Skip to content

How to Add a New Attack Type to the Simulator

Jump to bottom
jfuruness edited this page Mar 3, 2021 · 2 revisions

Table of Contents

Short Description

How to create a new attack type to run during the simulations

Long Description

To start with, let's go over how attacks are created.

First we intialize an RPKI validator instance (This contains ROAs for the default prefix and the victim). The function _get_rpki should be overridden if you want different ROAs.

Then we set the victim and the attacker. Note that the victim merely means the AS that originates the good announcement, and the attacker is the AS that is attacking that announcement.

Afterwards, we call the _fill_attacker_victim_rows func. For this func, we get the rows for the database of the victim and then the attacker. This includes the prefix, victim, attacker, and asn.

Then we add the mrt data to each of these. That includes the as path, the origin, time, and other announcement metadata. Note that if you intend to have a different path other than just seeding at the origin, your attack class should override the _get_as_path function.

After formatting, these rows are then returned. Note also that each row for announcements follows the mrt_w_metadata format. Also note that converting the ROA validity from an integer to a meaning can be found in this enum.

Now we can take a look at some example attack classes that are already coded. For most attack classes, you will merely have to specify the victim prefixes and the attacker prefixes, which usually consist of the default_prefix, default_subprefix, or the default_superprefix. If you must change the as_path, then you can merely override the _get_as_path function.

See the Simulator for how to run with custom set of attacks. Note that there is currently a restriction that will only allow you to have one attacker and one victim at any point in time. Let me know if you have any questions!

Design Choices

  • Table of contents
  • Classes are used so that overriding is easy and creation of new attacks is easy
  • A custom RPKI validator was used because using a standard RPKI validator or querying the database would be too slow for just one prefix at a time.

Table Schema

There are a lot of columns of info, so see here. Note that the test info is located there as well, which is used to group the rows. At the time of this writing (check the file to be sure), it is as follows:

test_info = ["adopt_pol",
             "attack_type",
             "number_of_attackers",
             "subtable_name",
             "percent",
             "round_num",
             "extra_bash_arg_1",
             "extra_bash_arg_2",
             "extra_bash_arg_3",
             "extra_bash_arg_4",
             "extra_bash_arg_5"]

lib_bgp_data

Clone this wiki locally