private static String ROUTER_WAN_IP = "128.195.205.105";
public static void main(String[] args) throws PcapNativeException, NotOpenException, IOException {
- if (args.length < 7) {
+ if (args.length < 8) {
String errMsg = String.format("Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
"\n inputPcapFile: the target of the detection" +
"\n onAnalysisFile: the file that contains the ON clusters analysis" +
"\n onSignatureFile: the file that contains the ON signature to search for" +
"\n offSignatureFile: the file that contains the OFF signature to search for" +
"\n resultsFile: where to write the results of the detection" +
- "\n signatureDuration: the maximum duration of signature detection",
+ "\n signatureDuration: the maximum duration of signature detection" +
+ "\n epsilon: the epsilon value for the DBSCAN algorithm",
Layer3SignatureDetector.class.getSimpleName());
System.out.println(errMsg);
return;
final String offSignatureFile = args[4];
final String resultsFile = args[5];
final int signatureDuration = Integer.parseInt(args[6]);
+ final double eps = Double.parseDouble(args[7]);
// Prepare file outputter.
File outputFile = new File(resultsFile);
PrintWriterUtils.println("# - offSignatureFile: " + offSignatureFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
resultsWriter.flush();
- // Specify epsilon
- // TODO: This would be specified through command line option
- double eps = 10.0;
// Load signatures
List<List<List<PcapPacket>>> onSignature = PrintUtils.deserializeFromFile(onSignatureFile);
List<List<List<PcapPacket>>> offSignature = PrintUtils.deserializeFromFile(offSignatureFile);
boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
// Update the signature with ranges if it is range-based
- if (isRangeBasedForOn && isRangeBasedForOff) {
+ if (isRangeBasedForOn) {
onSignature = PcapPacketUtils.useRangeBasedMatching(onSignature, onClusterAnalysis);
+ }
+ if (isRangeBasedForOff) {
offSignature = PcapPacketUtils.useRangeBasedMatching(offSignature, offClusterAnalysis);
}
-
// WAN
Layer3SignatureDetector onDetector = new Layer3SignatureDetector(onSignature, ROUTER_WAN_IP,
- 0, isRangeBasedForOn, eps);
+ signatureDuration, isRangeBasedForOn, eps);
Layer3SignatureDetector offDetector = new Layer3SignatureDetector(offSignature, ROUTER_WAN_IP,
- 0, isRangeBasedForOff, eps);
+ signatureDuration, isRangeBasedForOff, eps);
final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofLocalizedDateTime(FormatStyle.MEDIUM).
withLocale(Locale.US).withZone(ZoneId.of("America/Los_Angeles"));
// String output = String.format("%s",
// dateTimeFormatter.format(ua.getTimestamp()));
// System.out.println(output);
+ PrintWriterUtils.println(ua, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
};
// Let's create observers that construct a UserAction representing the detected event.
onDetector.addObserver((searched, match) -> {
PcapPacket firstPkt = match.get(0).get(0);
UserAction event = new UserAction(UserAction.Type.TOGGLE_ON, firstPkt.getTimestamp());
- PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
detectedEvents.add(event);
});
offDetector.addObserver((searched, match) -> {
PcapPacket firstPkt = match.get(0).get(0);
UserAction event = new UserAction(UserAction.Type.TOGGLE_OFF, firstPkt.getTimestamp());
- PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ //PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
detectedEvents.add(event);
});
reader.readFromHandle();
// TODO: need a better way of triggering detection than this...
- if (isRangeBasedForOn && isRangeBasedForOff) {
+ if (isRangeBasedForOn) {
onDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
- offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
} else {
onDetector.mClusterMatchers.forEach(cm -> cm.performDetectionConservative());
+ }
+ if (isRangeBasedForOff) {
+ offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
+ } else {
offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionConservative());
}
// Output the detected events
detectedEvents.forEach(outputter);
- System.out.println("Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
- detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count());
- System.out.println("Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
- detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count());
+ String resultOn = "Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
+ detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count();
+ String resultOff = "Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
+ detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
+ PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
// Flush output to results file and close it.
resultsWriter.flush();
// Generate corresponding/appropriate ClusterMatchers based on the provided signature
List<Layer3ClusterMatcher> clusterMatchers = new ArrayList<>();
for (List<List<PcapPacket>> cluster : mSignature) {
- clusterMatchers.add(new Layer3ClusterMatcher(cluster, routerWanIp, isRangeBased, eps, this));
+ clusterMatchers.add(new Layer3ClusterMatcher(cluster, routerWanIp, inclusionTimeMillis,
+ isRangeBased, eps, this));
}
mClusterMatchers = Collections.unmodifiableList(clusterMatchers);
projects / pingpong.git / blobdiff