X-Git-Url: http://plrg.eecs.uci.edu/git/?p=pingpong.git;a=blobdiff_plain;f=Code%2FProjects%2FPacketLevelSignatureExtractor%2Fsrc%2Fmain%2Fjava%2Fedu%2Fuci%2Fiotproject%2Fdetection%2Flayer2%2FLayer2ClusterMatcher.java;h=5bf4655ddbf00bf6ce531b27531d09af041be6aa;hp=bec7840723ce683c9c5bf00ab4f7929977ef7498;hb=d3026c4b1681bea17b79f88f49162c6b78e781a1;hpb=54f6c976c697bb5f132abb5a5e7b7f01e2b6e957

diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java
index bec7840..5bf4655 100644
--- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java
+++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java
@@ -12,7 +12,6 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.function.Function;
 
 /**
@@ -29,7 +28,6 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
      * of {@link #mCluster} and has so far matched {@code j} packets of that particular sequence.
      */
     private final Map<Layer2Flow, Layer2SequenceMatcher[][]> mPerFlowSeqMatchers = new HashMap<>();
-//    private final Map<Layer2Flow, Layer2RangeMatcher[]> mPerFlowRangeMatcher = new HashMap<>();
     private final Map<Layer2Flow, List<Layer2RangeMatcher>> mPerFlowRangeMatcher = new HashMap<>();
 
     private final Function<Layer2Flow, Boolean> mFlowFilter;
@@ -46,14 +44,22 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
 
     private int mInclusionTimeMillis;
 
+    /**
+     * Keeping track of maximum number of skipped packets
+     */
+    private int mMaxSkippedPackets;
+//    private List<Integer> mMaxSkippedPackets;
+
+    private int mLimitSkippedPackets;
+
     /**
      * Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members.
      * @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for.
      */
     public Layer2ClusterMatcher(List<List<PcapPacket>> cluster, int inclusionTimeMillis,
-                                boolean isRangeBased, double eps) {
+                                boolean isRangeBased, double eps, int limitSkippedPackets) {
         // Consider all flows if no flow filter specified.
-        this(cluster, flow -> true, inclusionTimeMillis, isRangeBased, eps);
+        this(cluster, flow -> true, inclusionTimeMillis, isRangeBased, eps, limitSkippedPackets);
     }
 
     /**
@@ -70,13 +76,17 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
      * @param eps The epsilon value used in the DBSCAN algorithm.
      */
     public Layer2ClusterMatcher(List<List<PcapPacket>> cluster, Function<Layer2Flow, Boolean> flowFilter,
-                                int inclusionTimeMillis, boolean isRangeBased, double eps) {
+                                int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets) {
         super(cluster, isRangeBased);
         mFlowFilter = flowFilter;
         mRangeBased = isRangeBased;
         mEps = eps;
         mInclusionTimeMillis =
                 inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
+        mMaxSkippedPackets = 0;
+//        mMaxSkippedPackets = new ArrayList<>();
+        // Give integer's MAX_VALUE if -1
+        mLimitSkippedPackets = limitSkippedPackets == -1 ? Integer.MAX_VALUE : limitSkippedPackets;
     }
 
     @Override
@@ -119,8 +129,12 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
                 boolean matched = sm.matchPacket(newPacket);
                 if (matched) {
                     if (sm.getMatchedPacketsCount() == sm.getTargetSequencePacketCount()) {
-                        // Sequence matcher has a match. Report it to observers.
-                        mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets()));
+                        // Update maximum skipped packets
+                        boolean stillMatch = checkMaxSkippedPackets(flow.getPackets(), sm.getMatchedPackets());
+                        if (stillMatch) {
+                            // Sequence matcher has a match. Report it to observers.
+                            mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets()));
+                        }
                         // Remove the now terminated sequence matcher.
                         matchers[i][j] = null;
                     } else {
@@ -145,6 +159,24 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
         }
     }
 
+    // Update the maximum number of skipped packets
+    private boolean checkMaxSkippedPackets(List<PcapPacket> flowPackets, List<PcapPacket> matchedPackets) {
+        // Count number of skipped packets by looking into
+        // the difference of indices of two matched packets
+        boolean stillMatch = true;
+        for(int i = 1; i < matchedPackets.size(); ++i) {
+            int currIndex = flowPackets.indexOf(matchedPackets.get(i-1));
+            int nextIndex = flowPackets.indexOf(matchedPackets.get(i));
+            int skippedPackets = nextIndex - currIndex;
+            if (mMaxSkippedPackets < skippedPackets) {
+                mMaxSkippedPackets = skippedPackets;
+                stillMatch = false;
+            }
+//            mMaxSkippedPackets.add(skippedPackets);
+        }
+        return stillMatch;
+    }
+
     private void rangeBasedMatching(Layer2Flow flow, PcapPacket newPacket) {
         // TODO: For range-based matching, we need to create a new matcher every time we see the first element of
         //  the sequence (between lower and upper bounds).
@@ -191,8 +223,12 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
                 boolean matched = sm.matchPacket(newPacket);
                 if (matched) {
                     if (sm.getMatchedPacketsCount() == sm.getTargetSequencePacketCount()) {
-                        // Sequence matcher has a match. Report it to observers.
-                        mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets()));
+                        // Update maximum skipped packets
+                        boolean stillMatch = checkMaxSkippedPackets(flow.getPackets(), sm.getMatchedPackets());
+                        if (stillMatch) {
+                            // Sequence matcher has a match. Report it to observers.
+                            mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets()));
+                        }
                         // Terminate sequence matcher since matching is complete.
                         listMatchers.remove(matcher);
                     }
@@ -238,4 +274,14 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
             System.out.println(">>> IGNORING FLOW: " + newFlow + " <<<");
         }
     }
+
+    /**
+      * Return the maximum number of skipped packets.
+      */
+    public int getMaxSkippedPackets() {
+       return mMaxSkippedPackets;
+    }
+//    public List<Integer> getMaxSkippedPackets() {
+//        return mMaxSkippedPackets;
+//    }
 }