Skip to content
/ kassandra Public

Analysis of HTTP traffic and detection of anomalous user behavior in allowed actions. UEBA system.

21 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Egida-Kassandra/kassandra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

97 Commits
.vscode
.vscode
 
 
docs
docs
 
 
img
img
 
 
kass_nn
kass_nn
 
 
lib
lib
 
 
tests_documentation
tests_documentation
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
dangerousness_svg.png
dangerousness_svg.png
 
 
dangerousness_svg.svg
dangerousness_svg.svg
 
 
install.bat
install.bat
 
 
install.sh
install.sh
 
 
kassandra-app.py
kassandra-app.py
 
 
kassandra.py
kassandra.py
 
 
mkdocs.yml
mkdocs.yml
 
 
requirements.txt
requirements.txt
 
 
run.bat
run.bat
 
 
tst_kassandra.py
tst_kassandra.py
 
 
tst_level_1.py
tst_level_1.py
 
 
tst_level_2.py
tst_level_2.py
 
 
tst_level_2_foreach_ip_min_vs_url.py
tst_level_2_foreach_ip_min_vs_url.py
 
 
tst_level_2_min_file_ext.py
tst_level_2_min_file_ext.py
 
 
tst_level_2_min_long_req.py
tst_level_2_min_long_req.py
 
 
tst_level_2_min_meth.py
tst_level_2_min_meth.py
 
 
tst_level_2_min_url_directory.py
tst_level_2_min_url_directory.py
 
 

Repository files navigation

kassandra

KASSANDRA VERSION GitHub license GitHub release


Table of Contents

About the Project

Kassandra analyzes user activity and detects anomalous behaviour in HTTP requests that could be identified as non-malicious by other systems. Kassandra allows designing of anomaly detection policies. Kassandra is part of the project Egida and Kassandra, Egida can be checked here.

Prerequisites

Prepare environment

Install Python 3 and pip
apt install -y python3 pip3 virtualenv

Installation

1. Download the source from here.

2. Create virtualenv

virtualenv -p /usr/bin/python3 venv
source venv/bin/activate

3. Install requirements

Run install.bat

Getting started

To start running Kassandra run the following on the root folder of the project.

python kassandra.py

This will run an UDP server in localhost:5000, configure your proxy to point to that address.

Try on my own

Needed files

To test Kassandra with you own files you should change here the path to those files. You will need:

  1. Train file. Log file with a huge number (40000 is OK) of HTTP requests of a server.
  2. Test file. Log file with some HTTP requests for testing.

Designing of anomaly detection policies

You can also customize the anomaly values obtained by editing config.yml

  • Danger values are reserved to change the weigh for each characteristc
  • Extended Isolation Forests are reserved for adjust the Machine Learning model to the training data

Running tests

To run Kassandra with your own requests and test the model, run the following command and introduce the HTTP request corresponding log.

python kassandra-app.py

Run Dockerfile

1. Build

docker image build -t kassandra .

2. Run

docker run -p kassandra

License

Distributed under the Apache 2.0 License. See LICENSE for more information.

Contact

Authors:

Project Link: https://github.com/Egida-Kassandra/kassandra

About

Analysis of HTTP traffic and detection of anomalous user behavior in allowed actions. UEBA system.

Topics

http unsupervised-learning anomaly-detection ueba

Resources

Readme
Activity
Custom properties

Stars

21 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages