nodeserver.java

基于人工免疫原理的入侵检测系统框架

	for(int i=0; i < bips; i++) {
	    try {
		bipline = in.readLine();        
		if ( bipline != "" ) {
		    BinaryInputPattern bip = 
			(BinaryInputPattern)Class.forName(biptype).newInstance();
		    Debug.verbose(bipline);
		    bip.constructBinaryString(bipline);

		    if (_node.isAnomalous(bip)) {
			alarm=true;
			addCostimulationLink(bipline);
		    }
		}
		else
		    break;
	    }
	    catch(Exception e) {
		Debug.exception("Packet source and destination outside network: " +
				bipline, e);
		break;
	    }
            
	    if ( ++bipsSinceLastMail > parameters.getCostimulationMailDelay() &&
		 mailLinks.size() != 0 )
		mailHumanOperator();
	    
	    if ( ++bipsSinceLastSave > parameters.getSaveDelay() ) {
		bipsSinceLastSave = 0;
		save(); 
	    }
	}
    }
    
    /**==========
     * readCostimulate:
     *   Handle the costimulate command.
     *==========*/
    private void readCostimulate(BufferedReader in, PrintWriter out)
    {
	String bipline = "";
	String biptype = parameters.getBIPType();
        
	try { 
	    bipline = in.readLine(); 
	}
	catch(IOException e) {
	    Debug.exception(this, e);
	}
        
	if ( !bipline.trim().equals("") ) {
	    try {
		BinaryInputPattern bip = 
		    (BinaryInputPattern)Class.forName(biptype).newInstance();
		bip.constructBinaryString(bipline);
		_node.costimulate(bip);
                
		String part1 = bipline.substring(0, bipline.indexOf('<'));
		String part2 = bipline.substring(bipline.indexOf('<')+1);
		out.println(part1 + " &lt " + part2 + " was costimulated.\n");
	    }
	    catch(Exception e) {
		Debug.exception(this, e);
		out.println("Unable to construct the BIP.\n");
	    }
	} 
	else {
	    out.println("The BIP was formatted improperly.\n");
	}
	out.flush();
    }
    
    /**==========
     * readStats
     *   Should print out stats but doesn't do much now.  
     *==========*/
    private void readStats(BufferedReader in, PrintWriter out)
    {
	out.println(_node.getNumBipsReceived() + " bips received.");
	out.println(bipsSinceLastMail + " since last mail.");
	out.println(bipsSinceLastSave + " since last save.");
	out.println(_node.getNumAnomalies() + " anomalies.");
	out.println(_node.getNumDetectors() + " detectors.");
	out.println(_node.getNumMemoryDetectors() + " memory detectors.");
	out.println(_node.getSensitivityLevel() + " sensitivity level.");
	out.println(_node.getNumMatureDetectors() + " mature detectors.");
	out.println(_node.getNumActivatedDetectors() + " activated detectors.");
	out.flush();
    }
    
    private void readMail(BufferedReader in, PrintWriter out)
    {
	int bips = bipsSinceLastMail;
	mailHumanOperator();
	out.println("Mailed Human operator " + bips + " messages.");
	out.flush();
    }
    
    private void printAnomalies(BufferedReader in, PrintWriter out)
    {
	out.println(anomalyLinks.size() + " anomalies\n");
	for (Enumeration e = anomalyLinks.elements(); e.hasMoreElements(); ) {
	    String singleLink = (String) e.nextElement(); 
	    out.println(singleLink);
	}
    }
    
    /**==========
     * readError:
     *   Handle illegal commands.
     *==========*/
    private void readError(String command, BufferedReader in, PrintWriter out)
    {
	out.println(command + " is not a legal command.");
    }

    /**==========
     * mailHumanOperator:
     *   Sends in a bip list to the human operator.
     *==========*/  
    private void mailHumanOperator()
    {
	Debug.standard("\n\n MAILED HUMAN OPERATORS \n\n");
	Vector recipientList = parameters.getCostimulationMailList();
	String recipients = new String();
	for (int i=0; i < recipientList.size(); i++) {
	    recipients += (String)recipientList.elementAt(i) + " ";
	}
	Debug.standard("Mail send to: " + recipients + "\n");
	
	try {
	    Process mailproc = Runtime.getRuntime().exec("mail "+ recipients);
	    PrintStream out = new PrintStream(mailproc.getOutputStream());
	    out.println("Subject: costimulation alarm @ " 
			+ (new Date()).toString());
	    out.println("Please click on all links below that correspond to a Binary Input Pattern (BIP) deemed anomalous: \n");
	    for (Enumeration e = mailLinks.elements(); e.hasMoreElements(); ) {
		out.println((String) e.nextElement());
	    }
	    out.close();
	}
	catch (Exception e) {
	    Debug.exception(this, e);
	}
	mailLinks.removeAllElements();
	bipsSinceLastMail = 0; 
    }
    
    /**==========
     * addCostimulationLink:
     *   Adds a link to the email being sent out indicating the bip is
     *   anomalous so the user has the option of costimulation. Also
     *   adds a link to the anomalies list.
     * 
     * @param sb the tcpdump line prepended by the local ip mask 
     *==========*/
    private void addCostimulationLink(String sb)
    {
	// Construct the query args for this bip HTML link representation.
	Debug.verbose(sb);
	String queryArgs = URLEncoder.encode(sb);
	
	String httphost = parameters.getCostimulationServer();
	int httpport = parameters.getCostimulationServerPort();
        
	String link = new String("<p><a href=\"http://" + 
				 httphost + ":" + 
				 httpport + "/" + 
				 parameters.getDetectionNodeHost() + ":" + 
				 parameters.getPort() + 
				 "?" + queryArgs + "\">" +
				 "#" + 
				 (mailLinks.size() + 1) + ": " + 
				 sb + "</a>");
	mailLinks.addElement(link);
	
	String alink = new String(parameters.getDetectionNodeHost() + ":" + 
				  parameters.getPort() + 
				  "?" + queryArgs);
	
	anomalyLinks.addElement(alink);

	// Make sure anomaly list doesn't get too large.
	if (anomalyLinks.size()>parameters.getCostimulationDelay()) {
	    anomalyLinks.removeElementAt(0);
	}
    }
    
    public static NodeServer read(String filename)
	throws Exception
    {
	FileInputStream fis = new FileInputStream(filename);
	ObjectInputStream in = new ObjectInputStream(fis);
	NodeServer node = (NodeServer)in.readObject(); 
	return node;
    }
    
    public void openLog() {
	try {
	    // Try to append to anomaly log.
	    anomalyFile = new PrintWriter(new FileOutputStream(anomalyFilename, true));
	}
	catch (IOException ioe) {
	    Debug.exception(this, ioe);
	}            
    }
    
    /**==========
     * main:
     *   Starts a new node as a thread.
     *==========*/
    public static void main(String[] args)
    {
	if (args.length % 2 != 0 || args.length == 0) {
	    System.err.println("Usage:  java NodeServer <arguments>\n");
	    System.err.println("\tPossible flags are:\n");
	    System.err.println("\t\t-i <filename>\tinitialize with this tcpdump file (optional)");
	    System.err.println("\t\t-p <filename>\tproperties file");
	    System.err.println("\t\t-l <filename>\tload save file\n");
	    System.err.println("\t\tEither properties or save flag is required.\n"); 
	}
	
	boolean props = false, 
	        saves = false, 
	        inits = false;
	
	String properties = null, // Properties file
	       save = null,       // Save file name
	       init = null;       // TCPDump initialization file

	for(int i=0; i < args.length; i+=2 ) {
	    if (args[i].equals("-i")) {
		inits = true;
		init = args[i+1];
	    }
	    else if (args[i].equals("-p")) {
		props = true;
		properties = args[i+1];
	    } 
	    else if (args[i].equals("-l")) {
		saves = true;
		save = args[i+1];
	    } 
	    else {
		System.err.println("Unknown flag found.  Exiting...");
		System.exit(0);
	    }
	}
        
	if (props && saves) {
	    Debug.standard("Cannot use both property file and savefile.  Exiting...");
	    System.exit(0);
	}
        
	if (props) {
	    NodeServer node = new NodeServer(properties);
	    node.openLog();
	    if (inits) node.init(init);    
	    node.start();
	} 
	else if (saves) {
	    try {
		NodeServer node = NodeServer.read(save);
		node.openLog();
		if (inits) node.init(init);
		node.start();
	    } 
	    catch(Exception e) {
		Debug.exception("Exception in NodeServer.main:", e);
	    }
	}
    }
}