Adding VPN style matching (lump all packets into one big flow).

author Rahmadi Trimananda <rtrimana@uci.edu>

Fri, 23 Aug 2019 00:00:59 +0000 (17:00 -0700)

committer Rahmadi Trimananda <rtrimana@uci.edu>

Fri, 23 Aug 2019 00:00:59 +0000 (17:00 -0700)
author Rahmadi Trimananda <rtrimana@uci.edu>
Fri, 23 Aug 2019 00:00:59 +0000 (17:00 -0700)
committer Rahmadi Trimananda <rtrimana@uci.edu>
Fri, 23 Aug 2019 00:00:59 +0000 (17:00 -0700)
diff --git a/Code/Projects/PacketLevelSignatureExtractor/.idea/modules.xml b/Code/Projects/PacketLevelSignatureExtractor/.idea/modules.xml

deleted file mode 100644 (file)

index 0b5d8f6..0000000
--- a/Code/Projects/PacketLevelSignatureExtractor/.idea/modules.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/modules/PacketLevelSignatureExtractor.iml" filepath="$PROJECT_DIR$/.idea/modules/PacketLevelSignatureExtractor.iml" />
-      <module fileurl="file://$PROJECT_DIR$/.idea/modules/PacketLevelSignatureExtractor_main.iml" filepath="$PROJECT_DIR$/.idea/modules/PacketLevelSignatureExtractor_main.iml" group="PacketLevelSignatureExtractor" />
-      <module fileurl="file://$PROJECT_DIR$/.idea/modules/PacketLevelSignatureExtractor_test.iml" filepath="$PROJECT_DIR$/.idea/modules/PacketLevelSignatureExtractor_test.iml" group="PacketLevelSignatureExtractor" />
-    </modules>
-  </component>
-</project>
-\ No newline at end of file
diff --git a/Code/Projects/PacketLevelSignatureExtractor/.idea/modules/PacketLevelSignatureExtractor.iml b/Code/Projects/PacketLevelSignatureExtractor/.idea/modules/PacketLevelSignatureExtractor.iml

deleted file mode 100644 (file)

index 21e02c3..0000000
--- a/Code/Projects/PacketLevelSignatureExtractor/.idea/modules/PacketLevelSignatureExtractor.iml
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module external.linked.project.id="PacketLevelSignatureExtractor" external.linked.project.path="$MODULE_DIR$/../.." external.root.project.path="$MODULE_DIR$/../.." external.system.id="GRADLE" external.system.module.group="edu.uci.iotproject" external.system.module.version="1.0-SNAPSHOT" type="JAVA_MODULE" version="4">
-  <component name="NewModuleRootManager" inherit-compiler-output="true">
-    <exclude-output />
-    <content url="file://$MODULE_DIR$/../..">
-      <excludeFolder url="file://$MODULE_DIR$/../../.gradle" />
-      <excludeFolder url="file://$MODULE_DIR$/../../build" />
-      <excludeFolder url="file://$MODULE_DIR$/../../out" />
-    </content>
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>
-\ No newline at end of file
diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java

index 1eb2d0a815c2edf9bb5a31e3a46d7141ff5db315..126ede389e040d3c338849bf4350f1392650ccc4 100644 (file)
--- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java
+++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java
@@ -109,6 +109,7 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
  
          // Parse optional parameters.
          List<Function<Layer2Flow, Boolean>> onSignatureMacFilters = null, offSignatureMacFilters = null;
+        String vpnClientMacAddress = null;
          final int optParamsStartIdx = 7;
          if (args.length > optParamsStartIdx) {
              for (int i = optParamsStartIdx; i < args.length; i++) {
@@ -121,6 +122,8 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
                  } else if (args[i].equalsIgnoreCase("-sout")) {
                      // Next argument is a boolean true/false literal.
                      DUPLICATE_OUTPUT_TO_STD_OUT = Boolean.parseBoolean(args[i+1]);
+                } else if (args[i].equalsIgnoreCase("-vpn")) {
+                    vpnClientMacAddress = args[i+1];
                  }
              }
          }
@@ -163,14 +166,15 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
          }
          Layer2SignatureDetector onDetector = onSignatureMacFilters == null ?
                  new Layer2SignatureDetector(onSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, signatureDuration,
-                        isRangeBasedForOn, eps, onMaxSkippedPackets) :
+                        isRangeBasedForOn, eps, onMaxSkippedPackets, vpnClientMacAddress) :
                  new Layer2SignatureDetector(onSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC,
-                        onSignatureMacFilters, signatureDuration, isRangeBasedForOn, eps, onMaxSkippedPackets);
+                        onSignatureMacFilters, signatureDuration, isRangeBasedForOn, eps, onMaxSkippedPackets,
+                        vpnClientMacAddress);
          Layer2SignatureDetector offDetector = offSignatureMacFilters == null ?
                  new Layer2SignatureDetector(offSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, signatureDuration,
-                        isRangeBasedForOff, eps, offMaxSkippedPackets) :
+                        isRangeBasedForOff, eps, offMaxSkippedPackets, vpnClientMacAddress) :
                  new Layer2SignatureDetector(offSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, offSignatureMacFilters,
-                        signatureDuration, isRangeBasedForOff, eps, offMaxSkippedPackets);
+                        signatureDuration, isRangeBasedForOff, eps, offMaxSkippedPackets, vpnClientMacAddress);
          final List<UserAction> detectedEvents = new ArrayList<>();
          onDetector.addObserver((signature, match) -> {
              UserAction event = new UserAction(UserAction.Type.TOGGLE_ON, match.get(0).get(0).getTimestamp());
@@ -245,7 +249,7 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
      /**
       * In charge of reassembling layer 2 packet flows.
       */
-    private final Layer2FlowReassembler mFlowReassembler = new Layer2FlowReassembler();
+    private Layer2FlowReassembler mFlowReassembler;
  
      private final List<SignatureDetectorObserver> mObservers = new ArrayList<>();
  
@@ -261,14 +265,15 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
  
      public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, String trainingRouterWlanMac,
                                     String routerWlanMac, int signatureDuration, boolean isRangeBased, double eps,
-                                   int limitSkippedPackets) {
+                                   int limitSkippedPackets, String vpnClientMacAddress) {
          this(searchedSignature, trainingRouterWlanMac, routerWlanMac, null, signatureDuration, isRangeBased,
-                eps, limitSkippedPackets);
+                eps, limitSkippedPackets, vpnClientMacAddress);
      }
  
      public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, String trainingRouterWlanMac,
                                     String routerWlanMac, List<Function<Layer2Flow, Boolean>> flowFilters,
-                                   int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets) {
+                                   int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets,
+                                   String vpnClientMacAddress) {
          if (flowFilters != null && flowFilters.size() != searchedSignature.size()) {
              throw new IllegalArgumentException("If flow filters are used, there must be a flow filter for each cluster " +
                      "of the signature.");
@@ -296,6 +301,11 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
          }
          mClusterMatcherIds = Collections.unmodifiableMap(clusterMatcherIds);
          // Register all cluster matchers to receive a notification whenever a new flow is encountered.
+        if (vpnClientMacAddress != null) {
+            mFlowReassembler = new Layer2FlowReassembler(vpnClientMacAddress);
+        } else {
+            mFlowReassembler = new Layer2FlowReassembler();
+        }
          mClusterMatchers.forEach(cm -> mFlowReassembler.addObserver(cm));
          mInclusionTimeMillis =
                  inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/trafficreassembly/layer2/Layer2FlowReassembler.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/trafficreassembly/layer2/Layer2FlowReassembler.java

index e7b7304b3a54dd7c5520cdd98cdf0249fdd73a69..b993793d2b8d0a71c955625e2109356794813cb8 100644 (file)
--- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/trafficreassembly/layer2/Layer2FlowReassembler.java
+++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/trafficreassembly/layer2/Layer2FlowReassembler.java
@@ -27,6 +27,14 @@ public class Layer2FlowReassembler implements PacketListener {
  
      private final List<Layer2FlowReassemblerObserver> mObservers = new ArrayList<>();
  
+    private String mVpnClientMacAddress = null;
+
+    public Layer2FlowReassembler() { }
+
+    public Layer2FlowReassembler(String vpnClientMacAddress) {
+        mVpnClientMacAddress = vpnClientMacAddress;
+    }
+
      @Override
      public void gotPacket(PcapPacket packet) {
          // TODO: update to 802.11 packet...?
@@ -35,7 +43,18 @@ public class Layer2FlowReassembler implements PacketListener {
          MacAddress srcAddr = ethPkt.getHeader().getSrcAddr();
          MacAddress dstAddr = ethPkt.getHeader().getDstAddr();
  
-        String key = keyFromAddresses(srcAddr, dstAddr);
+        String key = null;
+        if (mVpnClientMacAddress != null) {
+            if (srcAddr.toString().equals(mVpnClientMacAddress)) {
+                key = srcAddr.toString();
+            } else if (dstAddr.toString().equals(mVpnClientMacAddress)) {
+                key = dstAddr.toString();
+            } else {
+                return;
+            }
+        } else {
+            key = keyFromAddresses(srcAddr, dstAddr);
+        }
          // Create a new list if this pair of MAC addresses where not previously encountered and add packet to that list,
          // or simply add to an existing list if one is present.
          mFlows.computeIfAbsent(key, k -> {
author	Rahmadi Trimananda <rtrimana@uci.edu>
	Fri, 23 Aug 2019 00:00:59 +0000 (17:00 -0700)
committer	Rahmadi Trimananda <rtrimana@uci.edu>
	Fri, 23 Aug 2019 00:00:59 +0000 (17:00 -0700)
Code/Projects/PacketLevelSignatureExtractor/.idea/modules.xml	[deleted file]	patch \| blob \| history
Code/Projects/PacketLevelSignatureExtractor/.idea/modules/PacketLevelSignatureExtractor.iml	[deleted file]	patch \| blob \| history
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java		patch \| blob \| history
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/trafficreassembly/layer2/Layer2FlowReassembler.java		patch \| blob \| history