Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/egida-kassandra/kassandra
Analysis of HTTP traffic and detection of anomalous user behavior in allowed actions. UEBA system.
https://github.com/egida-kassandra/kassandra
anomaly-detection http ueba unsupervised-learning
Last synced: 4 days ago
JSON representation
Analysis of HTTP traffic and detection of anomalous user behavior in allowed actions. UEBA system.
- Host: GitHub
- URL: https://github.com/egida-kassandra/kassandra
- Owner: Egida-Kassandra
- Created: 2020-01-22T16:54:04.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2023-02-15T23:15:54.000Z (over 1 year ago)
- Last Synced: 2024-01-09T17:27:19.652Z (10 months ago)
- Topics: anomaly-detection, http, ueba, unsupervised-learning
- Language: Python
- Homepage:
- Size: 10.4 MB
- Stars: 13
- Watchers: 2
- Forks: 4
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# kassandra
[](https://github.com/albact7/kassandra)
[](https://github.com/albact7/kassandra/blob/master/LICENSE)
[](https://github.com/albact7/kassandra/releases)
## Table of Contents
* [About the Project](#about-the-project)
* [Prerequisites](#prerequisites)
* [Installation](#installation)
* [Getting Started](#getting-started)
* [Running Tests](#running-tests)
* [Run Dockerfile](#run-dockerfile)
* [License](#license)
* [Contact](#contact)
## About the Project
Kassandra analyzes user activity and detects anomalous behaviour in HTTP requests that could be identified as non-malicious by other systems. Kassandra allows designing of anomaly detection policies. Kassandra is part of the project Egida and Kassandra, Egida can be checked here.
## Prerequisites
#### Prepare environment
##### Install Python 3 and pip
```bash
apt install -y python3 pip3 virtualenv
```
## Installation
#### 1. Download the source from [here](https://github.com/albact7/kassandra/releases).
#### 2. Create virtualenv
```python
virtualenv -p /usr/bin/python3 venv
source venv/bin/activate
```
#### 3. Install requirements
Run install.bat
## Getting started
To start running Kassandra run the following on the root folder of the project.
```bash
python kassandra.py
```
This will run an UDP server in localhost:5000, configure your proxy to point to that address.
### Try on my own
#### Needed files
To test Kassandra with you own files you should change [here](https://github.com/albact7/kassandra/blob/master/kassandra.py) the path to those files.
You will need:
1. Train file. Log file with a huge number (40000 is OK) of HTTP requests of a server.
2. Test file. Log file with some HTTP requests for testing.
#### Designing of anomaly detection policies
You can also customize the anomaly values obtained by editing [config.yml](https://github.com/albact7/kassandra/blob/master/kass_nn/config/config.yml)
* Danger values are reserved to change the weigh for each characteristc
* Extended Isolation Forests are reserved for adjust the Machine Learning model to the training data
## Running tests
To run Kassandra with your own requests and test the model, run the following command and introduce the HTTP request corresponding log.
```bash
python kassandra-app.py
```
## Run Dockerfile
### 1. Build
```bash
docker image build -t kassandra .
```
### 2. Run
```bash
docker run -p kassandra
```
## License
Distributed under the Apache 2.0 License. See `LICENSE` for more information.
## Contact
Authors:
* [Alba Cotarelo Tuñón](https://www.albact.ml/)
* [Antonio Payá González](https://antoniopg.tk)
* [Jose Manuel Redondo Lopez](http://orcid.org/0000-0002-0939-0186)
Project Link: [https://github.com/Egida-Kassandra/kassandra](https://github.com/Egida-Kassandra/kassandra)
