Implementing relaxed matching for layer 2 and layer 3.

[pingpong.git] / Code / Projects / PacketLevelSignatureExtractor / src / main / java / edu / uci / iotproject / SignatureGenerator.java
diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/SignatureGenerator.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/SignatureGenerator.java

index ae8e8063a09730e0f9f0a4815e25ff6b6947f927..ea3e39b41b49e24e00847d2c41481b5fc5d69917 100644 (file)
--- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/SignatureGenerator.java
+++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/SignatureGenerator.java
@@ -47,13 +47,21 @@ public class SignatureGenerator {
       * Directory for logging.
       */
      private static String LOG_DIRECTORY = "./";
+    /**
+     * Multiplier for cluster bounds.
+     */
+    private static float CLUSTER_BOUNDS_MULTIPLIER = 0.1f;
  
      public static void main(String[] args) throws PcapNativeException, NotOpenException, EOFException,
              TimeoutException, UnknownHostException, IOException {
          // -------------------------------------------------------------------------------------------------------------
          // ------------ # Code for extracting traffic generated by a device within x seconds of a trigger # ------------
          if (args.length < 11) {
-            String errMsg = String.format("Usage: %s inputPcapFile outputPcapFile triggerTimesFile deviceIp" +
+            String errMsg = String.format("SPECTO version 1.0\n" +
+                            "Copyright (C) 2018-2019 Janus Varmarken and Rahmadi Trimananda.\n" +
+                            "University of California, Irvine.\n" +
+                            "All rights reserved.\n\n" +
+                            "Usage: %s inputPcapFile outputPcapFile triggerTimesFile deviceIp" +
                              " onSignatureFile offSignatureFile onClusterAnalysisFile offClusterAnalysisFile epsilon" +
                              " deletedSequencesOn deletedSequencesOff" +
                              "\n  inputPcapFile: the target of the detection" +
@@ -210,8 +218,8 @@ public class SignatureGenerator {
          // Perform clustering on conversation logged as part of all ON events.
          // Calculate number of events per type (only ON/only OFF), which means half of the number of all timestamps.
          int numberOfEventsPerType = triggerTimes.size() / 2;
-        int lowerBound = numberOfEventsPerType - (int)(numberOfEventsPerType * 0.1);
-        int upperBound = numberOfEventsPerType + (int)(numberOfEventsPerType * 0.1);
+        int lowerBound = numberOfEventsPerType - (int)(numberOfEventsPerType * CLUSTER_BOUNDS_MULTIPLIER);
+        int upperBound = numberOfEventsPerType + (int)(numberOfEventsPerType * CLUSTER_BOUNDS_MULTIPLIER);
          int minPts = lowerBound;
          DBSCANClusterer<PcapPacketPair> onClusterer = new DBSCANClusterer<>(eps, minPts);
          List<Cluster<PcapPacketPair>> onClusters = onClusterer.cluster(onPairs);
@@ -278,7 +286,15 @@ public class SignatureGenerator {
              }
              PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOn, sequenceToDelete);
          }
+        PrintWriterUtils.println("ON Sequences: ", resultsWriter,
+                DUPLICATE_OUTPUT_TO_STD_OUT);
+        for(List<List<PcapPacket>> listOfList : ppListOfListListOn) {
+            PrintWriterUtils.println(listOfList.get(0).get(0).length() + "...", resultsWriter,
+                    DUPLICATE_OUTPUT_TO_STD_OUT);
+        }
          ppListOfListListOn = PcapPacketUtils.sortSequences(ppListOfListListOn);
+        PrintWriterUtils.println("Concatenated and sorted ON signature sequences...", resultsWriter,
+                DUPLICATE_OUTPUT_TO_STD_OUT);
  
          // Concatenate
          ppListOfListListOff = PcapPacketUtils.concatSequences(ppListOfListListOff, sortedAllConversation);
@@ -291,7 +307,16 @@ public class SignatureGenerator {
              }
              PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOff, sequenceToDelete);
          }
+        PrintWriterUtils.println("OFF Sequences: ", resultsWriter,
+                DUPLICATE_OUTPUT_TO_STD_OUT);
+        for(List<List<PcapPacket>> listOfList : ppListOfListListOff) {
+            PrintWriterUtils.println(listOfList.get(0).get(0).length() + "...", resultsWriter,
+                    DUPLICATE_OUTPUT_TO_STD_OUT);
+        }
          ppListOfListListOff = PcapPacketUtils.sortSequences(ppListOfListListOff);
+        PrintWriterUtils.println("Concatenated and sorted OFF signature sequences...", resultsWriter,
+                DUPLICATE_OUTPUT_TO_STD_OUT);
+
          // Write the signatures into the screen
          PrintWriterUtils.println("========================================", resultsWriter,
                  DUPLICATE_OUTPUT_TO_STD_OUT);
@@ -307,6 +332,9 @@ public class SignatureGenerator {
          PrintWriterUtils.println("========================================", resultsWriter,
                  DUPLICATE_OUTPUT_TO_STD_OUT);
          PcapPacketUtils.printSignatures(ppListOfListListOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+        // Clean signatures from null elements
+        PcapPacketUtils.cleanSignature(ppListOfListListOn);
+        PcapPacketUtils.cleanSignature(ppListOfListListOff);
          // Printing signatures into files
          PrintUtils.serializeIntoFile(onSignatureFile, ppListOfListListOn);
          PrintUtils.serializeIntoFile(offSignatureFile, ppListOfListListOff);
@@ -314,7 +342,7 @@ public class SignatureGenerator {
          PrintUtils.serializeIntoFile(onClusterAnalysisFile, corePointRangeSignatureOn);
          PrintUtils.serializeIntoFile(offClusterAnalysisFile, corePointRangeSignatureOff);
  
-        // =========================================== SIGNATURE DURATION ===========================================
+        // =========================================== SIGNATURE DURATIONS =============================================
          List<Instant> firstSignatureTimestamps = new ArrayList<>();
          List<Instant> lastSignatureTimestamps = new ArrayList<>();
          if (!ppListOfListListOn.isEmpty()) {
@@ -332,7 +360,7 @@ public class SignatureGenerator {
              }
          }
  
-        if (!ppListOfListListOn.isEmpty()) {
+        if (!ppListOfListListOff.isEmpty()) {
              List<List<PcapPacket>> firstListOffSign = ppListOfListListOff.get(0);
              List<List<PcapPacket>> lastListOffSign = ppListOfListListOff.get(ppListOfListListOff.size() - 1);
              // Load OFF signature first and last packet's timestamps
@@ -347,13 +375,8 @@ public class SignatureGenerator {
              }
          }
          // Sort the timestamps
-        firstSignatureTimestamps.sort((p1, p2) -> {
-            return p1.compareTo(p2);
-        });
-        // Sort the timestamps
-        lastSignatureTimestamps.sort((p1, p2) -> {
-            return p1.compareTo(p2);
-        });
+        firstSignatureTimestamps.sort(Comparator.comparing(Instant::toEpochMilli));
+        lastSignatureTimestamps.sort(Comparator.comparing(Instant::toEpochMilli));
  
          Iterator<Instant> iterFirst = firstSignatureTimestamps.iterator();
          Iterator<Instant> iterLast = lastSignatureTimestamps.iterator();
@@ -366,24 +389,25 @@ public class SignatureGenerator {
          PrintWriterUtils.println("========================================", resultsWriter,
                  DUPLICATE_OUTPUT_TO_STD_OUT);
          while (iterFirst.hasNext() && iterLast.hasNext()) {
-            Instant firstInst = (Instant) iterFirst.next();
-            Instant lastInst = (Instant) iterLast.next();
+            Instant firstInst = iterFirst.next();
+            Instant lastInst = iterLast.next();
              Duration dur = Duration.between(firstInst, lastInst);
              duration = dur.toMillis();
              // Check duration --- should be below 15 seconds
              if (duration > TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS) {
                  while (duration > TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS && iterFirst.hasNext()) {
                      // that means we have to move to the next trigger
-                    firstInst = (Instant) iterFirst.next();
+                    firstInst = iterFirst.next();
+                    dur = Duration.between(firstInst, lastInst);
+                    duration = dur.toMillis();
                  }
-                dur = Duration.between(firstInst, lastInst);
-                duration = dur.toMillis();
              } else { // Below 0/Negative --- that means we have to move to the next signature
-                while (duration < 0 && iterLast.hasNext()) { // that means we have to move to the next trigger
-                    lastInst = (Instant) iterLast.next();
+                while (duration < 0 && iterLast.hasNext()) {
+                    // that means we have to move to the next trigger
+                    lastInst = iterLast.next();
+                    dur = Duration.between(firstInst, lastInst);
+                    duration = dur.toMillis();
                  }
-                dur = Duration.between(firstInst, lastInst);
-                duration = dur.toMillis();
              }
              PrintWriterUtils.println(duration, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
              // Update duration if this bigger than the max value and still less than the window inclusion time