config.ini

;DNP3 Anomalous Traffic Detection System
;Configuration file

[AppType]

TCPorUDP = 'TCP'    ;Sets the sniffer for diferent transport layer types
                    ;Accepted values: TCP,UDP    
[Constants]

dnp3_port = 20000 ;Port assigned to DNP3 communication. Default: 20000
windowLength = 10 ;Length of the window used in checks

[Thresold]

ip_max_range: 50 ;Max granted IP distance between machines

[AttackFactors]

IPBroadcastMessage = 7 ; Ponderation to IP Broadcast attack [code 1]
AnormalIPRange = 12    ; Ponderation to IP range attack [code 2]
DFCFlagAttack  = 7    ; Ponderation to DFC flag attack [code 3]
LinkLayerFuzzing-InvalidStart = 12 ; Ponderation to invalid start value [code 4]
ApplicationLayerFuzzing-InvalidFunctionCode = 12 ; Ponderation to invalid app function code [code 5]              
WriteFunctionDetected = 4 ; Ponderation to write appfunction attack [code 6]
ResetFunctionAttack = 7 ; Ponderation to reset appfunction attack [code 7]
InitializeDataFunctionAttack = 8 ; Ponderation to initialize data appfunction attack [code 8]
AppTerminationFunctionAttack = 8 ; Ponderation to app termination appfunction attack [code 9]
DeleteFunctionAttack = 9 ;Ponderation to delete appfunction attack [code 10]
CaptureConfigurationAttack = 12 ;Ponderation to config capture attack [code 11]
ClearObjectsAttack = 7 ;Ponderation to clear objects attack (warm) [code 12]
ClearObjectsAttackCold = 12 ;Ponderation to clear objects attack (cold) [code 13]
ColdResetFunctionAttack = 12 ; Ponderation to reset appfunction attack [code 14]