public static void main(String[] args) throws PcapNativeException, NotOpenException, IOException {
// Parse required parameters.
if (args.length < 8) {
- String errMsg = String.format("Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
+ String errMsg = String.format("SPECTO version 1.0\n" +
+ "Copyright (C) 2018-2019 Janus Varmarken and Rahmadi Trimananda.\n" +
+ "University of California, Irvine.\n" +
+ "All rights reserved.\n\n" +
+ "Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
"\n inputPcapFile: the target of the detection" +
"\n onAnalysisFile: the file that contains the ON clusters analysis" +
"\n offAnalysisFile: the file that contains the OFF clusters analysis" +
final int signatureDuration = Integer.parseInt(args[6]);
final double eps = Double.parseDouble(args[7]);
-// final String pcapFile = args[0];
-// final String onSignatureFile = args[1];
-// final String offSignatureFile = args[2];
-// final String resultsFile = args[3];
-// final int signatureDuration = Integer.parseInt(args[4]);
-
// Parse optional parameters.
List<Function<Layer2Flow, Boolean>> onSignatureMacFilters = null, offSignatureMacFilters = null;
final int optParamsStartIdx = 7;
// TODO: SINCE WE ONLY HAVE 2 SIGNATURES FOR NOW (ON AND OFF), THEN IT IS USUALLY EITHER RANGE-BASED OR
// TODO: STRICT MATCHING
// Check if we should use range-based matching
-// boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
-// boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
+ boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
+ boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
// TODO: WE DON'T DO RANGE-BASED FOR NOW BECAUSE THE RESULTS ARE TERRIBLE FOR LAYER 2 MATCHING
// TODO: THIS WOULD ONLY WORK FOR SIGNATURES LONGER THAN 2 PACKETS
- boolean isRangeBasedForOn = false;
- boolean isRangeBasedForOff = false;
+// boolean isRangeBasedForOn = false;
+// boolean isRangeBasedForOff = false;
// Update the signature with ranges if it is range-based
if (isRangeBasedForOn) {
onSignature = PcapPacketUtils.useRangeBasedMatching(onSignature, onClusterAnalysis);
offDetector.addObserver((signature, match) -> {
UserAction event = new UserAction(UserAction.Type.TOGGLE_OFF, match.get(0).get(0).getTimestamp());
PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
- for (PcapPacket pcap : match.get(0)) {
- System.out.println(pcap.length() + " -> " + pcap.getTimestamp());
- }
detectedEvents.add(event);
});
// Parse the file
reader.readFromHandle();
- String resultOn = "Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
+ String resultOn = "# Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count();
- String resultOff = "Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
+ String resultOff = "# Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
+ String onMaxSkippedPackets = "# Number of skipped packets in ON signature " +
+ Integer.toString(onDetector.getMaxSkippedPackets());
+ String offMaxSkippedPackets = "# Number of skipped packets in OFF signature " +
+ Integer.toString(offDetector.getMaxSkippedPackets());
PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ PrintWriterUtils.println(onMaxSkippedPackets, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ PrintWriterUtils.println(offMaxSkippedPackets, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
// Flush output to results file and close it.
resultsWriter.flush();
private int mInclusionTimeMillis;
+ private int mMaxSkippedPackets;
+
public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, int signatureDuration, boolean isRangeBased, double eps) {
this(searchedSignature, null, signatureDuration, isRangeBased, eps);
}
for (int i = 0; i < mSignature.size(); i++) {
List<List<PcapPacket>> cluster = mSignature.get(i);
Layer2ClusterMatcher clusterMatcher = flowFilters == null ?
- new Layer2ClusterMatcher(cluster, isRangeBased, eps) :
- new Layer2ClusterMatcher(cluster, flowFilters.get(i), isRangeBased, eps);
+ new Layer2ClusterMatcher(cluster, inclusionTimeMillis, isRangeBased, eps) :
+ new Layer2ClusterMatcher(cluster, flowFilters.get(i), inclusionTimeMillis, isRangeBased, eps);
clusterMatcher.addObserver(this);
clusterMatchers.add(clusterMatcher);
}
mClusterMatchers.forEach(cm -> mFlowReassembler.addObserver(cm));
mInclusionTimeMillis =
inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
+ mMaxSkippedPackets = 0;
+ }
+
+ public int getMaxSkippedPackets() {
+ return mMaxSkippedPackets;
}
@Override
}
@Override
- public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match) {
+ public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match, int maxSkippedPackets) {
+ // Update the number of skipped packets
+ if (mMaxSkippedPackets < maxSkippedPackets) {
+ mMaxSkippedPackets = maxSkippedPackets;
+ }
// TODO: a cluster matcher found a match
if (clusterMatcher instanceof Layer2ClusterMatcher) {
// Add the match at the corresponding index
projects / pingpong.git / blobdiff