DDoS detection using Machine Learning and P4 language
To install proper scapy which handles sniffing on multiple interfaces not just one we would need to install it from github repo because version 2.4.5 installed in pip by command
pip install scapy==2.4.5
should support sniffing on multiple interfaces but eventually it doesn't. It was fixed in reported issue - sniff fails when the iface parameter is a list To install newest version from github repo
pip uninstall scapy
pip install git+https://github.com/secdev/scapy.git
When installing telegraf remember to create copy of original default configuration
mv /etc/telegraf/telegraf.conf{,.old}
when copy is created we can preform hard link creation for configuration. I don't know why but soft didn't work out.
ln config/telegraf.conf /etc/telegraf/telegraf.conf
changing config files we have to perform
sudo systemctl restart influxdb
sudo systemctl restart telegraf
Check if telegraf and influxdb correctly standing by
sudo systemctl status influxdb
sudo systemctl status telegraf
In terminal no.1 from repo directory
make run
after setup quick check if everything works fine
pingall
h3 ping h1
h2 ping h1
In terminal no.2
sudo python3 utils/receiver.py s1
In terminal no.3
sudo telegraf --debug
In terminal no.4
sudo influx -username telegraf -password telegraf
use ddos_entropy
In topology_app.json field tasks_file can be changed between scenario with normal traffic generation and malicious traffic generation. Firstly setup network with
make run
In terminal no.2 activate sniffing script. On terminal no.4 check if metrics are showing up in database
select from * ddos_e
To see normal format of time in influxdb CLI use
precision rfc3339
After traffic was generated
sudo python3 utils/tag_data.py 0
0 or 1 depends on type of generated traffic. Next we can start the controller
sudo python3 utils/controller.py entropy