public static void main(String[] args) throws PcapNativeException, NotOpenException, IOException {
// Parse required parameters.
- if (args.length < 7) {
+ if (args.length < 8) {
String errMsg = String.format("Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
"\n inputPcapFile: the target of the detection" +
"\n onAnalysisFile: the file that contains the ON clusters analysis" +
System.out.println(optParamsExplained);
return;
}
+ // TODO: We could take 7 inputs if we decided to use the cluster analyses.
final String pcapFile = args[0];
final String onClusterAnalysisFile = args[1];
final String offClusterAnalysisFile = args[2];
final String offSignatureFile = args[4];
final String resultsFile = args[5];
final int signatureDuration = Integer.parseInt(args[6]);
+ final double eps = Double.parseDouble(args[7]);
+
+// final String pcapFile = args[0];
+// final String onSignatureFile = args[1];
+// final String offSignatureFile = args[2];
+// final String resultsFile = args[3];
+// final int signatureDuration = Integer.parseInt(args[4]);
// Parse optional parameters.
List<Function<Layer2Flow, Boolean>> onSignatureMacFilters = null, offSignatureMacFilters = null;
PrintWriterUtils.println("# - offSignatureFile: " + offSignatureFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
resultsWriter.flush();
- double eps = 10.0;
// Create signature detectors and add observers that output their detected events.
List<List<List<PcapPacket>>> onSignature = PrintUtils.deserializeFromFile(onSignatureFile);
List<List<List<PcapPacket>>> offSignature = PrintUtils.deserializeFromFile(offSignatureFile);
boolean isRangeBasedForOn = false;
boolean isRangeBasedForOff = false;
// Update the signature with ranges if it is range-based
- if (isRangeBasedForOn && isRangeBasedForOff) {
+ if (isRangeBasedForOn) {
onSignature = PcapPacketUtils.useRangeBasedMatching(onSignature, onClusterAnalysis);
+ }
+ if (isRangeBasedForOff) {
offSignature = PcapPacketUtils.useRangeBasedMatching(offSignature, offClusterAnalysis);
}
Layer2SignatureDetector onDetector = onSignatureMacFilters == null ?
Layer2SignatureDetector offDetector = offSignatureMacFilters == null ?
new Layer2SignatureDetector(offSignature, isRangeBasedForOff, eps) :
new Layer2SignatureDetector(offSignature, offSignatureMacFilters, signatureDuration, isRangeBasedForOff, eps);
+ final List<UserAction> detectedEvents = new ArrayList<>();
onDetector.addObserver((signature, match) -> {
UserAction event = new UserAction(UserAction.Type.TOGGLE_ON, match.get(0).get(0).getTimestamp());
PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ detectedEvents.add(event);
});
offDetector.addObserver((signature, match) -> {
UserAction event = new UserAction(UserAction.Type.TOGGLE_OFF, match.get(0).get(0).getTimestamp());
PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ detectedEvents.add(event);
});
// Load the PCAP file
// Parse the file
reader.readFromHandle();
+ String resultOn = "Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
+ detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count();
+ String resultOff = "Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
+ detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
+ PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+
// Flush output to results file and close it.
resultsWriter.flush();
resultsWriter.close();