package edu.uci.iotproject.detection.layer3;
+import edu.uci.iotproject.analysis.TriggerTrafficExtractor;
import edu.uci.iotproject.detection.AbstractClusterMatcher;
import edu.uci.iotproject.detection.ClusterMatcherObserver;
import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
*/
private final double mEps;
+ /**
+ * The packet inclusion time for signature.
+ */
+ private int mInclusionTimeMillis;
+
/**
* Create a {@link Layer3ClusterMatcher}.
* @param cluster The cluster that traffic is matched against.
* @param routerWanIp The router's WAN IP if examining traffic captured at the ISP's point of view (used for
* determining the direction of packets).
- * @param eps The epsilon value used in the DBSCAN algorithm.
+ * @param inclusionTimeMillis The packet inclusion time for signature.
* @param isRangeBased The boolean that decides if it is range-based vs. strict matching.
+ * @param eps The epsilon value used in the DBSCAN algorithm.
* @param detectionObservers Client code that wants to get notified whenever the {@link Layer3ClusterMatcher} detects that
* (a subset of) the examined traffic is similar to the traffic that makes up
* {@code cluster}, i.e., when the examined traffic is classified as pertaining to
* {@code cluster}.
*/
- public Layer3ClusterMatcher(List<List<PcapPacket>> cluster, String routerWanIp, boolean isRangeBased, double eps,
+ public Layer3ClusterMatcher(List<List<PcapPacket>> cluster, String routerWanIp, int inclusionTimeMillis,
+ boolean isRangeBased, double eps,
ClusterMatcherObserver... detectionObservers) {
super(cluster, isRangeBased);
Objects.requireNonNull(detectionObservers, "detectionObservers cannot be null");
}
mEps = eps;
mRouterWanIp = routerWanIp;
+ mInclusionTimeMillis =
+ inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
}
@Override
isPresent()) {
List<PcapPacket> matchSeq = match.get();
// Notify observers about the match.
+ // Max number of skipped packets in layer 3 is 0 (no skipped packets)
mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq));
/*
* Get the index in cPkts of the last packet in the sequence of packets that matches the searched
isPresent()) {
List<PcapPacket> matchSeq = match.get();
// Notify observers about the match.
+ // Max number of skipped packets in layer 3 is 0 (no skipped packets)
mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq));
/*
* Get the index in cPkts of the last packet in the sequence of packets that matches the searched
PcapPacket seqPkt = sequence.get(seqIdx);
// We only have a match if packet lengths and directions match.
// The packet lengths have to be in the range of [lowerBound - eps, upperBound+eps]
- // TODO: Maybe we could do better here for the double to integer conversion?
- int epsLowerBound = lowBndPkt.length() - (int) mEps;
- int epsUpperBound = upBndPkt.length() + (int) mEps;
+ // We initialize the lower and upper bounds first
+ int epsLowerBound = lowBndPkt.length();
+ int epsUpperBound = upBndPkt.length();
+ // Do strict matching if the lower and upper bounds are the same length
+ // Do range matching with eps otherwise
+ if (epsLowerBound != epsUpperBound) {
+ // TODO: Maybe we could do better here for the double to integer conversion?
+ epsLowerBound = epsLowerBound - (int) mEps;
+ epsUpperBound = epsUpperBound + (int) mEps;
+ }
if (epsLowerBound <= seqPkt.getOriginalLength() &&
seqPkt.getOriginalLength() <= epsUpperBound &&
subsequenceDirections[subseqIdx] == sequenceDirections[seqIdx]) {
projects / pingpong.git / blobdiff