forked from Willtl/ids-ldpi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
options.py
122 lines (99 loc) · 5.86 KB
/
options.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
import argparse
import warnings
from typing import NoReturn
class SnifferOptions:
"""
Class to handle and store options for a packet sniffer.
Attributes:
dataset_path (str): Path to the dataset folder containing .pcap files.
delay (bool): Flag to consider delay between packets when in debug mode.
session (bool): Flag to consider bidirectional flows if True, otherwise unidirectional.
interface (str): Name of the interface to sniff on.
timeout (int): Time in seconds to consider a connection as terminated.
cleaning_cycle (int): Time interval in seconds to check for inactive flows.
debug (bool): Flag to enable or disable logging.
"""
def __init__(self):
self.dataset_path: str = '../../datasets/TII-SSRC-23/pcap/'
self.delay: bool = False
self.session: bool = False
self.interface: str = 'br-lan'
self.timeout: int = 120
self.cleaning_cycle: int = 60
self.debug: bool = True
def parse_options(self) -> NoReturn:
"""
Parse command-line arguments and update instance attributes.
The method utilizes `argparse` to parse command-line options and updates
the instance attributes accordingly.
"""
parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument('--dataset_path', type=str, default=self.dataset_path, help='Dataset folder path containing the .pcap files.')
parser.add_argument('--delay', type=bool, default=self.delay, help='If debug true, then consider or not delay between packets while reading .pcap.')
parser.add_argument('--session', type=bool, default=self.session, help='If true, consider bidirectional flows, otherwise unidirectional.')
parser.add_argument('--interface', default=self.interface, help='interface to sniff')
parser.add_argument('--timeout', type=int, default=self.timeout, help='seconds to consider connection teardown')
parser.add_argument('--cleaning_cycle', type=int, default=self.cleaning_cycle, help='loop through flows and check if no packet was received since')
parser.add_argument('--debug', type=bool, default=self.debug, help='turn on logging')
args = parser.parse_args()
self.dataset_path = args.dataset_path
self.delay = args.delay
self.session = args.session
self.interface = args.interface
self.timeout = args.timeout
self.cleaning_cycle = args.cleaning_cycle
self.debug = args.debug
class LDPIOptions:
"""
Class to handle and store options for Lightweight Deep Packet Inspection (LDPI).
Attributes:
n (int): Number of packets per sample. Changing this value requires retraining the model.
l (int): Size of each packet in the samples. Changing this value requires retraining the model.
model_name (str): Name of the model used for detection ('MLP' or 'ResCNN').
batch_size (int): Training batch size.
pretrain_epochs (int): Number of epochs for pretraining with contrastive learning.
epochs (int): Number of epochs for fine-tuning the model.
threshold_type (str): Strategy for setting the anomaly detection threshold.
"""
def __init__(self):
# Initialize default values
self.n: int = 4 # Number of packets per sample (default: 4)
self.l: int = 60 # Size of each packet in the samples (default: 60)
# Training related
self.model_name: str = 'ResCNN'
self.batch_size: int = 64 # Training batch size
self.pretrain_epochs: int = 2000 # Epochs for pretraining
self.epochs: int = 400 # Epochs for fine tuning
# Inference related arguments
self.threshold_type: str = 'max'
def parse_options(self) -> NoReturn:
"""
Parse command-line arguments and update instance attributes.
Uses `argparse` to parse command-line options related to the LDPI system,
including sniffing, buffering parameters, and anomaly detection sensitivity.
Issues a warning if the user sets different values for 'n' or 'l', as these changes
require retraining the model.
"""
parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter)
# Sniffing and buffering params
parser.add_argument('--n', type=int, default=self.n, help='Number of packets per sample. Changing this requires model retraining.')
parser.add_argument('--l', type=int, default=self.l, help='Size of each packet in the samples. Changing this requires model retraining.')
# Anomaly detection sensitivity parameters
parser.add_argument('--model_name', choices=['MLP', 'ResCNN'], default=self.model_name,
help='Model used for detection (MLP or ResCNN)')
parser.add_argument('--threshold_type', choices=['ninety_nine', 'near_max', 'max', 'hundred_one'], default=self.threshold_type,
help='Threshold strategy for anomaly detection. '
'`ninety_nine` is the 99th percentile threshold. '
'`near_max` is the 99.99th percentile threshold. '
'`max` is the maximum threshold. '
'`hundred_one` is 1% over the `max`.')
args = parser.parse_args()
# Update class attributes with parsed arguments
self.n = args.n
self.l = args.l
self.model_name = args.model_name
self.threshold_type = args.threshold_type
# Issue a warning if 'n' or 'l' are changed from their default values
if self.n != 4 or self.l != 60:
warnings.warn(
"Changing 'n' or 'l' requires retraining/fine-tuning the model. The only available pretrained model on TII-SSRC-23 dataset is with 4 packets of 60 bytes each.")