Skip to content
/ kassandra Public

Analysis of HTTP traffic and detection of anomalous user behavior in allowed actions. UEBA system.

16 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Egida-Kassandra/kassandra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

97 Commits

.vscode

.vscode

 
 

docs

docs

 
 

img

img

 
 

kass_nn

kass_nn

 
 

lib

lib

 
 

tests_documentation

tests_documentation

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

dangerousness_svg.png

dangerousness_svg.png

 
 

dangerousness_svg.svg

dangerousness_svg.svg

 
 

install.bat

install.bat

 
 

install.sh

install.sh

 
 

kassandra-app.py

kassandra-app.py

 
 

kassandra.py

kassandra.py

 
 

mkdocs.yml

mkdocs.yml

 
 

requirements.txt

requirements.txt

 
 

run.bat

run.bat

 
 

tst_kassandra.py

tst_kassandra.py

 
 

tst_level_1.py

tst_level_1.py

 
 

tst_level_2.py

tst_level_2.py

 
 

tst_level_2_foreach_ip_min_vs_url.py

tst_level_2_foreach_ip_min_vs_url.py

 
 

tst_level_2_min_file_ext.py

tst_level_2_min_file_ext.py

 
 

tst_level_2_min_long_req.py

tst_level_2_min_long_req.py

 
 

tst_level_2_min_meth.py

tst_level_2_min_meth.py

 
 

tst_level_2_min_url_directory.py

tst_level_2_min_url_directory.py

 
 

Repository files navigation

kassandra

KASSANDRA VERSION GitHub license GitHub release


Table of Contents

About the Project

Kassandra analyzes user activity and detects anomalous behaviour in HTTP requests that could be identified as non-malicious by other systems. Kassandra allows designing of anomaly detection policies. Kassandra is part of the project Egida and Kassandra, Egida can be checked here.

Prerequisites

Prepare environment

Install Python 3 and pip
apt install -y python3 pip3 virtualenv

Installation

1. Download the source from here.

2. Create virtualenv

virtualenv -p /usr/bin/python3 venv
source venv/bin/activate

3. Install requirements

Run install.bat

Getting started

To start running Kassandra run the following on the root folder of the project.

python kassandra.py

This will run an UDP server in localhost:5000, configure your proxy to point to that address.

Try on my own

Needed files

To test Kassandra with you own files you should change here the path to those files. You will need:

  1. Train file. Log file with a huge number (40000 is OK) of HTTP requests of a server.
  2. Test file. Log file with some HTTP requests for testing.

Designing of anomaly detection policies

You can also customize the anomaly values obtained by editing config.yml

  • Danger values are reserved to change the weigh for each characteristc
  • Extended Isolation Forests are reserved for adjust the Machine Learning model to the training data

Running tests

To run Kassandra with your own requests and test the model, run the following command and introduce the HTTP request corresponding log.

python kassandra-app.py

Run Dockerfile

1. Build

docker image build -t kassandra .

2. Run

docker run -p kassandra

License

Distributed under the Apache 2.0 License. See LICENSE for more information.

Contact

Authors:

Project Link: https://github.com/Egida-Kassandra/kassandra

About

Analysis of HTTP traffic and detection of anomalous user behavior in allowed actions. UEBA system.

Topics

http unsupervised-learning anomaly-detection ueba

Resources

Readme
Activity
Custom properties

Stars

16 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages