added DGA detector

Makefile.am

@@ -5,6 +5,7 @@ SUBDIRS=amplification_detection \
 	blacklistfilter/adaptive_filter \
 	brute_force_detector \
 	ddos_detector \
+	dga_detector \
 	hoststatsnemea \
 	haddrscan_detector \
 	miner_detector \

configure.ac

@@ -128,6 +128,7 @@ AC_CONFIG_FILES([Makefile
                  blacklistfilter/adaptive_filter/adaptive_filter_files/Makefile
                  brute_force_detector/Makefile
                  ddos_detector/Makefile
+                 dga_detector/Makefile
                  amplification_detection/Makefile
                  hoststatsnemea/Makefile
                  hoststatsnemea/src/Makefile

dga_detector/Makefile.am

@@ -0,0 +1,8 @@
+ACLOCAL_AMFLAGS = -I m4
+mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST)))
+mkfile_dir := $(dir $(mkfile_path))
+bin_PROGRAMS=dga_detector
+dga_detector_SOURCES=dga_detector.c estimator.c fields.c fields.h -g 
+dga_detector_LDADD=-lunirec -ltrap -lm 
+dga_detector_CFLAGS= -DVAR=\"$(mkfile_dir)\"
+include ./aminclude.am

dga_detector/README.md

@@ -0,0 +1,72 @@
+### DGA detector
+
+
+#### Installation
+Follow these steps:
+
+1) Let Autotools process the configuration files.
+```
+autoreconf -i
+```
+
+2) Configure the module directory.
+```
+./configure
+```
+
+3) Build the module.
+```
+make
+```
+
+4) Install the module. The command should be performed as root (e.g. using sudo).
+```
+make install
+```
+
+Important: Nemea-Framework has to be compiled (or installed) in advance.
+
+#### Description
+This module contains detector of DGA adresses.
+
+#### Interfaces
+- Inputs: 1
+- Outputs: 1
+
+##### Input data
+DNS flow data in UniRec format.
+
+##### Output data
+Capture time and domain name classifed as DGA in UniRec format.
+
+#### Parameters
+
+##### Common TRAP parameters
+- `-h [trap,1]`      Print help message for this module / for libtrap specific parameters.
+- `-i IFC_SPEC`      Specification of interface types and their parameters.
+- `-v`               Be verbose.
+- `-vv`              Be more verbose.
+- `-vvv`             Be even more verbose.
+
+#### Algorithm
+Module recives UniRec format containing domain names and additional data. Features of adresses are computed. Based on features prediction of DGA is made. Module uses machine learning technique specifically algortihm of decison tree.
+
+#### Troubleshooting
+##### Loading shared libraries
+In case the example module fails with:
+```
+error while loading shared libraries: libtrap.so.1: cannot open shared object file: No such file or directory
+```
+please, make sure that libtrap is installed on the system.
+It is also possible to use libtrap that is not installed yet -- in this case, use:
+```
+export LD_LIBRARY_PATH=../../libtrap/src/.libs/
+```
+where `../../libtrap/src/.libs/` is the relative path from the `examples/module` directory in the downloaded and compiled Nemea-Framework repository.
+
+##### TRAP parameters
+In case the example module fails with:
+```
+ERROR in parsing of parameters for TRAP: Interface specifier (option -i) not found.
+```
+It means you haven't provided the parameters required by the TRAP library. For more information run the module with `-h trap` parameter.

dga_detector/aminclude.am

@@ -0,0 +1,6 @@
+BUILT_SOURCES = fields.h fields.c
+
+fields.h fields.c:
+	$(UNIRECPROC) -i ./ -o ./
+
+CLEANFILES = fields.c fields.h

dga_detector/configure.ac

@@ -0,0 +1,67 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ([2.63])
+AC_INIT([dga_detector], [1.0.0], [[email protected]])
+AC_CONFIG_SRCDIR([dga_detector.c])
+AC_CONFIG_HEADERS([config.h])
+
+AM_INIT_AUTOMAKE([foreign silent-rules subdir-objects])
+AC_CONFIG_MACRO_DIR([m4])
+
+AX_LIBTRAP_CHECK
+AX_UNIREC_CHECK
+AX_NEMEACOMMON_CHECK
+
+# Checks for programs.
+AC_PROG_CC
+
+# Checks for libraries.
+TRAPLIB=""
+PKG_CHECK_MODULES([libtrap], [libtrap], [TRAPLIB="yes"])
+if test -n "$TRAPLIB"; then
+  LDFLAGS="$libtrap_LDFLAGS $LDFLAGS"
+  LIBS="$libtrap_LIBS $LIBS"
+  CFLAGS="$libtrap_CFLAGS $CFLAGS"
+  CXXFLAGS="$libtrap_CFLAGS $CXXFLAGS"
+else
+  AC_MSG_ERROR([Libtrap was not found.])
+fi
+
+UNIRECLIB=""
+PKG_CHECK_MODULES([unirec], [unirec], [UNIRECLIB="yes"])
+if test -n "$UNIRECLIB"; then
+  LDFLAGS="$unirec_LDFLAGS $LDFLAGS"
+  LIBS="$unirec_LIBS $LIBS"
+  CFLAGS="$unirec_CFLAGS $CFLAGS"
+  CXXFLAGS="$unirec_CFLAGS $CXXFLAGS"
+else
+  AC_MSG_ERROR([unirec was not found.])
+fi
+
+AC_PATH_PROG(UNIRECPROC, ur_processor.sh, [], [/usr/bin/nemea/$PATH_SEPARATOR$PATH])
+AC_SUBST(UNIRECPROC)
+
+## If nemea-common is needed, uncomment the following code:
+#NEMEACOMMONLIB=""
+#PKG_CHECK_MODULES([nemeacommon], [nemea-common], [NEMEACOMMONLIB="yes"])
+#if test -n "$NEMEACOMMONLIB"; then
+# LDFLAGS="$nemeacommon_LDFLAGS $LDFLAGS"
+# LIBS="$nemeacommon_LIBS $LIBS"
+# CFLAGS="$nemeacommon_CFLAGS $CFLAGS"
+# CXXFLAGS="$nemeacommon_CFLAGS $CXXFLAGS"
+#else
+# AC_MSG_ERROR([nemea-common was not found.])
+#fi
+
+
+# Checks for header files.
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_TYPE_UINT16_T
+AC_TYPE_UINT32_T
+
+# Checks for library functions.
+
+AC_CONFIG_FILES([Makefile])
+AC_OUTPUT