1 package edu.uci.iotproject.comparison;
3 import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
4 import edu.uci.iotproject.FlowPattern;
5 import org.pcap4j.core.PcapPacket;
6 import org.pcap4j.packet.TcpPacket;
9 import java.util.function.BiFunction;
12 * Contains concrete implementations of comparison functions that compare a {@link Conversation} and a {@link FlowPattern}.
13 * These functions are supplied to {@link PatternComparisonTask} which in turn facilitates comparison on a background thread.
14 * This design provides plugability: currently, we only support complete match comparison, but further down the road we
15 * can simply introduce more sophisticated comparison functions here (e.g. Least Common Substring) simply replace the
16 * argument passed to the {@link PatternComparisonTask} constructor to switch between the different implementations.
18 * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
19 * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
21 public class ComparisonFunctions {
24 * Comparison function that checks for a <em>complete</em> match, i.e. a match in which every packet in the
25 * {@link Conversation} has the same length as the corresponding packet in the {@link FlowPattern}.
27 public static final BiFunction<Conversation, FlowPattern, CompleteMatchPatternComparisonResult> COMPLETE_MATCH = (conversation, flowPattern) -> {
28 List<PcapPacket> convPackets = conversation.getPackets();
29 if (convPackets.size() != flowPattern.getLength()) {
30 return new CompleteMatchPatternComparisonResult(conversation, flowPattern, false);
32 for (int i = 0; i < convPackets.size(); i++) {
33 TcpPacket tcpPacket = convPackets.get(i).get(TcpPacket.class);
34 if (tcpPacket.getPayload().length() != flowPattern.getPacketOrder().get(i)) {
35 return new CompleteMatchPatternComparisonResult(conversation, flowPattern, false);
38 return new CompleteMatchPatternComparisonResult(conversation, flowPattern, true);
42 * Comparison function that searches a {@link Conversation} looking for the presence of a complete match of a {@link FlowPattern}.
43 * Unlike {@link #COMPLETE_MATCH}, which searches for a 1:1 match between the {@code Conversation} and the {@code FlowPattern},
44 * this function targets cases where the {@code Conversation} is longer than the {@code FlowPattern}.
45 * In other words, this function searches for a complete match of a sub sequence of packets in the {@code Conversation}.
46 * Note: this is a slow, brute force search.
48 public static final BiFunction<Conversation, FlowPattern, CompleteMatchPatternComparisonResult> SUB_SEQUENCE_COMPLETE_MATCH = new BiFunction<Conversation, FlowPattern, CompleteMatchPatternComparisonResult>() {
49 // TODO needs review; I was tired when I wrote this :).
50 private boolean find(Conversation conversation, FlowPattern flowPattern, int nextIndex, int matchedIndices) {
51 if (matchedIndices == flowPattern.getLength()) {
52 // Found a full sub sequence.
55 List<PcapPacket> convPackets = conversation.getPackets();
56 if (nextIndex >= convPackets.size()) {
57 // Reached end of list without finding a match.
60 if (convPackets.get(nextIndex).get(TcpPacket.class).getPayload().length() == flowPattern.getPacketOrder().get(matchedIndices)) {
61 // So far, so good. Still need to check if the remainder of the sub sequence is present.
62 return find(conversation, flowPattern, ++nextIndex, ++matchedIndices);
64 // Miss; trace back and retry the search starting at the index immediately after the index from the
65 // recursive calls potentially started matching some of the sub sequence.
66 return find(conversation, flowPattern, nextIndex-matchedIndices+1, 0);
71 public CompleteMatchPatternComparisonResult apply(Conversation conversation, FlowPattern flowPattern) {
72 return new CompleteMatchPatternComparisonResult(conversation, flowPattern, find(conversation, flowPattern, 0, 0));