Commit 9b5bb261 authored by Gurvinder Singh's avatar Gurvinder Singh

initial commit

parent 7d0da205
BINDIR=/usr/local/sbin
CONFDIR=/etc/voipade
INITDIR=/etc/init.d
build:
@echo "You need libmysqlclient-dev and libpyaml-dev to compile VoIPADE."
${MAKE} -C src/
clean:
${MAKE} -C src/ $@
install:
# binary
install -d ${BINDIR}
install -m 755 -o root -g root src/voipade ${BINDIR}/voipade
# config
install -d ${CONFDIR}
install -m 644 -o root -g root conf/*.yaml ${CONFDIR}/
install -m 755 -o root -g root conf/start_voipade.sh ${CONFDIR}/
# init script
install -m 755 -o root -g root init/voipade ${INITDIR}/
uninstall:
# binary
rm -rf ${BINDIR}/voipade
# config
rm -rf ${CONFDIR}/
# init script
rm -rf ${INITDIR}/voipade
/usr/local/sbin/voipade -c /etc/voipade/test.yaml -D
%YAML 1.1
---
# Institution name for which we are running the anomaly detection engine.
institution: xxxxxxxxxxxxxxxxxx
# Define the run mode for the anomaly detection system. options are "online
# or offline". In online mode VoIPADE will run continuously, until it will be
# killed or system has been crashed. In the offline mode, it will read the
# given database for the CDR records and will detect the attacks, until the
# provided ending-date has been reached and after that VoIPADE will shut down.
run-mode: online
#ending-date: '2011-05-01 00:00:00'
# CDR Database Connection Information. To fetch the cdr records and run
# the anomaly detection algorithm.
cdr-database:
type: mysql
host: mysql.test.no
username: test
password: test
database-name: test
table: sbc_cdr
port: 3306
# Alert Database Connection Information. To log the CDR record which causes
# the alert to be raised.
alert-database:
type: mysql
host: mysql.test.no
username: test
password: test
database-name: test
table: sbc_cdr
port: 3306
# Threshold Database Connection Information. To store the threshold value to
# restore information in case of system crash or VoIPADE died.
threshold-database:
type: mysql
host: mysql.test.no
username: test
password: test
database-name: test
table: sbc_cdr
port: 3306
# Logging level for the VoIPADE detection engine. Options are
# info, debug or error
logging-mode: info
# Log file name
logging-filename: '/var/log/voipade_test.log'
# PID file name
pid-filename: '/var/run/voipade_test.pid'
# Define the alert mode, in which the alert should be sent.
# The options are syslog, hobbit or both. In case of hobbit/both define
# the alert file full path and name as provided in the hobbit server
# configuration.
alert-mode: hobbit
alert-file: '/var/log/voipade_test.alert'
# Set the timezone
time-zone: Europe/Oslo
# Calltype for which you want to run the detection engine. The options
# are "International,Mobile,Premium,Service,Domestic,Emergency". If you
# want to run the VoIPADE engine for all call types, then specify call-type
# as "All".
call-type: "International,Mobile,Premium,Service"
# Default parameter values for anomaly detection algorithm. The sensitivity
# value tells the engine how sensitive the engine should be to the changes
# in the call pattern. Its value should be higher than 1.0. As a general rule,
# if the call traffic is low then value should be near to lower end and vice-
# versa.The adaptability value tells the engine how to adapt to the small
# changes in the call placing behavior of the monitoring institution. Its value
# should be in the range of (0.0-1.0). The interval value tells the engine,
# after how much duration engine should scan the placed calls. Engine fetched
# the call records from CDR database, which occurred from the previous scanned
# time plus the given interval and try to detect the anomaly in the call
# pattern.
ad-algo:
sensitivity: 1.3
adaptability: 0.25
interval: 10
threshold-restore: 'yes'
call-freq: 5
call-duration: 30
# Default values (minutes) of allowed calls in the given interval for each
# paid calltype
call-duration:
day-mobile: 60
day-premium: 45
day-international: 60
night-mobile: 45
night-premium: 30
night-international: 30
# Default values (minutes) of allowed calls in the given interval for each
# paid calltype
call-frequency:
day-mobile: 10
day-premium: 5
day-international: 5
night-mobile: 8
night-premium: 3
night-international: 3
# Office working hours values for starting and ending time hours
# (in 1-24 hour clock format)
office-time:
start_time: 7
end_time: 17
# Specify the initial time stamp from whcih training period will start and
# training-period (minutes) for which you wants to train the engine
# since the initial-timestamp. Default value is one week period. If you
# want to start the detection from a specific time, then specify the
# value as detection-start-ts.
initial-timestamp: '2013-01-03 08:00:00'
training-period: 2880
#detection-start-ts: '2013-04-26 16:00:00'
This diff is collapsed.
#### VoipADE ####
#! /bin/sh
### BEGIN INIT INFO
# Provides: VoipADE engine
# Required-Start: $network
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: SIPGuru daemon, providing a useful voipade service
### END INIT INFO
case "$1" in
start)
echo -n "Starting voipade..."
echo ""
#To run it as root:
/etc/voipade/start_voipade.sh
;;
stop)
echo -n "Stopping voipade..."
echo ""
#To run it as root:
killall -s SIGTERM voipade
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
;;
*)
echo "Usage: /etc/init.d/voipade {start|stop|restart}"
exit 1
esac
exit 0
#Makefile
CC=gcc
LDFLAGS= -lyaml -lm -lmysqlclient
DCFLAGS=-g
PCFLAGS=-g -pg
ifneq (${DEBUG},)
CFLAGS = -g -DDEBUG -Wall -Wno-pointer-sign -Wno-nonnull
endif
OBJECTS = util-log.o util-detection.o util-alert.o util-cdr.o util-conf.o voipade.o
all: voipade
voipade: $(OBJECTS)
$(CC) $(PCFLAGS) -o $@ $(OBJECTS) $(LDFLAGS)
debug:
${MAKE} DEBUG=y
profile:
${MAKE} CFLAGS+='${PCFLAGS}'
clean:
-rm -v $(OBJECTS)
-rm voipade
indent:
find -type f -name '*.[ch]' | xargs indent -kr -i4 -cdb -sc -sob -ss -ncs -ts8 -nut
# oldschool header file dependency checking.
deps:
-rm -f deps.d
for i in $(subst .o,.c,$(OBJECTS)); do gcc -MM $$i >> deps.d; done
ifneq ($(wildcard deps.d),)
include deps.d
endif
tags: *.h *.c
ctags -R
This diff is collapsed.
This diff is collapsed.
/* Copyright (c) 2010 UNINETT AS
*
* This file is a part of VoIPADE engine.
*
* VoIPADE is a free software, You can copy, redistribute or modify this
* Program under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* VoIPADE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/*
* File: util-alert.h
* Author: Gurvinder Singh <gurvinder.singh@uninett.no>
*/
#ifndef _UTIL_ALERT_H
#define _UTIL_ALERT_H
#include <syslog.h>
#include <mysql/mysql.h>
#define SIP_ALERT_IFACE_SYSLOG 0x01
#define SIP_ALERT_IFACE_HOBBIT 0x02
typedef struct SipAlertCtx_ {
char *filename;
uint8_t iface;
FILE *file_descr;
}SipAlertCtx;
int SipAlertInitNotification();
void SipAlertNotification(char *, MYSQL_RES **);
void SipAlertDeInitCtx();
int SipLogAlertDB(MYSQL_RES *);
#endif /* _UTIL_ALERT_H */
/* Copyright (c) 2010 UNINETT AS
*
* This file is a part of VoIPADE engine.
*
* VoIPADE is a free software, You can copy, redistribute or modify this
* Program under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* VoIPADE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/*
* File: util-cdr.c
* Author: Gurvinder Singh <gurvinder.singh@uninett.no>
*/
#include "voipade.h"
#include "util-cdr.h"
#include "util-log.h"
#include "util-conf.h"
my_bool reconnect = 1;
/**
* \brief Function to make the connection to the cdr database.
*
* @return upon success, it returns pointer to the connection of cdr database,
* upon failure it returns NULL
*/
MYSQL *SipInitCdr()
{
MYSQL *conn = SipConnectDB("cdr-database");
if (conn == NULL) {
return NULL;
}
return conn;
}
/**
* \brief Function used to connect to the given data base with the provided
* credentials. It fecthes the credentials from the config file for the
* given database.
*
* @param conn_dbname pointer to the database name to which connection has to
* be made.
*
* @return on success it returns the MYSQL object, on failure programs will
* exit as it is a fatal error.
*/
MYSQL *SipConnectDB(char *conn_dbname)
{
char *host;
char *dbname;
char *user;
char * password;
char *port;
MYSQL *conn = NULL;
char node_name[50];
/* Get the database connection information from the configuration file */
snprintf(node_name, sizeof(node_name), "%s.host",conn_dbname);
if (SipConfGet(node_name, &host) != 1) {
host = calloc(1, sizeof("localhost"));
host = "localhost";
}
snprintf(node_name, sizeof(node_name), "%s.username",conn_dbname);
if (SipConfGet(node_name, &user) != 1) {
user = calloc(1, sizeof("postgres"));
user = "postgres";
}
snprintf(node_name, sizeof(node_name), "%s.password",conn_dbname);
if (SipConfGet(node_name, &password) != 1) {
password = NULL;
}
snprintf(node_name, sizeof(node_name), "%s.database-name",conn_dbname);
if (SipConfGet(node_name, &dbname) != 1) {
dbname = calloc(1, sizeof("mydb"));
dbname = "mydb";
}
snprintf(node_name, sizeof(node_name), "%s.port",conn_dbname);
if (SipConfGet(node_name, &port) != 1) {
port = calloc(1, sizeof("5432"));
port = "5432";
}
/* connect to the data base with the provided connection information */
conn = mysql_init(NULL);
mysql_options(conn, MYSQL_OPT_RECONNECT, &reconnect);
int pt = atoi(port);
if (!mysql_real_connect(conn, host, user, password, dbname, pt, NULL, 0)) {
SipLog(SIP_LOG_ERROR, SIP_LOG_LOCATION, "Failed in making the"
" database connection \"%s\"", mysql_error(conn));
SipDone();
}
/* we don't need to keep password in the memory any longer */
if (password != NULL)
memset(password, 0, strlen(password));
return conn;
}
/**
* \brief Function to make the given query to the databse connected to the
* conn object
*
* @param conn Connection to the provided data base
* @param query Query string which tells that what data is required
*
* @return On failure function returns null pointer, otherwise the function
* returns the MYSQL_RES object which points to the required data
*
*/
MYSQL_RES *SipGetCdr(MYSQL *conn, const char *query)
{
MYSQL_RES *result = NULL;
/* Get the required data from the data base connected to the given
* connection */
if (mysql_query(conn, query)) {
if (mysql_query(conn, query)) {
SipLog(SIP_LOG_ERROR, SIP_LOG_LOCATION, "Failed in making the"
" given query \"%s\"", mysql_error(conn));
return NULL;
}
}
result = mysql_use_result(conn);
/*MYSQL_ROW row;
while ((row = mysql_fetch_row(result)) != NULL)
printf("%s \n", row[0]);*/
return result;
}
/* Copyright (c) 2010 UNINETT AS
*
* This file is a part of VoIPADE engine.
*
* VoIPADE is a free software, You can copy, redistribute or modify this
* Program under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* VoIPADE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/*
* File: util-cdr.h
* Author: Gurvinder Singh <gurvinder.singh@uninett.no>
*
* Created on April 6, 2010, 2:43 PM
*/
#ifndef _UTIL_CDR_H
#define _UTIL_CDR_H
#include <mysql/mysql.h>
MYSQL *SipInitCdr();
MYSQL *SipConnectDB(char *);
MYSQL_RES *SipGetCdr(MYSQL *, const char *);
#endif /* _UTIL_CDR_H */
This diff is collapsed.
/* Copyright (c) 2010 UNINETT AS
*
* This file is a part of VoIPADE engine.
*
* VoIPADE is a free software, You can copy, redistribute or modify this
* Program under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* VoIPADE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/*
* File: util-conf.h
* Author: Gurvinder Singh <gurvinder.singh@uninett.no>
*/
#ifndef _UTIL_CONF_H
#define _UTIL_CONF_H
#include <yaml.h>
#include <errno.h>
#include "queue.h"
/* YAML library version */
#define YAML_MAJOR_VER 1
#define YAML_MINOR_VER 1
/* Configuration parsing state */
#define CONF_STATE_KEY 0
#define CONF_STATE_VALUE 1
/* Default name length for nodes in the configuration file */
#define DEFAULT_NODE_NAME_LEN 24
/**
* Structure of a configuration parameter.
*/
typedef struct SipConfNode_ {
char *name;
char *val;
int is_seq;
int allow_override;
struct SipConfNode_ *parent;
TAILQ_HEAD(, SipConfNode_) head;
TAILQ_ENTRY(SipConfNode_) next;
} SipConfNode;
int SipConfYamlLoadFile(const char *);
int SipConfInit(const char *);
const char *SipConfNodeLookupChildValue(SipConfNode *, const char *);
SipConfNode *SipConfGetNode(char *);
void SipConfDeInit(void);
int SipConfGet(char *, char **);
#endif /* _UTIL_CONF_H */
This diff is collapsed.
/* Copyright (c) 2010 UNINETT AS
*
* This file is a part of VoIPADE engine.
*
* VoIPADE is a free software, You can copy, redistribute or modify this
* Program under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* VoIPADE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/*
* File: util-detection.h
* Author: Gurvinder Singh <gurvinder.singh@uninett.no>
*/
#ifndef _UTIL_DETECTION_H
#define _UTIL_DETECTION_H
#include <math.h>
#include <netinet/in.h>
#include <inttypes.h>
#include <mysql/mysql.h>
#define CALLTYPE_INACTIVE 0x00
#define CALLTYPE_ACTIVE 0x01
#define DEFAULT_CALLTYPE_LEN 75
#define THRESHOLD_RESTORED 0x01
#define CLEAR_HD(hd) { \
(hd)->num_total = 0; \
(hd)->dur_total = 0; \
(hd)->distance_value = 0.0; \
(hd)->mean_deviation = 0.0; \
(hd)->threshold = 0.0; \
uint8_t i; \
for(i = 0; i < MAX_CALLTYPE; i++) { \
(hd)->call[i].name = NULL; \
(hd)->call[i].p_freq = 0.0; \
(hd)->call[i].p_dur = 0.0; \
(hd)->call[i].num = 0; \
(hd)->call[i].dur = 0; \
(hd)->call[i].flag = CALLTYPE_INACTIVE; \
} \
}
enum {
INTERNATIONAL = 0,
MOBILE,
PREMIUM,
SERVICE,
DOMESTIC,
EMERGENCY,
MAX_CALLTYPE, /* Keep it last always */
};
typedef struct CallType_{
char *name;
double p_freq;
uint32_t num;
double p_dur;
uint32_t dur;
uint8_t flag;
}CallType;
typedef struct HellingerDistance {
CallType call[MAX_CALLTYPE];
uint64_t num_total;
uint64_t dur_total;
double distance_value;
double mean_deviation;
double threshold;
uint8_t flags;
}Hd;
int SipInitAnomalyDetection();
int SipAnomalyDetection(MYSQL *, MYSQL_RES **, char *);
int SipTrainingAnomalyDetection(MYSQL *);
void SipDeinitAnomalyDetection();
char *SipGetTimeStamp();
int SipTrainingInitThreshold(MYSQL *);
int SipAnomalyStoreThreshold();
#endif /* _UTIL_DETECTION_H */
/* Copyright (c) 2010 UNINETT AS
*
* This file is a part of VoIPADE engine.
*
* VoIPADE is a free software, You can copy, redistribute or modify this
* Program under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* VoIPADE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/*
* File: util-log.c
* Author: Gurvinder Singh <gurvinder.singh@uninett.no>
*/
#include <time.h>
#include "voipade.h"
#include "util-log.h"
#include "util-conf.h"
int log_level = SIP_LOG_ERROR;
char *logfile = NULL;
FILE *logfd = NULL;
char *timeZone = NULL;
char tz[25];
char timeT[30];
/**
* \brief Function intialize the log level from the config file
*/
void SipInitLog()
{
char *mode = NULL;
if ((SipConfGet("logging-mode", &mode)) == 1) {
/* check the logging mode given in the config file */
if (strcmp(mode, "error") == 0) {
log_level = SIP_LOG_ERROR;
} else if (strcmp(mode, "info") == 0) {
log_level = SIP_LOG_INFO;
} else {
log_level = SIP_LOG_DEBUG;
}
}
if ((SipConfGet("time-zone", &timeZone)) != 1) {
timeZone = TIMEZONE;
}
snprintf(tz, 23, "TZ=%s",timeZone);
if ((SipConfGet("logging-filename", &logfile)) != 1) {
logfile = LOGFILE;
}
logfd = fopen(logfile, "a+");
if (logfd == NULL) {
printf("Error in opening log file:%s\n", logfile);
exit(EXIT_FAILURE);
}
}
char *GetTime() {
struct timeval tval;
struct tm *tms = NULL;
putenv(tz);
tzset();
gettimeofday(&tval, NULL);
tms = localtime(&tval.tv_sec);
snprintf(timeT, 29, "%04d-%02d-%02d %02d:%02d:%02d", tms->tm_year + 1900, tms->tm_mon
+ 1, tms->tm_mday, tms->tm_hour, tms->tm_min, tms->tm_sec);
return timeT;
}
/**
* \brief Function to log the given message with the privded log level to the
* given file
*
* @param level log level to which the given message belongs
* @param filename pointer to the filename from which the message is going
* to be logged
* @param line line number in the given file, from where the message has
* originated
* @param fmt pointer format string to print the given message
*/
void SipLog(int level, char *filename, int line, const char *fmt, ...)
{
if ((log_level > level) || (log_level == 0))
return;
char buf[1024];
va_list args;
va_start(args, fmt);
GetTime();
int r = vsnprintf(buf, 1023, fmt, args);
if (r < 0) {
snprintf(buf, 1024, "[vnsprintf returned error %d]", r);
}
/* Indicate overflow with a '+' at the end */
if (r > 1023) {
buf[1022] = '+';
buf[1023] = '\0';
}
if (logfd == NULL) {
switch(level) {
case SIP_LOG_INFO:
fprintf(stdout, "[%s] <INFO> %s\n", timeT, buf);
break;
case SIP_LOG_DEBUG: