 56 | vec = np.array(data).reshape(1, -1) 57 | 58 | result = clf.predict(vec) 59 | whether_attck = result[0] 60 | print(whether_attck) 61 | if int(whether_attck) == 1: 62 | print("attack") 63 | else: 64 | print("not attack") 65 | 66 | elapse_time = time.time() - start_time 67 | print("逻辑回归检测耗时为:" + str(float(elapse_time * 1000)) + "ms") 68 | >>>>>>> 41b204e06ea827f84d2556ad7ceb168e4dea12bc 69 | 70 | # start_time = time.time() 71 | # print(start_time) 72 | clf = joblib.load("./model_tf_forest.m") 73 | start_time = time.time() 74 | # data = [[0.019076305, 316.2105263, 97.1, 97.8, 94.1], 75 | # [0.972222222,194.3611111, 4.1, 3.4, 1.4, 1]] 76 | 77 | # data = [0.769230769, 221.3589744, 4.3, 4, 1.4] 78 | # data = [0.0131034482759, 5.49862068966, 144.3, 144.8, 139.2] 79 | # data = [0.0348837209302 ,9.64631782946 ,143.3 ,143.2 ,139.4 ] 80 | vec = np.array(data).reshape(1, -1) 81 | 82 | result = clf.predict(vec) 83 | whether_attck = result[0] 84 | print(whether_attck) 85 | if int(whether_attck) == 1: 86 | print("attack") 87 | else: 88 | print("not attack") 89 | 90 | elapse_time = time.time() - start_time 91 | print("随机森林检测耗时为:" + str(float(elapse_time * 1000)) + "ms") -------------------------------------------------------------------------------- /light/model/model_tf_forest.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/light6607/ryu_controller/1f68e33da1f00ade86712f07c872060364c20b6e/light/model/model_tf_forest.m -------------------------------------------------------------------------------- /light/model/model_tf_logical.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/light6607/ryu_controller/1f68e33da1f00ade86712f07c872060364c20b6e/light/model/model_tf_logical.m -------------------------------------------------------------------------------- /light/model/model_tf_svm.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/light6607/ryu_controller/1f68e33da1f00ade86712f07c872060364c20b6e/light/model/model_tf_svm.m -------------------------------------------------------------------------------- /light/model/pca.log: -------------------------------------------------------------------------------- 1 | 2019-03-08 00:00:01 0.5 150.625 3.4 3.2 1.4 0 2 | 2019-03-08 00:00:11 0.939393939394 255.454545455 1.8 1.6 0.8 0 3 | 2019-03-08 00:00:21 0.696428571429 206.339285714 6.3 6.6 1.4 0 4 | 2019-03-08 00:00:31 0.941176470588 377.308823529 5.2 5.6 1.5 0 5 | 2019-03-08 00:00:41 0.931034482759 275.465517241 5.7 6.8 1.5 0 6 | 2019-03-08 00:00:51 0.626865671642 158.194029851 5.0 5.8 1.4 0 7 | 2019-03-08 00:01:01 0.823529411765 270.485294118 6.0 6.7 1.5 0 8 | 2019-03-08 00:01:11 0.939393939394 214.909090909 5.2 6.8 1.5 0 9 | 2019-03-08 00:01:21 1.10606060606 354.818181818 5.8 6.6 1.5 0 10 | 2019-03-08 00:01:31 0.734375 192.375 5.8 6.6 1.5 0 11 | 2019-03-08 00:01:41 0.777777777778 161.46031746 5.6 6.4 1.5 0 12 | 2019-03-08 00:01:51 0.723076923077 194.076923077 6.0 6.3 1.4 0 13 | 2019-03-08 00:02:01 0.731343283582 193.28358209 6.0 6.5 1.5 0 14 | 2019-03-08 00:02:11 0.793103448276 210.655172414 5.9 6.7 1.4 0 15 | 2019-03-08 00:02:21 0.380952380952 136.380952381 5.5 5.8 1.4 0 16 | 2019-03-08 00:02:51 0.622950819672 178.442622951 3.8 3.1 1.4 0 17 | 2019-03-08 00:03:01 0.254237288136 61.1186440678 5.7 6.1 1.5 0 18 | 2019-03-08 00:03:11 0.8 295.833333333 6.0 5.9 1.5 0 19 | 2019-03-08 00:03:21 0.814285714286 217.657142857 5.7 6.0 1.5 0 20 | 2019-03-08 00:03:31 0.671875 160.203125 5.7 7.0 1.5 0 21 | 2019-03-08 00:03:41 0.763636363636 201.418181818 5.7 6.4 1.4 0 22 | 2019-03-08 00:03:51 0.689655172414 191.24137931 5.5 5.5 1.5 0 23 | 2019-03-08 00:04:01 0.806451612903 170.241935484 5.0 5.8 1.4 0 24 | 2019-03-08 00:04:11 0.907692307692 304.092307692 5.7 6.2 1.5 0 25 | 2019-03-08 00:04:21 0.830508474576 217.830508475 5.7 6.5 1.5 0 26 | 2019-03-08 00:04:31 0.822580645161 223.241935484 5.7 5.9 1.5 0 27 | 2019-03-08 00:04:41 0.698412698413 209.031746032 5.6 6.2 1.5 0 28 | 2019-03-08 00:04:51 0.797101449275 236.246376812 5.4 6.3 1.5 0 29 | 2019-03-08 00:05:22 0.666666666667 191.579710145 5.4 6.2 1.5 0 30 | 2019-03-08 09:57:00 0.890625 209.671875 6.1 6.2 1.5 0 31 | 2019-03-08 09:57:10 0.603174603175 140.444444444 5.5 6.4 1.5 0 32 | 2019-03-08 09:57:20 0.753623188406 212.724637681 5.9 6.3 1.4 0 33 | 2019-03-08 09:57:30 0.553846153846 160.030769231 5.8 6.9 1.5 0 34 | 2019-03-08 09:57:40 0.646153846154 130.323076923 5.5 6.5 1.4 0 35 | 2019-03-08 09:57:50 0.666666666667 195.385964912 6.1 6.5 1.5 0 36 | 2019-03-08 09:58:00 0.825396825397 247.206349206 5.6 5.7 1.5 0 37 | 2019-03-08 09:58:10 0.786885245902 169.901639344 5.2 6.3 1.4 0 38 | 2019-03-08 09:58:20 0.698412698413 202.492063492 5.8 6.1 1.4 0 39 | 2019-03-08 09:58:30 0.688524590164 196.983606557 6.0 6.3 1.5 0 40 | 2019-03-08 09:58:40 0.737704918033 188.475409836 5.5 6.1 1.5 0 41 | 2019-03-08 09:58:50 1.12857142857 265.085714286 5.8 6.1 1.4 0 42 | 2019-03-08 09:59:00 0.815384615385 243.646153846 6.2 7.0 1.5 0 43 | 2019-03-08 09:59:10 1.01333333333 301.4 4.8 6.5 1.4 0 44 | 2019-03-08 09:59:20 0.985714285714 308.914285714 5.8 7.5 1.4 0 45 | 2019-03-08 09:59:30 0.938461538462 217.584615385 5.3 7.0 1.5 0 46 | 2019-03-08 09:59:40 0.782608695652 242.956521739 5.6 6.5 1.5 0 47 | 2019-03-08 09:59:50 0.954545454545 270.803030303 5.7 6.9 1.5 0 48 | 2019-03-08 10:00:00 0.383333333333 123.6 5.5 6.6 1.5 0 49 | 2019-03-08 10:00:10 0.723076923077 229.046153846 5.6 6.0 1.5 0 50 | 2019-03-08 10:00:20 0.87037037037 306.796296296 5.9 6.5 1.5 0 51 | 2019-03-08 10:00:30 1.03278688525 271.754098361 5.3 5.4 1.5 0 52 | 2019-03-08 10:00:40 0.704918032787 161.213114754 5.5 6.1 1.5 0 53 | 2019-03-08 10:00:50 0.911764705882 299.426470588 4.8 6.1 1.5 0 54 | 2019-03-08 10:01:00 0.707692307692 181.8 6.8 6.8 1.5 0 55 | 2019-03-08 10:01:10 0.59649122807 164.403508772 5.8 6.5 1.5 0 56 | 2019-03-08 10:01:20 0.661290322581 185.774193548 5.7 5.7 1.5 0 57 | 2019-03-08 10:01:30 0.954545454545 315.545454545 5.4 6.2 1.5 0 58 | 2019-03-08 10:01:40 0.406779661017 144.203389831 6.0 6.6 1.5 0 59 | 2019-03-08 10:01:50 0.475409836066 98.0655737705 5.4 5.9 1.5 0 60 | 2019-03-08 10:02:00 0.707692307692 160.476923077 5.8 6.1 1.5 0 61 | 2019-03-08 10:02:10 1.08219178082 331.794520548 6.5 6.5 1.5 0 62 | 2019-03-08 10:02:20 0.924242424242 217.909090909 6.6 7.3 1.5 0 63 | 2019-03-08 10:02:30 0.859649122807 243.157894737 5.5 6.6 1.5 0 64 | 2019-03-08 10:02:40 0.612903225806 177.016129032 5.8 5.7 1.5 0 65 | 2019-03-08 10:02:50 0.730158730159 148.253968254 5.9 6.2 1.5 0 66 | 2019-03-08 10:03:00 0.878787878788 225.818181818 5.5 6.3 1.5 0 67 | 2019-03-08 10:03:10 0.793650793651 279.952380952 5.7 6.6 1.3 0 68 | 2019-03-08 10:03:20 0.768115942029 207.028985507 5.3 6.3 1.5 0 69 | 2019-03-08 10:03:30 0.859375 279.65625 6.2 6.9 1.5 0 70 | 2019-03-08 10:03:40 0.90625 232.296875 5.1 6.4 1.4 0 71 | 2019-03-08 10:03:50 1.0 249.328125 5.5 6.4 1.5 0 72 | 2019-03-08 10:04:00 0.766666666667 250.0 5.3 6.4 1.5 0 73 | 2019-03-08 10:04:10 1.06060606061 200.075757576 6.0 6.0 1.4 0 74 | 2019-03-08 10:04:20 0.578947368421 176.684210526 5.8 6.6 1.5 0 75 | 2019-03-08 10:04:30 0.661016949153 125.288135593 5.7 5.7 1.5 0 76 | 2019-03-08 10:04:40 0.71186440678 185.372881356 5.5 5.9 1.5 0 77 | 2019-03-08 10:04:50 0.709677419355 182.129032258 5.1 5.9 1.5 0 78 | 2019-03-08 10:05:00 1.16666666667 177.166666667 5.4 6.2 1.5 0 79 | 2019-03-08 10:05:10 1.01587301587 286.079365079 6.0 6.6 1.5 0 80 | 2019-03-08 10:05:20 0.893939393939 186.984848485 4.9 6.3 1.5 0 81 | 2019-03-08 10:05:30 0.769230769231 217.276923077 5.7 6.6 1.5 0 82 | 2019-03-08 10:05:40 0.753623188406 229.391304348 5.5 6.5 1.5 0 83 | 2019-03-08 10:05:50 0.516666666667 198.283333333 6.4 6.9 1.5 0 84 | 2019-03-08 10:06:00 0.587301587302 154.936507937 5.6 6.0 1.4 0 85 | 2019-03-08 10:06:10 0.435483870968 140.129032258 5.4 6.3 1.5 0 86 | 2019-03-08 10:06:20 0.327868852459 128.737704918 5.2 6.2 1.5 0 87 | 2019-03-08 10:06:30 0.636363636364 178.151515152 4.9 6.1 1.4 0 88 | 2019-03-08 10:06:40 0.707692307692 219.169230769 5.5 6.6 1.5 0 89 | 2019-03-08 10:06:50 0.923076923077 295.646153846 5.5 6.5 1.5 0 90 | 2019-03-08 10:07:00 0.707692307692 206.861538462 5.6 6.5 1.5 0 91 | 2019-03-08 10:07:10 0.90625 199.359375 6.4 6.5 1.4 0 92 | 2019-03-08 10:07:20 0.91935483871 254.838709677 5.8 6.4 1.4 0 93 | 2019-03-08 10:07:30 1.14864864865 381.662162162 5.4 6.2 1.4 0 94 | 2019-03-08 10:07:40 0.661016949153 135.559322034 6.3 7.4 1.5 0 95 | 2019-03-08 10:07:50 0.574074074074 210.962962963 5.4 5.9 1.4 0 96 | 2019-03-08 10:08:00 0.741935483871 221.806451613 5.0 5.4 1.4 0 97 | 2019-03-08 10:08:10 1.01388888889 281.583333333 5.4 6.2 1.4 0 98 | 2019-03-08 10:08:20 0.651515151515 191.272727273 6.9 7.2 1.5 0 99 | 2019-03-08 10:08:30 0.769230769231 252.769230769 5.5 6.6 1.5 0 100 | 2019-03-08 10:08:40 0.614035087719 205.473684211 6.2 6.5 1.4 0 101 | 2019-03-22 09:26:32 0.0361881785283 6.30398069964 83.7 84.0 78.8 1 102 | 2019-03-22 09:26:42 0.0365997638725 8.04132231405 82.9 82.9 78.2 1 103 | 2019-03-22 09:26:52 0.0421545667447 14.0245901639 84.5 84.7 79.3 1 104 | 2019-03-22 09:27:02 0.0295159386068 8.87249114522 83.7 85.4 79.5 1 105 | 2019-03-22 09:27:12 0.0248226950355 6.42080378251 84.1 84.7 79.4 1 106 | 2019-03-22 09:27:22 0.0249110320285 7.68801897983 83.8 84.6 79.6 1 107 | 2019-03-22 09:27:32 0.0329024676851 10.5064629847 83.6 84.3 79.5 1 108 | 2019-03-22 09:27:42 0.0599294947121 13.0564042303 84.1 85.1 79.7 1 109 | 2019-03-22 09:27:52 0.0291715285881 10.6429404901 84.4 85.1 79.6 1 110 | 2019-03-22 09:28:02 0.0295508274232 3.45862884161 84.8 85.7 80.5 1 111 | 2019-03-22 09:28:12 0.0535714285714 13.8785714286 83.9 84.6 79.5 1 112 | 2019-03-22 09:28:22 0.0249702734839 6.06658739596 83.4 84.0 79.3 1 113 | 2019-03-22 09:28:32 0.0237247924081 4.37366548043 84.4 84.1 79.7 1 114 | 2019-03-22 09:28:42 0.0424028268551 9.3839811543 84.8 84.3 79.6 1 115 | 2019-03-22 09:28:52 0.0480656506448 9.09495896835 84.8 84.9 79.5 1 116 | 2019-03-22 09:29:02 0.0342789598109 9.67966903073 84.2 85.3 79.1 1 117 | 2019-03-22 09:29:12 0.0330188679245 12.1839622642 84.7 84.6 79.5 1 118 | 2019-03-22 09:29:22 0.0504103165299 7.50996483001 84.2 84.8 79.6 1 119 | 2019-03-22 09:29:32 0.0524475524476 14.1468531469 83.6 85.3 79.6 1 120 | 2019-03-22 09:29:42 0.0521945432977 10.1767497034 84.5 85.8 79.6 1 121 | 2019-03-22 09:29:52 0.0261904761905 4.39880952381 83.9 84.3 79.4 1 122 | 2019-03-22 09:30:02 0.0508875739645 12.6840236686 83.4 84.0 79.3 1 123 | 2019-03-22 09:30:12 0.0448113207547 12.2441037736 83.7 84.5 79.8 1 124 | 2019-03-22 09:30:22 0.0552941176471 11.7329411765 83.7 84.8 79.2 1 125 | 2019-03-22 09:30:32 0.0574443141852 12.7995310668 84.4 85.0 79.7 1 126 | 2019-03-22 09:30:42 0.0235294117647 4.88235294118 83.8 85.3 79.2 1 127 | 2019-03-22 09:30:52 0.0480656506448 13.939038687 84.6 85.0 79.7 1 128 | 2019-03-22 09:31:02 0.0295857988166 5.01893491124 84.7 85.3 79.6 1 129 | 2019-03-22 09:31:12 0.0402366863905 13.0710059172 84.5 84.5 79.7 1 130 | 2019-03-22 09:31:22 0.026159334126 6.60998810939 84.5 84.5 79.3 1 131 | 2019-03-22 09:31:32 0.0297973778308 4.98808104887 84.0 84.1 79.7 1 132 | 2019-03-22 09:31:42 0.0177095631641 7.33412042503 83.9 83.9 79.2 1 133 | 2019-03-22 09:31:52 0.0308422301305 9.15539739027 84.3 84.7 79.5 1 134 | 2019-03-22 09:32:02 0.0339393939394 10.1660606061 83.5 84.3 79.3 1 135 | 2019-03-22 09:32:12 0.0520094562648 9.75650118203 81.8 82.5 77.8 1 136 | 2019-03-22 09:32:22 0.067615658363 16.6903914591 83.8 84.6 79.4 1 137 | 2019-03-22 09:32:32 0.0344827586207 10.0023781213 83.6 84.3 79.3 1 138 | 2019-03-22 09:32:42 0.0352112676056 8.96009389671 83.2 84.1 79.5 1 139 | 2019-03-22 09:32:52 0.0376028202115 9.54994124559 85.1 85.2 80.1 1 140 | 2019-03-22 09:33:02 0.0458823529412 12.4011764706 84.5 85.1 79.5 1 141 | 2019-03-22 09:33:12 0.0189125295508 6.25059101655 85.2 85.0 79.5 1 142 | 2019-03-22 09:33:22 0.0387779083431 13.0799059929 83.8 84.6 79.4 1 143 | 2019-03-22 09:33:32 0.0543093270366 19.4203069658 84.9 85.1 79.5 1 144 | 2019-03-22 09:33:42 0.0403321470937 10.2277580071 84.0 84.7 79.3 1 145 | 2019-03-22 09:33:52 0.0380952380952 8.85357142857 84.0 84.3 79.3 1 146 | 2019-03-22 09:34:02 0.0408163265306 9.04801920768 83.8 84.0 79.0 1 147 | 2019-03-22 09:34:12 0.0378250591017 10.81678487 82.5 83.3 78.5 1 148 | 2019-03-22 09:34:22 0.065011820331 11.0106382979 83.9 84.6 78.8 1 149 | 2019-03-22 09:34:32 0.0486358244365 12.1672597865 83.1 84.6 79.3 1 150 | 2019-03-22 09:34:42 0.0354609929078 6.91607565012 84.9 84.3 79.1 1 151 | 2019-03-22 09:12:12 0.0109489051095 1.5031282586 190.7 191.0 184.0 1 152 | 2019-03-22 09:12:22 0.00834202294056 1.63868613139 190.9 191.8 184.5 1 153 | 2019-03-22 09:12:32 0.00571428571429 1.48727272727 191.4 191.8 184.0 1 154 | 2019-03-22 09:12:42 0.00523012552301 1.51830543933 191.1 192.5 184.4 1 155 | 2019-03-22 09:12:52 0.00677436164669 2.12610734758 189.7 191.2 183.6 1 156 | 2019-03-22 09:13:02 0.00468262226847 1.10978147763 191.4 191.9 184.7 1 157 | 2019-03-22 09:13:12 0.0041819132253 0.954521693675 191.8 192.2 185.4 1 158 | 2019-03-22 09:13:22 0.00939947780679 2.56449086162 191.0 191.3 184.1 1 159 | 2019-03-22 09:13:32 0.00520833333333 1.02552083333 190.0 191.5 183.5 1 160 | 2019-03-22 09:13:42 0.00471451021477 0.887375589314 191.5 192.0 184.8 1 161 | 2019-03-22 09:13:52 0.00629260618773 1.65810173047 190.2 190.9 183.6 1 162 | 2019-03-22 09:14:02 0.00730688935282 0.791231732777 190.3 190.7 184.6 1 163 | 2019-03-22 09:14:12 0.0109660574413 3.63133159269 190.8 191.6 183.7 1 164 | 2019-03-22 09:14:22 0.0109431995831 2.41115164148 191.4 191.5 184.5 1 165 | 2019-03-22 09:14:32 0.00520291363163 1.73048907388 191.1 191.9 185.0 1 166 | 2019-03-22 09:14:42 0.00573215216258 0.586763939552 192.0 192.2 185.2 1 167 | 2019-03-22 09:14:52 0.00728029121165 2.47009880395 191.1 191.9 183.1 1 168 | 2019-03-22 09:15:02 0.00782472613459 2.54877412624 191.4 192.3 185.2 1 169 | 2019-03-22 09:15:12 0.0015625 0.0875 190.9 191.7 185.0 1 170 | 2019-03-22 09:15:22 0.00989583333333 2.8015625 190.4 192.0 184.7 1 171 | 2019-03-22 09:15:32 0.0100105374078 2.11538461538 192.2 192.0 185.3 1 172 | 2019-03-22 09:15:42 0.00676378772112 2.05619146722 188.8 189.8 182.1 1 173 | 2019-03-22 09:15:52 0.0088587806149 2.12558624283 192.0 192.2 185.1 1 174 | 2019-03-22 09:16:02 0.0140478668054 3.37252861602 191.0 191.9 183.6 1 175 | 2019-03-22 09:16:12 0.0103734439834 2.16441908714 191.7 192.2 185.7 1 176 | 2019-03-22 09:16:22 0.0182481751825 5.63399374348 191.6 192.8 185.1 1 177 | 2019-03-22 09:16:32 0.00940438871473 2.61494252874 190.9 191.8 184.7 1 178 | 2019-03-22 09:16:42 0.00624674648621 1.07704320666 191.5 191.4 184.8 1 179 | 2019-03-22 09:16:52 0.0103842159917 1.77310488058 191.1 192.1 184.0 1 180 | 2019-03-22 09:17:02 0.00677436164669 0.706618030224 191.5 192.6 184.8 1 181 | 2019-03-22 09:17:12 0.00994764397906 1.80314136126 191.0 191.9 184.7 1 182 | 2019-03-22 09:17:22 0.00884035361414 3.77119084763 190.0 191.0 184.0 1 183 | 2019-03-22 09:17:32 0.0167101827676 3.7911227154 191.9 192.3 185.0 1 184 | 2019-03-22 09:17:42 0.00730688935282 2.62265135699 191.0 191.5 184.7 1 185 | 2019-03-22 09:17:52 0.0161374284227 4.3841749089 190.3 191.6 184.3 1 186 | 2019-03-22 09:18:02 0.00830737279335 2.35202492212 191.3 192.1 185.3 1 187 | 2019-03-22 09:18:12 0.0062893081761 1.19758909853 191.6 192.6 184.3 1 188 | 2019-03-22 09:18:22 0.00418410041841 0.975418410042 190.0 190.8 183.7 1 189 | 2019-03-22 09:18:32 0.00364014560582 1.38741549662 191.0 191.2 185.4 1 190 | 2019-03-22 09:18:42 0.0124934929724 2.96512233212 191.9 192.3 184.2 1 191 | 2019-03-22 09:18:52 0.0067920585162 2.14681295716 191.5 192.1 184.1 1 192 | 2019-03-22 09:19:02 0.0037674919268 0.866523143165 191.1 191.4 183.7 1 193 | 2019-03-22 09:19:12 0.00682056663169 1.31741867786 185.1 185.8 177.9 1 194 | 2019-03-22 09:19:22 0.00940438871473 2.50313479624 189.5 190.6 183.1 1 195 | 2019-03-22 09:19:32 0.00519750519751 1.45218295218 191.2 191.4 184.8 1 196 | 2019-03-22 09:19:42 0.0103680663556 2.30222913427 191.2 192.4 183.8 1 197 | 2019-03-22 09:19:52 0.0105152471083 2.2181913775 192.3 192.9 185.6 1 198 | 2019-03-22 09:20:02 0.00678851174935 1.04751958225 189.6 190.2 182.5 1 199 | 2019-03-22 09:20:12 0.00624024960998 0.819552782111 191.1 191.5 184.2 1 200 | 201 | -------------------------------------------------------------------------------- /light/model/pca.py: -------------------------------------------------------------------------------- 1 | from sklearn.decomposition import PCA 2 | import matplotlib.pyplot as plt 3 | import numpy as np 4 | 5 | def get_character(dir='./pca.log'): 6 | data = [] 7 | with open(dir, 'r') as f: 8 | # 移除行首行尾空格 9 | d = f.readline().strip() 10 | while d: 11 | array_data = d.split()[2:-1] 12 | float_middle = [] 13 | for item in array_data: 14 | float_middle.append(float(item)) 15 | # print(float_middle) 16 | data.append(float_middle) 17 | d=f.readline().strip() 18 | # pr//int(data) 19 | return data 20 | 21 | if __name__ == '__main__': 22 | 23 | X=get_character('./pca.log') 24 | X = np.array(X) 25 | # print(X.shape) 26 | # exit(0) 27 | pca = PCA(n_components=3) 28 | 29 | X = pca.fit_transform(X) 30 | # print(X.shape) 31 | 32 | #因为要设标签,所以分别装 33 | normal_x=[] 34 | normal_y=[] 35 | normal_z=[] 36 | low_x=[] 37 | low_y=[] 38 | low_z=[] 39 | high_x=[] 40 | high_y=[] 41 | high_z=[] 42 | for i in range(len(X)): 43 | if i < 100: 44 | normal_x.append(X[i][0]) 45 | normal_y.append(X[i][1]) 46 | normal_z.append(X[i][2]) 47 | # print(X[i][0], '\t', X[i][1]) 48 | # plt.scatter(X[i][0], X[i][1], color='green', label='正常') 49 | elif i>=100 and i<150: 50 | low_x.append(X[i][0]) 51 | low_y.append(X[i][1]) 52 | low_z.append(X[i][2]) 53 | # print(X[i][0], '\t', X[i][1]) 54 | # plt.scatter(X[i][0], X[i][1], color='red', label='低强度') 55 | else: 56 | high_x.append(X[i][0]) 57 | high_y.append(X[i][1]) 58 | high_z.append(X[i][2]) 59 | # print(X[i][0], '\t\t', X[i][1]) 60 | # plt.scatter(X[i][0], X[i][1], color='blue', label='高强度') 61 | 62 | g1 = plt.scatter(normal_x, normal_y,c='g')#正常绿色 63 | g2 = plt.scatter(low_x, low_y, c='b')#低强度红色 64 | g3 = plt.scatter(high_x, high_y, c='r')#高强度蓝色 65 | plt.legend(handles=[g1, g2, g3], labels=['normal', 'low', 'high'])#设置标签 66 | plt.show() 67 | 68 | 69 | -------------------------------------------------------------------------------- /light/model/pca_bak1.py: -------------------------------------------------------------------------------- 1 | from sklearn.decomposition import PCA 2 | import matplotlib.pyplot as plt 3 | import numpy as np 4 | 5 | def get_character(dir='./pca.log'): 6 | data = [] 7 | with open(dir, 'r') as f: 8 | # 移除行首行尾空格 9 | d = f.readline().strip() 10 | while d: 11 | array_data = d.split()[2:-1] 12 | float_middle = [] 13 | for item in array_data: 14 | float_middle.append(float(item)) 15 | # print(float_middle) 16 | data.append(float_middle) 17 | d=f.readline().strip() 18 | # pr//int(data) 19 | return data 20 | 21 | if __name__ == '__main__': 22 | 23 | X=get_character('./pca.log') 24 | # print(X) 25 | 26 | X = np.array(X).reshape(1, -1) 27 | 28 | pca = PCA(n_components=2) 29 | 30 | X = pca.fit(X).transform(X) 31 | 32 | for i in range(200): 33 | if i < 100: 34 | print(X[i][0], '\t', X[i][1]) 35 | plt.scatter(X[i][0], X[i][1], color='green', label='正常') 36 | elif i>=100 and i<150: 37 | print(X[i][0], '\t', X[i][1]) 38 | plt.scatter(X[i][0], X[i][1], color='red', label='低强度') 39 | else: 40 | print(X[i][0], '\t\t', X[i][1]) 41 | plt.scatter(X[i][0], X[i][1], color='blue', label='高强度') 42 | 43 | plt.show() 44 | 45 | 46 | -------------------------------------------------------------------------------- /light/result.py: -------------------------------------------------------------------------------- 1 | # -*- coding: UTF-8 -*- 2 | # light 3 | from __future__ import division 4 | # python2 the / and the // future need to import this 5 | 6 | 7 | # 2019-03-29 23:16:56 0.0405014464802 9.80135004822 102.8 102.6 97.3 1 attack correct 0.00224900245667 8 | # 2019-03-29 23:17:06 0.0405014464802 8.72902603664 102.8 103.7 98.2 1 attack correct 0.00224709510803 9 | # 2019-03-29 23:17:16 0.0297504798464 10.1026871401 102.8 103.7 98.4 1 attack correct 0.00241303443909 10 | # 2019-03-29 23:17:26 0.0310981535471 9.04373177843 103.0 104.2 98.3 1 attack correct 0.00250005722046 11 | # 2019-03-29 23:17:36 0.0251207729469 6.45314009662 102.8 102.9 97.6 1 attack correct 0.00230288505554 12 | 13 | def get_final_result(filename=""): 14 | time_array = [] 15 | flow_mode = [] 16 | check_result = [] 17 | self_jude = [] 18 | with open(filename, 'r') as f: 19 | for one in f.readlines(): 20 | # print(one) 21 | data = one.split() 22 | # print(data[7]) 23 | flow_mode.append(int(float(data[7]))) 24 | if data[8] == "attack": 25 | check_result.append(1) 26 | elif data[8]== "normal": 27 | check_result.append(0) 28 | # check_result.append(int(float(data[8]))) 29 | time_array.append(float(data[10])) 30 | self_jude.append(data[9]) 31 | # print(flow_mode) 32 | # print(check_result) 33 | # print(time_array) 34 | # print(self_jude) 35 | 36 | # 正常流量误报率,正常流量中却报为错误 37 | normal_error = 0 38 | total_normal = 0 39 | for i in range(len(flow_mode)): 40 | if flow_mode[i] == 0: 41 | total_normal += 1 42 | if check_result[i] == 1: 43 | normal_error += 1 44 | # print(normal_error) 45 | # print(total_normal) 46 | 47 | normal_error_rate = normal_error / total_normal * 100 48 | print("正常流量误报率为:" + str(normal_error_rate) + '%') 49 | 50 | # 异常流量误报率 51 | attack_wrong = 0 52 | total_attack = 0 53 | for i in range(len(flow_mode)): 54 | if flow_mode[i] == 1: 55 | total_attack += 1 56 | if check_result[i] == 0: 57 | attack_wrong += 1 58 | 59 | attack_reg_wrong_rate = float(attack_wrong / total_attack) * 100 60 | print("异常流量误报率" + str(attack_reg_wrong_rate) + "%") 61 | 62 | # 统计总体准确率 正确识别占据所有流量的统计 63 | i = 0 64 | for item in self_jude: 65 | if item == "correct": 66 | i += 1 67 | rate = i / len(self_jude) * 100 68 | print("准确率" + str(rate) + "%") 69 | 70 | # 统计平均耗时 71 | total_cost = 0 72 | for item in time_array: 73 | total_cost += item 74 | average_time = total_cost / len(time_array) * 1000 75 | print("平均耗时为" + str(average_time) + " ms") 76 | 77 | 78 | 79 | if __name__ == '__main__': 80 | print("SVM识别结果") 81 | get_final_result('detected_svm.log') 82 | 83 | print("随机森林识别结果") 84 | get_final_result('detected_forest.log') 85 | -------------------------------------------------------------------------------- /light/topo.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: UTF-8 -*- 3 | # 定义实验基本网络拓扑 4 | from mininet.net import Mininet 5 | from mininet.node import Controller, RemoteController, OVSController 6 | from mininet.node import CPULimitedHost, Host, Node 7 | from mininet.node import OVSKernelSwitch, UserSwitch 8 | from mininet.node import IVSSwitch 9 | from mininet.cli import CLI 10 | from mininet.log import setLogLevel, info 11 | from mininet.link import TCLink, Intf 12 | from subprocess import call 13 | 14 | 15 | def myNetwork(): 16 | net = Mininet(topo=None, 17 | build=False, 18 | ipBase='10.0.0.0/8') 19 | 20 | info('*** Adding controller\n') 21 | c0 = net.addController(name='c0', 22 | controller=RemoteController, 23 | protocol='tcp', 24 | port=6653) 25 | 26 | info('*** Add switches\n') 27 | s1 = net.addSwitch('s1', cls=OVSKernelSwitch) 28 | s2 = net.addSwitch('s2', cls=OVSKernelSwitch) 29 | s3 = net.addSwitch('s3', cls=OVSKernelSwitch) 30 | 31 | info('*** Add hosts\n') 32 | h1 = net.addHost('h1', cls=Host, ip='121.0.0.1', defaultRoute=None) 33 | h2 = net.addHost('h2', cls=Host, ip='121.0.0.2', defaultRoute=None) 34 | h3 = net.addHost('h3', cls=Host, ip='121.0.0.3', defaultRoute=None) 35 | h4 = net.addHost('h4', cls=Host, ip='121.0.0.4', defaultRoute=None) 36 | h5 = net.addHost('h5', cls=Host, ip='121.0.0.5', defaultRoute=None) 37 | h6 = net.addHost('h6', cls=Host, ip='122.0.0.1', defaultRoute=None) 38 | h7 = net.addHost('h7', cls=Host, ip='122.0.0.2', defaultRoute=None) 39 | h8 = net.addHost('h8', cls=Host, ip='122.0.0.3', defaultRoute=None) 40 | h9 = net.addHost('h9', cls=Host, ip='122.0.0.4', defaultRoute=None) 41 | h10 = net.addHost('h10', cls=Host, ip='122.0.0.5', defaultRoute=None) 42 | h11 = net.addHost('h11', cls=Host, ip='123.0.0.1', defaultRoute=None) 43 | h12 = net.addHost('h12', cls=Host, ip='123.0.0.2', defaultRoute=None) 44 | h13 = net.addHost('h13', cls=Host, ip='123.0.0.3', defaultRoute=None) 45 | h14 = net.addHost('h14', cls=Host, ip='123.0.0.4', defaultRoute=None) 46 | h15 = net.addHost('h15', cls=Host, ip='123.0.0.5', defaultRoute=None) 47 | 48 | info('*** Add links\n') 49 | net.addLink(s1, h1) 50 | net.addLink(s1, h2) 51 | net.addLink(s1, h3) 52 | net.addLink(s1, h4) 53 | net.addLink(s1, h5) 54 | net.addLink(s2, h6) 55 | net.addLink(s2, h7) 56 | net.addLink(s2, h8) 57 | net.addLink(s2, h9) 58 | net.addLink(s2, h10) 59 | net.addLink(s3, h11) 60 | net.addLink(s3, h12) 61 | net.addLink(s3, h13) 62 | net.addLink(s3, h14) 63 | net.addLink(s3, h15) 64 | s1s2 = {'bw': 100} 65 | net.addLink(s1, s2, cls=TCLink, **s1s2) 66 | s1s3 = {'bw': 100} 67 | net.addLink(s1, s3, cls=TCLink, **s1s3) 68 | 69 | info('*** Starting network\n') 70 | net.build() 71 | info('*** Starting controllers\n') 72 | for controller in net.controllers: 73 | controller.start() 74 | 75 | info('*** Starting switches\n') 76 | net.get('s3').start([c0]) 77 | net.get('s2').start([c0]) 78 | net.get('s1').start([c0]) 79 | 80 | info('*** Post configure switches and hosts\n') 81 | s3.cmd('ifconfig s3 123.0.0.11') 82 | s2.cmd('ifconfig s2 122.0.0.11') 83 | s1.cmd('ifconfig s1 121.0.0.11') 84 | 85 | h1.cmd('ip route add 0.0.0.0/0 dev h1-eth0 scope link') 86 | h2.cmd('ip route add 0.0.0.0/0 dev h2-eth0 scope link') 87 | h3.cmd('ip route add 0.0.0.0/0 dev h3-eth0 scope link') 88 | h4.cmd('ip route add 0.0.0.0/0 dev h4-eth0 scope link') 89 | h5.cmd('ip route add 0.0.0.0/0 dev h5-eth0 scope link') 90 | h6.cmd('ip route add 0.0.0.0/0 dev h6-eth0 scope link') 91 | h7.cmd('ip route add 0.0.0.0/0 dev h7-eth0 scope link') 92 | h8.cmd('ip route add 0.0.0.0/0 dev h8-eth0 scope link') 93 | h9.cmd('ip route add 0.0.0.0/0 dev h9-eth0 scope link') 94 | h10.cmd('ip route add 0.0.0.0/0 dev h10-eth0 scope link') 95 | h11.cmd('ip route add 0.0.0.0/0 dev h11-eth0 scope link') 96 | h12.cmd('ip route add 0.0.0.0/0 dev h12-eth0 scope link') 97 | h13.cmd('ip route add 0.0.0.0/0 dev h13-eth0 scope link') 98 | h14.cmd('ip route add 0.0.0.0/0 dev h14-eth0 scope link') 99 | h15.cmd('ip route add 0.0.0.0/0 dev h15-eth0 scope link') 100 | 101 | CLI(net) 102 | net.stop() 103 | 104 | 105 | if __name__ == '__main__': 106 | setLogLevel('info') 107 | myNetwork() 108 | 109 | --------------------------------------------------------------------------------