When it is range-based and it is more than 2 packets, we do range-based; when it...
authorrtrimana <rtrimana@uci.edu>
Thu, 14 Mar 2019 00:23:04 +0000 (17:23 -0700)
committerrtrimana <rtrimana@uci.edu>
Thu, 14 Mar 2019 00:23:04 +0000 (17:23 -0700)
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3ClusterMatcher.java
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/util/PcapPacketUtils.java

index c133b8e..314ce3f 100644 (file)
@@ -79,19 +79,20 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
             return;
         }
         // TODO: We could take 7 inputs if we decided to use the cluster analyses.
-//        final String pcapFile = args[0];
-//        final String onClusterAnalysisFile = args[1];
-//        final String offClusterAnalysisFile = args[2];
-//        final String onSignatureFile = args[3];
-//        final String offSignatureFile = args[4];
-//        final String resultsFile = args[5];
-//        final int signatureDuration = Integer.parseInt(args[6]);
-
         final String pcapFile = args[0];
-        final String onSignatureFile = args[1];
-        final String offSignatureFile = args[2];
-        final String resultsFile = args[3];
-        final int signatureDuration = Integer.parseInt(args[4]);
+        final String onClusterAnalysisFile = args[1];
+        final String offClusterAnalysisFile = args[2];
+        final String onSignatureFile = args[3];
+        final String offSignatureFile = args[4];
+        final String resultsFile = args[5];
+        final int signatureDuration = Integer.parseInt(args[6]);
+        final double eps = Double.parseDouble(args[7]);
+
+//        final String pcapFile = args[0];
+//        final String onSignatureFile = args[1];
+//        final String offSignatureFile = args[2];
+//        final String resultsFile = args[3];
+//        final int signatureDuration = Integer.parseInt(args[4]);
 
         // Parse optional parameters.
         List<Function<Layer2Flow, Boolean>> onSignatureMacFilters = null, offSignatureMacFilters = null;
@@ -118,47 +119,51 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
         // Include metadata as comments at the top
         PrintWriterUtils.println("# Detection results for:", resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
         PrintWriterUtils.println("# - inputPcapFile: " + pcapFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
-//        PrintWriterUtils.println("# - onAnalysisFile: " + onClusterAnalysisFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
-//        PrintWriterUtils.println("# - offAnalysisFile: " + offClusterAnalysisFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+        PrintWriterUtils.println("# - onAnalysisFile: " + onClusterAnalysisFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+        PrintWriterUtils.println("# - offAnalysisFile: " + offClusterAnalysisFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
         PrintWriterUtils.println("# - onSignatureFile: " + onSignatureFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
         PrintWriterUtils.println("# - offSignatureFile: " + offSignatureFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
         resultsWriter.flush();
 
-        double eps = 10.0;
         // Create signature detectors and add observers that output their detected events.
         List<List<List<PcapPacket>>> onSignature = PrintUtils.deserializeFromFile(onSignatureFile);
         List<List<List<PcapPacket>>> offSignature = PrintUtils.deserializeFromFile(offSignatureFile);
         // Load signature analyses
-//        List<List<List<PcapPacket>>> onClusterAnalysis = PrintUtils.deserializeFromFile(onClusterAnalysisFile);
-//        List<List<List<PcapPacket>>> offClusterAnalysis = PrintUtils.deserializeFromFile(offClusterAnalysisFile);
+        List<List<List<PcapPacket>>> onClusterAnalysis = PrintUtils.deserializeFromFile(onClusterAnalysisFile);
+        List<List<List<PcapPacket>>> offClusterAnalysis = PrintUtils.deserializeFromFile(offClusterAnalysisFile);
         // TODO: FOR NOW WE DECIDE PER SIGNATURE AND THEN WE OR THE BOOLEANS
         // TODO: SINCE WE ONLY HAVE 2 SIGNATURES FOR NOW (ON AND OFF), THEN IT IS USUALLY EITHER RANGE-BASED OR
         // TODO: STRICT MATCHING
         // Check if we should use range-based matching
-//        boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
-//        boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
-//        // Update the signature with ranges if it is range-based
-//        if (isRangeBasedForOn && isRangeBasedForOff) {
-//            onSignature = PcapPacketUtils.useRangeBasedMatching(onSignature, onClusterAnalysis);
-//            offSignature = PcapPacketUtils.useRangeBasedMatching(offSignature, offClusterAnalysis);
-//        }
+        boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
+        boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
+        // Update the signature with ranges if it is range-based
+        if (isRangeBasedForOn) {
+            onSignature = PcapPacketUtils.useRangeBasedMatching(onSignature, onClusterAnalysis);
+        }
+        if (isRangeBasedForOff) {
+            offSignature = PcapPacketUtils.useRangeBasedMatching(offSignature, offClusterAnalysis);
+        }
         // TODO: WE DON'T DO RANGE-BASED FOR NOW BECAUSE THE RESULTS ARE TERRIBLE FOR LAYER 2 MATCHING
         // TODO: THIS WOULD ONLY WORK FOR SIGNATURES LONGER THAN 2 PACKETS
-        boolean isRangeBasedForOn = false;
-        boolean isRangeBasedForOff = false;
+//        boolean isRangeBasedForOn = false;
+//        boolean isRangeBasedForOff = false;
         Layer2SignatureDetector onDetector = onSignatureMacFilters == null ?
                 new Layer2SignatureDetector(onSignature, isRangeBasedForOn, eps) :
                 new Layer2SignatureDetector(onSignature, onSignatureMacFilters, signatureDuration, isRangeBasedForOn, eps);
         Layer2SignatureDetector offDetector = offSignatureMacFilters == null ?
                 new Layer2SignatureDetector(offSignature, isRangeBasedForOff, eps) :
                 new Layer2SignatureDetector(offSignature, offSignatureMacFilters, signatureDuration, isRangeBasedForOff, eps);
+        final List<UserAction> detectedEvents = new ArrayList<>();
         onDetector.addObserver((signature, match) -> {
             UserAction event = new UserAction(UserAction.Type.TOGGLE_ON, match.get(0).get(0).getTimestamp());
             PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+            detectedEvents.add(event);
         });
         offDetector.addObserver((signature, match) -> {
             UserAction event = new UserAction(UserAction.Type.TOGGLE_OFF, match.get(0).get(0).getTimestamp());
             PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+            detectedEvents.add(event);
         });
 
         // Load the PCAP file
@@ -172,6 +177,13 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
         // Parse the file
         reader.readFromHandle();
 
+        String resultOn = "Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
+                detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count();
+        String resultOff = "Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
+                detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
+        PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+        PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+
         // Flush output to results file and close it.
         resultsWriter.flush();
         resultsWriter.close();
index b070bd2..53fab96 100644 (file)
@@ -24,33 +24,6 @@ import static edu.uci.iotproject.util.PcapPacketUtils.*;
  */
 public class Layer3ClusterMatcher extends AbstractClusterMatcher implements PacketListener {
 
-    // Test client
-    public static void main(String[] args) throws PcapNativeException, NotOpenException {
-
-//        String path = "/scratch/July-2018"; // Rahmadi
-//        String path = "/Users/varmarken/temp/UCI IoT Project/experiments"; // Janus
-//        final String inputPcapFile = path + "/2018-07/dlink/dlink.wlan1.local.pcap";
-//        final String signatureFile = path + "/2018-07/dlink/offSignature1.sig";
-//
-//        List<List<PcapPacket>> signature = PrintUtils.deserializeClustersFromFile(signatureFile);
-//        Layer3ClusterMatcher clusterMatcher = new Layer3ClusterMatcher(signature, null,
-//                (sig, match) -> System.out.println(
-//                        String.format("[ !!! SIGNATURE DETECTED AT %s !!! ]",
-//                                match.get(0).getTimestamp().atZone(ZoneId.of("America/Los_Angeles")))
-//                )
-//        );
-//
-//        PcapHandle handle;
-//        try {
-//            handle = Pcaps.openOffline(inputPcapFile, PcapHandle.TimestampPrecision.NANO);
-//        } catch (PcapNativeException pne) {
-//            handle = Pcaps.openOffline(inputPcapFile);
-//        }
-//        PcapHandleReader reader = new PcapHandleReader(handle, p -> true, clusterMatcher);
-//        reader.readFromHandle();
-//        clusterMatcher.performDetection();
-    }
-
     /**
      * The ordered directions of packets in the sequences that make up {@link #mCluster}.
      */
index 44dafbf..3c6d331 100644 (file)
@@ -95,27 +95,18 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb
         // Check if we should use range-based matching
         boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
         boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
-//        boolean isRangeBasedForOn = false;
-//        boolean isRangeBasedForOff = false;
         // Update the signature with ranges if it is range-based
-        if (isRangeBasedForOn && isRangeBasedForOff) {
+        if (isRangeBasedForOn) {
             onSignature = PcapPacketUtils.useRangeBasedMatching(onSignature, onClusterAnalysis);
+        }
+        if (isRangeBasedForOff) {
             offSignature = PcapPacketUtils.useRangeBasedMatching(offSignature, offClusterAnalysis);
         }
         // WAN
-        double onEps = eps;
-        double offEps = eps;
-        // IFF the signature is just one pair of packets then we set EPS to 0 to make it tighter
-        if (onSignature.size() == 1 && onSignature.get(0).size() == 2) {
-            onEps = 0;
-        }
-        if (offSignature.size() == 1 && offSignature.get(0).size() == 2) {
-            offEps = 0;
-        }
         Layer3SignatureDetector onDetector = new Layer3SignatureDetector(onSignature, ROUTER_WAN_IP,
-                signatureDuration, isRangeBasedForOn, onEps);
+                signatureDuration, isRangeBasedForOn, eps);
         Layer3SignatureDetector offDetector = new Layer3SignatureDetector(offSignature, ROUTER_WAN_IP,
-                signatureDuration, isRangeBasedForOff, offEps);
+                signatureDuration, isRangeBasedForOff, eps);
 
         final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofLocalizedDateTime(FormatStyle.MEDIUM).
                 withLocale(Locale.US).withZone(ZoneId.of("America/Los_Angeles"));
@@ -164,11 +155,14 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb
         reader.readFromHandle();
 
         // TODO: need a better way of triggering detection than this...
-        if (isRangeBasedForOn && isRangeBasedForOff) {
+        if (isRangeBasedForOn) {
             onDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
-            offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
         } else {
             onDetector.mClusterMatchers.forEach(cm -> cm.performDetectionConservative());
+        }
+        if (isRangeBasedForOff) {
+            offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
+        } else {
             offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionConservative());
         }
 
@@ -185,9 +179,6 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb
                 detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
         PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
         PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
-        System.out.println(resultOn);
-        System.out.println(resultOff);
-
 
         // Flush output to results file and close it.
         resultsWriter.flush();
index de89dc4..fc5234e 100644 (file)
@@ -674,7 +674,10 @@ public final class PcapPacketUtils {
         // Get the ranges of the two signatures
         List<List<List<PcapPacket>>> signatureRanges = getSequenceRanges(signature);
         List<List<List<PcapPacket>>> otherSignatureRanges = getSequenceRanges(otherSignature);
-        if (!isRangeBased(signatureRanges) && !isRangeBased(otherSignatureRanges)) {
+        if (signature.size() == 1 && signature.get(0).get(0).size() == 2) {
+            // The signature only has 2 packets
+            return true;
+        } else if (!isRangeBased(signatureRanges) && !isRangeBased(otherSignatureRanges)) {
             // Conservative checking when there is no range
             return true;
         } else if(signatureRanges.size() != otherSignatureRanges.size()) {