Adding skipped packets analysis.

[pingpong.git] / Code / Projects / PacketLevelSignatureExtractor / src / main / java / edu / uci / iotproject / detection / layer3 / Layer3SignatureDetector.java
diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java

index 44dafbfb62c8556da1ba59d74eb1e7032a4a5f1f..dbd904655a38add2ab69f7116a6d87bcab0bf56b 100644 (file)
--- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java
+++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java
@@ -47,7 +47,11 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb
  
      public static void main(String[] args) throws PcapNativeException, NotOpenException, IOException {
          if (args.length < 8) {
  
      public static void main(String[] args) throws PcapNativeException, NotOpenException, IOException {
          if (args.length < 8) {
-            String errMsg = String.format("Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
+            String errMsg = String.format("SPECTO version 1.0\n" +
+                            "Copyright (C) 2018-2019 Janus Varmarken and Rahmadi Trimananda.\n" +
+                            "University of California, Irvine.\n" +
+                            "All rights reserved.\n\n" +
+                            "Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
                              "\n  inputPcapFile: the target of the detection" +
                              "\n  onAnalysisFile: the file that contains the ON clusters analysis" +
                              "\n  offAnalysisFile: the file that contains the OFF clusters analysis" +
                              "\n  inputPcapFile: the target of the detection" +
                              "\n  onAnalysisFile: the file that contains the ON clusters analysis" +
                              "\n  offAnalysisFile: the file that contains the OFF clusters analysis" +
@@ -66,7 +70,11 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb
          final String onSignatureFile = args[3];
          final String offSignatureFile = args[4];
          final String resultsFile = args[5];
          final String onSignatureFile = args[3];
          final String offSignatureFile = args[4];
          final String resultsFile = args[5];
-        final int signatureDuration = Integer.parseInt(args[6]);
+        // TODO: THIS IS TEMPORARILY SET TO DEFAULT SIGNATURE DURATION
+        // TODO: WE DO NOT WANT TO BE TOO STRICT AT THIS POINT SINCE LAYER 3 ALREADY APPLIES BACK-TO-BACK REQUIREMENT
+        // TODO: FOR PACKETS IN A SIGNATURE
+//        final int signatureDuration = Integer.parseInt(args[6]);
+        final int signatureDuration = TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS;
          final double eps = Double.parseDouble(args[7]);
  
          // Prepare file outputter.
          final double eps = Double.parseDouble(args[7]);
  
          // Prepare file outputter.
@@ -95,27 +103,18 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb
          // Check if we should use range-based matching
          boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
          boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
          // Check if we should use range-based matching
          boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
          boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
-//        boolean isRangeBasedForOn = false;
-//        boolean isRangeBasedForOff = false;
          // Update the signature with ranges if it is range-based
          // Update the signature with ranges if it is range-based
-        if (isRangeBasedForOn && isRangeBasedForOff) {
+        if (isRangeBasedForOn) {
              onSignature = PcapPacketUtils.useRangeBasedMatching(onSignature, onClusterAnalysis);
              onSignature = PcapPacketUtils.useRangeBasedMatching(onSignature, onClusterAnalysis);
+        }
+        if (isRangeBasedForOff) {
              offSignature = PcapPacketUtils.useRangeBasedMatching(offSignature, offClusterAnalysis);
          }
          // WAN
              offSignature = PcapPacketUtils.useRangeBasedMatching(offSignature, offClusterAnalysis);
          }
          // WAN
-        double onEps = eps;
-        double offEps = eps;
-        // IFF the signature is just one pair of packets then we set EPS to 0 to make it tighter
-        if (onSignature.size() == 1 && onSignature.get(0).size() == 2) {
-            onEps = 0;
-        }
-        if (offSignature.size() == 1 && offSignature.get(0).size() == 2) {
-            offEps = 0;
-        }
          Layer3SignatureDetector onDetector = new Layer3SignatureDetector(onSignature, ROUTER_WAN_IP,
          Layer3SignatureDetector onDetector = new Layer3SignatureDetector(onSignature, ROUTER_WAN_IP,
-                signatureDuration, isRangeBasedForOn, onEps);
+                signatureDuration, isRangeBasedForOn, eps);
          Layer3SignatureDetector offDetector = new Layer3SignatureDetector(offSignature, ROUTER_WAN_IP,
          Layer3SignatureDetector offDetector = new Layer3SignatureDetector(offSignature, ROUTER_WAN_IP,
-                signatureDuration, isRangeBasedForOff, offEps);
+                signatureDuration, isRangeBasedForOff, eps);
  
          final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofLocalizedDateTime(FormatStyle.MEDIUM).
                  withLocale(Locale.US).withZone(ZoneId.of("America/Los_Angeles"));
  
          final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofLocalizedDateTime(FormatStyle.MEDIUM).
                  withLocale(Locale.US).withZone(ZoneId.of("America/Los_Angeles"));
@@ -164,11 +163,14 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb
          reader.readFromHandle();
  
          // TODO: need a better way of triggering detection than this...
          reader.readFromHandle();
  
          // TODO: need a better way of triggering detection than this...
-        if (isRangeBasedForOn && isRangeBasedForOff) {
+        if (isRangeBasedForOn) {
              onDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
              onDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
-            offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
          } else {
              onDetector.mClusterMatchers.forEach(cm -> cm.performDetectionConservative());
          } else {
              onDetector.mClusterMatchers.forEach(cm -> cm.performDetectionConservative());
+        }
+        if (isRangeBasedForOff) {
+            offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
+        } else {
              offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionConservative());
          }
  
              offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionConservative());
          }
  
@@ -179,15 +181,12 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb
          // Output the detected events
          detectedEvents.forEach(outputter);
  
          // Output the detected events
          detectedEvents.forEach(outputter);
  
-        String resultOn = "Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
+        String resultOn = "# Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
                  detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count();
                  detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count();
-        String resultOff = "Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
+        String resultOff = "# Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
                  detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
          PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
          PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
                  detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
          PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
          PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
-        System.out.println(resultOn);
-        System.out.println(resultOff);
-
  
          // Flush output to results file and close it.
          resultsWriter.flush();
  
          // Flush output to results file and close it.
          resultsWriter.flush();
@@ -257,7 +256,8 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb
          // Generate corresponding/appropriate ClusterMatchers based on the provided signature
          List<Layer3ClusterMatcher> clusterMatchers = new ArrayList<>();
          for (List<List<PcapPacket>> cluster : mSignature) {
          // Generate corresponding/appropriate ClusterMatchers based on the provided signature
          List<Layer3ClusterMatcher> clusterMatchers = new ArrayList<>();
          for (List<List<PcapPacket>> cluster : mSignature) {
-            clusterMatchers.add(new Layer3ClusterMatcher(cluster, routerWanIp, isRangeBased, eps, this));
+            clusterMatchers.add(new Layer3ClusterMatcher(cluster, routerWanIp, inclusionTimeMillis,
+                    isRangeBased, eps, this));
          }
          mClusterMatchers = Collections.unmodifiableList(clusterMatchers);
  
          }
          mClusterMatchers = Collections.unmodifiableList(clusterMatchers);
  
@@ -290,7 +290,7 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb
      }
  
      @Override
      }
  
      @Override
-    public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match) {
+    public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match, int maxSkippedPackets) {
          // Add the match at the corresponding index
          pendingMatches[mClusterMatcherIds.get(clusterMatcher)].add(match);
          checkSignatureMatch();
          // Add the match at the corresponding index
          pendingMatches[mClusterMatcherIds.get(clusterMatcher)].add(match);
          checkSignatureMatch();