Multiple tags concealment now supported for offset/value parameters, ongoing work into path

afmurillo · afmurillo · commit 8d15ad640f71 · 2022-06-29T11:02:42.000+08:00
diff --git a/dhalsim/network_attacks/concealment_netfilter_queue.py b/dhalsim/network_attacks/concealment_netfilter_queue.py
@@ -31,7 +31,7 @@ def __init__(self,  intermediate_yaml_path: Path, yaml_index: int, queue_number:
         if 'concealment_data' in self.intermediate_attack.keys():
             if self.intermediate_attack['concealment_data']['type'] == 'path':
                 self.concealment_type = 'path'
-                self.concealment_data_pd = pd.read_csv(self.intermediate_attack['concealment_data'])
+                self.concealment_data_pd = pd.read_csv(self.intermediate_attack['concealment_data']['path'])
             elif self.intermediate_attack['concealment_data']['type'] == 'value':
                 self.concealment_type = 'value'
             else:
@@ -45,41 +45,45 @@ def get_attack_tag(self, a_tag_name):
                 return tag
 
     def handle_enip_response(self, ip_payload):
-        this_session = int.from_bytes(p[Raw].load[4:8], sys.byteorder)
+        this_session = int.from_bytes(ip_payload[Raw].load[4:8], sys.byteorder)
         this_context = int.from_bytes(ip_payload[Raw].load[12:20], sys.byteorder)
-        this_session_dict = None
+
+        self.logger.debug('ENIP response session: ' + str(this_session))
+        self.logger.debug('ENIP response context: ' + str(this_context))
 
         # Attack values to PLCs
         for session in self.attack_session_ids:
             # We support multi tag sending, using the same session. Context varies among tags
             if session['session'] == this_session and session['context'] == this_context:
-                this_session_dict = session
                 for tag in self.intermediate_attack['tags']:
-                    if this_session_dict['tag'] == tag['tag']:
-                        if 'value' in tag['tag'].keys():
+                    if session['tag'] == tag['tag']:
+                        if 'value' in tag.keys():
                             return translate_float_to_payload(tag['value'], ip_payload[Raw].load)
 
-                        elif 'offset' in tag['tag'].keys():
-                            return translate_float_to_payload(translate_payload_to_float(p[Raw].load) + tag['value'],
+                        elif 'offset' in tag.keys():
+                            return translate_float_to_payload(translate_payload_to_float(ip_payload[Raw].load) + tag['offset'],
                                                               ip_payload[Raw].load)
 
         # Concealment values to SCADA
         for session in self.scada_session_ids:
             if session['session'] == this_session and session['context'] == this_context:
-                this_session_dict = session
-                for tag in self.intermediate_attack['tags']:
-                    if this_session_dict['tag'] == tag['tag']:
-                        self.logger.debug('Concealing to SCADA: ' + str(this_session))
-                        if self.concealment_type == 'path':
+                for tag in self.intermediate_attack['concealment_data']['concealment_value']:
+                    if session['tag'] == tag['tag']:
+                        if self.intermediate_attack['concealment_data']['type'] == 'value':
+                            self.logger.debug('Concealing to SCADA: ' + str(this_session))
+                            concealment_value = tag['value']
+                            self.logger.debug('Concealment value is: ' + str(concealment_value))
+                            return translate_float_to_payload(concealment_value, ip_payload[Raw].load)
+                        elif self.intermediate_attack['concealment_data']['type'] == 'offset':
+                            self.logger.debug('Concealing to SCADA: ' + str(this_session))
+                            return translate_float_to_payload(translate_payload_to_float(ip_payload[Raw].load) + tag['offset'],
+                                                              ip_payload[Raw].load)
+                        elif self.intermediate_attack['concealment_data']['type'] == 'path':
+                            self.logger.debug('Concealing to SCADA: ' + str(this_session))
                             exp = (self.concealment_data_pd['iteration'] == self.get_master_clock())
                             concealment_value = float(self.concealment_data_pd.loc[exp][self.attacked_tags].values[-1])
                             self.logger.debug('Concealing with value: ' + str(concealment_value))
-                            return translate_float_to_payload(concealment_value, ip_payload[Raw].load)
-                        elif self.concealment_type == 'value':
-                            concealment_value = self.intermediate_attack['concealment_data']['concealment_value']
-                            self.logger.debug('Concealment value is: ' + str(concealment_value))
-                            return translate_float_to_payload(concealment_value, ip_payload[Raw].load)
-
+                            p[Raw].load = translate_float_to_payload(concealment_value, p[Raw].load)
 
     def handle_enip_request(self, ip_payload, offset):
 
@@ -90,9 +94,10 @@ def handle_enip_request(self, ip_payload, offset):
         self.logger.debug('this tag is: ' + str(tag_name))
         this_tag = self.get_attack_tag(tag_name)
 
-        self.logger.debug('Tag name: ' + str(tag_name))
-        self.logger.debug('Attack tag: ' + str(this_tag['tag']))
+        #self.logger.debug('Tag name: ' + str(tag_name))
+        #self.logger.debug('Attack tag: ' + str(this_tag['tag']))
         session_dict = {'session': this_session, 'tag': this_tag['tag'], 'context': context}
+        self.logger.debug('session dict: ' + str(session_dict))
 
         if ip_payload[IP].src == self.intermediate_yaml['scada']['public_ip']:
             self.logger.debug('SCADA Req session')
@@ -102,7 +107,6 @@ def handle_enip_request(self, ip_payload, offset):
             self.logger.debug('PLC Req session')
             self.attack_session_ids.append(session_dict)
 
-
     def capture(self, packet):
         """
         This function is the function that will run in the thread started in the setup function.
@@ -123,12 +127,17 @@ def capture(self, packet):
                     packet.set_payload(bytes(p))
                     self.logger.debug(f"Value of network packet for {p[IP].dst} overwritten.")
                     packet.accept()
+                    return
 
                 else:
                     if len(p) == 118:
+                        self.logger.debug('handling request 57')
                         self.handle_enip_request(p, 57)
+                        self.logger.debug('handled request')
                     elif len(p) == 116:
+                        self.logger.debug('handling request 56')
                         self.handle_enip_request(p, 56)
+                        self.logger.debug('handled request')
                     else:
                         packet.accept()
                         return
diff --git a/dhalsim/network_attacks/synced_attack.py b/dhalsim/network_attacks/synced_attack.py
@@ -305,7 +305,6 @@ def main_loop(self):
                 pass
 
             self.set_sync(3)
-            self.logger.debug("Setting sync in 3")
 
     @abstractmethod
     def attack_step(self):
diff --git a/examples/anytown_topology/anytown_concealment_mitm.yaml b/examples/anytown_topology/anytown_concealment_mitm.yaml
@@ -6,7 +6,8 @@ network_attacks:
   value: 8.0
   concealment_data:
     type: value
-    concealment_value: 42.0
+    concealment_value:
+      - tag:
     #type: path
     #path: concealment_test.csv
   trigger:
diff --git a/examples/anytown_topology/anytown_config.yaml b/examples/anytown_topology/anytown_config.yaml
@@ -9,3 +9,4 @@ demand: pdd
 log_level: debug
 demand_patterns: demands_anytown_small.csv
 #attacks: !include anytown_concealment_mitm.yaml
+attacks: !include anytown_dos.yaml
diff --git a/examples/ctown_topology/ctown_concealment_mitm.yaml b/examples/ctown_topology/ctown_concealment_mitm.yaml
diff --git a/examples/ctown_topology/ctown_concealment_mitm_path.yaml b/examples/ctown_topology/ctown_concealment_mitm_path.yaml
@@ -0,0 +1,18 @@
+network_attacks:
+- name: plc4attack
+  type: concealment_mitm
+  tags:
+    - tag: T3
+      value: 8.0
+    - tag: T4
+      value: 8.0
+  target: PLC4
+  concealment_data:
+    type: path
+    path: concealment_test.csv
+  trigger:
+    #start: 648
+    #end: 792
+    start: 10
+    end: 15
+    type: time
diff --git a/examples/ctown_topology/ctown_concealment_mitm_value.yaml b/examples/ctown_topology/ctown_concealment_mitm_value.yaml
@@ -0,0 +1,20 @@
+network_attacks:
+- name: plc4attack
+  type: concealment_mitm
+  tags:
+    - tag: T3
+      offset: 10.0
+    - tag: T4
+      offset: 10.0
+  target: PLC4
+  concealment_data:
+    type: value
+    concealment_value:
+      - tag: T3
+        value: 42.0
+      - tag: T4
+        value: 84.0
+  trigger:
+    start: 648
+    end: 792
+    type: time
diff --git a/examples/ctown_topology/ctown_config.yaml b/examples/ctown_topology/ctown_config.yaml
@@ -1,9 +1,10 @@
 inp_file: ctown_map.inp
-iterations: 2880
+#iterations: 2880
+iterations: 20
 network_topology_type: complex
 plcs: !include ctown_plcs.yaml
 
 log_level: debug
 simulator: epynet
 demand: pdd
-attacks: !include ctown_concealment_mitm.yaml
+attacks: !include ctown_concealment_mitm_path.yaml
diff --git a/examples/ctown_topology/ctown_plcs.yaml b/examples/ctown_topology/ctown_plcs.yaml
@@ -33,6 +33,7 @@
 - name: PLC4 # PLC4, T3,
   sensors:
     - T3
+    - T4
 - name: PLC5 # PLC5, PU8F PU10F PU11F J302 J306 J307 J317, PU8 PU10 PU11
   sensors:
     - PU8F
@@ -46,9 +47,9 @@
     - PU8
     - PU10
     - PU11
-- name: PLC6 # PLC6, T4,
-  sensors:
-    - T4
+#- name: PLC6 # PLC6, T4,
+#  sensors:
+#    - T4
 - name: PLC7 # PLC7, T5,
   sensors:
     - T5
