Alessandro's Concealment module now works in persistent mode

Critical-Infrastructure-Systems-Lab · Feb 8, 2023 · 2390512 · 2390512
1 parent c888b2c
commit 2390512
Show file tree

Hide file tree

Showing 16 changed files with 197 additions and 10 deletions.
diff --git a/dhalsim/network_attacks/unconstrained_blackbox_netfilter_queue.py b/dhalsim/network_attacks/unconstrained_blackbox_netfilter_queue.py
@@ -68,6 +68,7 @@ def __init__(self,  intermediate_yaml_path: Path, yaml_index: int, queue_number:
 
         # We can use the same method, as initially the df will be initialized with 0 values
         self.calculated_concealment_values_df = self.set_initial_conditions_of_scada_values()
+        self.calculated_concealment_values_df_historical = []
 
         # Initialize input values
         self.received_scada_tags_df = self.calculated_concealment_values_df
@@ -118,6 +119,9 @@ def interrupt(self):
 
     def sigint_handler(self, sig, frame):
         """Interrupt handler for attacker being stoped"""
+        self.logger.debug("Printing concealment values")
+        conc_path = Path(__file__).parent.absolute() / "concealed_values.csv"
+        self.calculated_concealment_values_df.to_csv(conc_path, index=False)
         self.logger.debug("Netfilter queue process shutting down")
         self.interrupt()
 
@@ -134,13 +138,13 @@ def handle_sync(self):
             while not self.get_sync(2):
                 pass
 
-            self.logger.debug('Sync is 2. Keeping attack sync in 2, until we get all SCADA flags')
+            #self.logger.debug('Sync is 2. Keeping attack sync in 2, until we get all SCADA flags')
 
             # We stay in 2, to conceal the values exchanged remotely from the PLCs, until we make a prediction
             while self.missing_scada_tags and self.sync_flag:
                 pass
 
-            self.logger.debug('Setting attack sync in 3')
+            #self.logger.debug('Setting attack sync in 3')
             self.set_sync(3)
 
         self.logger.debug('Netfilter sync thread while finished')
@@ -179,7 +183,7 @@ def scada_tag_list_empty(self):
 
         # Wait for sync to take place
         while not self.get_sync(3) and self.sync_flag:
-            self.logger.debug('Waiting for flag 3')
+            #self.logger.debug('Waiting for flag 3')
             pass
 
         self.missing_scada_tags = list(self.scada_tags)

diff --git a/examples/anytown_topology/anytown_config.yaml b/examples/anytown_topology/anytown_config.yaml
@@ -7,7 +7,7 @@ plcs: !include anytown_plcs.yaml
 simulator: epynet
 demand: pdd
 
-demand_patterns: demands_anytown_small.csv
+#demand_patterns: demands_anytown_small.csv
 #attacks: !include anytown_concealment_mitm.yaml
 attacks: !include anytown_dos.yaml
 log_level: debug
diff --git a/examples/anytown_topology/anytown_nwk_delay_and_loss.yaml b/examples/anytown_topology/anytown_nwk_delay_and_loss.yaml
@@ -7,4 +7,4 @@ network_events:
         start: 648
         end: 792
     loss_value: 10
-    delay_value: 4000
+    delay_value: 100
diff --git a/examples/ctown_topology/ctown_plcs.yaml b/examples/ctown_topology/ctown_plcs.yaml
@@ -1,4 +1,4 @@
-- name: PLC1 # PLC1, PU1F PU2F J280 J269 , PU1 PU2
+- name: PLC1
   sensors:
     - PU1F
     - PU2F
@@ -7,10 +7,10 @@
   actuators:
     - PU1
     - PU2
-- name: PLC2 # PLC2, T1,
+- name: PLC2
   sensors:
     - T1
-- name: PLC3 # PLC3, T2 V2F J300 J256 J289 J415 J14 J422 PU4F PU5F PU6F PU7F , V2 PU4 PU5 PU6 PU7
+- name: PLC3
   sensors:
     - T2
     - V2F

diff --git a/examples/ctown_topology/dataset/dataset_config_files/ctown_config_05.yaml b/examples/ctown_topology/dataset/dataset_config_files/ctown_config_05.yaml
@@ -1,5 +1,6 @@
 inp_file: ctown_map.inp
-iterations: 2880
+#iterations: 2880
+iterations: 60
 network_topology_type: complex
 plcs: !include ctown_plcs.yaml
 log_level: debug

diff --git a/examples/ctown_topology/dataset/dataset_config_files/ctown_config_10.yaml b/examples/ctown_topology/dataset/dataset_config_files/ctown_config_10.yaml
@@ -2,7 +2,6 @@ inp_file: ctown_map.inp
 iterations: 2880
 network_topology_type: complex
 plcs: !include ctown_plcs.yaml
-log_level: debug
 simulator: epynet
 demand: pdd
 output_path: attack_output_10

diff --git a/examples/ctown_topology/dataset/dataset_config_files/ctown_config_11.yaml b/examples/ctown_topology/dataset/dataset_config_files/ctown_config_11.yaml
@@ -0,0 +1,10 @@
+inp_file: ctown_map.inp
+iterations: 2880
+network_topology_type: complex
+plcs: !include ctown_plcs.yaml
+simulator: epynet
+demand: pdd
+output_path: attack_output_11
+demand_patterns: events/demands_ctown_01.csv
+initial_tank_data: events/tanks_ctown_01.csv
+attacks: !include dataset_attacks/attack_11.yaml
diff --git a/examples/ctown_topology/dataset/dataset_config_files/ctown_config_12.yaml b/examples/ctown_topology/dataset/dataset_config_files/ctown_config_12.yaml
@@ -0,0 +1,10 @@
+inp_file: ctown_map.inp
+iterations: 2880
+network_topology_type: complex
+plcs: !include ctown_plcs.yaml
+simulator: epynet
+demand: pdd
+output_path: attack_output_12
+demand_patterns: events/demands_ctown_01.csv
+initial_tank_data: events/tanks_ctown_01.csv
+attacks: !include dataset_attacks/attack_12.yaml
diff --git a/examples/ctown_topology/dataset/dataset_config_files/ctown_config_13.yaml b/examples/ctown_topology/dataset/dataset_config_files/ctown_config_13.yaml
@@ -0,0 +1,10 @@
+inp_file: ctown_map.inp
+iterations: 2880
+network_topology_type: complex
+plcs: !include ctown_plcs.yaml
+simulator: epynet
+demand: pdd
+output_path: attack_output_13
+demand_patterns: events/demands_ctown_01.csv
+initial_tank_data: events/tanks_ctown_01.csv
+attacks: !include dataset_attacks/attack_13.yaml
diff --git a/examples/ctown_topology/dataset/dataset_config_files/ctown_config_14.yaml b/examples/ctown_topology/dataset/dataset_config_files/ctown_config_14.yaml
@@ -0,0 +1,10 @@
+inp_file: ctown_map.inp
+iterations: 2880
+network_topology_type: complex
+plcs: !include ctown_plcs.yaml
+simulator: epynet
+demand: pdd
+output_path: attack_output_10
+demand_patterns: events/demands_ctown_01.csv
+initial_tank_data: events/tanks_ctown_01.csv
+attacks: !include dataset_attacks/attack_14.yaml
diff --git a/examples/ctown_topology/dataset/dataset_config_files/ctown_config_15.yaml b/examples/ctown_topology/dataset/dataset_config_files/ctown_config_15.yaml
@@ -0,0 +1,10 @@
+inp_file: ctown_map.inp
+iterations: 2880
+network_topology_type: complex
+plcs: !include ctown_plcs.yaml
+simulator: epynet
+demand: pdd
+output_path: attack_output_15
+demand_patterns: events/demands_ctown_01.csv
+initial_tank_data: events/tanks_ctown_01.csv
+attacks: !include dataset_attacks/attack_15.yaml
diff --git a/examples/ctown_topology/dataset/dataset_config_files/dataset_attacks/attack_11.yaml b/examples/ctown_topology/dataset/dataset_config_files/dataset_attacks/attack_11.yaml
@@ -0,0 +1,16 @@
+network_attacks:
+- name: plc2attack
+  type: concealment_mitm
+  tags:
+    - tag: T1
+      value: 0.0
+  target: PLC2
+  concealment_data:
+    type: payload_replay
+    capture_start: 300
+    capture_end: 672
+    replay_start: 1440
+  trigger:
+    start: 295
+    end: 1820
+    type: time
diff --git a/examples/ctown_topology/dataset/dataset_config_files/dataset_attacks/attack_12.yaml b/examples/ctown_topology/dataset/dataset_config_files/dataset_attacks/attack_12.yaml
@@ -0,0 +1,16 @@
+network_attacks:
+- name: plc2attack
+  type: concealment_mitm
+  tags:
+    - tag: T1
+      value: 0.0
+  target: PLC2
+  concealment_data:
+    type: network_replay
+    capture_start: 300
+    capture_end: 672
+    replay_start: 1440
+  trigger:
+    start: 295
+    end: 1820
+    type: time
diff --git a/examples/ctown_topology/dataset/dataset_config_files/dataset_attacks/attack_13.yaml b/examples/ctown_topology/dataset/dataset_config_files/dataset_attacks/attack_13.yaml
@@ -0,0 +1,17 @@
+network_attacks:
+- name: plc2attack
+  type: mitm
+  target: PLC2
+  tag: T1
+  value: 0.0
+  trigger:
+    start: 1440
+    end: 1812
+    type: time
+
+- name: plc2conceal
+  type: unconstrained_blackbox_concealment_mitm
+  trigger:
+    start: 1440
+    end: 1812
+    type: time
diff --git a/examples/ctown_topology/dataset/dataset_config_files/dataset_attacks/attack_14.yaml b/examples/ctown_topology/dataset/dataset_config_files/dataset_attacks/attack_14.yaml
@@ -0,0 +1,42 @@
+network_attacks:
+- name: plc1attack1
+  type: concealment_mitm
+  tags:
+    - tag: PU1
+      offset: 0.0
+    - tag: PU2
+      offset: 0.0
+    - tag: PU1F
+      offset: 0.0
+    - tag: PU12F
+      offset: 0.0
+    - tag: J269
+      offset: 0.0
+    - tag: J280
+      offset: 0.0
+  target: PLC1
+  concealment_data:
+    type: payload_replay
+    capture_start: 300
+    capture_end: 672
+    replay_start: 1440
+  trigger:
+    start: 295
+    end: 1820
+    type: time
+
+- name: plc2attack
+  type: concealment_mitm
+  tags:
+    - tag: T1
+      value: 0.0
+  target: PLC2
+  concealment_data:
+    type: payload_replay
+    capture_start: 300
+    capture_end: 672
+    replay_start: 1440
+  trigger:
+    start: 295
+    end: 1820
+    type: time
diff --git a/examples/ctown_topology/dataset/dataset_config_files/dataset_attacks/attack_15.yaml b/examples/ctown_topology/dataset/dataset_config_files/dataset_attacks/attack_15.yaml
@@ -0,0 +1,42 @@
+network_attacks:
+- name: plc1attack1
+  type: concealment_mitm
+  tags:
+    - tag: PU1
+      offset: 0.0
+    - tag: PU2
+      offset: 0.0
+    - tag: PU1F
+      offset: 0.0
+    - tag: PU12F
+      offset: 0.0
+    - tag: J269
+      offset: 0.0
+    - tag: J280
+      offset: 0.0
+  target: PLC1
+  concealment_data:
+    type: network_replay
+    capture_start: 300
+    capture_end: 672
+    replay_start: 1440
+  trigger:
+    start: 295
+    end: 1820
+    type: time
+
+- name: plc2attack
+  type: concealment_mitm
+  tags:
+    - tag: T1
+      value: 0.0
+  target: PLC2
+  concealment_data:
+    type: network_replay
+    capture_start: 300
+    capture_end: 672
+    replay_start: 1440
+  trigger:
+    start: 295
+    end: 1820
+    type: time