Changes between Version 16 and Version 17 of RubotSoftware


Ignore:
Timestamp:
Jul 9, 2010 3:18:11 PM (14 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RubotSoftware

    v16 v17  
    3636In order to create a SEER Agent you have to create an agent file.  The name of the file follows the format {{{agent}}}''!NameOfTheAgent''{{{.py}}} where the !NameOfTheAgent is in caps.  For example {{{agentWORM.py}}} or {{{agentBOTNET.py}}}.
    3737
    38 The file has some specific requirements.  The agent is defined in a class 'class wormAgent(Agent)'.  Inside of the class there are seven class variables which need to be defined: DEPENDS, SOFTWARE, AGENTGROUP, AGENTTYPE, NICENAME, COMMANDS, and VARIABLES.  DEPENDS specifies additional modules to load during startup.  SOFTWARE specifies any binary software which needs to be loaded onto the nodes.  Both of these can be empty lists.  AGENTGROUP specifies which menu the agent will be under in SEER (Traffic, Attack, Malware, Defense, or Analysis).  The AGENTTYPE is the type of Traffic, Attack, ect. the agent is (HTTP, TCP, worm, botnet...).  The NICENAME is what is displayed under the AGENTGROUP (Worm, Botnet, Ping...).  The COMMANDS class variable is where the commands available to the user are placed.  The commands are just listed here to be defined later and need to be in all caps.  For the VARIABLES you need to define five parts for each variable.  The format is !TypeOfVariable('!NameOfVariable', !DefaultValue, 'GUIDisplayName', '!ExpinationOfTheVariable').  For example !NodeVar('IRCHost', None,g 'IRC Host', 'Select the node to run the IRC server').  A list of variable types can be found on the [http://seer.isi.deterlab.net/v1.6/devel/agents.html SEER Agents page].  To extend the basic agent class you need to call the 'Agent!__init!__' method.  This will enable you to implement the commands you created.  For each command you need to create a definition 'def handleCOMMAND(self):'  where command is the name of your command.  To have code run on a node if the code is already installed you can use 'self.pids.append(spawn('!CommandLineCode'))'  If you want to only run code on a node the user selects as a variable then you can use the function 'self.!VariableName.myNodeMemberOf()' which will return True if the node is in !VariableName. 
     38The agent code has some specific requirements (you can see these in the example [attachment:agentWORM.py].  The agent is defined in a class 'class wormAgent(Agent)' that is derived from SEER's Agent class.  Inside of the class there are seven class variables which need to be defined:
     39
     40 * DEPENDS
     41 * SOFTWARE
     42 * AGENTGROUP
     43 * AGENTTYPE
     44 * NICENAME
     45 * COMMANDS
     46 * VARIABLES
     47
     48DEPENDS specifies additional modules to load during startup.  SOFTWARE specifies any binary software which needs to be loaded onto the nodes.  Both of these can be empty lists.  AGENTGROUP specifies which menu the agent will be under in SEER (Traffic, Attack, Malware, Defense, or Analysis).  The AGENTTYPE is the type of Traffic, Attack, etc. the agent is (HTTP, TCP, worm, botnet...).  The NICENAME is what is displayed under the AGENTGROUP (Worm, Botnet, Ping...).  The COMMANDS class variable is where the commands available to the user are placed.  The commands are just listed here to be defined later and need to be in all caps.  For the VARIABLES you need to define five parts for each variable.  The format is !TypeOfVariable('!NameOfVariable', !DefaultValue, 'GUIDisplayName', '!ExpinationOfTheVariable').  For example !NodeVar('IRCHost', None,g 'IRC Host', 'Select the node to run the IRC server').  A list of variable types can be found on the [http://seer.isi.deterlab.net/v1.6/devel/agents.html SEER Agents page].
     49
     50To extend the basic agent class you need to call the 'Agent!__init!__' method.  This will enable you to implement the commands you created.  For each command you need to create a definition 'def handleCOMMAND(self):'  where command is the name of your command.  To have code run on a node if the code is already installed you can use 'self.pids.append(spawn('!CommandLineCode'))'  If you want to only run code on a node the user selects as a variable then you can use the function 'self.!VariableName.myNodeMemberOf()' which will return True if the node is in !VariableName. 
    3951
    4052== Next Steps ==
    4153
    42 There are two paths to expand this work.  One is to explore the !RuBot worm more and the other is to explore the other botnets modeled in !RuBot.  Some places to expand the worm are changing the payload delivered by the worm, adding commands given by the IRC server, added a success rate to the worm propagation, or specifying which node attacks each IP address.  The second path has many more possibilities.  !RuBot has code for several more complicated botnet than a simple worm.  It contains a simulated Storm, Nugache, and UDP botnet code as well.  Any of these other models would be interesting to look at and incorporate into the Deter testbed. 
     54There are two paths to expand this work.  One is to explore the !RuBot worm more and the other is to explore the other botnets modeled in !RuBot.  Some places to expand the simple worm are
     55
     56 * changing the payload delivered by the worm
     57 * adding commands given by the IRC server
     58 * added a success rate to the worm propagation
     59 * or specifying which node attacks each IP address. 
     60
     61The second path has many more possibilities.  !RuBot has code for several more complicated botnet than a simple worm.  It contains a simulated Storm, Nugache, and UDP botnet code as well.  Any of these other models would be interesting to look at and incorporate into the Deter testbed.