Skip to content

Home

Jump to bottom Edit New page
Veggie Monster edited this page Oct 2, 2015 · 4 revisions

Welcome to the vengeance wiki!

Vengeance primary design

Road map

First stage

Anton

  1. makes the anomoly detector: the output is anomoly detector and the data stored in a mysql database.

Vmon

  1. Botsniffer will run an edge with less restrictive banjax rules or no swabber (talk to Hugh/Tom about it).

  2. Vengeance add GeoIP data, encrypts the ip and compute l2b vector to a ZMQ socket.

  3. Vengence cluster IP-Session dated n minute ago till now, check the quality of clustering.

  4. If the quality of clustering is high enough and we got a big enough cluster, then mark it as an attack.

  5. Add the attack center to the attack table.

  6. Add the encrypte IPs to the malcious ip list associated with the attack.

First stage result

  • Traffic series all stored in the mysql db.
  • Anomaly detector: talk with ZMQ with the attack classifier.
  • Attack classifier clusters IPs.
  • Attack Classifier classifies attck using Euclidian distance and store the encrypted IP list, their behavoir and the attack center in the DB.
Add a custom footer
Add a custom sidebar

Clone this wiki locally