|
public GetRandomMaliciousIp ( ) : |
||
| return | ||
/// <summary>
/// Attacker issues one guess by picking an benign account at random and picking a password by weighted distribution
/// </summary>
public SimulatedLoginAttempt MaliciousLoginAttemptWeighted(DateTime eventTimeUtc)
{
SimulatedUserAccount targetBenignAccount =
(StrongRandomNumberGenerator.GetFraction() < _experimentalConfiguration.ProbabilityThatAttackerChoosesAnInvalidAccount)
? null : _simAccounts.GetBenignAccountAtRandomUniform();
return(new SimulatedLoginAttempt(
targetBenignAccount,
_simPasswords.GetPasswordFromWeightedDistribution(),
true, true,
_ipPool.GetRandomMaliciousIp(),
StrongRandomNumberGenerator.Get64Bits().ToString(),
"",
eventTimeUtc));
}
/// <summary>
/// Create accounts, generating passwords, primary IP
/// </summary>
#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
public async Task GenerateAsync(ExperimentalConfiguration experimentalConfiguration,
#pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously
//IUserAccountContextFactory accountContextFactory,
CancellationToken cancellationToken = default(CancellationToken))
{
_logger.WriteStatus("Creating {0:N0} benign accounts", experimentalConfiguration.NumberOfBenignAccounts);
MemoryUserAccountController userAccountController = new MemoryUserAccountController();;
ConcurrentBag <SimulatedUserAccount> benignSimulatedAccountBag = new ConcurrentBag <SimulatedUserAccount>();
//
// Create benign accounts in parallel
Parallel.For(0, (int)experimentalConfiguration.NumberOfBenignAccounts, (index) =>
{
if (index > 0 && index % 10000 == 0)
{
_logger.WriteStatus("Created {0:N0} benign accounts", index);
}
SimulatedUserAccount userAccount = new SimulatedUserAccount()
{
UsernameOrAccountId = "user_" + index.ToString(),
Password = _simPasswords.GetPasswordFromWeightedDistribution()
};
userAccount.ClientAddresses.Add(_ipPool.GetNewRandomBenignIp());
userAccount.Cookies.Add(StrongRandomNumberGenerator.Get64Bits().ToString());
benignSimulatedAccountBag.Add(userAccount);
double inverseFrequency = Distributions.GetLogNormal(0, 1);
if (inverseFrequency < 0.01d)
{
inverseFrequency = 0.01d;
}
if (inverseFrequency > 50d)
{
inverseFrequency = 50d;
}
double frequency = 1 / inverseFrequency;
lock (BenignAccountSelector)
{
BenignAccountSelector.AddItem(userAccount, frequency);
}
});
BenignAccounts = benignSimulatedAccountBag.ToList();
_logger.WriteStatus("Finished creating {0:N0} benign accounts",
experimentalConfiguration.NumberOfBenignAccounts);
//
// Right after creating benign accounts we create IPs and accounts controlled by the attacker.
// (We create the attacker IPs here, and not earlier, because we need to have the benign IPs generated in order to create overlap)
_logger.WriteStatus("Creating attacker IPs");
_ipPool.GenerateAttackersIps();
_logger.WriteStatus("Creating {0:N0} attacker accounts",
experimentalConfiguration.NumberOfAttackerControlledAccounts);
ConcurrentBag <SimulatedUserAccount> maliciousSimulatedAccountBag = new ConcurrentBag <SimulatedUserAccount>();
//
// Create accounts in parallel
Parallel.For(0, (int)experimentalConfiguration.NumberOfAttackerControlledAccounts, (index) =>
{
SimulatedUserAccount userAccount = new SimulatedUserAccount()
{
UsernameOrAccountId = "attacker_" + index.ToString(),
Password = _simPasswords.GetPasswordFromWeightedDistribution(),
};
userAccount.ClientAddresses.Add(_ipPool.GetRandomMaliciousIp());
maliciousSimulatedAccountBag.Add(userAccount);
});
AttackerAccounts = maliciousSimulatedAccountBag.ToList();
_logger.WriteStatus("Finished creating {0:N0} attacker accounts",
experimentalConfiguration.NumberOfAttackerControlledAccounts);
//
// Now create full UserAccount records for each simulated account and store them into the account context
Parallel.ForEach(BenignAccounts.Union(AttackerAccounts),
(simAccount, loopState) =>
{
//if (loopState. % 10000 == 0)
// _logger.WriteStatus("Created account {0:N0}", index);
simAccount.CreditHalfLife = experimentalConfiguration.BlockingOptions.AccountCreditLimitHalfLife;
simAccount.CreditLimit = experimentalConfiguration.BlockingOptions.AccountCreditLimit;
foreach (string cookie in simAccount.Cookies)
{
userAccountController.HasClientWithThisHashedCookieSuccessfullyLoggedInBeforeAsync(
simAccount,
LoginAttempt.HashCookie(cookie),
cancellationToken);
}
});
_logger.WriteStatus("Finished creating user accounts for each simluated account record");
}
/// <summary>
/// Create accounts, generating passwords, primary IP
/// </summary>
public void Generate(ExperimentalConfiguration experimentalConfiguration)
{
SimulatedUserAccountController simUserAccountController = new SimulatedUserAccountController();
_logger.WriteStatus("Creating {0:N0} benign accounts", experimentalConfiguration.NumberOfBenignAccounts);
ConcurrentBag <SimulatedUserAccount> benignSimulatedAccountBag = new ConcurrentBag <SimulatedUserAccount>();
//
// Create benign accounts in parallel
Parallel.For(0, (int)experimentalConfiguration.NumberOfBenignAccounts, (index) =>
{
if (index > 0 && index % 10000 == 0)
{
_logger.WriteStatus("Created {0:N0} benign accounts", index);
}
SimulatedUserAccount userAccount = simUserAccountController.Create(
"user_" + index.ToString(),
_simPasswords.GetPasswordFromWeightedDistribution()
);
userAccount.ClientAddresses.Add(_ipPool.GetNewRandomBenignIp());
string initialCookie = StrongRandomNumberGenerator.Get64Bits().ToString();
userAccount.Cookies.Add(initialCookie);
userAccount.HashesOfCookiesOfClientsThatHaveSuccessfullyLoggedIntoThisAccount[initialCookie] = true;
benignSimulatedAccountBag.Add(userAccount);
double inverseFrequency = Distributions.GetLogNormal(0, 1);
if (inverseFrequency < 0.01d)
{
inverseFrequency = 0.01d;
}
if (inverseFrequency > 50d)
{
inverseFrequency = 50d;
}
double frequency = 1 / inverseFrequency;
lock (BenignAccountSelector)
{
BenignAccountSelector.AddItem(userAccount, frequency);
}
});
BenignAccounts = benignSimulatedAccountBag.ToList();
_logger.WriteStatus("Finished creating {0:N0} benign accounts",
experimentalConfiguration.NumberOfBenignAccounts);
//
// Right after creating benign accounts we create IPs and accounts controlled by the attacker.
// (We create the attacker IPs here, and not earlier, because we need to have the benign IPs generated in order to create overlap)
_logger.WriteStatus("Creating attacker IPs");
_ipPool.GenerateAttackersIps();
_logger.WriteStatus("Creating {0:N0} attacker accounts",
experimentalConfiguration.NumberOfAttackerControlledAccounts);
ConcurrentBag <SimulatedUserAccount> maliciousSimulatedAccountBag = new ConcurrentBag <SimulatedUserAccount>();
//
// Create accounts in parallel
Parallel.For(0, (int)experimentalConfiguration.NumberOfAttackerControlledAccounts, (index) =>
{
SimulatedUserAccount userAccount = simUserAccountController.Create(
"attacker_" + index.ToString(),
_simPasswords.GetPasswordFromWeightedDistribution());
userAccount.ClientAddresses.Add(_ipPool.GetRandomMaliciousIp());
maliciousSimulatedAccountBag.Add(userAccount);
});
AttackerAccounts = maliciousSimulatedAccountBag.ToList();
_logger.WriteStatus("Finished creating {0:N0} attacker accounts",
experimentalConfiguration.NumberOfAttackerControlledAccounts);
//
// Now create full UserAccount records for each simulated account and store them into the account context
Parallel.ForEach(BenignAccounts.Union(AttackerAccounts),
(simAccount, loopState) =>
{
//if (loopState. % 10000 == 0)
// _logger.WriteStatus("Created account {0:N0}", index);
simAccount.CreditHalfLife = experimentalConfiguration.BlockingOptions.AccountCreditLimitHalfLife;
simAccount.CreditLimit = experimentalConfiguration.BlockingOptions.AccountCreditLimit;
foreach (string cookie in simAccount.Cookies)
{
simUserAccountController.HasClientWithThisHashedCookieSuccessfullyLoggedInBefore(
simAccount,
LoginAttempt.HashCookie(cookie));
}
});
_logger.WriteStatus("Finished creating user accounts for each simluated account record");
}