Skip to content

Latest commit

 

History

History
96 lines (66 loc) · 2.64 KB

README.md

File metadata and controls

96 lines (66 loc) · 2.64 KB

Log Gym

Framework for creating test challenges aimed at models that detect log anomalies. Official code base from: A Review on Log Anomaly Collaborative Intrusion Detection Systems (2025).

Sections

  1. Requirements
  2. Generate Challenges
  3. Docker support
  4. Challenges
  5. Citation

Requirements

The code was run with Python version 3.12.3. To install the requirements do:

pip install -r requirements.txt

To run unittests do:

python -m unittest discover -s test/

Generate challenges

First create a folder inside the project call results. In linux can be done as:

mkdir results

To generate the challenges run:

python main.py --config_file <CONFIG_FILE>

Example:

python main.py --config_file config_files/xray.yaml

The challenges databases will be save in results/. To plot the distributions use notebooks/data_analysis.ipynb. Access the notebook with:

jupyter notebok

Docker support

To run the code inside a docker container use the file Dockerfile and change the challenge you want to generate in the variable CONFIG_FILE inside start.sh.

Build the image with the next command:

docker build -t log-gym .

And run the container with:

docker run --name log-gym log-gym

Challenges

The configuration files of the implemented challenges can be found in config_files/. More information in the publication.

Access resources

The simulation try to access a specific resource.

  • Challenge 1: In case of anomaly, the process is "stuck".
  • Challenge 2: In case of anomaly, the process try 10 times.
  • Challenge 3: In case of anomaly no event id distintion with nominaly.

Loading dependencies

Anomalies are presented when certain dependencies change the time that it takes to load.

  • Challenge 4: Dependency d takes more time than the rest when abnormal.
  • Challenge 5: Dependency d and c exchanges times in abnormal behaviour.
  • Challenge 6: Same as challenge 4, but the time difference is much smaller.

Xray machine

Detect anomalies in an automaton system.

  • Challenge 7: The machine runs verification or measurement operations.
  • Challenge 8: The machine must run verification before doing a measurement.

Collaborative setup

Challenges for Collaborative Intrusion Detection Systems.

  • Challenge 9: One of the clients creates a wrong template in the parsing.
  • Challenge 10: Infected clients access as admins and remove users are part of the training process.

Citation

()