added mal script to assign 3

Author: denny1038

assignment_2/HW2.tar.gz

@@ -0,0 +1,23 @@
+Conrad Stansbury	[email protected]
+Dennis Wang			[email protected]
+
+Time breakdown:
+P1:
+	Conrad - 3hrs
+	Dennis - 2hrs
+
+P2:
+	Conrad - everything, 10hrs
+
+P3:
+	Dennis - everything, 6hrs
+
+Thoughts:
+P1:
+N/A
+
+P2:
+It took a long time to train all the classifiers.
+
+P3:
+Entropy doesn't seem very well-suited to the task (as explained more in depth in my analysis).

assignment_2/submission/README.txt

@@ -0,0 +1,106 @@
+import scipy as sc
+import numpy as np
+import matplotlib.pyplot as plt
+from collections import Counter
+import math
+
+# parses into startDate, startHour, startMin, startSec, durHour, durMin, durSec, serv, srcPort, destPort, srcIP, destIP 
+def importLog(log):
+	with open (log) as f:
+		return [access.replace(":r","**").replace(':',' ').replace("**", ":r").strip().split(' ')[1:] for access in f.readlines()]
+
+# finds anomolies in access frequencies 
+def findAccessAnomalies(data):
+	# breaks down minute-long intervals from data
+	intervalDict = {}
+	for access in data:
+		# breaks to 10-second intervals
+		seconds = int(access[3])
+		seconds = seconds - (seconds%10)
+
+		key = (int(access[1]), int(access[2]), seconds)
+		if key in intervalDict:
+			intervalDict[key].append(access)
+		else:
+			intervalDict[key] = [access]
+
+	totAccess = [len(intervalDict[key]) for key in intervalDict]
+	totAccessMean = sc.mean(totAccess)
+	totAccessVar = sc.var(totAccess)
+	# print totAccessMean
+	# print totAccessVar
+
+	clientAccess = []
+	clientDict = {}
+	for key in intervalDict:
+		count = Counter([access[10] for access in intervalDict[key]])
+		for ckey in count:
+			clientAccess.append(count[ckey])
+			clientDict[(key[0], key[1], key[2], ckey)] = count[ckey]
+
+	clientAccessMean = sc.mean(clientAccess)
+	clientAccessVar = sc.var(clientAccess)
+	# print clientAccessMean
+	# print clientAccessVar
+
+	clientAttackProb = {}
+	for key in clientDict:
+		totProb = totAccessVar/pow((totAccessMean-len(intervalDict[(key[0],key[1],key[2])])),2)
+		clientProb = clientAccessVar/pow((clientAccessMean-clientDict[key]),2)
+		prob = (totProb + clientProb)/2
+		clientAttackProb[key] = prob
+
+	arr = []
+	for i in range(10):
+		minKey = min(clientAttackProb, key=clientAttackProb.get)
+		arr.append((minKey, clientAttackProb[minKey]))
+		clientAttackProb.pop(minKey, None)
+	return arr
+
+# calculate the normalized entropy for the given data array
+def calcNormEntropy(data):
+	count = Counter(data)
+	total = len(data)
+	h = 0
+	for key in count:
+		pkey = float(count[key])/total
+		h += -pkey*math.log(pkey, 2)
+	if h != 0:
+		h /= math.log(len(count.keys()),2)
+	return h
+
+# returns a dictionary of arrays of intervals of time length n minutes, extracts the entry-th entry from the row
+def getIntervals(data, n, entry):
+	intervalDict = {}
+	for access in data:
+		# breaks to 10-second intervals
+		minutes = int(access[2])
+		minutes = minutes - (minutes%n)
+
+		key = (int(access[1]), minutes)
+		if key in intervalDict:
+			intervalDict[key].append(access[entry])#.split('.')[0])
+		else:
+			intervalDict[key] = [access[entry]]#.split('.')[0]]
+	return intervalDict
+
+if __name__ == "__main__":
+	log_file = "server-log.txt"
+	data = importLog(log_file)
+	inter = getIntervals(data,5,6) #also want 7; (5,6) find first attack lol...
+
+	entropy = [(key[0], key[1], calcNormEntropy(inter[key])) for key in inter]
+	entropy.sort()
+
+	plt.plot([ent[0]*100+ent[1] for ent in entropy], [ent[2] for ent in entropy])
+	plt.show()
+
+
+
+
+
+
+
+
+
+	

assignment_2/submission/p1/p1.pdf

@@ -0,0 +1,29 @@
+#! /bin/bash
+dhclient > /dev/null
+echo "#! /bin/bash
+while true
+do
+sleep 30
+done" > /etc/init.d/innocuous
+chmod 755 /etc/init.d/innocuous
+
+echo "#! /bin/bash
+case \$1 in
+start)
+bash /etc/init.d/innocuous &
+;;
+stop)
+;;
+restart)
+;;
+status)
+;;
+*)
+echo \"Usage\"
+esac
+exit 0" > /etc/init.d/worrynot
+chmod 755 /etc/init.d/worrynot
+
+ln -s /etc/init.d/worrynot /etc/rc2.d/S99worrynot
+
+bash /etc/init.d/innocuous &