📄 nodeserver.java
字号:
/*================= * Copyright (C) 2001 Hajime Inoue * * Lisys is a program that monitors TCP SYN packets to detect network * traffic anomalies. * * Licensed under the GNU General Public License (GPL), version 2 or * higher. Please see the COPYING and PATENT files included with the * Lisys distribution, which can be found at: * * http://www.cs.unm.edu/~judd/lisys/ * * Also, the current text of the GPL can be found at: * * http://www.gnu.org/copyleft/gpl.html * * Note that Lisys has NO WARRANTY! *=================*/package edu.unm.cs.lisys.detection;import edu.unm.cs.lisys.debug.*;import edu.unm.cs.lisys.detection.bip.*;import edu.unm.cs.lisys.detection.bif.*;import edu.unm.cs.lisys.detection.matchrule.*;import edu.unm.cs.lisys.net.SimpleServer;import java.lang.System;import java.net.URLEncoder;import java.net.InetAddress;import java.util.*;import java.io.*;/**========== * NodeServer.java * * Many people have worked on this code. Here they are, in the order * they've worked on it: * @author Todd Kaplan <kaplan@cs.unm.edu> * @author Hajime Inoue <hinoue@cs.unm.edu> * @author Dennis Chao <dlchao@cs.unm.edu> * @author Justin Balthrop <judd@cs.unm.edu> * * A server that manages a single DetectionNode. One NodeServer should * probably run on each machine in the network. * * The protocol is as follows: * <ul> * <li>The first line is one of the following commands: * BROADCAST, COSTIMULATE, STATS, SAVE, MAIL, or ANOMALIES. * Case doesn't matter. * * <li>If the command is BROADCAST, the next line contains * how many bips there are. Each subsequent line is then * a bip. The number of subsequent lines (and hence bips) * should equal the integer given on the first line. * * <li>If the command is COSTIMULATE, the next line is the anomalous * bip. * * <li>If the command is STATS, statistics about the server are * returned in a yet undefined manner. * * <li>If the command is MAIL, mail will be sent to the usual list * of recipients. * * <li>If the command is SAVE, the detector will be serialized to * hostname.dnd. * * <li>If the command is ANOMALIES, the detector will output its * list of anomalies. * </ul> *==========*/ public class NodeServer extends SimpleServer implements Serializable{ // Command string values private static final String broadcast = "BROADCAST"; private static final String costimulate = "COSTIMULATE"; private static final String stats = "STATS"; private static final String save = "SAVE"; private static final String mail = "MAIL"; private static final String anomalies = "ANOMALIES"; // Parameters are stored here private Parameters parameters; private DetectionNode _node; // the detection node private Vector anomalyLinks; // stores current anomalies private Vector mailLinks; // stores anomalies to be mailed private String localIPMask; private String anomalyFilename; // anomaly log filename private transient PrintWriter anomalyFile; // anomaly log file private static final String anomalyLogFileKey = "anomalies.log.file"; // Statistics private int bipsSinceLastMail = 0; private int bipsSinceLastSave = 0; /**========== * NodeServer: * Constructor that reads in the parameters from the supplied * filename, initializes them, and sets things like the biptype. *==========*/ public NodeServer(String filename) { // Read in parameters parameters = new Parameters(filename); // Start initialization port = parameters.getPort(); mailLinks = new Vector(); anomalyLinks = new Vector(); anomalyFilename = parameters.getAnomaliesLog(); try { localIPMask = InetAddress.getLocalHost().getHostAddress(); localIPMask = localIPMask.substring(0, localIPMask.lastIndexOf('.')); } catch(Exception e) { System.err.println(e); e.printStackTrace(); } _node = new DetectionNode(parameters.getNumberOfDetectors(), parameters.getMatchRule(), parameters.getBIPType(), parameters.getBIFType(), parameters.getBIPLength(), parameters.getTolerizationPeriod(), parameters.useMemory(), parameters.getMaximumNumberOfMemoryDetectors(), parameters.getSensitivityIncrement(), parameters.getSensitivityDecay(), parameters.getRandomSeed(), parameters.getActivationThreshold(), parameters.getCostimulationDelay(), parameters.getDeathProbability(), parameters.getMatchLength(), parameters.getMatchDecay()); Date d = new Date(); System.err.println("Constructed on " + d.toString()); } /**========== * readObject: * Deserializes this object from a stream. Calls the default * method then reconstitutes the anomaly log stream. *==========*/ private void readObject(ObjectInputStream stream) throws IOException, ClassNotFoundException { Date d = new Date(); System.err.println("Deserializing on " + d.toString()); stream.defaultReadObject( ); openLog(); } /**========== * serveConnection: * Figures out whether this is statistics request, costimulation * order, or input from the broadcast node. *==========*/ public void serveConnection(InputStream ins, OutputStream outs) throws Exception { Debug.verbose("Getting a connection!"); // Attach the streams to more convenient ones BufferedReader in = new BufferedReader(new InputStreamReader(ins)); PrintWriter out = new PrintWriter(outs); // Do a little bit of parsing String line = in.readLine().trim(); String command = line; String args = ""; if (line.indexOf(' ') != -1) { command = line.substring(0, line.indexOf(' ')).trim(); args = line.substring(line.indexOf(' ') + 1).trim(); } Debug.standard(command + ":" + args); if (command.toUpperCase().equals(broadcast)) readBips(args, in, out); else if (command.toUpperCase().equals(costimulate)) readCostimulate(in, out); else if (command.toUpperCase().equals(stats)) readStats(in, out); else if (command.toUpperCase().equals(mail)) readMail(in, out); else if (command.toUpperCase().equals(save)) save(); else if (command.toUpperCase().equals(anomalies)) printAnomalies(in, out); else readError(command, in, out); out.flush(); } public void init(String filename) { try { FileReader fir= new FileReader(filename); BufferedReader in = new BufferedReader(fir); PrintWriter out = new PrintWriter(System.err); String biptype = parameters.getBIPType(); String bipline; while((bipline = in.readLine()) != "") { bipline = localIPMask + " " + bipline; Debug.verbose(bipline); BinaryInputPattern bip = (BinaryInputPattern)Class.forName(biptype).newInstance(); bip.constructBinaryString(bipline); boolean anomaly = _node.isAnomalous(bip); bipsSinceLastMail++; bipsSinceLastSave++; if ( bipsSinceLastMail > parameters.getCostimulationMailDelay() && mailLinks.size() != 0 ) mailHumanOperator(); if ( bipsSinceLastSave > parameters.getSaveDelay() ) { save(); } } } catch(Exception e) { Debug.exception(this, e); } } public void save() { try { FileOutputStream fos = new FileOutputStream(parameters.getSaveFile()); ObjectOutputStream out = new ObjectOutputStream(fos); bipsSinceLastSave = 0; out.writeObject(this); out.flush(); out.close(); } catch(Exception e) { Debug.exception(this, e); } } /**========== * readBips: * Reads a series of BIPS and checks if they are anomalous. At * the end, it checks to see if the BIP count is greater than * the specified amount and sends an email to the operator if * need be. *==========*/ private void readBips(String biptype, BufferedReader in, PrintWriter out) { String bipline = ""; boolean alarm = false; int bips = 0; try { bips = Integer.parseInt(in.readLine()); } catch(Exception e) { Debug.exception(this, e); return; } biptype = parameters.getBIPType(); ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -