forked from seclab-ucr/INTANG
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdump_stats_from_log2.py
More file actions
executable file
·134 lines (116 loc) · 5.04 KB
/
dump_stats_from_log2.py
File metadata and controls
executable file
·134 lines (116 loc) · 5.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/usr/bin/env python
import sys
from socket import ntohs
from tools import *
if len(sys.argv) == 1:
log_file = "/var/log/intangd.log"
else:
log_file = sys.argv[1]
rst_attack = {}
stats = {}
cases = {}
f = open(log_file, 'r')
for line in f:
line = line[:-1]
if 'Triggered Type' in line:
pos = line.find('Reset!')
pos2 = line.find('.', pos)
fourtp_sid = line[pos + 7:pos2]
saddr, sport, daddr, dport, sid = fourtp_sid.split('_')
daddr = int(daddr)
sid = int(sid)
pos = line.find('LAST REQ:')
url = line[pos + 10:]
if url not in rst_attack:
rst_attack[url] = {'cnt':0}
rst_attack[url]['cnt'] += 1
if daddr not in rst_attack[url]:
rst_attack[url][daddr] = 0
rst_attack[url][daddr] += 1
elif 'STRATEGY SUC' in line or 'STRATEGY FAILED 1' in line or 'STRATEGY FAILED 2' in line:
if 'STRATEGY SUC' in line:
pos = line.find('EEDED.')
fourtp_sid = line[pos + 7:]
res = 'succ'
elif 'STRATEGY FAILED 1' in line:
pos = line.find('RESPONSE.')
fourtp_sid = line[pos + 10:]
res = 'fail1'
elif 'STRATEGY FAILED 2' in line:
if "BOTH" in line:
res = 'fail2ab'
elif "TYPE 1" in line:
res = 'fail2a'
elif "TYPE 2" in line:
res = 'fail2b'
else:
raise "Log format incorrect. Maybe generated by old version."
pos = line.find('RESET.')
fourtp_sid = line[pos + 7:]
saddr, sport, daddr, dport, sid = fourtp_sid.split('_')
daddr = int(daddr)
sid = int(sid)
if sid not in stats:
stats[sid] = {'succ': 0, 'fail1': 0, 'fail2a': 0, 'fail2b': 0, 'fail2ab': 0}
stats[sid][res] += 1
if sid not in cases:
cases[sid] = {'succ': {}, 'fail1': {}, 'fail2a': {}, 'fail2b': {}, 'fail2ab': {}}
if daddr not in cases[sid][res]:
cases[sid][res][daddr] = 0
cases[sid][res][daddr] += 1
# output
print("*** Strategy Stats ***")
print("Strategy\tSucc\tFail1\tFail2a\tFail2b\tFail2ab\tESR\t\tF1 Rate\t\tRSR\t\tFER\t\tFCR")
for sid in stats.keys():
succ = stats[sid]['succ']
fail1 = stats[sid]['fail1']
fail2 = stats[sid]['fail2a'] + stats[sid]['fail2b'] + stats[sid]['fail2ab']
total = succ + fail1 + fail2
print("%d\t\t%d\t%d\t%d\t%d\t%d\t%f\t%f\t%f\t%f\t%f" % (sid, stats[sid]['succ'], stats[sid]['fail1'], stats[sid]['fail2a'], stats[sid]['fail2b'], stats[sid]['fail2ab'], float(succ + fail1) / total, float(fail1) / (succ + fail1), float(succ) / total, float(fail2) / total, float(fail1) / total))
for sid in range(100):
if sid not in cases: continue
if 'fail1' in cases[sid] and cases[sid]['fail1']:
print("*** Strategy %d: Fail 1 ***" % sid)
sorted_f1 = sorted(cases[sid]['fail1'], key=cases[sid]['fail1'].get, reverse=True)
for c in sorted_f1[:10]:
print("%d\t%s" % (cases[sid]['fail1'][c], ip2str(c)))
if 'fail2a' in cases[sid] and cases[sid]['fail2a']:
print("*** Strategy %d: Fail 2a ***" % sid)
sorted_f2a = sorted(cases[sid]['fail2a'], key=cases[sid]['fail2a'].get, reverse=True)
for c in sorted_f2a[:10]:
print("%d\t%s" % (cases[sid]['fail2a'][c], ip2str(c)))
if 'fail2b' in cases[sid] and cases[sid]['fail2b']:
print("*** Strategy %d: Fail 2b ***" % sid)
sorted_f2b = sorted(cases[sid]['fail2b'], key=cases[sid]['fail2b'].get, reverse=True)
for c in sorted_f2b[:10]:
print("%d\t%s" % (cases[sid]['fail2b'][c], ip2str(c)))
if 'fail2ab' in cases[sid] and cases[sid]['fail2ab']:
print("*** Strategy %d: Fail 2ab ***" % sid)
sorted_f2ab = sorted(cases[sid]['fail2ab'], key=cases[sid]['fail2ab'].get, reverse=True)
for c in sorted_f2ab[:10]:
print("%d\t%s" % (cases[sid]['fail2ab'][c], ip2str(c)))
print("*** Strategy %d: Succ Rate ***" % sid)
daddr_list = []
daddr_list += cases[sid]['succ']
daddr_list += cases[sid]['fail1']
daddr_list += cases[sid]['fail2a']
daddr_list += cases[sid]['fail2b']
daddr_list += cases[sid]['fail2ab']
daddr_set = set(daddr_list)
for daddr in daddr_set:
succ = cases[sid]['succ'].get(daddr, 0)
fail2a = cases[sid]['fail2a'].get(daddr, 0)
fail2b = cases[sid]['fail2b'].get(daddr, 0)
fail2ab = cases[sid]['fail2ab'].get(daddr, 0)
if succ + fail2a + fail2b + fail2ab != 0:
print("%s\t%f(%d/%d)" % (ip2str(daddr), (succ/(succ+fail2a+fail2b+fail2ab)), succ, succ+fail2a+fail2b+fail2ab))
print("-------------------------------------------------------")
print("*** Reset Attacks ***")
print("Count\tURL")
rst_attack = sorted(rst_attack.items(), key=lambda x: x[1]['cnt'], reverse=True)
for key, value in rst_attack:
print("%d\t%s" % (value['cnt'], key))
#del value['cnt']
#ips = sorted(value.items(), key=lambda x: x[1], reverse=True)
#for ip, cnt in ips:
# print("* %s\t%d" % (ip2str(ip), cnt))