* i.e., when the trace does not contain the SYN/SYNACK exchange.
* - current implementation relies on the server using the conventional TLS port number; may instead want to
* inspect the first 4 bytes of each potential TLS packet to see if they match the SSL record header.
+ *
+ * 08/31/18: Added unconvetional TLS ports used by WeMo plugs and LiFX bulb.
*/
- return mServerPort == 443;
+ return mServerPort == 443 || mServerPort == 8443 || mServerPort == 41143;
}
/**
});
}
+
// Print out all the pairs into a file for ON events
File fileOnEvents = new File(onPairsPath);
PrintWriter pwOn = null;
}
pwOff.close();
+
// ================================================================================================
// <<< Some work-in-progress/explorative code that extracts a "representative" sequence >>>
//
// Currently need to know relevant hostname in advance :(
- String hostname = "events.tplinkra.com";
+// String hostname = "events.tplinkra.com";
+ String hostname = "rfe-us-west-1.dch.dlink.com";
// Conversations with 'hostname' for ON events.
-// List<Conversation> onsForHostname = new ArrayList<>();
-// // Conversations with 'hostname' for OFF events.
-// List<Conversation> offsForHostname = new ArrayList<>();
-// // "Unwrap" sequence groupings in ons/offs maps.
-// ons.get(hostname).forEach((k,v) -> onsForHostname.addAll(v));
-// offs.get(hostname).forEach((k,v) -> offsForHostname.addAll(v));
-// // Extract representative sequence for ON and OFF by providing the list of conversations with
-// // 'hostname' observed for each event type (the training data).
-// SequenceExtraction seqExtraction = new SequenceExtraction();
+ List<Conversation> onsForHostname = new ArrayList<>();
+ // Conversations with 'hostname' for OFF events.
+ List<Conversation> offsForHostname = new ArrayList<>();
+ // "Unwrap" sequence groupings in ons/offs maps.
+ ons.get(hostname).forEach((k,v) -> onsForHostname.addAll(v));
+ offs.get(hostname).forEach((k,v) -> offsForHostname.addAll(v));
+
+
+ Map<String, List<Conversation>> onsForHostnameGroupedByTlsAppDataSequence = TcpConversationUtils.groupConversationsByTlsApplicationDataPacketSequence(onsForHostname);
+
+
+ // Extract representative sequence for ON and OFF by providing the list of conversations with
+ // 'hostname' observed for each event type (the training data).
+ SequenceExtraction seqExtraction = new SequenceExtraction();
// ExtractedSequence extractedSequenceForOn = seqExtraction.extract(onsForHostname);
// ExtractedSequence extractedSequenceForOff = seqExtraction.extract(offsForHostname);
-// // Let's check how many ONs align with OFFs and vice versa (that is, how many times an event is incorrectly
-// // labeled).
-// int onsLabeledAsOff = 0;
-// Integer[] representativeOnSeq = TcpConversationUtils.getPacketLengthSequence(extractedSequenceForOn.getRepresentativeSequence());
-// Integer[] representativeOffSeq = TcpConversationUtils.getPacketLengthSequence(extractedSequenceForOff.getRepresentativeSequence());
-// SequenceAlignment<Integer> seqAlg = seqExtraction.getAlignmentAlgorithm();
-// for (Conversation c : onsForHostname) {
-// Integer[] onSeq = TcpConversationUtils.getPacketLengthSequence(c);
-// if (seqAlg.calculateAlignment(representativeOffSeq, onSeq) <= extractedSequenceForOff.getMaxAlignmentCost()) {
-// onsLabeledAsOff++;
-// }
-// }
-// int offsLabeledAsOn = 0;
-// for (Conversation c : offsForHostname) {
-// Integer[] offSeq = TcpConversationUtils.getPacketLengthSequence(c);
-// if (seqAlg.calculateAlignment(representativeOnSeq, offSeq) <= extractedSequenceForOn.getMaxAlignmentCost()) {
-// offsLabeledAsOn++;
-// }
-// }
-// System.out.println("");
+
+ ExtractedSequence extractedSequenceForOn = seqExtraction.extractByTlsAppData(onsForHostname);
+ ExtractedSequence extractedSequenceForOff = seqExtraction.extractByTlsAppData(offsForHostname);
+
+ // Let's check how many ONs align with OFFs and vice versa (that is, how many times an event is incorrectly
+ // labeled).
+ int onsLabeledAsOff = 0;
+ Integer[] representativeOnSeq = TcpConversationUtils.getPacketLengthSequence(extractedSequenceForOn.getRepresentativeSequence());
+ Integer[] representativeOffSeq = TcpConversationUtils.getPacketLengthSequence(extractedSequenceForOff.getRepresentativeSequence());
+ SequenceAlignment<Integer> seqAlg = seqExtraction.getAlignmentAlgorithm();
+ for (Conversation c : onsForHostname) {
+ Integer[] onSeq = TcpConversationUtils.getPacketLengthSequence(c);
+ if (seqAlg.calculateAlignment(representativeOffSeq, onSeq) <= extractedSequenceForOff.getMaxAlignmentCost()) {
+ onsLabeledAsOff++;
+ }
+ }
+ int offsLabeledAsOn = 0;
+ for (Conversation c : offsForHostname) {
+ Integer[] offSeq = TcpConversationUtils.getPacketLengthSequence(c);
+ if (seqAlg.calculateAlignment(representativeOnSeq, offSeq) <= extractedSequenceForOn.getMaxAlignmentCost()) {
+ offsLabeledAsOn++;
+ }
+ }
+ System.out.println("");
// ================================================================================================
import org.pcap4j.packet.TcpPacket;
import java.util.*;
+import java.util.stream.Collectors;
/**
* Utility functions for analyzing and structuring (sets of) {@link Conversation}s.
return result;
}
+ public static Map<String, List<Conversation>> groupConversationsByTlsApplicationDataPacketSequence(Collection<Conversation> conversations) {
+ return conversations.stream().collect(Collectors.groupingBy(
+ c -> c.getTlsApplicationDataPackets().stream().map(p -> Integer.toString(p.getOriginalLength())).
+ reduce("", (s1, s2) -> s1.length() == 0 ? s2 : s1 + " " + s2))
+ );
+ }
+
/**
* Given a {@link Conversation}, counts the frequencies of each unique packet length seen as part of the
* {@code Conversation}.
* packet lengths in the returned array are ordered by packet timestamp.
*/
public static Integer[] getPacketLengthSequence(Conversation c) {
- List<PcapPacket> packets = c.getPackets();
- Integer[] packetLengthSequence = new Integer[packets.size()];
- for (int i = 0; i < packetLengthSequence.length; i++) {
- packetLengthSequence[i] = packets.get(i).getOriginalLength();
+ return getPacketLengthSequence(c.getPackets());
+ }
+
+
+ /**
+ * Given a {@link Conversation}, extract its packet length sequence, but only include packet lengths of those
+ * packets that carry TLS Application Data.
+ * @param c The {@link Conversation} from which a TLS Application Data packet length sequence is to be extracted.
+ * @return An {@code Integer[]} that holds the packet lengths of all packets in {@code c} that carry TLS Application
+ * Data. The packet lengths in the returned array are ordered by packet timestamp.
+ */
+ public static Integer[] getPacketLengthSequenceTlsAppDataOnly(Conversation c) {
+ if (!c.isTls()) {
+ throw new IllegalArgumentException("Provided " + c.getClass().getSimpleName() + " was not a TLS session");
}
- return packetLengthSequence;
+ return getPacketLengthSequence(c.getTlsApplicationDataPackets());
+ }
+
+ /**
+ * Given a list of packets, extract the packet lengths and wrap them in an array such that the packet lengths in the
+ * resulting array appear in the same order as their corresponding packets in the input list.
+ * @param packets The list of packets for which the packet lengths are to be extracted.
+ * @return An array containing the packet lengths in the same order as their corresponding packets in the input list.
+ */
+ private static Integer[] getPacketLengthSequence(List<PcapPacket> packets) {
+ return packets.stream().map(pkt -> pkt.getOriginalLength()).toArray(Integer[]::new);
}
+
/**
* Appends a space to {@code sb} <em>iff</em> {@code sb} already contains some content.
* @param sb A {@link StringBuilder} that should have a space appended <em>iff</em> it is not empty.
package edu.uci.iotproject.comparison.seqalignment;
import edu.uci.iotproject.Conversation;
+import org.pcap4j.core.PcapPacket;
+
+import java.util.List;
/**
* TODO add class documentation.
private final String mSequenceString;
- public ExtractedSequence(Conversation sequence, int maxAlignmentCost) {
+ public ExtractedSequence(Conversation sequence, int maxAlignmentCost, boolean tlsAppDataAlignment) {
mRepresentativeSequence = sequence;
mMaxAlignmentCost = maxAlignmentCost;
StringBuilder sb = new StringBuilder();
- sequence.getPackets().forEach(p -> {
+ List<PcapPacket> pkts = tlsAppDataAlignment ? sequence.getTlsApplicationDataPackets() : sequence.getPackets();
+ pkts.forEach(p -> {
if (sb.length() != 0) sb.append(" ");
sb.append(p.getOriginalLength());
});
import edu.uci.iotproject.Conversation;
import edu.uci.iotproject.analysis.TcpConversationUtils;
+import java.util.Comparator;
import java.util.List;
import java.util.Map;
+import java.util.stream.Collectors;
/**
* TODO add class documentation.
//
// }
-
+ // Building signature from entire sequence
public ExtractedSequence extract(List<Conversation> convsForActionForHostname) {
// First group conversations by packet sequences.
// TODO: the introduction of SYN/SYNACK, FIN/FINACK and RST as part of the sequence ID may be undesirable here
// different due to differences in how they are terminated.
Map<String, List<Conversation>> groupedBySequence =
TcpConversationUtils.groupConversationsByPacketSequence(convsForActionForHostname);
+
// Then get a hold of one of the conversations that gave rise to the most frequent sequence.
Conversation mostFrequentConv = null;
int maxFrequency = 0;
maxCost = alignmentCost;
}
}
- return new ExtractedSequence(mostFrequentConv, maxCost);
+ return new ExtractedSequence(mostFrequentConv, maxCost, false);
}
-
+ // Building signature from only TLS Application Data packets
+ public ExtractedSequence extractByTlsAppData(List<Conversation> convsForActionForHostname) {
+ // TODO: temporary hack to avoid 97-only conversations for dlink plug. We need some preprocessing/data cleaning.
+ convsForActionForHostname = convsForActionForHostname.stream().filter(c -> c.getTlsApplicationDataPackets().size() > 1).collect(Collectors.toList());
+
+ Map<String, List<Conversation>> groupedByTlsAppDataSequence =
+ TcpConversationUtils.groupConversationsByTlsApplicationDataPacketSequence(convsForActionForHostname);
+ // Get a Conversation representing the most frequent TLS application data sequence.
+ Conversation mostFrequentConv = groupedByTlsAppDataSequence.values().stream().max((l1, l2) -> {
+ // The frequency of a conversation with a specific packet sequence is the list size as that represents how
+ // many conversations exhibit that packet sequence.
+ // Hence, the difference between the list sizes can be used directly as the return value of the Comparator.
+ // Note: we break ties by choosing the one with the most TLS application data packets (i.e., the longest
+ // sequence) in case the frequencies are equal.
+ int diff = l1.size() - l2.size();
+ return diff != 0 ? diff : l1.get(0).getTlsApplicationDataPackets().size() - l2.get(0).getTlsApplicationDataPackets().size();
+ }).get().get(0); // Just pick the first as a representative of the most frequent sequence.
+ // Lengths of TLS Application Data packets in the most frequent (or most frequent and longest) conversation.
+ Integer[] mostFreqSeq = TcpConversationUtils.getPacketLengthSequenceTlsAppDataOnly(mostFrequentConv);
+ // Now find the maximum cost of aligning the most frequent (or, alternatively longest) conversation with the
+ // each of the rest of the conversations also associated with this action and hostname.
+ int maxCost = 0;
+ for (Conversation c : convsForActionForHostname) {
+ if (c == mostFrequentConv) continue;
+ int cost = mAlignmentAlg.calculateAlignment(mostFreqSeq, TcpConversationUtils.getPacketLengthSequenceTlsAppDataOnly(c));
+ maxCost = cost > maxCost ? cost : maxCost;
+ }
+ return new ExtractedSequence(mostFrequentConv, maxCost, true);
+ // Now find the maximum cost of aligning the most frequent (or, alternatively longest) conversation with the
+ // each of the rest of the conversations also associated with this action and hostname.
+ }
}