private static String ROUTER_WAN_IP = "128.195.205.105";
public static void main(String[] args) throws PcapNativeException, NotOpenException, IOException {
private static String ROUTER_WAN_IP = "128.195.205.105";
public static void main(String[] args) throws PcapNativeException, NotOpenException, IOException {
- if (args.length < 7) {
- String errMsg = String.format("Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
+ if (args.length < 8) {
+ String errMsg = String.format("SPECTO version 1.0\n" +
+ "Copyright (C) 2018-2019 Janus Varmarken and Rahmadi Trimananda.\n" +
+ "University of California, Irvine.\n" +
+ "All rights reserved.\n\n" +
+ "Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
"\n inputPcapFile: the target of the detection" +
"\n onAnalysisFile: the file that contains the ON clusters analysis" +
"\n offAnalysisFile: the file that contains the OFF clusters analysis" +
"\n onSignatureFile: the file that contains the ON signature to search for" +
"\n offSignatureFile: the file that contains the OFF signature to search for" +
"\n resultsFile: where to write the results of the detection" +
"\n inputPcapFile: the target of the detection" +
"\n onAnalysisFile: the file that contains the ON clusters analysis" +
"\n offAnalysisFile: the file that contains the OFF clusters analysis" +
"\n onSignatureFile: the file that contains the ON signature to search for" +
"\n offSignatureFile: the file that contains the OFF signature to search for" +
"\n resultsFile: where to write the results of the detection" +
- "\n signatureDuration: the maximum duration of signature detection",
+ "\n signatureDuration: the maximum duration of signature detection" +
+ "\n epsilon: the epsilon value for the DBSCAN algorithm",
final String onSignatureFile = args[3];
final String offSignatureFile = args[4];
final String resultsFile = args[5];
final String onSignatureFile = args[3];
final String offSignatureFile = args[4];
final String resultsFile = args[5];
- final int signatureDuration = Integer.parseInt(args[6]);
+ // TODO: THIS IS TEMPORARILY SET TO DEFAULT SIGNATURE DURATION
+ // TODO: WE DO NOT WANT TO BE TOO STRICT AT THIS POINT SINCE LAYER 3 ALREADY APPLIES BACK-TO-BACK REQUIREMENT
+ // TODO: FOR PACKETS IN A SIGNATURE
+// final int signatureDuration = Integer.parseInt(args[6]);
+ final int signatureDuration = TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS;
+ final double eps = Double.parseDouble(args[7]);
PrintWriterUtils.println("# - offSignatureFile: " + offSignatureFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
resultsWriter.flush();
PrintWriterUtils.println("# - offSignatureFile: " + offSignatureFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
resultsWriter.flush();
// Load signatures
List<List<List<PcapPacket>>> onSignature = PrintUtils.deserializeFromFile(onSignatureFile);
List<List<List<PcapPacket>>> offSignature = PrintUtils.deserializeFromFile(offSignatureFile);
// Load signatures
List<List<List<PcapPacket>>> onSignature = PrintUtils.deserializeFromFile(onSignatureFile);
List<List<List<PcapPacket>>> offSignature = PrintUtils.deserializeFromFile(offSignatureFile);
boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
// Update the signature with ranges if it is range-based
boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
// Update the signature with ranges if it is range-based
// WAN
Layer3SignatureDetector onDetector = new Layer3SignatureDetector(onSignature, ROUTER_WAN_IP,
signatureDuration, isRangeBasedForOn, eps);
// WAN
Layer3SignatureDetector onDetector = new Layer3SignatureDetector(onSignature, ROUTER_WAN_IP,
signatureDuration, isRangeBasedForOn, eps);
// String output = String.format("%s",
// dateTimeFormatter.format(ua.getTimestamp()));
// System.out.println(output);
// String output = String.format("%s",
// dateTimeFormatter.format(ua.getTimestamp()));
// System.out.println(output);
onDetector.addObserver((searched, match) -> {
PcapPacket firstPkt = match.get(0).get(0);
UserAction event = new UserAction(UserAction.Type.TOGGLE_ON, firstPkt.getTimestamp());
onDetector.addObserver((searched, match) -> {
PcapPacket firstPkt = match.get(0).get(0);
UserAction event = new UserAction(UserAction.Type.TOGGLE_ON, firstPkt.getTimestamp());
detectedEvents.add(event);
});
offDetector.addObserver((searched, match) -> {
PcapPacket firstPkt = match.get(0).get(0);
UserAction event = new UserAction(UserAction.Type.TOGGLE_OFF, firstPkt.getTimestamp());
detectedEvents.add(event);
});
offDetector.addObserver((searched, match) -> {
PcapPacket firstPkt = match.get(0).get(0);
UserAction event = new UserAction(UserAction.Type.TOGGLE_OFF, firstPkt.getTimestamp());
detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
// Generate corresponding/appropriate ClusterMatchers based on the provided signature
List<Layer3ClusterMatcher> clusterMatchers = new ArrayList<>();
for (List<List<PcapPacket>> cluster : mSignature) {
// Generate corresponding/appropriate ClusterMatchers based on the provided signature
List<Layer3ClusterMatcher> clusterMatchers = new ArrayList<>();
for (List<List<PcapPacket>> cluster : mSignature) {
- clusterMatchers.add(new Layer3ClusterMatcher(cluster, routerWanIp, isRangeBased, eps, this));
+ clusterMatchers.add(new Layer3ClusterMatcher(cluster, routerWanIp, inclusionTimeMillis,
+ isRangeBased, eps, this));