- private void checkSignatureMatch2() {
- /*
- * In this implementation, we assume that the packets in the inner lists (the sequences) are ordered by
- * timestamp (ascending) AND that the outer list is ordered by timestamp of the most recent packet of each inner
- * list (i.e., the last packet of the inner list).
- */
- if (Arrays.stream(pendingMatches).noneMatch(l -> l.isEmpty())) {
- /*
- * The signature match consisting of one (or a set of) sequence(s) observed on (potentially multiple)
- * separate TCP connections. The signature match is reconstructed from the matches found by the individual
- * ClusterMatchers that each look for a separate sequence of packets occurring on one TCP connection.
- * Invariant used below: if all entries are non-null, we have a match; initially all entries are null.
- */
- List<PcapPacket>[] signatureMatch = new List[pendingMatches.length];
- // List<List<PcapPacket>> signatureMatch = new ArrayList<>();
- /*
- * For the first sequence of the signature, we give preference to the later samples as that strategy makes
- * it more likely that the full set of sequences that make up the signature fit in the time window that
- * dictates the maximum time between the sequences of the signature.
- */
- for (int i = pendingMatches[0].size()-1; i >= 0; i--) {
- signatureMatch[0] = pendingMatches[0].get(i);
- // Having selected the most recent sequence
- for (int j = 1; j < pendingMatches.length; j++) {
- List<List<PcapPacket>> entry = pendingMatches[j];
-
- }
-
- }
-
-
- /*
- // First sort by duration
- Stream<List<PcapPacket>> sortedByDuration = pendingMatches[0].stream().sorted((l1, l2) -> {
- Instant l1Max = l1.get(l1.size()-1).getTimestamp();
- Instant l1Min = l1.get(0).getTimestamp();
- Instant l2Max = l2.get(l2.size()-1).getTimestamp();
- Instant l2Min = l2.get(0).getTimestamp();
- Duration l1Duration = Duration.between(l1Min, l1Max);
- Duration l2Duration = Duration.between(l2Min, l2Max);
-
- return l1Duration.compareTo(l2Duration);
- });
- for (int i = 1; i < pendingMatches.length; i++) {
- pendingMatches[i].stream()
- }
- */
- }
-
- }
-
- /*
- private void checkSignatureMatch() {
- // There cannot be a signature match until each ClusterMatcher has found a match of its respective sequence.
- if (Arrays.stream(pendingMatches).noneMatch(l -> l.isEmpty())) {
- List<List<PcapPacket>> sigMatch = new ArrayList<>();
- for (int i = 0; i < pendingMatches.length; i++) {
- if (i + 1 < pendingMatches.length) {
- // We want to select the current element that is the latest, yet lies before the next element.
- // Start by fetching the matches at the next index.
- List<List<PcapPacket>> nextIdxMatches = pendingMatches[i+1];
- // Create a stream that contains the minimum packet timestamp of each inner list of nextIdMatches
- Stream<PcapPacket> nextMinTimestamps = nextIdxMatches.stream().
- map(l -> l.stream().min(Comparator.comparing(PcapPacket::getTimestamp)).get());
- // Create a stream that contains the maximum packet timestamps of each inner list of current index
- Stream<PcapPacket> currMaxTimestamps = pendingMatches[i].stream().
- map(ps -> ps.stream().max(Comparator.comparing(PcapPacket::getTimestamp)).get());
- currMaxTimestamps.filter(p1 -> nextMinTimestamps.anyMatch(p2 -> p2.getTimestamp().isAfter(p1.getTimestamp())));
-
-
-
- //pendingMatches[i].stream().filter(ps -> ps.stream().map(p1 -> ))
-
-
-
-
- pendingMatches[i].stream().filter(ps -> ps.stream().allMatch(p -> p.getTimestamp().isBefore(
- )))
-
-
- pendingMatches[i].stream().filter(ps -> ps.stream().allMatch(p -> p.getTimestamp().isBefore(
-
- )))
-
- Stream<PcapPacket> currMaxTimestamps = pendingMatches[i].stream().
- map(ps -> ps.stream().max(Comparator.comparing(PcapPacket::getTimestamp)));
-
-
-// pendingMatches[i].stream().filter(ps -> ps.stream().allMatch(p -> p.getTimestamp().isBefore(
-// // which match (item) in 'next' do we consider?
-// next.stream().
-// )))
- }
-
- }
- }
- }
- */