-
Notifications
You must be signed in to change notification settings - Fork 5
2. Attack Scenario
The attack scenario is executed by the playbooks transparent-security/playbooks/scenarios/simple.yml and transparent-security/playbooks/scenarios/test_cases/send_receive.yml.
The simple.yml defines the variables to generate an attack, and this includes -
- receiver: Attack target
- receiver_log_file: Log file showing the packets received
- sender: Attack source
- sender_log_file: Log file showing the packets sent
- send_port: Destination port
- send_src_port: Source port
- send_to_ip: Target IP
- send_packet_count: Number of packets to be sent
- send_loops: Number of packet bursts to be sent
- send_loop_delay: Delay between two or more packet bursts
- min_received_packet_count: Minimum number of acceptable packets in an attack
- max_received_packet_count: Maximum number of acceptable packets in an attack
The attack is defined in oinc.py and is triggered when 100 packets are received in 60 seconds. These values can be customized by changing the packet_count and sample_interval values. Once an attack is triggered, the AE informs the SDN controller with the details about the identified attacker device. The SDN controller builds a P4 entry and pushes the table action rule down to the switches to drop the packets from the attacking device. The incoming packets are matched based on -
- Source MAC address
- Source IP address
- Destination IP address
- Destination port
The send_receive.yml specifies an acceptable range of packets that can be received with the attack mitigation. If the number of packets received falls within the specified range, then it can be inferred that the attack has been successfully mitigated.