Wiki Navigation

Ruby Framework

The majority of the Datapository anomaly detection testbed's framework is written using the Ruby programming language. The language is used to interface with the database and provide the user an additional level of abstraction above writing and remembering complex SQL queries to generate useful information from the database. The language is simple to write and read, allowing additional functionality to be written for the framework without additional complexity of the language itself. All of the Ruby scripts which form the testbed framework can be accessed directly in the ruby script directory of our repository.

User contributions to additional functionality of our framework is strongly suggested. SQL should be written to query the database for information which can then be used by the Ruby framework to present the data to the user in an extremely usable manner. For example, generating entropy data in our framework at the lowest level is done by Ruby interfacing with the database and using an SQL query to generate the traffic metric data such as in degree, which is returned back to the Ruby method. The method then passes this data to a Ruby defined method which uses the data to actually compute the entropy value.

Our framework has been developed to hide even this level of detail from the user, providing simple Ruby methods that can be run from the irb command line or used to generate scripts and additional functionality in the testbed. For example, all of what was described in the previous paragraph can be generated and displayed for the user with the following Ruby instruction which generates SQL queries needed, parses the data returned, calls the appropriate Ruby methods for computing entropy which return a float value that ends up displayed on the screen:

puts entropy_degree_in("2005-02-01 00:00:00","flows")

There exist many methods just like this which provides a simple interface to the testbed and database without extensive knowledge needed by the user of either. All of these methods are listed in our user functions page.

Using the Ruby Framework

Using the Ruby framework can be done through script generation, or simply using the irb command line. The command line is very helpful for generating temporary statistics or manual monitoring of the traffic. Script generation is helpful for automated traffic monitoring and analysis as well as launching synthetic attacks.

Currently, to use the methods and scripts the script source tree must be checked out to your local directory:

svn co http://cyprus.cmcl.cs.cmu.edu/svn/entropy_analysis/scripts dp_ad_testbed

Running the scripts provided is as simply as, well... running them!

$ ./dp_metric_stats.rb "2005-02-01 00:00:00" addr_degree_in | head -n 3
191102 5393
16085133 3855
180751 3309

To use the irb command line, the ruby/include directory must be added to the Ruby $LOAD_PATH array of paths to find included files in. This allows you to use the user methods through the require Ruby directive of scripts in ruby/include.

For example, this generates the same output as the ./dp_metric_stats.rb script using the irb command line from start to finish:

irb> $LOAD_PATH.push("include")
irb> require 'sql_queries'
irb> stats_addr_degree_in("2005-02-01 00:00:00","flows").first(3).each {|host,value| puts "#{host} #{value}"}
191102 5393
16085133 3855
180751 3309

Finding Ruby Help

Finding help with Ruby is easy and can be done in many different forms:

Online Ruby documentation

Ruby mailing lists

IRC: #ruby-lang on irc.freenode.net

Download in other formats:

Plain Text