openhub.net
Black Duck Software, Inc.
Black Duck Open Hub
Follow @
OH
Sign In
Join Now
Projects
People
Organizations
Tools
Blog
BDSA
Projects
People
Projects
Organizations
Forums
U
usb-md64
Settings
|
Report Duplicate
0
I Use This!
×
Login Required
Log in to Open Hub
Remember Me
Very Low Activity
Commits
: Listings
Analyzed
about 5 hours
ago. based on code collected
about 8 hours
ago.
Apr 25, 2023 — Apr 25, 2024
Showing page 1 of 1
Search / Filter on:
Commit Message
Contributor
Files Modified
Lines Added
Lines Removed
Code Location
Date
Updated Doxyfile
root
More...
12 months ago
index.rst created for http://usb-md64-github-code.readthedocs.io/
root
More...
about 1 year ago
Updated section 1298
root
More...
over 1 year ago
Merge branch 'master' of ssh://git.code.sf.net/p/usb-md63/code
Srinivasan Kannan
More...
over 3 years ago
Unified NeuronRain Design - renumbered sections (NeuronRain design documents have been merged by unified numbering)
Srinivasan Kannan
More...
over 3 years ago
Section Numbers prepended for Extended NeuronRain Theory Drafts in USBmd software analyzer
Srinivasan Kannan
More...
about 4 years ago
----------------------------------------------------------------------------------------------------------- (FEATURE) USBmd FTrace Kernel Function CallGraph Generation for Analysis - 22 November 2018 ----------------------------------------------------------------------------------------------------------- 1.New bash shell script usb_md_ftrace.sh has been committed to repository which writes out an ftrace.log file containing kernel function call graph sequences for an executable code. It is invoked as: $usb_md_ftrace.sh <executable-to-trace> usb_md_ftrace.sh summarizes previously mentioned ftrace options enabling commands into single file with an option for commandline argument of an executable to trace. 2.usb_wwan_modified/python-src/Spark_USBWWANLogMapReduceParser.py has been changed to include a new function ftrace_callgraph_dot() which parses an ftrace log generated by usb_md_ftrace.sh for command: $usb_md_ftrace.sh traceroute <ip-address> 3.ftrace_callgraph_dot() parses each line of ftrace.log and adds them as edges in a NetworkX Directed Graph. DOT file for this call graph is written to Spark_USBWWANLogMapReduceParser.ftrace_callgraph.dot 4.As a novelty, PageRank and Degree Centrality measures of the call graph NetworkX DiGraph are printed which show the prominently active regions of the kernel for traceroute . PageRank/Degree Centrality of kernel function callgraph is quite useful by treating every function caller as a voter to function callee. Theoretically, this centrality in kernel throws light on suspicious, malevolent invocations particularly involving memory and locking. In this traceroute ftrace example, lock and kmalloc functions have high centrality, and USB URB related functions are way down the ranking. More the ranking, deeper the function is in callstack trace in kernel. 5. Lot of functions have ISRA optimization of GCC. ISRA is known to cause signed int bugs (0 was erroneously promoted to 1 in loops) and ISRA has been disabled in ARM kernel: https://patchwork.kernel.org/patch/7113091/ by -fno-ipa-sra GCC flag. This kind of instability could be the reason for 32-bit VIRGO heisenbugs in string functions in older kernels. 6.Previous FTrace kernel call graph analysis is not only limited to USBmd WLAN analytics but can be applied to any executable requiring kernel profiling. Usual profilers measure time spent in the function whereas this graph theoretic analysis is superior and finds kernel bottlenecks and malicious patterns by analyzing call graphs within kernel. 7. Malicious code (e.g virus, worms, root-kits, bots, keystroke loggers) are usually associated with high cpu and memory footprint causing abnormal traffic. Analyzing infected kernel callgraph patterns might help in identifying the root cause. 8. FTrace kernel function call graph complements already implemented Program Analyzers: SATURN CFG driver in VIRGO kernels (accessible only in kernelspace) and Valgrind/KCachegrind/Callgrind userspace call graph analyzer in AsFer. By this kernel activity is partially visible and can be analyzed graph theoretically from userspace. 9. Outbreak of epidemics have been analyzed as Game Theoretic problem (https://blogs.cornell.edu/info2040/2016/09/16/game-theory-in-the-context-of-epidemics/) - on how people behave in epidemics and their conclusion - "faster information limits disease spread". Cybercrimes are epidemics counterpart in cloud of computers only difference being damage inflicted on intellectual property than humans and adversaries are hackers/malicious code in place of viri. This makes Cybercrimes a multi-player adversarial game involving Hackers/Malicious code Versus Aggrieved. Translating the previous conclusion to cybercrimes: Faster information about malicious code limits the damage.
Srinivasan Kannan
More...
over 5 years ago
Updated USBmd_notes.txt
Srinivasan Kannan
More...
over 5 years ago
------------------------------------------------------------------------------------------------------------- (FEATURE) USBWWAN analytics - USBmon and FTrace logs analysis - 15 November 2018 ------------------------------------------------------------------------------------------------------------- 1. Logs Analysis for 2 standard kernel tracing facilities have been included - USBmon and FTrace. USBmon is the kernel debugfs tracing facility and FTrace is the Kernel functions tracing utility accessible from user space. (Kernel Address Sanitizer - KASAN - is only enabled in kernelspace via KBuild config and kernel build transparent to userspace) 2. USBmon traces are enabled by debugfs in /sys/kernel/debug/usb/usbmon and can be loaded in wireshark in libpcap format or usbmon pseudodevices can be viewed in tcpdump: 467 ls /sys/kernel/debug/ 468 modprobe usbmon 472 dumpcap -D 474 ls /dev/usbmon0 475 ls -lrt /dev/usbmon* 487 tcpdump -i usbmon1 488 tcpdump -i usbmon2 489 tcpdump -i usbmon0 490 tcpdump -i usbmon3 491 tcpdump -i usbmon4 520 cat /sys/kernel/debug/usb/usbmon/1t 2>&1 > usbmon.mon 3. FTrace for function graph analysis are enabled by (Kernel.org FTrace Documentation: https://www.kernel.org/doc/Documentation/trace/ftrace.txt): 536 ls /sys/kernel/debug/tracing/current_tracer 537 echo nop > /sys/kernel/debug/tracing/current_tracer 538 echo 0 > /sys/kernel/debug/tracing/tracing_on 539 echo $$ > /sys/kernel/debug/tracing/set_ftrace_pid 541 echo function > /sys/kernel/debug/tracing/current_tracer 545 echo 1 > /sys/kernel/debug/tracing/tracing_on 557 ls -lrt /sys/kernel/debug/tracing/trace 561 cat /sys/kernel/debug/tracing/set_graph_function 562 cat /sys/kernel/debug/tracing/trace_options 563 echo funcgraph-duration > /sys/kernel/debug/tracing/trace_options 566 cat /sys/kernel/debug/tracing/set_graph_function 567 cat /sys/kernel/debug/tracing/trace_options 568 cat /sys/kernel/debug/tracing/trace_options 569 echo funcgraph-cpu 2>&1 > /sys/kernel/debug/tracing/trace_options 620 cat /sys/kernel/debug/tracing/set_ftrace_pid 624 echo 7379 > /sys/kernel/debug/tracing/set_ftrace_pid 625 cat /sys/kernel/debug/tracing/trace 2>&1 > ftrace.log.15November2018 639 export JAVA_HOME=/media/Ubuntu2/jdk1.8.0_171/ 640 export PATH=/usr/bin:$PATH 671 /media/Ubuntu2/spark-2.3.1-bin-hadoop2.7/bin/spark-submit Spark_USBWWANLogMapReduceParser.py 2>&1 > testlogs/Spark_USBWWANLogMapReduceParser.FTraceAndUSBMon.log.15November2018 4. FTrace traces for specific userspace threads/processes are enabled by previous example commandlines and available through /sys/kernel/debug/tracing/trace (circular buffer). Function graph traces show kernel function invocations as call graph edges (denoted by fn2 <- fn1) 5. Spark_USBWWANLogMapReduceParser.py has been changed to invoke log analyzer for USBmon and FTrace logs for patterns Bi(BULK IN) and usb from USBmon and FTrace logs respectively: - usbmon.15November2018.mon - ftrace.ping.log.15November2018 (ftraces for ping of an IP address) 6. Logs for Spark Analyzer have been committed to Spark_USBWWANLogMapReduceParser.FTraceAndUSBMon.log.15November2018 which analyze the USBmon logs and WLAN traffic for IP address ping.
Srinivasan Kannan
More...
over 5 years ago
Updated USBmd_notes.txt
Srinivasan Kannan
More...
almost 6 years ago
-------------------------------------------------------------------------------------------------------------- USBWWAN Kernel Log Spark Analyzer Update - Refactoring to a new python function -------------------------------------------------------------------------------------------------------------- 1. Spark Log Analyzer Spark_USBWWANLogMapReduceParser.py has been changed to modularize the pattern extraction by defining a new function accepting kern.log file, pattern and filter and also creates Spark DataFrame SQL table and queries it. 2. This is similar to NeuronRain AsFer log_mapreducer()
Srinivasan Kannan
More...
almost 6 years ago
Updated USBmd_notes.txt for USB-md 64-bit version based on 4.13.3 kernel
Srinivasan Kannan
as K.Srinivasan
More...
over 6 years ago
--------------------------------------------------------------------------------------------------------------- USB-md driver for USB and Wireless LAN analytics for 4.13.3 64-bit kernel --------------------------------------------------------------------------------------------------------------- (*) USB-md driver in GitHub and SourceForge at present are 32-bit based on mainline 4.1.5 kernel (*) Both USB-md and KingCobra kernel modules are subsidiaries of VIRGO kernel (*) There is a necessity for 64-bit version of USB-md for interoperability to VIRGO64 64-bit kernel on mainline version 4.13.3 (*) This requires separate repository for USB-md because of significant kernel function changes between 4.1.5 and 4.13.3 and idiosyncrasies of 64-bit (*) USB-md driver has been rebuilt on 4.13.3 64-bit kernel after some changes to function prototypes and new usb-md64 repository is initialized with these commits
Srinivasan Kannan
as K.Srinivasan
More...
over 6 years ago
This site uses cookies to give you the best possible experience. By using the site, you consent to our use of cookies. For more information, please see our
Privacy Policy
Agree