SS7 Anomaly Detection

Anomaly detection for the SS7 Attack Simulator using the ELK stack, Apache Kafka, and Apache Spark.

This project merge together each component required to run the SS7 Attack Simulator and analysis its generated traffic using Apache Spark.

This project is part of a master thesis currently being done at NTNU Gjøvik, Norway.

Instructions

Clone the project using git:

git clone --recursive https://github.com/polarking/ss7-anomaly-detection

Please see the individual subproject's README.md for how to compile and run each individual project.

Make sure Elasticsearch and Apache Kafka is running on localhost.
Create the Kafka topics ss7-raw-input and ss7-preprocessed,
Start logstash, which reads network traffic on localhost using tshark: logstash -t logstash/tshark-kafka-es.conf
Start the SS7 Attack Simulator following the instructions on the project page.
Start the ss7-ml-preprocess and the ss7-ml-analysis Spark applications following the instructions on the project pages.
After some time, data should start to appear in Elasticsearch.

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
jss7-attack-simulator @ ae30b99		jss7-attack-simulator @ ae30b99
logstash		logstash
ss7-ml-analysis @ ec24901		ss7-ml-analysis @ ec24901
ss7-ml-preprocess @ a08e1fa		ss7-ml-preprocess @ a08e1fa
.gitmodules		.gitmodules
LICENSE		LICENSE
README.md		README.md