Browse Source
Replaced White-Guard algorithm with Strangers algorightm.
Updated version number of SNFMulti. git-svn-id: https://svn.microneil.com/svn/SNFMulti/trunk@65 dc71a809-1921-45c4-985c-09c81d0142d9wx
2 changed files with 81 additions and 17 deletions
+ 35
- 16
SNFMulti.cpp
View File
| @@ -25,7 +25,7 @@ using namespace std; | |||
| //// Version Info | |||
| const char* SNF_ENGINE_VERSION = "SNFMulti Engine Version 3.1.5 Build: " __DATE__ " " __TIME__; | |||
| const char* SNF_ENGINE_VERSION = "SNFMulti Engine Version 3.2.0 Build: " __DATE__ " " __TIME__; | |||
| //// Script Caller Methods | |||
| @@ -1373,6 +1373,7 @@ void snf_SaccadesHandler::learnMatches(MatchRecord* Matches) { | |||
| } | |||
| static snf_SaccadesHandler SaccadeBrain; | |||
| static snf_IPStrangerList StrangersList; | |||
| int snf_EngineHandler::scanMessage( // Scan this message (in buffer). | |||
| const unsigned char* inputMessageBuffer, // -- this is the message buffer. | |||
| @@ -1787,30 +1788,48 @@ int snf_EngineHandler::scanMessage( | |||
| ) { | |||
| // GBUdb training is enabled. | |||
| bool discoveredNewIP = false; | |||
| IP4Address theSourceIP = MyScanData.SourceIPRecord().IP; | |||
| switch(ScanResultType) { // Evaluate the scan result. | |||
| case NoPattern: // On no pattern (benefit of doubt) or | |||
| case WhitePattern: { // a white pattern: | |||
| GBUdbRecord thisRecord = // Grab the GBUdb record for later | |||
| MyRulebase->MyGBUdb.addGood( // then add a good count to the | |||
| MyScanData.SourceIPRecord().IP); // source IP. | |||
| theSourceIP); // source IP. | |||
| const unsigned int WhiteGuardValue = 7; | |||
| bool triggeredWhiteGuard = (0 == thisRecord.Bad() && 1 == thisRecord.Good()); | |||
| if(triggeredWhiteGuard) { | |||
| thisRecord.Good(WhiteGuardValue); | |||
| thisRecord.Bad(WhiteGuardValue); | |||
| MyRulebase->MyGBUdb.setRecord( | |||
| MyScanData.SourceIPRecord().IP, | |||
| thisRecord | |||
| ); | |||
| discoveredNewIP = (0 == thisRecord.Bad() && 1 == thisRecord.Good()); | |||
| if(discoveredNewIP) { // New IPs are strangers. | |||
| StrangersList.addStranger(theSourceIP); // Add them to the list | |||
| thisRecord.Bad(thisRecord.Good()); // and set their reputation | |||
| MyRulebase->MyGBUdb.setRecord(theSourceIP, thisRecord); // to 50/50 at best. | |||
| } else | |||
| if( // Known IPs that are getting | |||
| thisRecord.Good() > thisRecord.Bad() && // an advantage but are on the | |||
| StrangersList.isStranger(theSourceIP) // strangers list get put back | |||
| ) { // to a 50/50 reputation. | |||
| unsigned int equalizationValue = thisRecord.Good(); | |||
| if(1 < equalizationValue) equalizationValue = equalizationValue / 2; | |||
| thisRecord.Bad(equalizationValue); | |||
| thisRecord.Good(equalizationValue); | |||
| MyRulebase->MyGBUdb.setRecord(theSourceIP, thisRecord); | |||
| } | |||
| break; | |||
| } | |||
| case BlackPattern: { // On a black pattern: | |||
| MyRulebase->MyGBUdb.addBad( // add a bad count to the source IP | |||
| MyScanData.SourceIPRecord().IP); // in the GBUdb. | |||
| } | |||
| case BlackPattern: { // On a black pattern: | |||
| GBUdbRecord thisRecord = // Grab the GBUdb record for later | |||
| MyRulebase->MyGBUdb.addBad( // Add a bad count to the source IP | |||
| MyScanData.SourceIPRecord().IP); // in the GBUdb. | |||
| discoveredNewIP = (1 == thisRecord.Bad() && 0 == thisRecord.Good()); | |||
| if(discoveredNewIP) StrangersList.addStranger(theSourceIP); | |||
| break; | |||
| } | |||
| default: break; // In all other cases, don't train. | |||
+ 46
- 1
SNFMulti.hpp
View File
| @@ -337,7 +337,52 @@ class snf_SaccadesHandler { | |||
| void applySaccades(EvaluationMatrix* Scanner, vector<unsigned char>& Data); | |||
| void learnMatches(MatchRecord* Matches); | |||
| }; | |||
| // How to spot strangers in the IP reputations. | |||
| class snf_IPStrangerList { | |||
| private: | |||
| Mutex myMutex; | |||
| set<IP4Address> listA; | |||
| set<IP4Address> listB; | |||
| bool usingANotB; | |||
| Timeout listExpiration; | |||
| set<IP4Address>& myActiveList() { | |||
| if(usingANotB) return listA; | |||
| else return listB; | |||
| } | |||
| void swapOutOldLists() { | |||
| if(listExpiration.isExpired()) { | |||
| usingANotB = !usingANotB; | |||
| myActiveList().clear(); | |||
| listExpiration.restart(); | |||
| } | |||
| } | |||
| set<IP4Address>& myCurrentList() { | |||
| swapOutOldLists(); | |||
| return myActiveList(); | |||
| } | |||
| public: | |||
| static const int TwoHours = (2 * (60 * (60 * 1000))); | |||
| snf_IPStrangerList() : usingANotB(true), listExpiration(TwoHours) {} | |||
| bool isStranger(IP4Address a) { | |||
| ScopeMutex JustMe(myMutex); | |||
| swapOutOldLists(); | |||
| bool foundStranger = (0 < listA.count(a)) || (0 < listB.count(a)); | |||
| return foundStranger; | |||
| } | |||
| void addStranger(IP4Address a) { | |||
| ScopeMutex JustMe(myMutex); | |||
| myCurrentList().insert(a); | |||
| } | |||
| }; | |||
| // Here's where we pull it all together. | |||
| class snf_EngineHandler { | |||
Loading…