*/
public static List<List<List<PcapPacket>>>
mergeSignatures(List<List<List<PcapPacket>>> signatures, List<Conversation> conversations) {
- // Make a copy first.
- List<List<List<PcapPacket>>> copySignatures = new ArrayList<>(signatures);
+
+ // TODO: THIS IS NOT A DEEP COPY; IT BASICALLY CREATES A REFERENCE TO THE SAME LIST OBJECT
+ // List<List<List<PcapPacket>>> copySignatures = new ArrayList<>(signatures);
+ // Make a deep copy first.
+ List<List<List<PcapPacket>>> copySignatures = new ArrayList<>();
+ listDeepCopy(copySignatures, signatures);
// Traverse and look into the pairs of signatures.
for (int first = 0; first < signatures.size(); first++) {
List<List<PcapPacket>> firstList = signatures.get(first);
if (secondList.size() < SIGNATURE_MERGE_THRESHOLD) {
// Prune the unsuccessfully merged signatures (i.e., these will have size() < maxSignatureEl).
final int maxNumOfEl = maxSignatureEl;
+ // TODO: DOUBLE CHECK IF WE REALLY NEED TO PRUNE FAILED BINDINGS
+ // TODO: SOMETIMES THE SEQUENCES ARE JUST INCOMPLETE
+ // TODO: AND BOTH THE COMPLETE AND INCOMPLETE SEQUENCES ARE VALID SIGNATURES!
firstList.removeIf(el -> el.size() < maxNumOfEl);
// Remove the merged set of signatures when successful.
signatures.remove(secondList);
return signatures;
}
+ /**
+ * Deep copy to create an entirely new {@link List} of {@link List} of {@link List} of {@link PcapPacket} objects.
+ * @param destList A {@link List} of {@link List} of {@link List} of
+ * {@link PcapPacket} objects that will be the final container of the deep copy
+ * @param sourceList A {@link List} of {@link List} of {@link List} of
+ * {@link PcapPacket} objects that will be the source of the deep copy.
+ */
+ private static void listDeepCopy(List<List<List<PcapPacket>>> destList, List<List<List<PcapPacket>>> sourceList) {
+
+ for(List<List<PcapPacket>> llPcapPacket : sourceList) {
+ List<List<PcapPacket>> tmpListOfList = new ArrayList<>();
+ for(List<PcapPacket> lPcapPacket : llPcapPacket) {
+ List<PcapPacket> tmpList = new ArrayList<>();
+ for(PcapPacket pcapPacket : lPcapPacket) {
+ tmpList.add(pcapPacket);
+ }
+ tmpListOfList.add(tmpList);
+ }
+ destList.add(tmpListOfList);
+ }
+ }
+
/**
* Sort the signatures in the {@code List} of {@code List} of {@code List} of {@code PcapPacket} objects.
* The purpose of this is to sort the order of signatures in the signature list. For detection purposes, we need
private static IpV4Packet getIpV4PacketOrThrow(PcapPacket packet) {
return Objects.requireNonNull(packet.get(IpV4Packet.class), "not an IPv4 packet");
}
+
+ /**
+ * Print signatures in {@code List} of {@code List} of {@code List} of {@code PcapPacket} objects.
+ *
+ * @param signatures A {@link List} of {@link List} of {@link List} of
+ * {@link PcapPacket} objects that needs to be printed.
+ */
+ public static void printSignatures(List<List<List<PcapPacket>>> signatures) {
+
+ // Iterate over the list of all clusters/sequences
+ int sequenceCounter = 0;
+ for(List<List<PcapPacket>> listListPcapPacket : signatures) {
+ // Iterate over every member of a cluster/sequence
+ System.out.print("====== SEQUENCE " + sequenceCounter++);
+ System.out.println(" - " + listListPcapPacket.size() + " MEMBERS ======");
+ for(List<PcapPacket> listPcapPacket : listListPcapPacket) {
+ // Print out packet lengths in a sequence
+ int packetCounter = 0;
+ for(PcapPacket pcapPacket : listPcapPacket) {
+ if(pcapPacket != null) {
+ System.out.print(pcapPacket.length());
+ }
+ if(packetCounter < listPcapPacket.size() - 1) {
+ System.out.print(" "); // Provide space if not last packet
+ } else {
+ System.out.println(); // Newline if last packet
+ }
+ packetCounter++;
+ }
+ }
+ }
+ }
+
+ /**
+ * Remove a sequence in a signature object.
+ *
+ * @param signatures A {@link List} of {@link List} of {@link List} of
+ * {@link PcapPacket} objects.
+ * @param sequenceIndex An index for a sequence that consists of {{@link List} of {@link List} of
+ * {@link PcapPacket} objects.
+ */
+ public static void removeSequenceFromSignature(List<List<List<PcapPacket>>> signatures, int sequenceIndex) {
+
+ // Sequence index starts from 0
+ signatures.remove(sequenceIndex);
+ }
}