projects
/
pingpong.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
0b1e09c
)
Bringing down time constraint to packet level so that we will exclude those pairs...
author
rtrimana
<rtrimana@uci.edu>
Fri, 15 Mar 2019 18:40:37 +0000
(11:40 -0700)
committer
rtrimana
<rtrimana@uci.edu>
Fri, 15 Mar 2019 18:40:37 +0000
(11:40 -0700)
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java
patch
|
blob
|
history
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java
patch
|
blob
|
history
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java
patch
|
blob
|
history
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java
patch
|
blob
|
history
diff --git
a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java
b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java
index e2a4aeab6f2db7f6f09ff83f1b65a692bb1f0db7..7fb571a587621b51f56ff3312c0edfb63a04cdaa 100644
(file)
--- a/
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java
+++ b/
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java
@@
-1,5
+1,6
@@
package edu.uci.iotproject.detection.layer2;
package edu.uci.iotproject.detection.layer2;
+import edu.uci.iotproject.analysis.TriggerTrafficExtractor;
import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassembler;
import edu.uci.iotproject.trafficreassembly.layer2.Layer2Flow;
import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassemblerObserver;
import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassembler;
import edu.uci.iotproject.trafficreassembly.layer2.Layer2Flow;
import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassemblerObserver;
@@
-41,13
+42,16
@@
public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
*/
private final double mEps;
*/
private final double mEps;
+ private int mInclusionTimeMillis;
+
/**
* Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members.
* @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for.
*/
/**
* Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members.
* @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for.
*/
- public Layer2ClusterMatcher(List<List<PcapPacket>> cluster, boolean isRangeBased, double eps) {
+ public Layer2ClusterMatcher(List<List<PcapPacket>> cluster, int inclusionTimeMillis,
+ boolean isRangeBased, double eps) {
// Consider all flows if no flow filter specified.
// Consider all flows if no flow filter specified.
- this(cluster, flow -> true, isRangeBased, eps);
+ this(cluster, flow -> true, i
nclusionTimeMillis, i
sRangeBased, eps);
}
/**
}
/**
@@
-59,15
+63,18
@@
public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
* namely when the {@link Layer2FlowReassembler} notifies the {@link Layer2ClusterMatcher} about
* the new flow. This functionality may for example come in handy when one only wants to search
* for matches in the subset of flows that involves a specific (range of) MAC(s).
* namely when the {@link Layer2FlowReassembler} notifies the {@link Layer2ClusterMatcher} about
* the new flow. This functionality may for example come in handy when one only wants to search
* for matches in the subset of flows that involves a specific (range of) MAC(s).
+ * @param inclusionTimeMillis Packet inclusion limit for matching.
* @param isRangeBased The boolean that decides if it is range-based vs. strict matching.
* @param eps The epsilon value used in the DBSCAN algorithm.
*/
public Layer2ClusterMatcher(List<List<PcapPacket>> cluster, Function<Layer2Flow, Boolean> flowFilter,
* @param isRangeBased The boolean that decides if it is range-based vs. strict matching.
* @param eps The epsilon value used in the DBSCAN algorithm.
*/
public Layer2ClusterMatcher(List<List<PcapPacket>> cluster, Function<Layer2Flow, Boolean> flowFilter,
- boolean isRangeBased, double eps) {
+
int inclusionTimeMillis,
boolean isRangeBased, double eps) {
super(cluster, isRangeBased);
mFlowFilter = flowFilter;
mRangeBased = isRangeBased;
mEps = eps;
super(cluster, isRangeBased);
mFlowFilter = flowFilter;
mRangeBased = isRangeBased;
mEps = eps;
+ mInclusionTimeMillis =
+ inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
}
@Override
}
@Override
@@
-89,7
+96,7
@@
public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
Layer2SequenceMatcher[][] matchers = new Layer2SequenceMatcher[mCluster.size()][mCluster.get(0).size()];
// Prepare a "state 0" sequence matcher for each sequence variation in the cluster.
for (int i = 0; i < matchers.length; i++) {
Layer2SequenceMatcher[][] matchers = new Layer2SequenceMatcher[mCluster.size()][mCluster.get(0).size()];
// Prepare a "state 0" sequence matcher for each sequence variation in the cluster.
for (int i = 0; i < matchers.length; i++) {
- matchers[i][0] = new Layer2SequenceMatcher(mCluster.get(i));
+ matchers[i][0] = new Layer2SequenceMatcher(mCluster.get(i)
, mInclusionTimeMillis
);
}
// Associate the new sequence matcher table with the new flow
mPerFlowSeqMatchers.put(flow, matchers);
}
// Associate the new sequence matcher table with the new flow
mPerFlowSeqMatchers.put(flow, matchers);
@@
-129,7
+136,7
@@
public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
// We always want to have a sequence matcher in state 0, regardless of if the one that advanced
// from state zero completed its matching or if it replaced a different one in state 1 or not.
if (sm.getMatchedPacketsCount() == 1) {
// We always want to have a sequence matcher in state 0, regardless of if the one that advanced
// from state zero completed its matching or if it replaced a different one in state 1 or not.
if (sm.getMatchedPacketsCount() == 1) {
- matchers[i][j] = new Layer2SequenceMatcher(sm.getTargetSequence());
+ matchers[i][j] = new Layer2SequenceMatcher(sm.getTargetSequence()
, mInclusionTimeMillis
);
}
}
}
}
}
}
@@
-146,7
+153,7
@@
public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
// around), so the length of the array is simply the sequence length.
Layer2RangeMatcher[] matcher = new Layer2RangeMatcher[mCluster.get(0).size()];
// Prepare a "state 0" sequence matcher.
// around), so the length of the array is simply the sequence length.
Layer2RangeMatcher[] matcher = new Layer2RangeMatcher[mCluster.get(0).size()];
// Prepare a "state 0" sequence matcher.
- matcher[0] = new Layer2RangeMatcher(mCluster.get(0), mCluster.get(1), mEps);
+ matcher[0] = new Layer2RangeMatcher(mCluster.get(0), mCluster.get(1), m
InclusionTimeMillis, m
Eps);
// Associate the new sequence matcher table with the new flow.
mPerFlowRangeMatcher.put(flow, matcher);
}
// Associate the new sequence matcher table with the new flow.
mPerFlowRangeMatcher.put(flow, matcher);
}
@@
-181,7
+188,8
@@
public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
// We always want to have a sequence matcher in state 0, regardless of if the one that advanced
// from state zero completed its matching or if it replaced a different one in state 1 or not.
if (sm.getMatchedPacketsCount() == 1) {
// We always want to have a sequence matcher in state 0, regardless of if the one that advanced
// from state zero completed its matching or if it replaced a different one in state 1 or not.
if (sm.getMatchedPacketsCount() == 1) {
- matcher[j] = new Layer2RangeMatcher(sm.getTargetLowerBound(), sm.getTargetUpperBound(), mEps);
+ matcher[j] = new Layer2RangeMatcher(sm.getTargetLowerBound(), sm.getTargetUpperBound(),
+ mInclusionTimeMillis, mEps);
}
}
}
}
}
}
diff --git
a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java
b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java
index cd19045613695eff7d9953ac58c1c703bd944cf6..40059657d1a94b6b2ec17467fc042cfd78d091aa 100644
(file)
--- a/
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java
+++ b/
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java
@@
-23,6
+23,7
@@
public class Layer2RangeMatcher extends Layer2AbstractMatcher {
private final List<PcapPacket> mLowerBound;
private final List<PcapPacket> mUpperBound;
private final double mEps;
private final List<PcapPacket> mLowerBound;
private final List<PcapPacket> mUpperBound;
private final double mEps;
+ private int mInclusionTimeMillis;
/**
* Create a {@code Layer2RangeMatcher}.
/**
* Create a {@code Layer2RangeMatcher}.
@@
-30,13
+31,16
@@
public class Layer2RangeMatcher extends Layer2AbstractMatcher {
* @param upperBound The upper bound of the sequence to match against (search for).
* @param eps The epsilon value used in the DBSCAN algorithm.
*/
* @param upperBound The upper bound of the sequence to match against (search for).
* @param eps The epsilon value used in the DBSCAN algorithm.
*/
- public Layer2RangeMatcher(List<PcapPacket> lowerBound, List<PcapPacket> upperBound, double eps) {
+ public Layer2RangeMatcher(List<PcapPacket> lowerBound, List<PcapPacket> upperBound,
+ int inclusionTimeMillis, double eps) {
// TODO: Just use the lower bound since both lower and upper bounds' packets essentially have the same direction
// TODO: for the same position in the array. Both arrays also have the same length.
super(lowerBound);
mLowerBound = lowerBound;
mUpperBound = upperBound;
mEps = eps;
// TODO: Just use the lower bound since both lower and upper bounds' packets essentially have the same direction
// TODO: for the same position in the array. Both arrays also have the same length.
super(lowerBound);
mLowerBound = lowerBound;
mUpperBound = upperBound;
mEps = eps;
+ mInclusionTimeMillis =
+ inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
}
/**
}
/**
@@
-92,8
+96,10
@@
public class Layer2RangeMatcher extends Layer2AbstractMatcher {
if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) {
return false;
}
if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) {
return false;
}
+// if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
+// plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) {
if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
- plusMillis(
TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS
))) {
+ plusMillis(
mInclusionTimeMillis
))) {
return false;
}
// If we made it here, it means that this packet has the expected length, direction, and obeys the timing
return false;
}
// If we made it here, it means that this packet has the expected length, direction, and obeys the timing
diff --git
a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java
b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java
index 2db22287210d412f97b0ccf6783e7b79401c4a25..a9d6241e59fc704363b2cbc7a9249183ea6ceae9 100644
(file)
--- a/
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java
+++ b/
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java
@@
-22,11
+22,13
@@
public class Layer2SequenceMatcher extends Layer2AbstractMatcher {
*/
private final List<PcapPacket> mSequence;
*/
private final List<PcapPacket> mSequence;
+ private int mInclusionTimeMillis;
+
/**
* Create a {@code Layer2SequenceMatcher}.
* @param sequence The sequence to match against (search for).
*/
/**
* Create a {@code Layer2SequenceMatcher}.
* @param sequence The sequence to match against (search for).
*/
- public Layer2SequenceMatcher(List<PcapPacket> sequence) {
+ public Layer2SequenceMatcher(List<PcapPacket> sequence
, int inclusionTimeMillis
) {
super(sequence);
mSequence = sequence;
// Compute packet directions for sequence.
super(sequence);
mSequence = sequence;
// Compute packet directions for sequence.
@@
-41,6
+43,8
@@
public class Layer2SequenceMatcher extends Layer2AbstractMatcher {
mPacketDirections[i] = getPacketDirection(prevPkt, prevPktDirection, sequence.get(i));
}
}
mPacketDirections[i] = getPacketDirection(prevPkt, prevPktDirection, sequence.get(i));
}
}
+ mInclusionTimeMillis =
+ inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
}
/**
}
/**
@@
-94,8
+98,10
@@
public class Layer2SequenceMatcher extends Layer2AbstractMatcher {
if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) {
return false;
}
if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) {
return false;
}
+// if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
+// plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) {
if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
-
plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS
))) {
+
plusMillis(mInclusionTimeMillis
))) {
return false;
}
// If we made it here, it means that this packet has the expected length, direction, and obeys the timing
return false;
}
// If we made it here, it means that this packet has the expected length, direction, and obeys the timing
diff --git
a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java
b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java
index 995eb497b3ddeeb8ccbdb4fb6ba44c9456bae69c..e083a2cc395d6f72da7c9b4e7800da1edbb543b1 100644
(file)
--- a/
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java
+++ b/
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java
@@
-239,8
+239,8
@@
public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
for (int i = 0; i < mSignature.size(); i++) {
List<List<PcapPacket>> cluster = mSignature.get(i);
Layer2ClusterMatcher clusterMatcher = flowFilters == null ?
for (int i = 0; i < mSignature.size(); i++) {
List<List<PcapPacket>> cluster = mSignature.get(i);
Layer2ClusterMatcher clusterMatcher = flowFilters == null ?
- new Layer2ClusterMatcher(cluster, isRangeBased, eps) :
- new Layer2ClusterMatcher(cluster, flowFilters.get(i), isRangeBased, eps);
+ new Layer2ClusterMatcher(cluster, i
nclusionTimeMillis, i
sRangeBased, eps) :
+ new Layer2ClusterMatcher(cluster, flowFilters.get(i), i
nclusionTimeMillis, i
sRangeBased, eps);
clusterMatcher.addObserver(this);
clusterMatchers.add(clusterMatcher);
}
clusterMatcher.addObserver(this);
clusterMatchers.add(clusterMatcher);
}
projects / pingpong.git / commitdiff