public static void main(String[] args) throws PcapNativeException, NotOpenException, IOException {
// Parse required parameters.
-// if (args.length < 7) {
- if (args.length < 5) {
+ if (args.length < 8) {
String errMsg = String.format("Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
"\n inputPcapFile: the target of the detection" +
-// "\n onAnalysisFile: the file that contains the ON clusters analysis" +
-// "\n offAnalysisFile: the file that contains the OFF clusters analysis" +
+ "\n onAnalysisFile: the file that contains the ON clusters analysis" +
+ "\n offAnalysisFile: the file that contains the OFF clusters analysis" +
"\n onSignatureFile: the file that contains the ON signature to search for" +
"\n offSignatureFile: the file that contains the OFF signature to search for" +
"\n resultsFile: where to write the results of the detection" +
// TODO: SINCE WE ONLY HAVE 2 SIGNATURES FOR NOW (ON AND OFF), THEN IT IS USUALLY EITHER RANGE-BASED OR
// TODO: STRICT MATCHING
// Check if we should use range-based matching
- boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
- boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
+// boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
+// boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
+ // TODO: WE DON'T DO RANGE-BASED FOR NOW BECAUSE THE RESULTS ARE TERRIBLE FOR LAYER 2 MATCHING
+ // TODO: THIS WOULD ONLY WORK FOR SIGNATURES LONGER THAN 2 PACKETS
+ boolean isRangeBasedForOn = false;
+ boolean isRangeBasedForOff = false;
// Update the signature with ranges if it is range-based
if (isRangeBasedForOn) {
onSignature = PcapPacketUtils.useRangeBasedMatching(onSignature, onClusterAnalysis);
if (isRangeBasedForOff) {
offSignature = PcapPacketUtils.useRangeBasedMatching(offSignature, offClusterAnalysis);
}
- // TODO: WE DON'T DO RANGE-BASED FOR NOW BECAUSE THE RESULTS ARE TERRIBLE FOR LAYER 2 MATCHING
- // TODO: THIS WOULD ONLY WORK FOR SIGNATURES LONGER THAN 2 PACKETS
-// boolean isRangeBasedForOn = false;
-// boolean isRangeBasedForOff = false;
Layer2SignatureDetector onDetector = onSignatureMacFilters == null ?
- new Layer2SignatureDetector(onSignature, isRangeBasedForOn, eps) :
+ new Layer2SignatureDetector(onSignature, signatureDuration, isRangeBasedForOn, eps) :
new Layer2SignatureDetector(onSignature, onSignatureMacFilters, signatureDuration, isRangeBasedForOn, eps);
Layer2SignatureDetector offDetector = offSignatureMacFilters == null ?
- new Layer2SignatureDetector(offSignature, isRangeBasedForOff, eps) :
+ new Layer2SignatureDetector(offSignature, signatureDuration, isRangeBasedForOff, eps) :
new Layer2SignatureDetector(offSignature, offSignatureMacFilters, signatureDuration, isRangeBasedForOff, eps);
final List<UserAction> detectedEvents = new ArrayList<>();
onDetector.addObserver((signature, match) -> {
offDetector.addObserver((signature, match) -> {
UserAction event = new UserAction(UserAction.Type.TOGGLE_OFF, match.get(0).get(0).getTimestamp());
PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ for (PcapPacket pcap : match.get(0)) {
+ System.out.println(pcap.length() + " -> " + pcap.getTimestamp());
+ }
detectedEvents.add(event);
});
private int mInclusionTimeMillis;
- public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, boolean isRangeBased, double eps) {
- this(searchedSignature, null, 0, isRangeBased, eps);
+ public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, int signatureDuration, boolean isRangeBased, double eps) {
+ this(searchedSignature, null, signatureDuration, isRangeBased, eps);
}
public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, List<Function<Layer2Flow,
for (int i = 0; i < mSignature.size(); i++) {
List<List<PcapPacket>> cluster = mSignature.get(i);
Layer2ClusterMatcher clusterMatcher = flowFilters == null ?
- new Layer2ClusterMatcher(cluster, isRangeBased, eps) :
- new Layer2ClusterMatcher(cluster, flowFilters.get(i), isRangeBased, eps);
+ new Layer2ClusterMatcher(cluster, inclusionTimeMillis, isRangeBased, eps) :
+ new Layer2ClusterMatcher(cluster, flowFilters.get(i), inclusionTimeMillis, isRangeBased, eps);
clusterMatcher.addObserver(this);
clusterMatchers.add(clusterMatcher);
}
projects / pingpong.git / blobdiff