Wiki
Clone wikipig / Node
Nodes
Nodes are wrapper objects used in the construction of AttackAnalyzer packet analysis machines. Nodes have two attributes:
- A threat level, marking to which state of the parent Threatomaton machine they belong
- A list of Transition objects, denoting possible transitions from this Node to others in the machine.
Nodes contain the following methods:
- Node(threat level value)
- addTransition(Transition object to add)
- processPacket(Packet object) -- returns the destination and score value of the first of the node's transitions that the packet matches; if the packet does not match any transitions, returns (False, 0).
Transitions
Transitions are data structures that have the following attributes:
- dest -- the index in the parent Threatomaton machine's list of nodes of the node to transition to if conditions are matched
- score -- the amount to be added to an attack's total recorded score if the transition is made; essentially, how much this transition is worth
- triggers -- a list of Boolean functions, each comparing a particular field in an input packet to a specific value
Transitions have a grand total of 2 methods:
- Transition(index of destination node, transition score, list of trigger conditions)
- match(Packet object to compare) -- returns the Boolean result of attempting to match the input packet to ALL of the stored trigger conditions.
Updated