model

package
v0.0.0-...-e27b971 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 30, 2025 License: AGPL-3.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DEEP_LEXICAL_INFERENCING  = iota
	STATIC_BENIGN_INFERENCING // node agent found no further deep lexical analysis required its benign and can be procceed to leave the user space
)

Variables

This section is empty.

Functions

func CheckMxTxtNullRecordInQuestions 

func CheckMxTxtNullRecordInQuestions(dns_packet *layers.DNS, features []DNSFeatures) bool

for now verify and drop if its mail or null records

func DomainVarsCount 

func DomainVarsCount(dns_label string) (int, int, int)

func Entropy 

func Entropy(dns_label []string) float32

func EntropyLabel 

func EntropyLabel(dns_label string) float64

func GenerateFloatVectors 

func GenerateFloatVectors(features []DNSFeatures, onnx *OnnxModel) [][]float32

func GetCurrentLoggedExfiltratedProcessids 

func GetCurrentLoggedExfiltratedProcessids() map[uint32]int

func HandleKernelDroppedPacket 

func HandleKernelDroppedPacket[T progs.Protocol](
	ctx context.Context, dnsLayer gopacket.Layer, isIpv4, isUdp bool, protocol T,
	nodeIface *netinet.NetIface)

func IncrementMaliciousProcCountLocalCache 

func IncrementMaliciousProcCountLocalCache(procId uint32)

func LabelCountExcludeRootDomain 

func LabelCountExcludeRootDomain(dns_label *string) int

func LongestandTotoalLenSubdomains 

func LongestandTotoalLenSubdomains(dns_label []string) (int, int, float32)

func OnnxModelFsUnixMountWatcher 

func OnnxModelFsUnixMountWatcher(ctx context.Context, globalNodeAgentFsWtchChan chan bool)

func StaticRuntimeBenignDomainChecks 

func StaticRuntimeBenignDomainChecks(features []DNSFeatures) bool

to prevent reinference all the domains, including the TLD, and actual domain must be found in the cache of benign domain for faster inferenceing

func StaticRuntimeMaliciousDomainChecks 

func StaticRuntimeMaliciousDomainChecks(features []DNSFeatures) bool

func WatchEvents 

func WatchEvents(ctx context.Context, doneChan, globalNodeAgentFsWatchCloseChan chan bool,
	sockWatcher *fsnotify.Watcher)

Types

type CombinedFeatures 

type CombinedFeatures []DNSFeatures

type DNSFeatures 

type DNSFeatures struct {
	Fqdn                  string
	Tld                   string
	Subdomain             string
	TotalChars            int
	TotalCharsInSubdomain int // holds the chars which are unicode encodable and can be stored
	NumberCount           int
	UCaseCount            int
	Entropy               float32
	Periods               int
	PeriodsInSubDomain    int
	LongestLabelDomain    int
	AverageLabelLength    float32
	IsEgress              bool
	RecordType            string
	AuthZoneSoaservers    map[string]string // zone master --> mx record type
}

func ParseDnsAdditional 

func ParseDnsAdditional(dns_packet *layers.DNS, features []DNSFeatures, isEgress bool) ([]DNSFeatures, error)

func ParseDnsAnswers 

func ParseDnsAnswers(dns_packet *layers.DNS, features []DNSFeatures, isEgress bool) ([]DNSFeatures, error)

func ParseDnsAuth 

func ParseDnsAuth(dns_packet *layers.DNS, features []DNSFeatures, isEgress bool) ([]DNSFeatures, error)

func ParseDnsQuestions 

func ParseDnsQuestions(dns_packet *layers.DNS, features []DNSFeatures, isEgress bool, i int) ([]DNSFeatures, error)

func ProcessDnsFeatures 

func ProcessDnsFeatures(dns_packet *layers.DNS, isEgress bool) ([]DNSFeatures, error)

type DnsPacketGen 

type DnsPacketGen struct {
	IfaceHandler    *netinet.NetIface // AF_NETLINK
	SocketSendFd    *int              // AF_PACKET
	XdpSocketSendFd *xdp.Socket       // AF_XDP
	OnnxModel       *OnnxModel
	StreamClient    *stream.StreamProducer
}

func NewDnsPacketResendUtils 

func NewDnsPacketResendUtils(config *DnsPacketGenConfig) (*DnsPacketGen, error)

func (*DnsPacketGen) CleanStaleOlderPacketRescheduleConnEntry 

func (d *DnsPacketGen) CleanStaleOlderPacketRescheduleConnEntry(customNsFdHandle *int, conntrackEntry *conntrack.ConntrackCleanEntry) error

Re packet send gen ensure removal of stale conntrack entries to reserved cokernel memory and prevent the conntrack table to grow

func (*DnsPacketGen) EvalOverallPacketProcessTime 

func (d *DnsPacketGen) EvalOverallPacketProcessTime(dns layers.DNS, spec *ebpf.Collection, enforceNetworkPolicyTime bool)

func (*DnsPacketGen) EvaluateGeneratePacket 

func (d *DnsPacketGen) EvaluateGeneratePacket(ctx context.Context,
	ethLayer, networkLayer, transportLayer, dnsLayer gopacket.Layer,
	l3_bpfMap_checksum uint16, handler *pcap.Handle, isEgress bool, isIpv4, isUdp bool, spec *ebpf.Collection,
	processInfo *utils.MaliciousKernelTaskCommExportedProcInfo, isPhysicalNetDevSniff bool,
	egressLink netlink.Link, allowXDP bool,
	customDnat bool,
	customUpstreamDnsresolveIp string) error

Runs inference over DL model and esends if non malicious ove AF_XDP OR AF_PACKET TODO: fix massive amount of functions args to the function, for custom config structs

func (*DnsPacketGen) GenerateDnsPacket 

func (d *DnsPacketGen) GenerateDnsPacket(dns layers.DNS, customNsFdHandle *int) layers.DNS

type DnsPacketGenConfig 

type DnsPacketGenConfig struct {
	Iface        *netinet.NetIface
	OnnxModel    *OnnxModel
	StreamClient *stream.StreamProducer
}

type OnnxModel 

type OnnxModel struct {
	TopDomainsDNSServer *utils.TopDomains
	InferenceServerSock *inference.DNSOnnxInferenceService // grpc socket l7 client connected to onnx inference server over UDS
}

func NewOnnxModelRemoteInference 

func NewOnnxModelRemoteInference(topDomains *utils.TopDomains,
	inferenceServerSock *inference.DNSOnnxInferenceService) (*OnnxModel, error)

func (*OnnxModel) Evaluate 

func (onnx *OnnxModel) Evaluate(features interface{}, protocol string, direction bool) bool

func (*OnnxModel) StaticRuntimeChecks 

func (onnx *OnnxModel) StaticRuntimeChecks(features [][]float32, isEgress bool) int

Tells the node agent go routeines to call the remote inference server deep learning model for enhanced scanning

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.