-
Notifications
You must be signed in to change notification settings - Fork 9
Message Format
Veggie Monster edited this page Nov 27, 2015
·
4 revisions
Anomaly detector to Attack classifier:
Anomaly detector send an encrypted json messages using zmq pubsub api. Is shared secret AES128Bit. It publishes the message on tcp port 8099 by default.
The zmq message has the following format:
"greymemory_packet" AES-GCM(IV:12|ENRYPTED_MESSAGE|AUTHDATA_16BYTE)
The decrypted message has the following format
- Anonmaly start message:
({ "message type": "anomaly started", "dnet": STRING, "channel": STRING, "anomaly rate" : FLOAT, "time stamp" : "YYYY-MM-DD HH:MM:SS" })
- Anomaly finished message
{ "message type": "anomaly stopped", "dnet": STRING, "channel": STRING, "anomaly rate" : FLOAT, "time stamp" : "YYYY-MM-DD HH:MM:SS" }
The anomaly detector send only one anomaly message per continous anomaly even if the anomoly lasted 1 hour for example.