Nodes

Nodes are wrapper objects used in the construction of AttackAnalyzer packet analysis machines. Nodes have two attributes:

• A threat level, marking to which state of the parent Threatomaton machine they belong
• A list of Transition objects, denoting possible transitions from this Node to others in the machine.

Nodes contain the following methods:

• Node(threat level value)
• addTransition(Transition object to add)
• processPacket(Packet object) -- returns the destination and score value of the first of the node's transitions that the packet matches; if the packet does not match any transitions, returns (False, 0).

Transitions

Transitions are data structures that have the following attributes:

• dest -- the index in the parent Threatomaton machine's list of nodes of the node to transition to if conditions are matched
• score -- the amount to be added to an attack's total recorded score if the transition is made; essentially, how much this transition is worth
• triggers -- a list of Boolean functions, each comparing a particular field in an input packet to a specific value

Transitions have a grand total of 2 methods:

• Transition(index of destination node, transition score, list of trigger conditions)
• match(Packet object to compare) -- returns the Boolean result of attempting to match the input packet to ALL of the stored trigger conditions.