kassandra

Table of Contents

• About the Project
• Prerequisites
• Installation
• Getting Started
• Running Tests
• Run Dockerfile
• License
• Contact

About the Project

Kassandra analyzes user activity and detects anomalous behaviour in HTTP requests that could be identifies as non-malicious by other systems. Kassandra allows designing of anomaly detection policies.

Prerequisites

Prepare environment

Install Python 3 and pip

apt install -y python3 pip3 virtualenv

Installation

1. Download the source from here.

2. Create virtualenv

virtualenv -p /usr/bin/python3 venv
source venv/bin/activate

3. Install requirements

Run install.bat

Getting started

To start running Kassandra 0.1 run the following on the root folder of the project.

python kassandra.py

This will run an example by default.

Try on my own

Needed files

To test Kassandra with you own files you should change here the path to those files. You will need: 1. Train file. Log file with a huge number (40000 is OK) of HTTP requests of a server. 2. Test file. Log file with some HTTP requests for testing.

Designing of anomaly detection policies

You can also customize the anomaly values obtained by editing config.yml * Danger values are reserved to change the weigh for each characteristc * Extended Isolation Forests are reserved for adjust the Machine Learning model to the training data

Running tests

To run any test run the following command, being "test_file" any of the files present on the root folder like "tst_level_*.py".

python filename

Each test file can be edited to run a different set of HTTP requests, modify the corresponding file name according to: * Level 1 tests in here * Level 2 tests in here

Run Dockerfile

1. Build

docker image build -t kassandra .

2. Run

docker run -p kassandra

License

Distributed under the Apache 2.0 License. See LICENSE for more information.

Contact

Authors:

• Alba Cotarelo Tuñón
• Antonio Payá González
• Jose Manuel Redondo Lopez

Project Link: https://github.com/albact7/kassandra