📄 detector.java
字号:
/*================= * Copyright (C) 2001 Steven Hofmeyr * * Lisys is a program that monitors TCP SYN packets to detect network * traffic anomalies. * * Licensed under the GNU General Public License (GPL), version 2 or * higher. Please see the COPYING and PATENT files included with the * Lisys distribution, which can be found at: * * http://www.cs.unm.edu/~judd/lisys/ * * Also, the current text of the GPL can be found at: * * http://www.gnu.org/copyleft/gpl.html * * Note that Lisys has NO WARRANTY! *=================*/package edu.unm.cs.lisys.detection;import edu.unm.cs.lisys.debug.*;import edu.unm.cs.lisys.util.*;import edu.unm.cs.lisys.detection.bip.*;import edu.unm.cs.lisys.detection.bif.*;import edu.unm.cs.lisys.detection.matchrule.*;import java.io.*;/**========== * Detector.java * * Many people have worked on this code. Here they are in the order they * have worked on it: * @author Steven Hofmeyr <sah@santafe.edu> * @author Todd Kaplan <kaplan@cs.unm.edu> * @author Hajime Inoue <hinoue@cs.unm.edu> * @author Dennis Chao <dlchao@cs.unm.edu> * @author Justin Balthrop <judd@cs.unm.edu> * * The actual "detector" that behaves like a single T cell. * A detector consists of a BIF (binary input filter) and a BIP * (binary input pattern). Incoming BIPs are filtered and then * compared to the BIP. * * The main public methods are: * int respondToBip(BinaryInputPattern incomingBip, double sensitivityLevel) * boolean costimulate(BinaryInputPattern verifyBip) *==========*/public class Detector implements Serializable{ private KnuthRandom random; private boolean memory = false; private boolean awaitingCostimulation = false; private boolean immature = true; private long age = 0; private int numberMatches = 0; private long ageAtLastMatch = 0; private BinaryInputFilter localBif; private BinaryInputPattern localBip; private MatchRule localMatchRule; private boolean activated = false; private int currentMatchLength = 0; // length of last match private String _szBipType; // the name of the BIP class private int _nActivationThreshhold = 10; private int _nCostimulationDelay; private int _nTolerizationPeriod; private double _dDeathProbability; private double _dMatchDecay; private int _nMinMatchLength = 0; // minimum length of a match // These are the values that are returned by activated method. public static final int NONE = 0; public static final int DIE = 1; public static final int ADJUST_SENSITIVITY = 2; public static final int ACTIVATED = 3; public Detector(BinaryInputFilter bif, MatchRule matchRule, KnuthRandom r, int activationThreshhold, int costimulationDelay, int tolerizationPeriod, double deathProbability, int minMatchLength, double matchDecay, String bipType) { // Use the parameters to set the class variables. localBif = bif; localMatchRule = matchRule; random = r; _nActivationThreshhold = activationThreshhold; _nCostimulationDelay = costimulationDelay; _nTolerizationPeriod = tolerizationPeriod; _dDeathProbability = deathProbability; _nMinMatchLength = minMatchLength; _dMatchDecay = matchDecay; // Now we'll try to look up the BIP class using it's name. _szBipType = bipType; try { localBip = (BinaryInputPattern)Class.forName(_szBipType).newInstance(); localBip.constructBinaryString(random); } catch (Exception e) { Debug.exception("Sorry, the BIP doesn't exist: ", e); } } /**========== * recreate: * This is the same as the constructor except we don't get a new * random number generator. *==========*/ public void recreate(BinaryInputFilter bif, MatchRule matchRule, int activationThreshhold, int costimulationDelay, int tolerizationPeriod, double deathProbability, int minMatchLength, double matchDecay, String bipType) { // Use the parameters to set the class variables. localBif = bif; localMatchRule = matchRule; _nActivationThreshhold = activationThreshhold; _nCostimulationDelay = costimulationDelay; _nTolerizationPeriod = tolerizationPeriod; _dDeathProbability = deathProbability; _nMinMatchLength = minMatchLength; _dMatchDecay = matchDecay; // Try to look up the BIP class by name. _szBipType = bipType; try { localBip = (BinaryInputPattern)Class.forName(_szBipType).newInstance(); localBip.constructBinaryString(random); } catch (Exception e) { Debug.exception("Sorry, the BIP doesn't exist: ", e); } // We also need to reset the detector back to it's initial // immature state. memory = false; awaitingCostimulation = false; immature = true; age = 0; numberMatches = 0; ageAtLastMatch = 0; activated = false; } public int getTolerizationPeriod() { return _nTolerizationPeriod; } public int setTolerizationPeriod(int i) { if (i > 0) _nTolerizationPeriod = i; return _nTolerizationPeriod; } /**========== * respondToBip: * Using the incoming BIP, this function determines what happens * next. The detector always gets older. In additon to that, we * can either die, become activated, adjust our sensitivity or * do nothing. * * @param incomingBip - the BIP used to determine our action * @param sensitivityLevel - how sensitive will we be * @return a constant indicating the response to the BIP *==========*/ public int respondToBip(BinaryInputPattern incomingBip, double sensitivityLevel) { age++; // If the detector has exceeded the costimulation period then it must die. if (awaitingCostimulation && ((age - ageAtLastMatch) > _nCostimulationDelay)) { Debug.verbose(this.toString() + ": died from lack of costim"); return DIE; } // Check to see if the detector matures. if (immature && (age >= _nTolerizationPeriod)) { immature = false; } // Check for death from old age. if (!immature && !memory && (_dDeathProbability > 0)) { if (random.fraction() < _dDeathProbability) { Debug.verbose(this.toString() + ": died of old age"); return DIE; } } // Permute the binary string. BinaryInputPattern filteredBip = localBif.filter(incomingBip); // Adjust the threshold according to sensitivity and memory. double adjustedThreshold = _nActivationThreshhold - sensitivityLevel; if (adjustedThreshold < 1) adjustedThreshold = 1; if (memory) adjustedThreshold = 1; currentMatchLength = localMatchRule.match(localBip, filteredBip); activated = false; boolean firstMatch = false; if (currentMatchLength >= _nMinMatchLength) { if (immature) { Debug.verbose(this.toString() + ": died on immmature match"); return DIE; // Even 1 match is death for an immature detector! } numberMatches++; // Check if the detector has been activated. if (numberMatches >= _nActivationThreshhold) { activated = true; numberMatches = 0; // If we are awaiting costimulation then don't reset the age // at the last match, otherwise set it to the current age. if (! awaitingCostimulation) { ageAtLastMatch = age; awaitingCostimulation = true; } } if (numberMatches == 1) firstMatch = true; } // Randomly decay the number of matches. if (numberMatches > 0) { if (random.fraction() < _dMatchDecay) numberMatches--; } if (activated) return ACTIVATED; if (firstMatch) return ADJUST_SENSITIVITY; return NONE; } public boolean isActivated() { return activated; } public boolean isImmature() { return immature; } public int getMatchLength() { return currentMatchLength; } /**========== * costimulate: * Checks to see if the given BIP stimulates the detector. * Costimulation cannot occur if the BIP is a memory detector or * an immature detector. * * @param verifyBip - the BIP used to determine stimulation * @return whether this detector was costimulated *==========*/ public boolean costimulate(BinaryInputPattern verifyBip) { if (immature || memory || !awaitingCostimulation) return false; // Permute the binary string. BinaryInputPattern filteredBip = localBif.filter(verifyBip); int currentMatchLength = localMatchRule.match(localBip, filteredBip); if (currentMatchLength >= _nMinMatchLength) { // Costimulation received! awaitingCostimulation = false; return true; } return false; } public boolean isMemory() { return memory; } public void setMemory(boolean bool) { memory = bool; } public String toString() { return localBip.toString(); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -