DoSDetection.py 1.67 KB
import pyshark as pyshark
import os
import subprocess
import CBF2 as CBF
import threading
import time
import schedule

#pps_threshold 설정 필요

def LiveSniffer(net_interface, cbf):
    capture = pyshark.LiveCapture(interface=net_interface, bpf_filter= 'dst 192.168.219.110 && tcp') # 캡쳐 프로세스 생성
    capture.set_debug()
    for packet in capture.sniff_continuously():
        PktFiltering(packet, cbf)


def PktFiltering(pkt, filter): # 패킷의 src IP address를 기반으로 flooding 공격 탐지(packet per second)
    print(pkt.ip.src, " to ", pkt.ip.dst)
    count = filter.insert_to_cbf(pkt.ip.src) # 해시결과들 중 최소값 리턴
    print(count)
    if count > 10: # cbf에 10 이상의 값이 매핑되어 있을 때 (threshold)
        print("Anomal packet flow detected. source IP: ", pkt.ip.src, ", Suspicious Alert")
        

def CntDecrement(c_bf):
    for k in range (len(c_bf)):
        if c_bf[k]: 
            c_bf[k] -= 1
        else:
            continue
    print("Dec all completed.")



def main():
    print("capturing start")

    try:
        capture = pyshark.LiveCapture(interface='wlp2s0', bpf_filter='tcp', display_filter= 'ip.dst == 192.168.219.100') # 캡쳐 프로세스 생성
        #capture.set_debug()
        filter = CBF.Counting_bloom_filter(8000, 0.01) # CBF 초기화
        print("CB-Filter Length: ", filter.length)
        schedule.every(0.008).seconds.do(CntDecrement, filter.c_bf)
        for packet in capture.sniff_continuously():
            PktFiltering(packet, filter)
            schedule.run_pending()

    except KeyboardInterrupt:
        print("\nPressed Ctrl+C: End Capturing")


if __name__ == "__main__":
    main()