Implementing relaxed matching for layer 2 and layer 3.
[pingpong.git] / Code / Projects / PacketLevelSignatureExtractor / src / main / java / edu / uci / iotproject / detection / layer2 / Layer2SequenceMatcher.java
index 49951f0ef050bc9479fa5a5e68d969f171bd7c4e..55fe040eb2a480d92ab9093e20a6120e0f1360f3 100644 (file)
@@ -7,6 +7,7 @@ import org.pcap4j.util.MacAddress;
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Set;
 
 /**
  * Attempts to detect the presence of a specific packet sequence in the set of packets provided through multiple calls
@@ -24,13 +25,21 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher {
 
     private int mInclusionTimeMillis;
 
+    /**
+     * Relaxed matching
+     */
+    private int mDelta;
+    private Set<Integer> mPacketSet;
 
     /**
      * Create a {@code Layer2SequenceMatcher}.
      * @param sequence The sequence to match against (search for).
+     * @param trainingRouterWlanMac The training router's WLAN MAC (used for determining the direction of packets).
+     * @param routerWlanMac The target trace router's WLAN MAC (used for determining the direction of packets).
      */
-    public Layer2SequenceMatcher(List<PcapPacket> sequence, int inclusionTimeMillis) {
-        super(sequence);
+    public Layer2SequenceMatcher(List<PcapPacket> sequence, int inclusionTimeMillis, String trainingRouterWlanMac,
+                                 String routerWlanMac, int delta, Set<Integer> packetSet) {
+        super(sequence, trainingRouterWlanMac, routerWlanMac);
         mSequence = sequence;
         // Compute packet directions for sequence.
         for (int i = 0; i < sequence.size(); i++) {
@@ -46,6 +55,8 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher {
         }
         mInclusionTimeMillis =
                 inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
+        mDelta = delta;
+        mPacketSet = packetSet;
     }
 
     /**
@@ -76,7 +87,10 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher {
         // Get representative of the packet we expect to match next.
         PcapPacket expected = mSequence.get(mMatchedPackets.size());
         // First verify if the received packet has the length we're looking for.
-        if (packet.getOriginalLength() == expected.getOriginalLength()) {
+        if ((mDelta > 0 && mPacketSet.contains(expected.getOriginalLength()) &&
+                expected.getOriginalLength() - mDelta <= packet.getOriginalLength() &&
+                packet.getOriginalLength() <= expected.getOriginalLength() + mDelta) ||
+                packet.getOriginalLength() == expected.getOriginalLength()) {
             // If this is the first packet, we only need to verify that its length is correct. Time constraints are
             // obviously satisfied as there are no previous packets. Furthermore, direction matches by definition as we
             // don't know the MAC of the device (or phone) in advance, so we can't enforce a rule saying "first packet
@@ -91,29 +105,22 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher {
                     mPacketDirections[getMatchedPacketsCount()-1], packet);
             boolean expectedDirection = mPacketDirections[getMatchedPacketsCount()];
             if (actualDirection != expectedDirection) {
-                mSkippedPackets++;
                 return false;
             }
             // Next apply timing constraints:
             // 1: to be a match, the packet must have a later timestamp than any other packet currently matched
             // 2: does adding the packet cause the max allowed time between first packet and last packet to be exceeded?
             if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) {
-                mSkippedPackets++;
                 return false;
             }
 //            if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
 //                            plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) {
             if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
                 plusMillis(mInclusionTimeMillis))) {
-                mSkippedPackets++;
                 return false;
             }
             // If we made it here, it means that this packet has the expected length, direction, and obeys the timing
             // constraints, so we store it and advance.
-            if (mMaxSkippedPackets < mSkippedPackets) {
-                mMaxSkippedPackets = mSkippedPackets;
-                mSkippedPackets = 0;
-            }
             mMatchedPackets.add(packet);
             if (mMatchedPackets.size() == mSequence.size()) {
                 // TODO report (to observers?) that we are done?