38 | | The file has some specific requirements. The agent is defined in a class 'class wormAgent(Agent)'. Inside of the class there are seven class variables which need to be defined: DEPENDS, SOFTWARE, AGENTGROUP, AGENTTYPE, NICENAME, COMMANDS, and VARIABLES. DEPENDS specifies additional modules to load during startup. SOFTWARE specifies any binary software which needs to be loaded onto the nodes. Both of these can be empty lists. AGENTGROUP specifies which menu the agent will be under in SEER (Traffic, Attack, Malware, Defense, or Analysis). The AGENTTYPE is the type of Traffic, Attack, ect. the agent is (HTTP, TCP, worm, botnet...). The NICENAME is what is displayed under the AGENTGROUP (Worm, Botnet, Ping...). The COMMANDS class variable is where the commands available to the user are placed. The commands are just listed here to be defined later and need to be in all caps. For the VARIABLES you need to define five parts for each variable. The format is !TypeOfVariable('!NameOfVariable', !DefaultValue, 'GUIDisplayName', '!ExpinationOfTheVariable'). For example !NodeVar('IRCHost', None,g 'IRC Host', 'Select the node to run the IRC server'). A list of variable types can be found on the [http://seer.isi.deterlab.net/v1.6/devel/agents.html SEER Agents page]. To extend the basic agent class you need to call the 'Agent!__init!__' method. This will enable you to implement the commands you created. For each command you need to create a definition 'def handleCOMMAND(self):' where command is the name of your command. To have code run on a node if the code is already installed you can use 'self.pids.append(spawn('!CommandLineCode'))' If you want to only run code on a node the user selects as a variable then you can use the function 'self.!VariableName.myNodeMemberOf()' which will return True if the node is in !VariableName. |
| 38 | The agent code has some specific requirements (you can see these in the example [attachment:agentWORM.py]. The agent is defined in a class 'class wormAgent(Agent)' that is derived from SEER's Agent class. Inside of the class there are seven class variables which need to be defined: |
| 39 | |
| 40 | * DEPENDS |
| 41 | * SOFTWARE |
| 42 | * AGENTGROUP |
| 43 | * AGENTTYPE |
| 44 | * NICENAME |
| 45 | * COMMANDS |
| 46 | * VARIABLES |
| 47 | |
| 48 | DEPENDS specifies additional modules to load during startup. SOFTWARE specifies any binary software which needs to be loaded onto the nodes. Both of these can be empty lists. AGENTGROUP specifies which menu the agent will be under in SEER (Traffic, Attack, Malware, Defense, or Analysis). The AGENTTYPE is the type of Traffic, Attack, etc. the agent is (HTTP, TCP, worm, botnet...). The NICENAME is what is displayed under the AGENTGROUP (Worm, Botnet, Ping...). The COMMANDS class variable is where the commands available to the user are placed. The commands are just listed here to be defined later and need to be in all caps. For the VARIABLES you need to define five parts for each variable. The format is !TypeOfVariable('!NameOfVariable', !DefaultValue, 'GUIDisplayName', '!ExpinationOfTheVariable'). For example !NodeVar('IRCHost', None,g 'IRC Host', 'Select the node to run the IRC server'). A list of variable types can be found on the [http://seer.isi.deterlab.net/v1.6/devel/agents.html SEER Agents page]. |
| 49 | |
| 50 | To extend the basic agent class you need to call the 'Agent!__init!__' method. This will enable you to implement the commands you created. For each command you need to create a definition 'def handleCOMMAND(self):' where command is the name of your command. To have code run on a node if the code is already installed you can use 'self.pids.append(spawn('!CommandLineCode'))' If you want to only run code on a node the user selects as a variable then you can use the function 'self.!VariableName.myNodeMemberOf()' which will return True if the node is in !VariableName. |
42 | | There are two paths to expand this work. One is to explore the !RuBot worm more and the other is to explore the other botnets modeled in !RuBot. Some places to expand the worm are changing the payload delivered by the worm, adding commands given by the IRC server, added a success rate to the worm propagation, or specifying which node attacks each IP address. The second path has many more possibilities. !RuBot has code for several more complicated botnet than a simple worm. It contains a simulated Storm, Nugache, and UDP botnet code as well. Any of these other models would be interesting to look at and incorporate into the Deter testbed. |
| 54 | There are two paths to expand this work. One is to explore the !RuBot worm more and the other is to explore the other botnets modeled in !RuBot. Some places to expand the simple worm are |
| 55 | |
| 56 | * changing the payload delivered by the worm |
| 57 | * adding commands given by the IRC server |
| 58 | * added a success rate to the worm propagation |
| 59 | * or specifying which node attacks each IP address. |
| 60 | |
| 61 | The second path has many more possibilities. !RuBot has code for several more complicated botnet than a simple worm. It contains a simulated Storm, Nugache, and UDP botnet code as well. Any of these other models would be interesting to look at and incorporate into the Deter testbed. |