# AttackTracer

**Repository Path**: cnotech/AttackTracer

## Basic Information

- **Project Name**: AttackTracer
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2020-07-06
- **Last Updated**: 2020-12-19

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# AttackTracer

AttackTracer system comprises three types of nodes and four types of modules, node type is determined by the module runs on the particular node(One node can have several moduels run on it though).

Node type includes: information collector, data analyzer, system manager.

AttackTracer has four modules: Tracker, Sting Honeypot, Analyzer, Tracing Engine.

| node type             | module name   | function                                                             |
| --------------------- | ------------- | -------------------------------------------------------------------- |
| information collector | Tracker       | network stream capturing, log collection, network topology detection |
| information collector | StingHoneypot | interactive honeypot, sting function, hook function                  |
| data analyzer         | Analyzer      | data storage, ML based attack detection                              |
| system manager        | TracingEngine | system overview, node manager, tracing information combiner          |

## Debugging
```shell
cd ~/go/src
git clone git@github.com:Houwenda/AttackTracer.git
```

### Configuration
```shell
# sudo su
mkdir /etc/AttackTracer
cd /etc/AttackTracer
ln -s ~/go/src/AttackTracer/Analyzer/config/analyzer.yaml
ln -s ~/go/src/AttackTracer/Tracker/config/tracker.yaml 
ln -s ~/go/src/AttackTracer/TracingEngine/config/tracing_engine.yaml
```

### Starting order
Run modules in Goland.
1. TracingEngine/main.go
2. Analyzer/ML(Machine Learning module Installation guide can be found in Analyzer/ML/README.md)
3. Analyzer/main.go
4. Tracker/main.go & StingHoneypot

debug gRPC connection in details
```shell
cd ~/go/src/AttackTracer
GODEBUG=http2debug=2 go run TracingEngine/main.go
GODEBUG=http2debug=2 go run Analyzer/main.go
GODEBUG=http2debug=2 go run Tracker/main.go
```

### gRPC Compilation
```shell
# export PATH=$PATH:$HOME/go/bin
# export PATH=$PATH:/usr/local/go/bin
cd ~/go/src/AttackTracer/RpcMessage/
protoc --proto_path=./ --go_out=plugins=grpc:. *.proto
```