+++ /dev/null
-# Borrowed from https://github.com/github/gitignore/blob/master/Global/JetBrains.gitignore
-
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
-# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
-
-# User-specific stuff:
-.idea/**/workspace.xml
-.idea/**/tasks.xml
-.idea/dictionaries
-
-# Sensitive or high-churn files:
-.idea/**/dataSources/
-.idea/**/dataSources.ids
-.idea/**/dataSources.xml
-.idea/**/dataSources.local.xml
-.idea/**/sqlDataSources.xml
-.idea/**/dynamic.xml
-.idea/**/uiDesigner.xml
-
-# Gradle: (combination of the JetBrains gitiginre and Gradle gitignore at )
-.idea/**/gradle.xml
-.idea/**/libraries
-.gradle
-/build/
-# Ignore Gradle GUI config
-gradle-app.setting
-# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
-!gradle-wrapper.jar
-# Cache of project
-.gradletasknamecache
-# # Work around https://youtrack.jetbrains.com/issue/IDEA-116898
-# gradle/wrapper/gradle-wrapper.properties
-
-# CMake
-cmake-build-debug/
-
-# Mongo Explorer plugin:
-.idea/**/mongoSettings.xml
-
-## File-based project format:
-*.iws
-
-## Plugin-specific files:
-
-# IntelliJ
-out/
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-# JIRA plugin
-atlassian-ide-plugin.xml
-
-# Cursive Clojure plugin
-.idea/replstate.xml
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
-# ignore misc as it changes a lot depending on local settings -- however may need to be included later on.
-.idea/misc.xml
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
- <component name="CompilerConfiguration">
- <option name="DEFAULT_COMPILER" value="Javac" />
- <resourceExtensions />
- <wildcardResourcePatterns>
- <entry name="!?*.java" />
- <entry name="!?*.form" />
- <entry name="!?*.class" />
- <entry name="!?*.groovy" />
- <entry name="!?*.scala" />
- <entry name="!?*.flex" />
- <entry name="!?*.kt" />
- <entry name="!?*.clj" />
- <entry name="!?*.aj" />
- </wildcardResourcePatterns>
- <annotationProcessing>
- <profile default="true" name="Default" enabled="false">
- <processorPath useClasspath="true" />
- </profile>
- </annotationProcessing>
- <bytecodeTargetLevel>
- <module name="SmartPlugDetector_main" target="1.8" />
- <module name="SmartPlugDetector_test" target="1.8" />
- </bytecodeTargetLevel>
- </component>
-</project>
\ No newline at end of file
+++ /dev/null
-<component name="CopyrightManager">
- <settings default="" />
-</component>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
- <component name="Encoding" addBOMForNewFiles="with NO BOM" />
-</project>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
- <component name="ProjectModuleManager">
- <modules>
- <module fileurl="file://$PROJECT_DIR$/.idea/modules/SmartPlugDetector.iml" filepath="$PROJECT_DIR$/.idea/modules/SmartPlugDetector.iml" />
- <module fileurl="file://$PROJECT_DIR$/.idea/modules/SmartPlugDetector_main.iml" filepath="$PROJECT_DIR$/.idea/modules/SmartPlugDetector_main.iml" group="SmartPlugDetector" />
- <module fileurl="file://$PROJECT_DIR$/.idea/modules/SmartPlugDetector_test.iml" filepath="$PROJECT_DIR$/.idea/modules/SmartPlugDetector_test.iml" group="SmartPlugDetector" />
- </modules>
- </component>
-</project>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<module external.linked.project.id="SmartPlugDetector" external.linked.project.path="$MODULE_DIR$/../.." external.root.project.path="$MODULE_DIR$/../.." external.system.id="GRADLE" external.system.module.group="edu.uci.iotproject" external.system.module.version="1.0-SNAPSHOT" type="JAVA_MODULE" version="4">
- <component name="NewModuleRootManager" inherit-compiler-output="true">
- <exclude-output />
- <content url="file://$MODULE_DIR$/../..">
- <excludeFolder url="file://$MODULE_DIR$/../../.gradle" />
- <excludeFolder url="file://$MODULE_DIR$/../../build" />
- <excludeFolder url="file://$MODULE_DIR$/../../out" />
- </content>
- <orderEntry type="inheritedJdk" />
- <orderEntry type="sourceFolder" forTests="false" />
- </component>
-</module>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
- <component name="VcsDirectoryMappings">
- <mapping directory="$PROJECT_DIR$/../../.." vcs="Git" />
- </component>
-</project>
\ No newline at end of file
+++ /dev/null
-group 'edu.uci.iotproject'
-version '1.0-SNAPSHOT'
-
-apply plugin: 'java'
-apply plugin: 'application'
-
-// Increase max memory
-applicationDefaultJvmArgs = ["-Xmx300g"]
-
-sourceCompatibility = 1.8
-
-//mainClassName = "edu.uci.iotproject.Main"
-//mainClassName = "edu.uci.iotproject.detection.SignatureDetector"
-//mainClassName = "edu.uci.iotproject.detection.layer2.Layer2SignatureDetector"
-//mainClassName = "edu.uci.iotproject.evaluation.DetectionResultsAnalyzer"
-mainClassName = System.getProperty("mainClass")
-
-
-repositories {
- mavenCentral()
-}
-
-dependencies {
- testCompile group: 'junit', name: 'junit', version: '4.11'
-
- // pcap4j
- // Updated to v2 alpha as the stable release does not include packet timestamps
- // v2 should add support for TCP session reassembly as well, although it does not appear to be part of the lib yet.
- compile 'org.pcap4j:pcap4j-core:2.0.0-alpha'
- compile 'org.pcap4j:pcap4j-packetfactory-static:2.0.0-alpha'
-
- // pcap4j logging dependency
- compile 'org.slf4j:slf4j-jdk14:1.8.0-beta2'
-
- // Apache Commons Math for clustering
- compile 'org.apache.commons:commons-math3:3.6.1'
-
- // JGraphT: Java Graph library
- compile 'org.jgrapht:jgrapht-core:1.2.0'
-}
\ No newline at end of file
+++ /dev/null
-10:12:06 AM
-10:14:17 AM
-10:16:29 AM
-10:18:41 AM
-10:20:53 AM
-10:23:06 AM
-10:25:12 AM
-10:27:24 AM
-10:29:36 AM
-10:31:47 AM
-10:33:59 AM
-10:36:11 AM
-10:38:23 AM
-10:40:34 AM
-10:42:46 AM
-10:44:58 AM
-10:47:10 AM
-10:49:21 AM
-10:51:33 AM
-10:53:45 AM
-10:55:56 AM
-10:58:08 AM
-11:00:20 AM
-11:02:32 AM
-11:04:44 AM
-11:06:55 AM
-11:09:07 AM
-11:11:19 AM
-11:13:31 AM
-11:15:43 AM
-11:17:54 AM
-11:20:06 AM
-11:22:18 AM
-11:24:30 AM
-11:26:42 AM
-11:28:53 AM
-11:31:05 AM
-11:33:17 AM
-11:35:29 AM
-11:37:41 AM
-11:39:53 AM
-11:42:05 AM
-11:44:16 AM
-11:46:28 AM
-11:48:40 AM
-11:50:52 AM
-11:53:04 AM
-11:55:16 AM
-11:57:27 AM
-11:59:39 AM
-12:01:51 PM
-12:04:03 PM
-12:06:15 PM
-12:08:26 PM
-12:10:38 PM
-12:12:50 PM
-12:15:02 PM
-12:17:14 PM
-12:19:25 PM
-12:21:37 PM
-12:23:49 PM
-12:26:01 PM
-12:28:13 PM
-12:30:25 PM
-12:32:36 PM
-12:34:48 PM
-12:37:00 PM
-12:39:12 PM
-12:41:24 PM
-12:43:35 PM
-12:45:47 PM
-12:47:59 PM
-12:50:11 PM
-12:52:23 PM
-12:54:34 PM
-12:56:46 PM
-12:58:58 PM
-01:01:10 PM
-01:03:22 PM
-01:05:34 PM
-01:07:45 PM
-01:09:57 PM
-01:12:09 PM
-01:14:21 PM
-01:16:33 PM
-01:18:44 PM
-01:20:56 PM
-01:23:08 PM
-01:25:20 PM
-01:27:31 PM
-01:29:43 PM
-01:31:55 PM
-01:34:07 PM
-01:36:19 PM
-01:38:30 PM
-01:40:42 PM
-01:42:54 PM
-01:45:06 PM
-01:47:18 PM
-01:49:29 PM
-01:51:41 PM
-01:53:53 PM
-01:56:05 PM
-01:58:17 PM
-02:00:29 PM
-02:02:40 PM
-02:04:52 PM
-02:07:04 PM
-02:09:16 PM
-02:11:27 PM
-02:13:39 PM
-02:15:51 PM
-02:18:03 PM
-02:20:14 PM
-02:22:26 PM
-02:24:38 PM
-02:26:50 PM
-02:29:02 PM
-02:31:13 PM
-02:33:25 PM
-02:35:37 PM
-02:37:49 PM
-02:40:01 PM
-02:42:12 PM
-02:44:24 PM
-02:46:36 PM
-02:48:48 PM
-02:51:00 PM
-02:53:12 PM
-02:55:23 PM
-02:57:35 PM
-02:59:47 PM
-03:01:59 PM
-03:04:11 PM
-03:06:22 PM
-03:08:34 PM
-03:10:46 PM
-03:12:58 PM
-03:15:10 PM
-03:17:22 PM
-03:19:33 PM
-03:21:45 PM
-03:23:57 PM
-03:26:09 PM
-03:28:21 PM
-03:30:32 PM
-03:32:44 PM
+++ /dev/null
-2018-06-14T21:26:52.605940Z, 583, 1514
-2018-06-14T21:26:52.735845Z, 257, 117
-2018-06-14T21:26:52.751637Z, 557, 1232
-2018-06-14T21:26:52.942376Z, 97, 1514
-2018-06-14T21:31:15.929711Z, 257, 117
-2018-06-14T21:31:15.955136Z, 557, 1232
-2018-06-14T21:31:16.053208Z, 97, 1514
-2018-06-14T21:33:27.814139Z, 257, 117
-2018-06-14T21:33:27.838872Z, 556, 1231
-2018-06-14T21:33:27.944639Z, 97, 1514
-2018-06-14T21:35:39.384597Z, 257, 117
-2018-06-14T21:35:39.399549Z, 557, 1232
-2018-06-14T21:35:39.493602Z, 97, 1514
-2018-06-14T21:37:51.337631Z, 257, 117
-2018-06-14T21:37:51.346803Z, 556, 1231
-2018-06-14T21:37:51.464128Z, 97, 1514
-2018-06-14T21:40:02.949700Z, 257, 117
-2018-06-14T21:40:02.958853Z, 557, 1232
-2018-06-14T21:40:03.060923Z, 97, 1514
-2018-06-14T21:42:14.773280Z, 257, 117
-2018-06-14T21:42:14.782190Z, 556, 1232
-2018-06-14T21:42:15.013423Z, 97, 1514
-2018-06-14T21:44:26.515492Z, 257, 117
-2018-06-14T21:44:26.531874Z, 557, 1233
-2018-06-14T21:44:26.724732Z, 97, 1514
-2018-06-14T21:46:38.112283Z, 257, 117
-2018-06-14T21:46:38.123799Z, 556, 1231
-2018-06-14T21:46:38.371410Z, 97, 1514
-2018-06-14T21:48:49.822864Z, 257, 117
-2018-06-14T21:48:49.831109Z, 557, 1232
-2018-06-14T21:48:49.920489Z, 97, 1514
-2018-06-14T21:51:01.570404Z, 257, 117
-2018-06-14T21:51:01.580522Z, 556, 1232
-2018-06-14T21:51:01.686542Z, 97, 1514
-2018-06-14T21:53:13.290982Z, 257, 117
-2018-06-14T21:53:13.300135Z, 557, 1232
-2018-06-14T21:53:13.388833Z, 97, 1514
-2018-06-14T21:55:25.010146Z, 257, 117
-2018-06-14T21:55:25.018841Z, 556, 1231
-2018-06-14T21:55:25.107384Z, 97, 1514
-2018-06-14T21:57:36.737105Z, 257, 117
-2018-06-14T21:57:36.747764Z, 557, 1232
-2018-06-14T21:57:36.848624Z, 97, 1514
-2018-06-14T21:59:48.451103Z, 257, 117
-2018-06-14T21:59:48.459599Z, 556, 1231
-2018-06-14T21:59:48.550304Z, 97, 1514
-2018-06-14T22:02:00.123236Z, 257, 117
-2018-06-14T22:02:00.174134Z, 557, 1233
-2018-06-14T22:02:00.274621Z, 97, 1514
-2018-06-14T22:04:11.987297Z, 257, 117
-2018-06-14T22:04:11.999329Z, 556, 1231
-2018-06-14T22:04:12.101197Z, 97, 1514
-2018-06-14T22:06:23.548097Z, 257, 117
-2018-06-14T22:06:23.557567Z, 557, 1232
-2018-06-14T22:06:23.655666Z, 97, 1514
-2018-06-14T22:08:35.266519Z, 257, 117
-2018-06-14T22:08:35.276110Z, 556, 1232
-2018-06-14T22:08:35.372971Z, 97, 1514
-2018-06-14T22:10:46.993448Z, 257, 117
-2018-06-14T22:10:47.004664Z, 557, 1232
-2018-06-14T22:10:47.094221Z, 97, 1514
-2018-06-14T22:12:58.719472Z, 257, 117
-2018-06-14T22:12:58.729955Z, 556, 1231
-2018-06-14T22:12:58.825877Z, 97, 1514
-2018-06-14T22:15:10.424740Z, 257, 117
-2018-06-14T22:15:10.439685Z, 557, 1232
-2018-06-14T22:15:10.529340Z, 97, 1514
-2018-06-14T22:17:22.490347Z, 257, 117
-2018-06-14T22:17:22.499099Z, 556, 1231
-2018-06-14T22:17:22.602375Z, 97, 1514
-2018-06-14T22:19:33.901877Z, 257, 117
-2018-06-14T22:19:34.027607Z, 557, 1232
-2018-06-14T22:19:34.267480Z, 97, 1514
-2018-06-14T22:21:45.607148Z, 257, 117
-2018-06-14T22:21:45.615804Z, 556, 1231
-2018-06-14T22:21:45.705662Z, 97, 1514
-2018-06-14T22:23:57.442622Z, 257, 117
-2018-06-14T22:23:57.683565Z, 557, 1232
-2018-06-14T22:23:57.798191Z, 97, 1514
-2018-06-14T22:26:09.017436Z, 257, 117
-2018-06-14T22:26:09.027137Z, 556, 1231
-2018-06-14T22:26:09.122329Z, 97, 1514
-2018-06-14T22:28:20.722388Z, 257, 117
-2018-06-14T22:28:20.733875Z, 557, 1233
-2018-06-14T22:28:20.824306Z, 97, 1514
-2018-06-14T22:30:32.443171Z, 257, 117
-2018-06-14T22:30:32.451523Z, 556, 1231
-2018-06-14T22:30:32.568985Z, 97, 1514
-2018-06-14T22:32:44.142809Z, 257, 117
-2018-06-14T22:32:44.153146Z, 557, 1232
-2018-06-14T22:32:44.240783Z, 97, 1514
-2018-06-14T22:34:55.819124Z, 257, 117
-2018-06-14T22:34:55.828083Z, 556, 1231
-2018-06-14T22:34:55.921204Z, 97, 1514
-2018-06-14T22:37:07.879332Z, 257, 117
-2018-06-14T22:37:07.888554Z, 557, 1233
-2018-06-14T22:37:07.988689Z, 97, 1514
-2018-06-14T22:39:19.274678Z, 257, 117
-2018-06-14T22:39:19.288124Z, 556, 1231
-2018-06-14T22:39:19.656442Z, 97, 1514
-2018-06-14T22:41:30.964690Z, 257, 117
-2018-06-14T22:41:30.973618Z, 557, 1233
-2018-06-14T22:41:31.067046Z, 97, 1514
-2018-06-14T22:43:43.077721Z, 257, 117
-2018-06-14T22:43:43.086330Z, 556, 1231
-2018-06-14T22:43:43.181685Z, 97, 1514
-2018-06-14T22:45:54.827796Z, 257, 117
-2018-06-14T22:45:55.069246Z, 557, 1232
-2018-06-14T22:45:55.160465Z, 97, 1514
-2018-06-14T22:48:06.406787Z, 257, 117
-2018-06-14T22:48:06.417554Z, 556, 1231
-2018-06-14T22:48:06.508248Z, 97, 1514
-2018-06-14T22:50:18.410511Z, 257, 117
-2018-06-14T22:50:18.428958Z, 557, 1233
-2018-06-14T22:50:18.517176Z, 97, 1514
-2018-06-14T22:52:30.194505Z, 257, 117
-2018-06-14T22:52:30.435770Z, 556, 1231
-2018-06-14T22:52:30.538992Z, 97, 1514
-2018-06-14T22:54:41.863578Z, 257, 117
-2018-06-14T22:54:41.880756Z, 557, 1232
-2018-06-14T22:54:42.084464Z, 97, 1514
-2018-06-14T22:56:53.560739Z, 257, 117
-2018-06-14T22:56:53.569597Z, 556, 1232
-2018-06-14T22:56:53.673619Z, 97, 1514
-2018-06-14T22:59:05.382524Z, 257, 117
-2018-06-14T22:59:05.518950Z, 557, 1233
-2018-06-14T22:59:05.759331Z, 97, 1514
-2018-06-14T23:01:17.010034Z, 257, 117
-2018-06-14T23:01:17.020314Z, 556, 1231
-2018-06-14T23:01:17.111675Z, 97, 1514
-2018-06-14T23:03:28.880684Z, 257, 117
-2018-06-14T23:03:29.072908Z, 557, 1233
-2018-06-14T23:03:29.162062Z, 97, 1233
-2018-06-14T23:03:29.372873Z, 97, 1233
-2018-06-14T23:03:29.796823Z, 97, 1233
-2018-06-14T23:03:30.644846Z, 97, 1233
-2018-06-14T23:05:40.295435Z, 583, 1514
-2018-06-14T23:05:40.406380Z, 257, 117
-2018-06-14T23:05:40.414912Z, 556, 1231
-2018-06-14T23:05:40.510786Z, 97, 1514
-2018-06-14T23:07:52.137010Z, 257, 117
-2018-06-14T23:07:52.145417Z, 557, 1232
-2018-06-14T23:07:52.238296Z, 97, 1514
-2018-06-14T23:10:03.836854Z, 257, 117
-2018-06-14T23:10:03.845785Z, 556, 1231
-2018-06-14T23:10:03.954532Z, 97, 1514
-2018-06-14T23:12:15.863692Z, 257, 117
-2018-06-14T23:12:15.872553Z, 557, 1232
-2018-06-14T23:12:15.960238Z, 97, 1514
-2018-06-14T23:14:27.433510Z, 257, 117
-2018-06-14T23:14:27.444485Z, 556, 1232
-2018-06-14T23:14:27.581636Z, 97, 1514
-2018-06-14T23:16:39.095173Z, 257, 117
-2018-06-14T23:16:39.106066Z, 557, 1232
-2018-06-14T23:16:39.333696Z, 97, 1514
-2018-06-14T23:18:50.777902Z, 257, 117
-2018-06-14T23:18:50.793779Z, 556, 1231
-2018-06-14T23:18:51.008180Z, 97, 1514
-2018-06-14T23:21:02.468604Z, 257, 117
-2018-06-14T23:21:02.476717Z, 557, 1232
-2018-06-14T23:21:02.568758Z, 97, 1514
-2018-06-14T23:23:14.178586Z, 257, 117
-2018-06-14T23:23:14.187241Z, 556, 1231
-2018-06-14T23:23:14.275795Z, 97, 1514
-2018-06-14T23:25:25.823314Z, 257, 117
-2018-06-14T23:25:25.832887Z, 557, 1232
-2018-06-14T23:25:25.922327Z, 97, 1514
-2018-06-14T23:27:37.579030Z, 257, 117
-2018-06-14T23:27:37.591104Z, 556, 1231
-2018-06-14T23:27:38.078402Z, 97, 1514
-2018-06-14T23:29:49.339321Z, 257, 117
-2018-06-14T23:29:49.348203Z, 557, 1232
-2018-06-14T23:29:49.461787Z, 97, 1514
-2018-06-14T23:32:01.186019Z, 257, 117
-2018-06-14T23:32:01.428258Z, 556, 1231
-2018-06-14T23:32:01.533656Z, 97, 1514
-2018-06-14T23:34:12.834815Z, 257, 117
-2018-06-14T23:34:12.843481Z, 557, 1232
-2018-06-14T23:34:12.928779Z, 97, 1514
-2018-06-14T23:36:24.544064Z, 257, 117
-2018-06-14T23:36:24.557290Z, 556, 1232
-2018-06-14T23:36:24.650229Z, 97, 1514
-2018-06-14T23:38:36.223538Z, 257, 117
-2018-06-14T23:38:36.233426Z, 557, 1233
-2018-06-14T23:38:36.327259Z, 97, 1514
-2018-06-14T23:40:49.179957Z, 257, 117
-2018-06-14T23:40:49.188599Z, 556, 1231
-2018-06-14T23:40:49.298503Z, 97, 1514
-2018-06-14T23:42:59.647277Z, 257, 117
-2018-06-14T23:42:59.656010Z, 557, 1233
-2018-06-14T23:42:59.757990Z, 97, 1514
-2018-06-14T23:45:11.460191Z, 257, 117
-2018-06-14T23:45:11.468421Z, 556, 1232
-2018-06-14T23:45:11.562054Z, 97, 1514
-2018-06-14T23:47:23.154254Z, 257, 117
-2018-06-14T23:47:23.169868Z, 557, 1232
-2018-06-14T23:47:23.332188Z, 97, 1514
-2018-06-14T23:49:34.819052Z, 257, 117
-2018-06-14T23:49:34.833029Z, 556, 1232
-2018-06-14T23:49:34.951756Z, 97, 1514
-2018-06-14T23:51:46.542034Z, 257, 117
-2018-06-14T23:51:46.554905Z, 557, 1232
-2018-06-14T23:51:46.647936Z, 97, 1514
-2018-06-14T23:53:58.191828Z, 257, 117
-2018-06-14T23:53:58.200872Z, 556, 1232
-2018-06-14T23:53:58.304961Z, 97, 1514
-2018-06-14T23:56:09.961905Z, 257, 117
-2018-06-14T23:56:09.971113Z, 557, 1232
-2018-06-14T23:56:10.063261Z, 97, 1514
-2018-06-14T23:58:21.713165Z, 257, 117
-2018-06-14T23:58:21.722455Z, 556, 1231
-2018-06-14T23:58:21.808565Z, 97,
\ No newline at end of file
+++ /dev/null
-2:38:04 PM
-2:39:03 PM
-2:40:05 PM
-2:41:08 PM
-2:42:07 PM
-2:43:09 PM
-2:45:25 PM
-2:46:27 PM
-2:47:28 PM
-2:48:29 PM
-2:49:31 PM
-2:50:30 PM
+++ /dev/null
-2:24:40 PM
-2:26:52 PM
-2:29:04 PM
-2:31:15 PM
-2:33:27 PM
-2:35:39 PM
-2:37:51 PM
-2:40:02 PM
-2:42:14 PM
-2:44:26 PM
-2:46:37 PM
-2:48:49 PM
-2:51:01 PM
-2:53:13 PM
-2:55:24 PM
-2:57:36 PM
-2:59:48 PM
-3:02:00 PM
-3:04:11 PM
-3:06:23 PM
-3:08:35 PM
-3:10:46 PM
-3:12:58 PM
-3:15:10 PM
-3:17:22 PM
-3:19:33 PM
-3:21:45 PM
-3:23:57 PM
-3:26:08 PM
-3:28:20 PM
-3:30:32 PM
-3:32:44 PM
-3:34:55 PM
-3:37:07 PM
-3:39:19 PM
-3:41:30 PM
-3:43:42 PM
-3:45:54 PM
-3:48:06 PM
-3:50:18 PM
-3:52:29 PM
-3:54:41 PM
-3:56:53 PM
-3:59:05 PM
-4:01:16 PM
-4:03:28 PM
-4:05:40 PM
-4:07:52 PM
-4:10:03 PM
-4:12:15 PM
-4:14:27 PM
-4:16:38 PM
-4:18:50 PM
-4:21:02 PM
-4:23:14 PM
-4:25:25 PM
-4:27:37 PM
-4:29:49 PM
-4:32:00 PM
-4:34:12 PM
-4:36:24 PM
-4:38:36 PM
-4:40:47 PM
-4:42:59 PM
-4:45:11 PM
-4:47:22 PM
-4:49:34 PM
-4:51:46 PM
-4:53:58 PM
-4:56:09 PM
-4:58:21 PM
-5:00:33 PM
-5:02:44 PM
-5:04:56 PM
-5:07:08 PM
-5:09:20 PM
-5:11:31 PM
-5:13:43 PM
-5:15:55 PM
-5:18:06 PM
-5:20:18 PM
-5:22:30 PM
-5:24:42 PM
-5:26:53 PM
-5:29:05 PM
-5:31:17 PM
-5:33:28 PM
-5:35:40 PM
-5:37:52 PM
-5:40:03 PM
-5:42:15 PM
-5:44:27 PM
-5:46:39 PM
-5:48:50 PM
-5:51:02 PM
-5:53:14 PM
-5:55:25 PM
-5:57:37 PM
-5:59:49 PM
-6:02:01 PM
-6:04:12 PM
-6:06:24 PM
-6:08:36 PM
-6:10:48 PM
-6:13:00 PM
-6:15:11 PM
-6:17:23 PM
-6:19:35 PM
-6:21:47 PM
-6:23:58 PM
-6:26:10 PM
-6:28:22 PM
-6:30:33 PM
-6:32:45 PM
-6:34:57 PM
-6:37:09 PM
-6:39:20 PM
-6:41:32 PM
-6:43:44 PM
-6:45:55 PM
-6:48:07 PM
-6:50:19 PM
-6:52:31 PM
-6:54:42 PM
-6:56:54 PM
-6:59:06 PM
-7:01:18 PM
-7:03:29 PM
-7:05:41 PM
-7:07:53 PM
-7:10:04 PM
-7:12:16 PM
-7:14:28 PM
-7:16:40 PM
-7:18:51 PM
-7:21:03 PM
-7:23:15 PM
-7:25:26 PM
-7:27:38 PM
-7:29:50 PM
-7:32:02 PM
-7:34:13 PM
-7:36:25 PM
-7:38:37 PM
-7:40:48 PM
-7:43:00 PM
-7:45:12 PM
-7:47:23 PM
-7:49:35 PM
-7:51:47 PM
-7:53:59 PM
-7:56:10 PM
-7:58:22 PM
-8:00:34 PM
-8:02:46 PM
-8:04:57 PM
-8:07:09 PM
-8:09:21 PM
-8:11:32 PM
-8:13:44 PM
-8:15:56 PM
-8:18:08 PM
-8:20:19 PM
-8:22:31 PM
-8:24:43 PM
-8:26:55 PM
-8:29:06 PM
-8:31:18 PM
-8:33:30 PM
-8:35:41 PM
-8:37:53 PM
-8:40:05 PM
-8:42:17 PM
-8:44:28 PM
-8:46:40 PM
-8:48:52 PM
-8:51:03 PM
-8:53:15 PM
-8:55:27 PM
-8:57:39 PM
-8:59:50 PM
-9:02:02 PM
-9:04:14 PM
-9:06:26 PM
-9:08:37 PM
-9:10:49 PM
-9:13:01 PM
-9:15:13 PM
-9:17:24 PM
-9:19:36 PM
-9:21:48 PM
-9:23:59 PM
-9:26:11 PM
-9:28:23 PM
-9:30:35 PM
-9:32:46 PM
-9:34:58 PM
-9:37:10 PM
-9:39:22 PM
-9:41:33 PM
-9:43:45 PM
-9:45:57 PM
-9:48:09 PM
-9:50:20 PM
-9:52:32 PM
-9:54:44 PM
-9:56:56 PM
-9:59:07 PM
-10:01:19 PM
-10:03:31 PM
-10:05:43 PM
-10:07:54 PM
-10:10:06 PM
-10:12:18 PM
-10:14:29 PM
-10:16:41 PM
-10:18:53 PM
-10:21:05 PM
-10:23:17 PM
-10:25:29 PM
-10:27:40 PM
-10:29:52 PM
-10:32:04 PM
-10:34:16 PM
-10:36:27 PM
-10:38:39 PM
-10:40:51 PM
-10:43:02 PM
-10:45:14 PM
-10:47:26 PM
-10:49:38 PM
-10:51:49 PM
-10:54:01 PM
-10:56:13 PM
-10:58:25 PM
-11:00:36 PM
-11:02:48 PM
-11:05:00 PM
-11:07:12 PM
-11:09:23 PM
-11:11:35 PM
-11:13:47 PM
-11:15:58 PM
-11:18:10 PM
-11:20:22 PM
-11:22:33 PM
-11:24:45 PM
-11:26:57 PM
-11:29:09 PM
-11:31:20 PM
-11:33:32 PM
-11:35:44 PM
-11:37:56 PM
-11:40:07 PM
-11:42:19 PM
-11:44:31 PM
-11:46:42 PM
-11:48:54 PM
-11:51:06 PM
-11:53:17 PM
-11:55:29 PM
-11:57:41 PM
-11:59:53 PM
-12:02:04 AM
-12:04:16 AM
-12:06:28 AM
-12:08:40 AM
-12:10:51 AM
-12:13:03 AM
-12:15:15 AM
-12:17:27 AM
-12:19:38 AM
-12:21:50 AM
-12:24:02 AM
-12:26:13 AM
-12:28:25 AM
-12:30:37 AM
-12:32:49 AM
-12:35:00 AM
-12:37:12 AM
-12:39:24 AM
-12:41:36 AM
-12:43:47 AM
-12:45:59 AM
-12:48:11 AM
-12:50:23 AM
-12:52:34 AM
-12:54:46 AM
-12:56:58 AM
-12:59:10 AM
-1:01:21 AM
-1:03:33 AM
-1:05:45 AM
-1:07:57 AM
-1:10:08 AM
-1:12:20 AM
-1:14:32 AM
-1:16:44 AM
-1:18:55 AM
-1:21:07 AM
-1:23:19 AM
-1:25:31 AM
-1:27:42 AM
-1:29:54 AM
-1:32:06 AM
-1:34:18 AM
-1:36:29 AM
-1:38:41 AM
-1:40:53 AM
-1:43:04 AM
-1:45:16 AM
-1:47:28 AM
-1:49:40 AM
-1:51:51 AM
-1:54:03 AM
-1:56:15 AM
-1:58:27 AM
-2:00:38 AM
-2:02:50 AM
-2:05:02 AM
-2:07:13 AM
-2:09:25 AM
-2:11:37 AM
-2:13:48 AM
-2:16:00 AM
-2:18:12 AM
-2:20:24 AM
-2:22:35 AM
-2:24:47 AM
-2:26:59 AM
-2:29:11 AM
-2:31:22 AM
-2:33:34 AM
-2:35:46 AM
-2:37:57 AM
-2:40:09 AM
-2:42:21 AM
-2:44:33 AM
-2:46:44 AM
-2:48:56 AM
-2:51:08 AM
-2:53:19 AM
-2:55:31 AM
-2:57:43 AM
-2:59:55 AM
-3:02:06 AM
-3:04:18 AM
-3:06:30 AM
-3:08:42 AM
-3:10:53 AM
-3:13:05 AM
-3:15:17 AM
-3:17:29 AM
-3:19:40 AM
-3:21:52 AM
-3:24:04 AM
-3:26:15 AM
-3:28:27 AM
-3:30:39 AM
-3:32:51 AM
-3:35:02 AM
-3:37:14 AM
-3:39:26 AM
-3:41:37 AM
-3:43:49 AM
-3:46:01 AM
-3:48:13 AM
-3:50:24 AM
-3:52:36 AM
-3:54:48 AM
-3:57:00 AM
-3:59:11 AM
-4:01:23 AM
-4:03:35 AM
-4:05:47 AM
-4:07:58 AM
-4:10:10 AM
-4:12:22 AM
-4:14:33 AM
-4:16:45 AM
-4:18:57 AM
-4:21:09 AM
-4:23:20 AM
-4:25:32 AM
-4:27:44 AM
-4:29:56 AM
-4:32:07 AM
-4:34:19 AM
-4:36:31 AM
-4:38:42 AM
-4:40:54 AM
-4:43:06 AM
-4:45:18 AM
-4:47:29 AM
-4:49:41 AM
-4:51:53 AM
-4:54:05 AM
-4:56:16 AM
-4:58:28 AM
-5:00:40 AM
-5:02:52 AM
-5:05:03 AM
-5:07:15 AM
-5:09:27 AM
-5:11:39 AM
-5:13:50 AM
-5:16:02 AM
-5:18:14 AM
-5:20:26 AM
-5:22:38 AM
-5:24:49 AM
-5:27:01 AM
-5:29:13 AM
-5:31:25 AM
-5:33:36 AM
-5:35:48 AM
-5:38:00 AM
-5:40:11 AM
-5:42:23 AM
-5:44:35 AM
-5:46:47 AM
-5:48:58 AM
-5:51:10 AM
-5:53:22 AM
-5:55:33 AM
-5:57:45 AM
-5:59:57 AM
-6:02:09 AM
-6:04:21 AM
-6:06:32 AM
-6:08:44 AM
-6:10:56 AM
-6:13:07 AM
-6:15:19 AM
-6:17:31 AM
-6:19:43 AM
-6:21:54 AM
-6:24:06 AM
-6:26:18 AM
-6:28:30 AM
-6:30:41 AM
-6:32:53 AM
-6:35:05 AM
-6:37:17 AM
-6:39:28 AM
-6:41:40 AM
-6:43:52 AM
-6:46:03 AM
-6:48:15 AM
-6:50:27 AM
-6:52:39 AM
-6:54:50 AM
-6:57:02 AM
-6:59:14 AM
-7:01:26 AM
-7:03:37 AM
-7:05:49 AM
-7:08:01 AM
-7:10:13 AM
-7:12:24 AM
-7:14:36 AM
-7:16:48 AM
-7:18:59 AM
-7:21:11 AM
-7:23:23 AM
-7:25:35 AM
-7:27:46 AM
-7:29:58 AM
-7:32:10 AM
-7:34:22 AM
-7:36:33 AM
-7:38:45 AM
-7:40:57 AM
-7:43:08 AM
-7:45:20 AM
-7:47:32 AM
-7:49:44 AM
-7:51:55 AM
-7:54:07 AM
-7:56:19 AM
-7:58:30 AM
-8:00:42 AM
-8:02:54 AM
-8:05:06 AM
-8:07:17 AM
-8:09:29 AM
-8:11:41 AM
-8:13:53 AM
-8:16:04 AM
-8:18:16 AM
-8:20:28 AM
-8:22:39 AM
-8:24:51 AM
-8:27:03 AM
-8:29:15 AM
-8:31:26 AM
-8:33:38 AM
-8:35:50 AM
-8:38:01 AM
-8:40:13 AM
-8:42:25 AM
-8:44:36 AM
-8:46:48 AM
-8:49:00 AM
-8:51:11 AM
-8:53:23 AM
-8:55:35 AM
-8:57:47 AM
-8:59:58 AM
-9:02:10 AM
-9:04:22 AM
-9:06:34 AM
-9:08:45 AM
-9:10:57 AM
-9:13:09 AM
-9:15:21 AM
-9:17:32 AM
-9:19:44 AM
-9:21:56 AM
-9:24:07 AM
-9:26:19 AM
-9:28:31 AM
-9:30:43 AM
-9:32:54 AM
-9:35:06 AM
-9:37:18 AM
-9:39:30 AM
-9:41:41 AM
-9:43:53 AM
-9:46:05 AM
-9:48:18 AM
-9:50:30 AM
-9:52:42 AM
-9:54:54 AM
-9:57:06 AM
-9:59:18 AM
-10:01:30 AM
-10:03:42 AM
-10:05:54 AM
-10:08:07 AM
-10:10:19 AM
-10:12:31 AM
-10:14:43 AM
-10:16:55 AM
-10:19:07 AM
-10:21:19 AM
-10:23:32 AM
-10:25:44 AM
-10:27:56 AM
-10:30:08 AM
-10:32:20 AM
-10:34:32 AM
-10:36:44 AM
-10:38:56 AM
-10:41:09 AM
-10:43:21 AM
-10:45:33 AM
-10:47:45 AM
-10:49:57 AM
-10:52:09 AM
-10:54:21 AM
-10:56:34 AM
-10:58:46 AM
-11:00:58 AM
-11:03:10 AM
-11:05:22 AM
-11:07:34 AM
-11:09:46 AM
-11:11:58 AM
-11:14:11 AM
-11:16:23 AM
-11:18:35 AM
-11:20:47 AM
-11:22:59 AM
-11:25:11 AM
-11:27:23 AM
-11:29:35 AM
-11:31:48 AM
-11:34:00 AM
-11:36:12 AM
-11:38:23 AM
-11:40:35 AM
-11:42:47 AM
-11:44:59 AM
-11:47:10 AM
-11:49:22 AM
-11:51:34 AM
-11:53:46 AM
-11:55:57 AM
-11:58:09 AM
-12:00:21 PM
-12:02:33 PM
-12:04:44 PM
-12:06:56 PM
-12:09:08 PM
-12:11:20 PM
-12:13:31 PM
-12:15:43 PM
-12:17:55 PM
-12:20:06 PM
-12:22:18 PM
-12:24:30 PM
-12:26:42 PM
-12:28:54 PM
-12:31:05 PM
-12:33:17 PM
-12:35:29 PM
-12:37:40 PM
-12:39:52 PM
-12:42:04 PM
-12:44:16 PM
-12:46:27 PM
-12:48:39 PM
-12:50:51 PM
-12:53:02 PM
-12:55:14 PM
-12:57:26 PM
-12:59:38 PM
-1:01:50 PM
-1:04:01 PM
-1:06:13 PM
-1:08:25 PM
-1:10:36 PM
-1:12:48 PM
-1:15:00 PM
-1:17:12 PM
-1:19:23 PM
-1:21:35 PM
-1:23:47 PM
-1:25:58 PM
-1:28:10 PM
-1:30:22 PM
-1:32:34 PM
-1:34:45 PM
-1:36:57 PM
-1:39:09 PM
-1:41:20 PM
-1:43:32 PM
-1:45:44 PM
-1:47:56 PM
-1:50:07 PM
-1:52:19 PM
-1:54:31 PM
-1:56:43 PM
-1:58:54 PM
-2:01:06 PM
-2:03:18 PM
-2:05:29 PM
-2:07:41 PM
-2:09:53 PM
-2:12:05 PM
-2:14:16 PM
-2:16:28 PM
-2:18:40 PM
-2:20:51 PM
-2:23:03 PM
-2:25:15 PM
-2:27:27 PM
-2:29:39 PM
-2:31:50 PM
-2:34:02 PM
-2:36:14 PM
-2:38:26 PM
-2:40:37 PM
-2:42:49 PM
-2:45:01 PM
-2:47:13 PM
-2:49:24 PM
-2:51:36 PM
-2:53:48 PM
-2:56:00 PM
-2:58:11 PM
-3:00:23 PM
-3:02:35 PM
-3:04:47 PM
-3:06:58 PM
-3:09:10 PM
-3:11:22 PM
-3:13:34 PM
-3:15:45 PM
+++ /dev/null
-#!/bin/bash
-
-#set -x # echo invoked commands to std out
-
-# Base dir should point to the experimental_result folder which contains the subfolders:
-# - 'smarthome' which contains the traces collected while other devices are idle
-# - 'standalone' which contains signatures and the traces used to generate the signatures.
-BASE_DIR=$1
-readonly BASE_DIR
-
-OUTPUT_DIR=$2
-readonly OUTPUT_DIR
-
-PCAPS_BASE_DIR="$BASE_DIR/smarthome"
-readonly PCAPS_BASE_DIR
-
-SIGNATURES_BASE_DIR="$BASE_DIR/standalone"
-readonly SIGNATURES_BASE_DIR
-
-# ==================================================== ARLO CAMERA =====================================================
-PCAP_FILE="$PCAPS_BASE_DIR/arlo-camera/wlan1/arlo-camera.wlan1.detection.pcap"
-
-# Has no device side signature.
-
-# PHONE SIDE (TODO: may possibly be the .incomplete signatures)
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/arlo-camera/signatures/arlo-camera-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/arlo-camera/signatures/arlo-camera-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/arlo-camera/arlo-camera.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="213"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ================================================= BLOSSOM SPRINKLER ==================================================
-PCAP_FILE="$PCAPS_BASE_DIR/blossom-sprinkler/wlan1/blossom-sprinkler.wlan1.detection.pcap"
-
-# DEVICE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/blossom-sprinkler/signatures/blossom-sprinkler-onSignature-device-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/blossom-sprinkler/signatures/blossom-sprinkler-offSignature-device-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/blossom-sprinkler/blossom-sprinkler.wlan1.detection.pcap___device-side.detectionresults"
-SIGNATURE_DURATION="9274"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/blossom-sprinkler/signatures/blossom-sprinkler-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/blossom-sprinkler/signatures/blossom-sprinkler-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/blossom-sprinkler/blossom-sprinkler.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="3670"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== D-LINK PLUG =====================================================
-PCAP_FILE="$PCAPS_BASE_DIR/dlink-plug/wlan1/dlink-plug.wlan1.detection.pcap"
-
-# DEVICE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-plug/signatures/dlink-plug-onSignature-device-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-plug/signatures/dlink-plug-offSignature-device-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/dlink-plug/dlink-plug.wlan1.detection.pcap___device-side.detectionresults"
-SIGNATURE_DURATION="8866"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-plug/signatures/dlink-plug-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-plug/signatures/dlink-plug-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/dlink-plug/dlink-plug.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="193"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== D-LINK SIREN ====================================================
-PCAP_FILE="$PCAPS_BASE_DIR/dlink-siren/wlan1/dlink-siren.wlan1.detection.pcap"
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-siren/signatures/dlink-siren-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-siren/signatures/dlink-siren-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/dlink-siren/dlink-siren.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="71"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ===================================================== HUE BULB =======================================================
-PCAP_FILE="$PCAPS_BASE_DIR/hue-bulb/wlan1/hue-bulb.wlan1.detection.pcap"
-
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/hue-bulb/signatures/hue-bulb-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/hue-bulb/signatures/hue-bulb-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/hue-bulb/hue-bulb.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="27"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ================================================= KWIKSET DOORLOCK ===================================================
-PCAP_FILE="$PCAPS_BASE_DIR/kwikset-doorlock/wlan1/kwikset-doorlock.wlan1.detection.pcap"
-
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/kwikset-doorlock/signatures/kwikset-doorlock-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/kwikset-doorlock/signatures/kwikset-doorlock-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/kwikset-doorlock/kwikset-doorlock.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="3161"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ================================================= NEST THERMOSTAT ====================================================
-PCAP_FILE="$PCAPS_BASE_DIR/nest-thermostat/wlan1/nest-thermostat.wlan1.detection.pcap"
-
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/nest-thermostat/signatures/nest-thermostat-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/nest-thermostat/signatures/nest-thermostat-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/nest-thermostat/nest-thermostat.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="1179"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ====================================================== ST PLUG =======================================================
-PCAP_FILE="$PCAPS_BASE_DIR/st-plug/wlan1/st-plug.wlan1.detection.pcap"
-
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/st-plug/signatures/st-plug-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/st-plug/signatures/st-plug-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/st-plug/st-plug.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="2445"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== TP-LINK BULB ====================================================
-PCAP_FILE="$PCAPS_BASE_DIR/tplink-bulb/wlan1/tplink-bulb.wlan1.detection.pcap"
-
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-bulb/signatures/tplink-bulb-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-bulb/signatures/tplink-bulb-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/tplink-bulb/tplink-bulb.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="162"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' -onmacfilters 50:c7:bf:.* -offmacfilters 50:c7:bf:.*"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== TP-LINK PLUG ====================================================
-PCAP_FILE="$PCAPS_BASE_DIR/tplink-plug/wlan1/tplink-plug.wlan1.detection.pcap"
-
-# DEVICE SIDE (both the 112, 115 and 556, 1293 sequences)
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-plug/signatures/tplink-plug-onSignature-device-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-plug/signatures/tplink-plug-offSignature-device-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/tplink-plug/tplink-plug.wlan1.detection.pcap___device-side.detectionresults"
-SIGNATURE_DURATION="3660"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' -onmacfilters 50:c7:bf:.*;50:c7:bf:.* -offmacfilters 50:c7:bf:.*;50:c7:bf:.*"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-
-# DEVICE SIDE OUTBOUND (contains only those packets that go through the WAN port, i.e., only the 556, 1293 sequence)
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-plug/signatures/tplink-plug-onSignature-device-side-outbound.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-plug/signatures/tplink-plug-offSignature-device-side-outbound.sig"
-RESULTS_FILE="$OUTPUT_DIR/tplink-plug/tplink-plug.wlan1.detection.pcap___device-side-outbound.detectionresults"
-SIGNATURE_DURATION="224"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' -onmacfilters 50:c7:bf:.* -offmacfilters 50:c7:bf:.*"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-
-# Phone side does not make sense as it is merely a subset of the device side and does not differentiate ONs from OFFs.
-# ======================================================================================================================
-
-
-
-# ================================================== WEMO INSIGHT PLUG =================================================
-PCAP_FILE="$PCAPS_BASE_DIR/wemo-insight-plug/wlan1/wemo-insight-plug.wlan1.detection.pcap"
-
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/wemo-insight-plug/signatures/wemo-insight-plug-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/wemo-insight-plug/signatures/wemo-insight-plug-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/wemo-insight-plug/wemo-insight-plug.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="106"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ===================================================== WEMO PLUG ======================================================
-PCAP_FILE="$PCAPS_BASE_DIR/wemo-plug/wlan1/wemo-plug.wlan1.detection.pcap"
-
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/wemo-plug/signatures/wemo-plug-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/wemo-plug/signatures/wemo-plug-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/wemo-plug/wemo-plug.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="147"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
\ No newline at end of file
+++ /dev/null
-#!/bin/bash
-
-# Base directory where the smarthome evaluation traces and timestamp files are stored,
-# (i.e., /some/arbitrary/local/path/experimental_result/smarthome)
-TIMESTAMPS_BASE_DIR=$1
-readonly TIMESTAMPS_BASE_DIR
-
-# Base directory for the detection results files for the smarthome experiment
-RESULTS_BASE_DIR=$2
-readonly RESULTS_BASE_DIR
-
-
-
-# ==================================================== ARLO CAMERA =====================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/arlo-camera/timestamps/arlo-camera-smarthome-nov-15-2018.timestamps"
-RESULTS_FILE="$RESULTS_BASE_DIR/arlo-camera/arlo-camera.wlan1.detection.pcap___phone-side.detectionresults"
-# Put the analysis results in the same folder as the detection results.
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-
-
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ================================================= BLOSSOM SPRINKLER ==================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/blossom-sprinkler/timestamps/blossom-sprinkler-smarthome-jan-14-2019.timestamps"
-
-# DEVICE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/blossom-sprinkler/blossom-sprinkler.wlan1.detection.pcap___device-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-
-# PHONE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/blossom-sprinkler/blossom-sprinkler.wlan1.detection.pcap___phone-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== D-LINK PLUG =====================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/dlink-plug/timestamps/dlink-plug-smarthome-nov-8-2018.timestamps"
-
-# DEVICE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/dlink-plug/dlink-plug.wlan1.detection.pcap___device-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-
-# PHONE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/dlink-plug/dlink-plug.wlan1.detection.pcap___phone-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== D-LINK SIREN ====================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/dlink-siren/timestamps/dlink-siren-smarthome-nov-10-2018.timestamps"
-
-#PHONE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/dlink-siren/dlink-siren.wlan1.detection.pcap___phone-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ===================================================== HUE BULB =======================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/hue-bulb/timestamps/hue-bulb-smarthome-nov-20-2018.timestamps"
-
-# Has no device side signature.
-
-# PHONE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/hue-bulb/hue-bulb.wlan1.detection.pcap___phone-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ================================================= KWIKSET DOORLOCK ===================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/kwikset-doorlock/timestamps/kwikset-doorlock-smarthome-nov-10-2018.timestamps"
-
-# Has no device side signature.
-
-# PHONE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/kwikset-doorlock/kwikset-doorlock.wlan1.detection.pcap___phone-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ================================================= NEST THERMOSTAT ====================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/nest-thermostat/timestamps/nest-thermostat-smarthome-nov-16-2018.timestamps"
-
-# Has no device side signature.
-
-# PHONE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/nest-thermostat/nest-thermostat.wlan1.detection.pcap___phone-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ====================================================== ST PLUG =======================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/st-plug/timestamps/st-plug-smarthome-nov-13-2018.timestamps"
-
-# Has no device side signature.
-
-# PHONE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/st-plug/st-plug.wlan1.detection.pcap___phone-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== TP-LINK BULB ====================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/tplink-bulb/timestamps/tplink-bulb-smarthome-nov-19-2018.timestamps"
-
-# Has no device side signature.
-
-# PHONE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/tplink-bulb/tplink-bulb.wlan1.detection.pcap___phone-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== TP-LINK PLUG ====================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/tplink-plug/timestamps/tplink-plug-smarthome-nov-9-2018.timestamps"
-
-# DEVICE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/tplink-plug/tplink-plug.wlan1.detection.pcap___device-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-
-# DEVICE SIDE OUTBOUND
-RESULTS_FILE="$RESULTS_BASE_DIR/tplink-plug/tplink-plug.wlan1.detection.pcap___device-side-outbound.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ================================================== WEMO INSIGHT PLUG =================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/wemo-insight-plug/timestamps/wemo-insight-plug-smarthome-nov-22-2018.timestamps"
-
-# Has no device side signature.
-
-# PHONE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/wemo-insight-plug/wemo-insight-plug.wlan1.detection.pcap___phone-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ===================================================== WEMO PLUG ======================================================
-TIMESTAMPS_FILE="$TIMESTAMPS_BASE_DIR/wemo-plug/timestamps/wemo-plug-smarthome-nov-21-2018.timestamps"
-
-# Has no device side signature.
-
-# PHONE SIDE
-RESULTS_FILE="$RESULTS_BASE_DIR/wemo-plug/wemo-plug.wlan1.detection.pcap___phone-side.detectionresults"
-ANALYSIS_RESULTS_FILE="$RESULTS_FILE.analysis"
-PROGRAM_ARGS="'$TIMESTAMPS_FILE' '$RESULTS_FILE' '$ANALYSIS_RESULTS_FILE'"
-./gradlew run -DmainClass=edu.uci.iotproject.evaluation.DetectionResultsAnalyzer --args="$PROGRAM_ARGS"
-# ======================================================================================================================
\ No newline at end of file
+++ /dev/null
-#!/bin/bash
-
-#set -x # echo invoked commands to std out
-
-# Arg1 should point to the UNB trace (PCAP w/o any expected events).
-PCAP_FILE=$1
-
-readonly PCAP_FILE
-
-# Arg2 should point to the base directory for signature files (i.e., /some/local/path/experimental_result/standalone)
-SIGNATURES_BASE_DIR=$2
-readonly SIGNATURES_BASE_DIR
-
-# Arg3 should point to folder where the detection results for the UNB trace are to be output.
-OUTPUT_DIR=$3
-readonly OUTPUT_DIR
-
-# ==================================================== ARLO CAMERA =====================================================
-# Has no device side signature.
-
-# PHONE SIDE (TODO: may possibly be the .incomplete signatures)
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/arlo-camera/signatures/arlo-camera-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/arlo-camera/signatures/arlo-camera-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/arlo-camera/arlo-camera.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="213"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ================================================= BLOSSOM SPRINKLER ==================================================
-# DEVICE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/blossom-sprinkler/signatures/blossom-sprinkler-onSignature-device-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/blossom-sprinkler/signatures/blossom-sprinkler-offSignature-device-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/blossom-sprinkler/blossom-sprinkler.wlan1.detection.pcap___device-side.detectionresults"
-SIGNATURE_DURATION="9274"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/blossom-sprinkler/signatures/blossom-sprinkler-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/blossom-sprinkler/signatures/blossom-sprinkler-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/blossom-sprinkler/blossom-sprinkler.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="3670"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== D-LINK PLUG =====================================================
-# DEVICE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-plug/signatures/dlink-plug-onSignature-device-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-plug/signatures/dlink-plug-offSignature-device-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/dlink-plug/dlink-plug.wlan1.detection.pcap___device-side.detectionresults"
-SIGNATURE_DURATION="8866"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-plug/signatures/dlink-plug-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-plug/signatures/dlink-plug-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/dlink-plug/dlink-plug.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="193"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== D-LINK SIREN ====================================================
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-siren/signatures/dlink-siren-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/dlink-siren/signatures/dlink-siren-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/dlink-siren/dlink-siren.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="71"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ===================================================== HUE BULB =======================================================
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/hue-bulb/signatures/hue-bulb-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/hue-bulb/signatures/hue-bulb-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/hue-bulb/hue-bulb.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="27"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ================================================= KWIKSET DOORLOCK ===================================================
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/kwikset-doorlock/signatures/kwikset-doorlock-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/kwikset-doorlock/signatures/kwikset-doorlock-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/kwikset-doorlock/kwikset-doorlock.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="3161"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ================================================= NEST THERMOSTAT ====================================================
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/nest-thermostat/signatures/nest-thermostat-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/nest-thermostat/signatures/nest-thermostat-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/nest-thermostat/nest-thermostat.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="1179"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ====================================================== ST PLUG =======================================================
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/st-plug/signatures/st-plug-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/st-plug/signatures/st-plug-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/st-plug/st-plug.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="2445"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== TP-LINK BULB ====================================================
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-bulb/signatures/tplink-bulb-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-bulb/signatures/tplink-bulb-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/tplink-bulb/tplink-bulb.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="162"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' -onmacfilters 50:c7:bf:.* -offmacfilters 50:c7:bf:.*"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ==================================================== TP-LINK PLUG ====================================================
-# DEVICE SIDE (both the 112, 115 and 556, 1293 sequences)
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-plug/signatures/tplink-plug-onSignature-device-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-plug/signatures/tplink-plug-offSignature-device-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/tplink-plug/tplink-plug.wlan1.detection.pcap___device-side.detectionresults"
-SIGNATURE_DURATION="3660"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' -onmacfilters 50:c7:bf:.*;50:c7:bf:.* -offmacfilters 50:c7:bf:.*;50:c7:bf:.*"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-
-# DEVICE SIDE OUTBOUND (contains only those packets that go through the WAN port, i.e., only the 556, 1293 sequence)
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-plug/signatures/tplink-plug-onSignature-device-side-outbound.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/tplink-plug/signatures/tplink-plug-offSignature-device-side-outbound.sig"
-RESULTS_FILE="$OUTPUT_DIR/tplink-plug/tplink-plug.wlan1.detection.pcap___device-side-outbound.detectionresults"
-SIGNATURE_DURATION="224"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' -onmacfilters 50:c7:bf:.* -offmacfilters 50:c7:bf:.*"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-
-# Phone side does not make sense as it is merely a subset of the device side and does not differentiate ONs from OFFs.
-# ======================================================================================================================
-
-
-
-# ================================================== WEMO INSIGHT PLUG =================================================
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/wemo-insight-plug/signatures/wemo-insight-plug-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/wemo-insight-plug/signatures/wemo-insight-plug-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/wemo-insight-plug/wemo-insight-plug.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="106"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
-
-
-
-# ===================================================== WEMO PLUG ======================================================
-# Has no device side signature.
-
-# PHONE SIDE
-ON_SIGNATURE="$SIGNATURES_BASE_DIR/wemo-plug/signatures/wemo-plug-onSignature-phone-side.sig"
-OFF_SIGNATURE="$SIGNATURES_BASE_DIR/wemo-plug/signatures/wemo-plug-offSignature-phone-side.sig"
-RESULTS_FILE="$OUTPUT_DIR/wemo-plug/wemo-plug.wlan1.detection.pcap___phone-side.detectionresults"
-SIGNATURE_DURATION="147"
-
-PROGRAM_ARGS="'$PCAP_FILE' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION'"
-./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS"
-# ======================================================================================================================
\ No newline at end of file
+++ /dev/null
-#!/bin/bash
-
-# Arg1 should point to the folder with UNSW traces (PCAP files w/o any expected events).
-UNSW_TRACES_DIR=$1
-
-# Arg2 should point to the base directory for signature files (i.e., /some/local/path/experimental_result/standalone)
-SIGNATURES_BASE_DIR=$2
-readonly SIGNATURES_BASE_DIR
-
-# Arg3 should point to base directory where the detection results for the UNSW trace are to be output.
-# Subfolders will be created for each individual pcap file in UNSW_TRACES_DIR.
-OUTPUT_DIR=$3
-readonly OUTPUT_DIR
-
-#set -x # echo invoked commands to std out
-
-for PCAP_FILE in $UNSW_TRACES_DIR/*.pcap; do
- # skip non pcap files
- [ -e "$PCAP_FILE" ] || continue
- # make an output sub dir in the base output dir that is the filename minus extension
- OUTPUT_SUB_DIR=$(basename "$PCAP_FILE" .pcap)
- ./execute_layer2_unb_all_detection.sh $PCAP_FILE $SIGNATURES_BASE_DIR $OUTPUT_DIR/$OUTPUT_SUB_DIR
-done
-
-
+++ /dev/null
-#Tue Aug 21 11:14:11 PDT 2018
-distributionBase=GRADLE_USER_HOME
-distributionPath=wrapper/dists
-zipStoreBase=GRADLE_USER_HOME
-zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.9-bin.zip
+++ /dev/null
-#!/usr/bin/env bash
-
-##############################################################################
-##
-## Gradle start up script for UN*X
-##
-##############################################################################
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS=""
-
-APP_NAME="Gradle"
-APP_BASE_NAME=`basename "$0"`
-
-# Use the maximum available, or set MAX_FD != -1 to use that value.
-MAX_FD="maximum"
-
-warn ( ) {
- echo "$*"
-}
-
-die ( ) {
- echo
- echo "$*"
- echo
- exit 1
-}
-
-# OS specific support (must be 'true' or 'false').
-cygwin=false
-msys=false
-darwin=false
-case "`uname`" in
- CYGWIN* )
- cygwin=true
- ;;
- Darwin* )
- darwin=true
- ;;
- MINGW* )
- msys=true
- ;;
-esac
-
-# Attempt to set APP_HOME
-# Resolve links: $0 may be a link
-PRG="$0"
-# Need this for relative symlinks.
-while [ -h "$PRG" ] ; do
- ls=`ls -ld "$PRG"`
- link=`expr "$ls" : '.*-> \(.*\)$'`
- if expr "$link" : '/.*' > /dev/null; then
- PRG="$link"
- else
- PRG=`dirname "$PRG"`"/$link"
- fi
-done
-SAVED="`pwd`"
-cd "`dirname \"$PRG\"`/" >/dev/null
-APP_HOME="`pwd -P`"
-cd "$SAVED" >/dev/null
-
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
-
-# Determine the Java command to use to start the JVM.
-if [ -n "$JAVA_HOME" ] ; then
- if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
- # IBM's JDK on AIX uses strange locations for the executables
- JAVACMD="$JAVA_HOME/jre/sh/java"
- else
- JAVACMD="$JAVA_HOME/bin/java"
- fi
- if [ ! -x "$JAVACMD" ] ; then
- die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
- fi
-else
- JAVACMD="java"
- which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
-fi
-
-# Increase the maximum file descriptors if we can.
-if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
- MAX_FD_LIMIT=`ulimit -H -n`
- if [ $? -eq 0 ] ; then
- if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
- MAX_FD="$MAX_FD_LIMIT"
- fi
- ulimit -n $MAX_FD
- if [ $? -ne 0 ] ; then
- warn "Could not set maximum file descriptor limit: $MAX_FD"
- fi
- else
- warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
- fi
-fi
-
-# For Darwin, add options to specify how the application appears in the dock
-if $darwin; then
- GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
-fi
-
-# For Cygwin, switch paths to Windows format before running java
-if $cygwin ; then
- APP_HOME=`cygpath --path --mixed "$APP_HOME"`
- CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
- JAVACMD=`cygpath --unix "$JAVACMD"`
-
- # We build the pattern for arguments to be converted via cygpath
- ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
- SEP=""
- for dir in $ROOTDIRSRAW ; do
- ROOTDIRS="$ROOTDIRS$SEP$dir"
- SEP="|"
- done
- OURCYGPATTERN="(^($ROOTDIRS))"
- # Add a user-defined pattern to the cygpath arguments
- if [ "$GRADLE_CYGPATTERN" != "" ] ; then
- OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
- fi
- # Now convert the arguments - kludge to limit ourselves to /bin/sh
- i=0
- for arg in "$@" ; do
- CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
- CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
-
- if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
- eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
- else
- eval `echo args$i`="\"$arg\""
- fi
- i=$((i+1))
- done
- case $i in
- (0) set -- ;;
- (1) set -- "$args0" ;;
- (2) set -- "$args0" "$args1" ;;
- (3) set -- "$args0" "$args1" "$args2" ;;
- (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
- (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
- (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
- (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
- (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
- (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
- esac
-fi
-
-# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
-function splitJvmOpts() {
- JVM_OPTS=("$@")
-}
-eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
-JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
-
-exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
+++ /dev/null
-@if "%DEBUG%" == "" @echo off\r
-@rem ##########################################################################\r
-@rem\r
-@rem Gradle startup script for Windows\r
-@rem\r
-@rem ##########################################################################\r
-\r
-@rem Set local scope for the variables with windows NT shell\r
-if "%OS%"=="Windows_NT" setlocal\r
-\r
-@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.\r
-set DEFAULT_JVM_OPTS=\r
-\r
-set DIRNAME=%~dp0\r
-if "%DIRNAME%" == "" set DIRNAME=.\r
-set APP_BASE_NAME=%~n0\r
-set APP_HOME=%DIRNAME%\r
-\r
-@rem Find java.exe\r
-if defined JAVA_HOME goto findJavaFromJavaHome\r
-\r
-set JAVA_EXE=java.exe\r
-%JAVA_EXE% -version >NUL 2>&1\r
-if "%ERRORLEVEL%" == "0" goto init\r
-\r
-echo.\r
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.\r
-echo.\r
-echo Please set the JAVA_HOME variable in your environment to match the\r
-echo location of your Java installation.\r
-\r
-goto fail\r
-\r
-:findJavaFromJavaHome\r
-set JAVA_HOME=%JAVA_HOME:"=%\r
-set JAVA_EXE=%JAVA_HOME%/bin/java.exe\r
-\r
-if exist "%JAVA_EXE%" goto init\r
-\r
-echo.\r
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%\r
-echo.\r
-echo Please set the JAVA_HOME variable in your environment to match the\r
-echo location of your Java installation.\r
-\r
-goto fail\r
-\r
-:init\r
-@rem Get command-line arguments, handling Windowz variants\r
-\r
-if not "%OS%" == "Windows_NT" goto win9xME_args\r
-if "%@eval[2+2]" == "4" goto 4NT_args\r
-\r
-:win9xME_args\r
-@rem Slurp the command line arguments.\r
-set CMD_LINE_ARGS=\r
-set _SKIP=2\r
-\r
-:win9xME_args_slurp\r
-if "x%~1" == "x" goto execute\r
-\r
-set CMD_LINE_ARGS=%*\r
-goto execute\r
-\r
-:4NT_args\r
-@rem Get arguments from the 4NT Shell from JP Software\r
-set CMD_LINE_ARGS=%$\r
-\r
-:execute\r
-@rem Setup the command line\r
-\r
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar\r
-\r
-@rem Execute Gradle\r
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%\r
-\r
-:end\r
-@rem End local scope for the variables with windows NT shell\r
-if "%ERRORLEVEL%"=="0" goto mainEnd\r
-\r
-:fail\r
-rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of\r
-rem the _cmd.exe /c_ return code!\r
-if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1\r
-exit /b 1\r
-\r
-:mainEnd\r
-if "%OS%"=="Windows_NT" endlocal\r
-\r
-:omega\r
+++ /dev/null
-rootProject.name = 'SmartPlugDetector'
-
+++ /dev/null
-package edu.uci.iotproject;
-
-import org.pcap4j.core.PcapHandle;
-import org.pcap4j.core.PcapPacket;
-
-import java.io.FileNotFoundException;
-import java.io.PrintWriter;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * Models a (TCP) conversation/connection/session/flow (packet's belonging to the same session between a client and a
- * server).
- * Holds a pair of packet lengths from {@link PcapPacket}s identified as pertaining to the flow.
- * Here we consider pairs of packet lengths, e.g., from device to cloud and cloud to device.
- * We collect these pairs of data points as signatures that we can plot on a graph.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class ConversationPair {
-
- /* Begin instance properties */
- /**
- * The PrintWriter object that writes data points into file
- */
- private PrintWriter pw;
-
- /**
- * The direction of conversation
- * true = device to server to device
- */
- private Direction direction;
-
- /**
- * If this is the first packet processed then the value is true (it is false otherwise).
- */
- private boolean firstPacket;
-
- /**
- * Count the frequencies of points
- */
- private Map<String, Integer> pointFreq;
- private String dataPoint;
-
- /**
- * Four possible directions of conversations.
- * E.g., DEVICE_TO_SERVER means the conversation is started from
- * a device-server packet and then a server-device as a response.
- * SERVER_TO_DEVICE means the conversation is started from a
- * server-device packet and then a device-server packet as a response.
- * The same pattern applies to PHONE_TO_SERVER and SERVER_TO_PHONE
- * directions.
- */
- public enum Direction {
- DEVICE_TO_SERVER,
- SERVER_TO_DEVICE,
- PHONE_TO_SERVER,
- SERVER_TO_PHONE
- }
-
- /**
- * Constructs a ConversationPair object.
- * @param fileName The file name to write data points into.
- * @param direction The direction of the first packet of the pair.
- */
- public ConversationPair(String fileName, Direction direction) {
- try {
- this.pw = new PrintWriter(fileName, "UTF-8");
- } catch(UnsupportedEncodingException |
- FileNotFoundException e) {
- e.printStackTrace();
- }
- this.direction = direction;
- this.firstPacket = true;
- this.pointFreq = new HashMap<>();
- this.dataPoint = null;
- }
-
- /**
- * Writes conversation pair's packet lengths.
- * @param packet The {@link PcapPacket} object that has packet information.
- * @param fromClient If true then this packet comes from client, e.g., device.
- * @param fromServer If true then this packet comes from server.
- */
- public void writeConversationPair(PcapPacket packet, boolean fromClient, boolean fromServer) {
-
- // Write device data point first and then server
- if (direction == Direction.DEVICE_TO_SERVER || direction == Direction.PHONE_TO_SERVER) {
- if (fromClient && firstPacket) { // first packet
- pw.print(packet.getTimestamp() + ", " + packet.getPayload().length() + ", ");
- System.out.print(packet.getTimestamp() + ", " + packet.getPayload().length() + ", ");
- dataPoint = Integer.toString(packet.getPayload().length()) + ", ";
- firstPacket = false;
- } else if (fromServer && !firstPacket) { // second packet
- pw.println(packet.getPayload().length());
- System.out.println(packet.getPayload().length());
- dataPoint = dataPoint + Integer.toString(packet.getPayload().length());
- countFrequency(dataPoint);
- firstPacket = true;
- }
- // Write server data point first and then device
- } else if (direction == Direction.SERVER_TO_DEVICE || direction == Direction.SERVER_TO_PHONE) {
- if (fromServer && firstPacket) { // first packet
- pw.print(packet.getTimestamp() + ", " + packet.getPayload().length() + ", ");
- dataPoint = Integer.toString(packet.getPayload().length()) + ", ";
- firstPacket = false;
- } else if (fromClient && !firstPacket) { // second packet
- pw.println(packet.getPayload().length());
- dataPoint = dataPoint + Integer.toString(packet.getPayload().length());
- countFrequency(dataPoint);
- firstPacket = true;
- }
- }
- }
-
- /**
- * Counts the frequencies of data points.
- * @param dataPoint One data point for a conversation pair, e.g., 556, 1232.
- */
- private void countFrequency(String dataPoint) {
-
- Integer freq = null;
- if (pointFreq.containsKey(dataPoint)) {
- freq = pointFreq.get(dataPoint);
- } else {
- freq = new Integer(0);
- }
- freq = freq + 1;
- pointFreq.put(dataPoint, freq);
- }
-
- /**
- * Prints the frequencies of data points from the Map.
- */
- public void printListFrequency() {
- for(Map.Entry<String, Integer> entry : pointFreq.entrySet()) {
- System.out.println(entry.getKey() + " - " + entry.getValue());
- }
- }
-
- /**
- * Close the PrintWriter object.
- */
- public void close() {
- pw.close();
- }
-}
\ No newline at end of file
+++ /dev/null
-package edu.uci.iotproject;
-
-import org.pcap4j.core.PacketListener;
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.Packet;
-import org.pcap4j.packet.DnsPacket;
-import org.pcap4j.packet.DnsResourceRecord;
-import org.pcap4j.packet.namednumber.DnsResourceRecordType;
-
-
-import java.net.Inet4Address;
-import java.net.UnknownHostException;
-import java.util.*;
-
-
-/**
- * This is a class that does DNS mapping.
- * Basically an IP address is mapped to its
- * respective DNS hostnames.
- *
- * @author Rahmadi Trimananda (rtrimana@uci.edu)
- * @version 0.1
- */
-public class DnsMap implements PacketListener {
-
- /* Class properties */
- private Map<String, Set<String>> ipToHostnameMap;
-
- /* Class constants */
- private static final Set<String> EMPTY_SET = Collections.unmodifiableSet(new HashSet<>());
-
-
- /* Constructor */
- public DnsMap() {
- ipToHostnameMap = new HashMap<>();
- }
-
- @Override
- public void gotPacket(PcapPacket packet) {
- try {
- validateAndAddNewEntry(packet);
- } catch (UnknownHostException e) {
- e.printStackTrace();
- }
- }
-
- /**
- * Gets a packet and determine if this is a DNS packet
- *
- * @param packet Packet object
- * @return DnsPacket object or null
- */
- private DnsPacket getDnsPacket(Packet packet) {
- DnsPacket dnsPacket = packet.get(DnsPacket.class);
- return dnsPacket;
- }
-
- /**
- * Checks DNS packet and build the map data structure that
- * maps IP addresses to DNS hostnames
- *
- * @param packet PcapPacket object
- */
- public void validateAndAddNewEntry(PcapPacket packet) throws UnknownHostException {
- // Make sure that this is a DNS packet
- DnsPacket dnsPacket = getDnsPacket(packet);
- if (dnsPacket != null) {
- // We only care about DNS answers
- if (dnsPacket.getHeader().getAnswers().size() != 0) {
- String hostname = dnsPacket.getHeader().getQuestions().get(0).getQName().getName();
- for(DnsResourceRecord answer : dnsPacket.getHeader().getAnswers()) {
- // We only care about type A records
- if (!answer.getDataType().equals(DnsResourceRecordType.A))
- continue;
- // Sanity check. For some reason the hostname appears to be the empty string in the answer .
- // We hence have to assume that all answers correspond to a single question that holds the hostname as part of its object tree.
- // Therefore, if there are more questions in one query-reply exchange, we are in trouble.
- if (!answer.getName().getName().equals("") && !answer.getName().getName().equals(hostname))
- throw new RuntimeException("[DNS parser] mismatch between hostname in question and hostname in answer");
- // The IP in byte representation.
- byte[] ipBytes = answer.getRData().getRawData();
- // Convert to string representation.
- String ip = Inet4Address.getByAddress(ipBytes).getHostAddress();
- Set<String> hostnameSet = new HashSet<>();
- hostnameSet.add(hostname);
- // Update or insert depending on presence of key:
- // Concat the existing set and the new set if ip already present as key,
- // otherwise add an entry for ip pointing to new set.
- ipToHostnameMap.merge(ip, hostnameSet, (v1, v2) -> { v1.addAll(v2); return v1; });
- }
- }
- }
- }
-
-
- /**
- * Checks DNS packet and build the map data structure that
- * maps IP addresses to DNS hostnames
- *
- * @param address Address to check
- * @param hostname Hostname to check
- */
- public boolean isRelatedToCloudServer(String address, String hostname) {
- return ipToHostnameMap.getOrDefault(address, EMPTY_SET).contains(hostname);
- }
-
- public Set<String> getHostnamesForIp(String ip) {
- Set<String> hostnames = ipToHostnameMap.get(ip);
- return hostnames != null ? Collections.unmodifiableSet(hostnames) : null;
- }
-}
+++ /dev/null
-package edu.uci.iotproject;
-
-import org.pcap4j.core.*;
-import org.pcap4j.packet.*;
-import org.pcap4j.packet.DnsPacket;
-import org.pcap4j.packet.namednumber.DnsResourceRecordType;
-
-import java.io.EOFException;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.*;
-import java.util.concurrent.TimeoutException;
-
-/**
- * TODO add class documentation.
- * TODO: At this point, this class is still in transition to having multiple hostnames and lists of packets
- *
- * @author Janus Varmarken
- */
-public class FlowPattern {
-
- /**
- * Class properties
- */
- private final String mPatternId;
- private final String hostname; // The hostname that this {@code FlowPattern} is associated with.
-
- /**
- * The order of packet lengths that defines this {@link FlowPattern}
- * TODO: this is a simplified representation, we should also include information about direction of each packet.
- */
- private final List<Integer> flowPacketOrder;
- private final Map<String, List<Integer>> mHostnameToPacketLengthsMap;
- private final List<String> mHostnameList;
- private final PcapHandle mPcap;
-
-
- /**
- * Class constants
- */
-
-
- /**
- * Constructor #1
- */
- public FlowPattern(String mPatternId, String hostname, PcapHandle mPcap) {
- this.mPatternId = mPatternId;
- this.hostname = hostname;
- this.mHostnameList = null;
- this.mPcap = mPcap;
- this.mHostnameToPacketLengthsMap = null;
- this.flowPacketOrder = new ArrayList<Integer>();
- processPcap();
- }
-
-
- /**
- * Process the PcapHandle to strip off unnecessary packets and just get the integer array of packet lengths
- */
- private void processPcap() {
-
- PcapPacket packet;
- try {
- while ((packet = mPcap.getNextPacketEx()) != null) {
- // For now, we only work support pattern search in TCP over IPv4.
- IpV4Packet ipPacket = packet.get(IpV4Packet.class);
- TcpPacket tcpPacket = packet.get(TcpPacket.class);
- if (ipPacket == null || tcpPacket == null)
- continue;
- if (tcpPacket.getPayload() == null) // We skip non-payload control packets as these are less predictable
- continue;
- int packetLength = tcpPacket.getPayload().length();
- flowPacketOrder.add(packetLength);
- }
- } catch (EOFException eofe) {
- System.out.println("[ FlowPattern ] Finished processing a training PCAP stream!");
- System.out.println("[ FlowPattern ] Pattern for " + mPatternId + ": " + Arrays.toString(flowPacketOrder.toArray()));
- } catch (PcapNativeException |
- TimeoutException |
- NotOpenException ex) {
- ex.printStackTrace();
- }
- }
-
-
- /**
- * Process the PcapHandle to strip off unnecessary packets.
- * We then map list of hostnames to their respective arrays of packet lengths
- */
- private void processPcapToMap() {
-
- PcapPacket packet;
- try {
- int hostIndex = -1;
- Set<String> addressSet = new HashSet<>();
- while ((packet = mPcap.getNextPacketEx()) != null) {
- // For now, we only work support pattern search in TCP over IPv4.
- IpV4Packet ipPacket = packet.get(IpV4Packet.class);
- TcpPacket tcpPacket = packet.get(TcpPacket.class);
- if (ipPacket == null || tcpPacket == null) {
- continue;
- }
- if (tcpPacket.getPayload() == null) {
- // We skip non-payload control packets as these are less predictable
- continue;
- }
- // We assume that if it is not a local address then it is a cloud server address
- InetAddress srcAddress = ipPacket.getHeader().getSrcAddr();
- InetAddress dstAddress = ipPacket.getHeader().getDstAddr();
- boolean fromServer = !srcAddress.isSiteLocalAddress();
- boolean fromClient = !dstAddress.isSiteLocalAddress();
- if (!fromServer && !fromClient) {
- // Packet not related to pattern, skip it
- continue;
- } else {
- // We relate and assume that this address is from our cloud server
- String cloudAddress = null;
- if (fromClient) {
- cloudAddress = dstAddress.getHostAddress();
- } else { // fromServer
- cloudAddress = srcAddress.getHostAddress();
- }
- //System.out.println("\nCloud address: " + cloudAddress);
- if (!addressSet.contains(cloudAddress)) {
- addressSet.add(cloudAddress);
- hostIndex++;
- }
-
- String hostname = mHostnameList.get(hostIndex);
- List<Integer> packetLengthsList = mHostnameToPacketLengthsMap.containsKey(hostname) ?
- mHostnameToPacketLengthsMap.get(hostname) : new ArrayList<>();
- int packetLength = tcpPacket.getPayload().length();
- packetLengthsList.add(packetLength);
- mHostnameToPacketLengthsMap.put(hostname, packetLengthsList);
- }
- }
- } catch (EOFException eofe) {
- System.out.println("[ FlowPattern ] Finished processing a training PCAP stream!");
- System.out.println("[ FlowPattern ] Pattern for " + mPatternId + ": " + Arrays.toString(mHostnameToPacketLengthsMap.entrySet().toArray()));
- } catch (PcapNativeException |
- TimeoutException |
- NotOpenException ex) {
- ex.printStackTrace();
- }
- }
-
-
- /**
- * Constructor #2
- */
- public FlowPattern(String mPatternId, List<String> mHostnameList, PcapHandle mPcap) {
- this.mPatternId = mPatternId;
- this.hostname = null;
- this.mHostnameList = mHostnameList;
- this.mPcap = mPcap;
- this.flowPacketOrder = null;
- this.mHostnameToPacketLengthsMap = new HashMap<>();
- processPcapToMap();
- }
-
-
- public String getPatternId() {
- return mPatternId;
- }
-
-
- public String getHostname() {
- return hostname;
- }
-
-
- /**
- * Get the sequence of packet lengths that defines this {@code FlowPattern}.
- * @return the sequence of packet lengths that defines this {@code FlowPattern}.
- */
- public List<Integer> getPacketOrder() {
- return flowPacketOrder;
- }
-
-
- /**
- * Get the sequence of packet lengths based on input hostname.
- * @return the sequence of packet lengths that defines this {@code FlowPattern}.
- */
- public List<Integer> getPacketOrder(String hostname) {
- return mHostnameToPacketLengthsMap.get(hostname);
- }
-
-
- /**
- * Get the list of associated hostnames.
- * @return the associated hostnames that define this {@code FlowPattern}.
- */
- public List<String> getHostnameList() {
- return mHostnameList;
- }
-
-
- /**
- * Get the length of the List of {@code FlowPattern}.
- * @return the length of the List of {@code FlowPattern}.
- */
- public int getLength() {
- return flowPacketOrder.size();
- }
-
-
- /**
- * Get the length of the List of {@code FlowPattern}.
- * @return the length of the List of {@code FlowPattern}.
- */
- public int getLength(String hostname) {
- return mHostnameToPacketLengthsMap.get(hostname).size();
- }
-}
+++ /dev/null
-package edu.uci.iotproject;
-
-import edu.uci.iotproject.comparison.ComparisonFunctions;
-import edu.uci.iotproject.comparison.CompleteMatchPatternComparisonResult;
-import edu.uci.iotproject.comparison.PatternComparisonTask;
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import org.pcap4j.core.NotOpenException;
-import org.pcap4j.core.PcapHandle;
-import org.pcap4j.core.PcapNativeException;
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.DnsPacket;
-import org.pcap4j.packet.IpV4Packet;
-import org.pcap4j.packet.TcpPacket;
-
-import java.io.*;
-import java.net.UnknownHostException;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.*;
-import java.util.concurrent.*;
-
-
-/**
- * <p>Provides functionality for searching for the presence of a {@link FlowPattern} in a PCAP trace.</p>
- *
- * <p>
- * The (entire) PCAP trace is traversed and parsed on one thread (specifically, the thread that calls
- * {@link #findFlowPattern()}). This thread builds a {@link DnsMap} using the DNS packets present in the trace and uses
- * that {@code DnsMap} to reassemble {@link Conversation}s that <em>potentially</em> match the provided
- * {@link FlowPattern} (in that one end/party of said conversations matches the hostname(s) specified by the given
- * {@code FlowPattern}).
- * These potential matches are then examined on background worker thread(s) to determine if they are indeed a (complete)
- * match of the provided {@code FlowPattern}.
- * </p>
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class FlowPatternFinder {
-
- /* Begin class properties */
- /**
- * {@link ExecutorService} responsible for parallelizing pattern searches.
- * Declared as static to allow for reuse of threads across different instances of {@code FlowPatternFinder} and to
- * avoid the overhead of initializing a new thread pool for each {@code FlowPatternFinder} instance.
- */
- private static final ExecutorService EXECUTOR_SERVICE = Executors.newCachedThreadPool();
- /* End class properties */
-
- /* Begin instance properties */
- /**
- * Holds a set of {@link Conversation}s that <em>potentially</em> match {@link #mPattern} since each individual
- * {@code Conversation} is communication with the hostname identified by {@code mPattern.getHostname()}.
- * Note that due to limitations of the {@link Set} interface (specifically, there is no {@code get(T t)} method),
- * we have to resort to a {@link Map} (in which keys map to themselves) to "mimic" a set with {@code get(T t)}
- * functionality.
- *
- * @see <a href="https://stackoverflow.com/questions/7283338/getting-an-element-from-a-set">this question on StackOverflow.com</a>
- */
- private final Map<Conversation, Conversation> mConversations;
-
- /**
- * Holds a list of trigger times.
- */
- private final List<Long> mTriggerTimes;
- private static int triggerListCounter;
-
- private final DnsMap mDnsMap;
- private final PcapHandle mPcap;
- private final FlowPattern mPattern;
- private final ConversationPair mConvPair;
- private final String FILE = "./devices/tplink_switch/datapoints.csv";
- //private final String REF_FILE = "./devices/dlink_switch/dlink-june-26-2018.timestamps";
- private final String REF_FILE = "./devices/tplink_switch/tplink-june-14-2018.timestamps";
- //private final String REF_FILE = "./devices/tplink_switch/tplink-feb-13-2018.timestamps";
- // Router time is in CET and we use PST for the trigger times
- // Difference is 7 hours x 3600 x 1000ms = 25,200,000ms
- private final long TIME_OFFSET = 25200000;
-
- private final List<Future<CompleteMatchPatternComparisonResult>> mPendingComparisons = new ArrayList<>();
- /* End instance properties */
-
- /**
- * Constructs a new {@code FlowPatternFinder}.
- * @param pcap an <em>open</em> {@link PcapHandle} that provides access to the trace that is to be examined.
- * @param pattern the {@link FlowPattern} to search for.
- */
- public FlowPatternFinder(PcapHandle pcap, FlowPattern pattern) {
- this.mConversations = new HashMap<>();
- this.mTriggerTimes = readTriggerTimes(REF_FILE);
- triggerListCounter = 0;
- this.mDnsMap = new DnsMap();
- this.mPcap = Objects.requireNonNull(pcap,
- String.format("Argument of type '%s' cannot be null", PcapHandle.class.getSimpleName()));
- this.mPattern = Objects.requireNonNull(pattern,
- String.format("Argument of type '%s' cannot be null", FlowPattern.class.getSimpleName()));
- this.mConvPair = new ConversationPair(FILE, ConversationPair.Direction.DEVICE_TO_SERVER);
- }
-
-
- private List<Long> readTriggerTimes(String refFileName) {
-
- List<Long> listTriggerTimes = new ArrayList<>();
- try {
- File file = new File(refFileName);
- BufferedReader br = new BufferedReader(new FileReader(file));
- String s;
- while ((s = br.readLine()) != null) {
- listTriggerTimes.add(timeToMillis(s, false));
- }
- } catch (IOException e) {
- e.printStackTrace();
- }
- System.out.println("List has: " + listTriggerTimes.size());
-
- return listTriggerTimes;
- }
-
- /**
- * Starts the pattern search.
- */
- public void start() {
-
- //findFlowPattern();
- findSignatureBasedOnTimestamp();
- }
-
- /**
- * Find patterns based on the FlowPattern object (run by a thread)
- */
- private void findFlowPattern() {
- try {
- PcapPacket packet;
-// TODO: The new comparison method is pending
-// TODO: For now, just compare using one hostname and one list per FlowPattern
-// List<String> hostnameList = mPattern.getHostnameList();
-// int hostIndex = 0;
- while ((packet = mPcap.getNextPacketEx()) != null) {
- // Let DnsMap handle DNS packets.
- if (packet.get(DnsPacket.class) != null) {
- // Check if this is a valid DNS packet
- mDnsMap.validateAndAddNewEntry(packet);
- continue;
- }
- // For now, we only work support pattern search in TCP over IPv4.
- final IpV4Packet ipPacket = packet.get(IpV4Packet.class);
- final TcpPacket tcpPacket = packet.get(TcpPacket.class);
- if (ipPacket == null || tcpPacket == null) {
- continue;
- }
-
- String srcAddress = ipPacket.getHeader().getSrcAddr().getHostAddress();
- String dstAddress = ipPacket.getHeader().getDstAddr().getHostAddress();
- int srcPort = tcpPacket.getHeader().getSrcPort().valueAsInt();
- int dstPort = tcpPacket.getHeader().getDstPort().valueAsInt();
- // Is this packet related to the pattern; i.e. is it going to (or coming from) the cloud server?
- boolean fromServer = mDnsMap.isRelatedToCloudServer(srcAddress, mPattern.getHostname());
- boolean fromClient = mDnsMap.isRelatedToCloudServer(dstAddress, mPattern.getHostname());
-// String currentHostname = hostnameList.get(hostIndex);
-// boolean fromServer = mDnsMap.isRelatedToCloudServer(srcAddress, currentHostname);
-// boolean fromClient = mDnsMap.isRelatedToCloudServer(dstAddress, currentHostname);
- if (!fromServer && !fromClient) {
- // Packet not related to pattern, skip it.
- continue;
- }
-
- // Conversations (connections/sessions) are identified by the four-tuple
- // (clientIp, clientPort, serverIp, serverPort) (see Conversation Javadoc).
- // Create "dummy" conversation for looking up an existing entry.
- Conversation conversation = fromClient ? new Conversation(srcAddress, srcPort, dstAddress, dstPort) :
- new Conversation(dstAddress, dstPort, srcAddress, srcPort);
- // Add the packet so that the "dummy" conversation can be immediately added to the map if no entry
- // exists for the conversation that the current packet belongs to.
- if (tcpPacket.getHeader().getFin()) {
- // Record FIN packets.
- conversation.addFinPacket(packet);
- }
- if (tcpPacket.getPayload() != null) {
- // Record regular payload packets.
- conversation.addPacket(packet, true);
- }
- // Note: does not make sense to call attemptAcknowledgementOfFin here as the new packet has no FINs
- // in its list, so if this packet is an ACK, it would not be added anyway.
- // Need to retain a final reference to get access to the packet in the lambda below.
- final PcapPacket finalPacket = packet;
- // Add the new conversation to the map if an equal entry is not already present.
- // If an existing entry is already present, the current packet is simply added to that conversation.
- mConversations.merge(conversation, conversation, (existingEntry, toMerge) -> {
- // toMerge may not have any payload packets if the current packet is a FIN packet.
- if (toMerge.getPackets().size() > 0) {
- existingEntry.addPacket(toMerge.getPackets().get(0), true);
- }
- if (toMerge.getFinAckPairs().size() > 0) {
- // Add the FIN packet to the existing entry.
- existingEntry.addFinPacket(toMerge.getFinAckPairs().get(0).getFinPacket());
- }
- if (finalPacket.get(TcpPacket.class).getHeader().getAck()) {
- existingEntry.attemptAcknowledgementOfFin(finalPacket);
- }
- return existingEntry;
- });
- // Refresh reference to point to entry in map (in case packet was added to existing entry).
- conversation = mConversations.get(conversation);
- if (conversation.isGracefullyShutdown()) {
- // Conversation terminated gracefully, so we can now start analyzing it.
- // Remove the Conversation from the map and start the analysis.
- // Any future packets identified by the same four tuple will be tied to a new Conversation instance.
- mConversations.remove(conversation);
- // Create comparison task and send to executor service.
- PatternComparisonTask<CompleteMatchPatternComparisonResult> comparisonTask =
- new PatternComparisonTask<>(conversation, mPattern, ComparisonFunctions.SUB_SEQUENCE_COMPLETE_MATCH);
- mPendingComparisons.add(EXECUTOR_SERVICE.submit(comparisonTask));
- // Increment hostIndex to find the next
-
- }
- }
- } catch (EOFException eofe) {
- // TODO should check for leftover conversations in map here and fire tasks for those.
- // TODO [cont'd] such tasks may be present if connections did not terminate gracefully or if there are longlived connections.
- System.out.println("[ findFlowPattern ] Finished processing entire PCAP stream!");
- System.out.println("[ findFlowPattern ] Now waiting for comparisons to finish...");
- // Wait for all comparisons to finish, then output their results to std.out.
- for(Future<CompleteMatchPatternComparisonResult> comparisonTask : mPendingComparisons) {
- try {
- // Blocks until result is ready.
- CompleteMatchPatternComparisonResult comparisonResult = comparisonTask.get();
- if (comparisonResult.getResult()) {
- System.out.println(comparisonResult.getTextualDescription());
- }
- } catch (InterruptedException|ExecutionException e) {
- e.printStackTrace();
- }
- }
- } catch (UnknownHostException |
- PcapNativeException |
- NotOpenException |
- TimeoutException ex) {
- ex.printStackTrace();
- }
- }
-
- /**
- * Find patterns based on the FlowPattern object (run by a thread)
- */
- private void findSignatureBasedOnTimestamp() {
- try {
- PcapPacket packet;
-// TODO: The new comparison method is pending
-// TODO: For now, just compare using one hostname and one list per FlowPattern
- while ((packet = mPcap.getNextPacketEx()) != null) {
- // Let DnsMap handle DNS packets.
- if (packet.get(DnsPacket.class) != null) {
- // Check if this is a valid DNS packet
- mDnsMap.validateAndAddNewEntry(packet);
- continue;
- }
- // For now, we only work support pattern search in TCP over IPv4.
- final IpV4Packet ipPacket = packet.get(IpV4Packet.class);
- final TcpPacket tcpPacket = packet.get(TcpPacket.class);
- if (ipPacket == null || tcpPacket == null) {
- continue;
- }
-
- String srcAddress = ipPacket.getHeader().getSrcAddr().getHostAddress();
- String dstAddress = ipPacket.getHeader().getDstAddr().getHostAddress();
- int srcPort = tcpPacket.getHeader().getSrcPort().valueAsInt();
- int dstPort = tcpPacket.getHeader().getDstPort().valueAsInt();
- //System.out.println("Timestamp packet: " + packet.getTimestamp());
- // Is this packet related to the pattern; i.e. is it going to (or coming from) the cloud server?
- boolean fromServer = mDnsMap.isRelatedToCloudServer(srcAddress, mPattern.getHostname());
- boolean fromClient = mDnsMap.isRelatedToCloudServer(dstAddress, mPattern.getHostname());
- if (!fromServer && !fromClient) {
- // Packet not related to pattern, skip it.
- continue;
- }
- // Record the conversation pairs
- if (tcpPacket.getPayload() != null && checkTimeStamp(packet)) {
- //if (tcpPacket.getPayload() != null) {
- mConvPair.writeConversationPair(packet, fromClient, fromServer);
- }
- }
- } catch (EOFException eofe) {
- triggerListCounter = 0;
- mConvPair.close();
- System.out.println("[ findFlowPattern ] ConversationPair writer closed!");
- System.out.println("[ findFlowPattern ] Frequencies of data points:");
- mConvPair.printListFrequency();
- } catch (UnknownHostException |
- PcapNativeException |
- NotOpenException |
- TimeoutException ex) {
- ex.printStackTrace();
- }
- }
-
- private boolean checkTimeStamp(PcapPacket packet) {
-
- // Extract time from the packet's timestamp
- String timeStamp = packet.getTimestamp().toString();
- String timeString = timeStamp.substring(timeStamp.indexOf("T") + 1, timeStamp.indexOf("."));
- // Timestamps are in CET (ahead of PST) so it should be deducted by TIME_OFFSET
- long time = timeToMillis(timeString, true) - TIME_OFFSET;
- //long time = timeToMillis(timeString, true);
-
- //System.out.println("Gets here: " + time + " trigger time: " + mTriggerTimes.get(triggerListCounter));
-
- // We accept packets that are at most 3 seconds away from the trigger time
- if ((mTriggerTimes.get(triggerListCounter) <= time) &&
- (time <= mTriggerTimes.get(triggerListCounter) + 3000)) {
- //System.out.println("Gets here 1: " + timeString + " index: " + triggerListCounter);
- return true;
- } else {
- // Handle the case that the timestamp is > 3000, but < next timestamp
- // in the list. We ignore these packets.
- if (time < mTriggerTimes.get(triggerListCounter)) {
- // Timestamp is smaller than trigger, ignore!
- //System.out.println("Gets here 2: " + timeString + " index: " + triggerListCounter);
- return false;
- } else { // Timestamp is greater than trigger, increment!
- triggerListCounter = triggerListCounter + 1;
- //System.out.println("Gets here 3: " + timeString + " index: " + triggerListCounter);
- //return false;
- return checkTimeStamp(packet);
- }
- }
-
- //System.out.println("Timestamp: " + timeToMillis(time, true));
- //String time2 = "21:38:08";
- //System.out.println("Timestamp: " + timeToMillis(time2, true));
- }
-
- /**
- * A private function that returns time in milliseconds.
- * @param time The time in the form of String.
- * @param is24Hr If true, then this is in 24-hour format.
- */
- private long timeToMillis(String time, boolean is24Hr) {
-
- String format = null;
- if (is24Hr) {
- format = "hh:mm:ss";
- } else { // 12 Hr format
- format = "hh:mm:ss aa";
- }
- DateFormat sdf = new SimpleDateFormat(format);
- Date date = null;
- try {
- date = sdf.parse(time);
- } catch(Exception e) {
- e.printStackTrace();
- }
- if (date == null)
- return 0;
- return date.getTime();
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject;
-
-import static edu.uci.iotproject.analysis.UserAction.Type;
-
-import edu.uci.iotproject.analysis.*;
-import edu.uci.iotproject.io.TriggerTimesFileReader;
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.trafficreassembly.layer3.TcpReassembler;
-import edu.uci.iotproject.util.PcapPacketUtils;
-import edu.uci.iotproject.util.PrintUtils;
-import org.apache.commons.math3.stat.clustering.Cluster;
-import org.apache.commons.math3.stat.clustering.DBSCANClusterer;
-import org.pcap4j.core.*;
-import org.pcap4j.packet.namednumber.DataLinkType;
-
-import java.io.EOFException;
-import java.net.UnknownHostException;
-import java.time.Duration;
-import java.time.Instant;
-import java.util.*;
-import java.util.concurrent.TimeoutException;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
-
-/**
- * This is a system that reads PCAP files to compare
- * patterns of DNS hostnames, packet sequences, and packet
- * lengths with training data to determine certain events
- * or actions for smart home devices.
- *
- * @author Janus Varmarken
- * @author Rahmadi Trimananda (rtrimana@uci.edu)
- * @version 0.1
- */
-public class Main {
-
-
- public static void main(String[] args) throws PcapNativeException, NotOpenException, EOFException, TimeoutException, UnknownHostException {
- // -------------------------------------------------------------------------------------------------------------
- // ------------ # Code for extracting traffic generated by a device within x seconds of a trigger # ------------
- // Paths to input and output files (consider supplying these as arguments instead) and IP of the device for
- // which traffic is to be extracted:
- String path = "/scratch/July-2018"; // Rahmadi
-// String path = "/Users/varmarken/temp/UCI IoT Project/experiments"; // Janus
- boolean verbose = true;
- final String onPairsPath = "/scratch/July-2018/on.txt";
- final String offPairsPath = "/scratch/July-2018/off.txt";
-
- // 1) D-Link July 26 experiment
-// final String inputPcapFile = path + "/2018-07/dlink/dlink.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-07/dlink/dlink-processed.pcap";
-// final String triggerTimesFile = path + "/2018-07/dlink/dlink-july-26-2018.timestamps";
-// final String deviceIp = "192.168.1.199"; // .246 == phone; .199 == dlink plug?
- // Actual training
-// final String inputPcapFile = path + "/2018-10/dlink-plug/dlink-plug.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-10/dlink-plug/dlink-plug-processed.pcap";
-// final String triggerTimesFile = path + "/2018-10/dlink-plug/dlink-plug-oct-17-2018.timestamps";
-// final String deviceIp = "192.168.1.199"; // .246 == phone; .199 == dlink plug?
- // TODO: EXPERIMENT - November 7, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/dlink-plug/wlan1/dlink-plug.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/dlink-plug/wlan1/dlink-plug-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/dlink-plug/timestamps/dlink-plug-nov-7-2018.timestamps";
-// final String deviceIp = "192.168.1.199"; // .246 == phone; .199 == dlink plug?
-//// final String deviceIp = "192.168.1.246"; // .246 == phone; .199 == dlink plug?
-
- // 2) TP-Link July 25 experiment
-// final String inputPcapFile = path + "/2018-07/tplink/tplink.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-07/tplink/tplink-processed.pcap";
-// final String triggerTimesFile = path + "/2018-07/tplink/tplink-july-25-2018.timestamps";
-// final String deviceIp = "192.168.1.159";
- // Actual training
-// final String inputPcapFile = path + "/2018-10/tplink-plug/tplink-plug.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-10/tplink-plug/tplink-plug-processed.pcap";
-// final String triggerTimesFile = path + "/2018-10/tplink-plug/tplink-plug-oct-17-2018.timestamps";
-// final String deviceIp = "192.168.1.159"; // .246 == phone; .159 == tplink plug
- // TODO: EXPERIMENT - November 8, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/tplink-plug/wlan1/tplink-plug.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/tplink-plug/wlan1/tplink-plug-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/tplink-plug/timestamps/tplink-plug-nov-8-2018.timestamps";
-// final String deviceIp = "192.168.1.159"; // .246 == phone; .159 == tplink plug
-//// final String deviceIp = "192.168.1.246"; // .246 == phone; .159 == tplink plug
-
- // 2b) TP-Link July 25 experiment TRUNCATED:
- // Only contains "true local" events, i.e., before the behavior changes to remote-like behavior.
- // Last included event is at July 25 10:38:11; file filtered to only include packets with arrival time <= 10:38:27.
-// final String inputPcapFile = path + "/2018-07/tplink/tplink.wlan1.local.truncated.pcap";
-// final String outputPcapFile = path + "/2018-07/tplink/tplink-processed.truncated.pcap";
-// final String triggerTimesFile = path + "/2018-07/tplink/tplink-july-25-2018.truncated.timestamps";
-// final String deviceIp = "192.168.1.159";
-
- // 3) SmartThings Plug July 25 experiment
-// final String inputPcapFile = path + "/2018-07/stplug/stplug.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-07/stplug/stplug-processed.pcap";
-// final String triggerTimesFile = path + "/2018-07/stplug/smartthings-july-25-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!)
- // October 18
-// final String inputPcapFile = path + "/2018-10/st-plug/st-plug.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-10/st-plug/st-plug-processed.pcap";
-// final String triggerTimesFile = path + "/2018-10/st-plug/st-plug-oct-18-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!)
- // TODO: EXPERIMENT - November 12, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/st-plug/wlan1/st-plug.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/st-plug/wlan1/st-plug-processed.pcap";
-//// final String inputPcapFile = path + "/experimental_result/standalone/st-plug/eth1/st-plug.eth1.local.pcap";
-//// final String outputPcapFile = path + "/experimental_result/standalone/st-plug/eth1/st-plug-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/st-plug/timestamps/st-plug-nov-12-2018.timestamps";
-//// final String deviceIp = "192.168.1.142"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!)
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!)
-
- // 4) Wemo July 30 experiment
-// final String inputPcapFile = path + "/2018-07/wemo/wemo.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-07/wemo/wemo-processed.pcap";
-// final String triggerTimesFile = path + "/2018-07/wemo/wemo-july-30-2018.timestamps";
-// final String deviceIp = "192.168.1.145"; // .246 == phone; .145 == WeMo
- // TODO: EXPERIMENT - November 20, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/wemo-plug/wlan1/wemo-plug.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/wemo-plug/wlan1/wemo-plug-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/wemo-plug/timestamps/wemo-plug-nov-20-2018.timestamps";
-//// final String deviceIp = "192.168.1.145"; // .246 == phone; .145 == WeMo
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .145 == WeMo
-
- // 5) Wemo Insight July 31 experiment
-// final String inputPcapFile = path + "/2018-07/wemoinsight/wemoinsight.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-07/wemoinsight/wemoinsight-processed.pcap";
-// final String triggerTimesFile = path + "/2018-07/wemoinsight/wemo-insight-july-31-2018.timestamps";
-// final String deviceIp = "192.168.1.135";
- // TODO: EXPERIMENT - November 21, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/wemo-insight-plug/wlan1/wemo-insight-plug.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/wemo-insight-plug/wlan1/wemo-insight-plug-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/wemo-insight-plug/timestamps/wemo-insight-plug-nov-21-2018.timestamps";
-//// final String deviceIp = "192.168.1.145"; // .246 == phone; .135 == WeMo Insight
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .135 == WeMo Insight
-
- // 6) TP-Link Bulb August 1 experiment
-// final String inputPcapFile = path + "/2018-08/tplink-bulb/tplinkbulb.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/tplink-bulb/tplinkbulb-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/tplink-bulb/tplink-bulb-aug-3-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .140 == TP-Link bulb
- // TODO: EXPERIMENT - November 16, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/tplink-bulb/wlan1/tplink-bulb.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/tplink-bulb/wlan1/tplink-bulb-processed.pcap";
-//// final String inputPcapFile = path + "/experimental_result/standalone/tplink-bulb/eth0/tplink-bulb.eth1.local.pcap";
-//// final String outputPcapFile = path + "/experimental_result/standalone/tplink-bulb/eth0/tplink-bulb-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/tplink-bulb/timestamps/tplink-bulb-nov-16-2018.timestamps";
-//// final String deviceIp = "192.168.1.140"; // .246 == phone; .140 == TP-Link bulb
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .140 == TP-Link bulb
-
- // 7) Kwikset Doorlock August 6 experiment
-// final String inputPcapFile = path + "/2018-08/kwikset-doorlock/kwikset-doorlock.data.wlan1.pcap";
-//// final String inputPcapFile = path + "/2018-08/kwikset-doorlock/kwikset-doorlock.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/kwikset-doorlock/kwikset-doorlock-processed.pcap";
-//// final String triggerTimesFile = path + "/2018-08/kwikset-doorlock/kwikset-doorlock-aug-6-2018.timestamps";
-// final String triggerTimesFile = path + "/2018-08/kwikset-doorlock/kwikset-doorlock-8hr-data-oct-11-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!)
- // TODO: EXPERIMENT - November 10, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/kwikset-doorlock/wlan1/kwikset-doorlock.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/kwikset-doorlock/wlan1/kwikset-doorlock-processed.pcap";
-//// final String inputPcapFile = path + "/experimental_result/standalone/kwikset-doorlock/eth1/kwikset-doorlock.eth1.local.pcap";
-//// final String outputPcapFile = path + "/experimental_result/standalone/kwikset-doorlock/eth1/kwikset-doorlock-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/kwikset-doorlock/timestamps/kwikset-doorlock-nov-10-2018.timestamps";
-//// final String deviceIp = "192.168.1.142"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!)
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!)
-
- // September 12, 2018 - includes both wlan1 and eth1 interfaces
-// final String inputPcapFile = path + "/2018-08/kwikset-doorlock/kwikset3.wlan1.local.pcap";
-// //final String inputPcapFile = path + "/2018-08/kwikset-doorlock/kwikset3.eth1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/kwikset-doorlock/kwikset3-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/kwikset-doorlock/kwikset-doorlock-sept-12-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!)
-
- // 8) Hue Bulb August 7 experiment
-// final String inputPcapFile = path + "/2018-08/hue-bulb/hue-bulb.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/hue-bulb/hue-bulb-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/hue-bulb/hue-bulb-aug-7-2018.timestamps";
-// final String deviceIp = "192.168.1.246";
- // October 30 experiment
-// final String inputPcapFile = path + "/2018-10/hue-bulb/hue-bulb.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-10/hue-bulb/hue-bulb-processed.pcap";
-// final String triggerTimesFile = path + "/2018-10/hue-bulb/hue-bulb-oct-30-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .100 == Hue hub
- // TODO: EXPERIMENT - November 19, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/hue-bulb/wlan1/hue-bulb.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/hue-bulb/wlan1/hue-bulb-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/hue-bulb/timestamps/hue-bulb-nov-19-2018.timestamps";
-//// final String deviceIp = "192.168.1.100"; // .246 == phone; .100 == Hue hub
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .100 == Hue hub
-
- // 9) Lifx Bulb August 8 experiment
-// final String inputPcapFile = path + "/2018-08/lifx-bulb/lifx-bulb.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/lifx-bulb/lifx-bulb-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/lifx-bulb/lifx-bulb-aug-8-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .231 == Lifx
- // October 18
-// final String inputPcapFile = path + "/2018-10/lifx-bulb/lifx-bulb.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-10/lifx-bulb/lifx-bulb-processed.pcap";
-// final String triggerTimesFile = path + "/2018-10/lifx-bulb/lifx-bulb-oct-18-2018.timestamps";
-// final String deviceIp = "192.168.1.231"; // .246 == phone; .231 == Lifx
- // November 1
-// final String inputPcapFile = path + "/2018-10/lifx-bulb/lifx-bulb.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-10/lifx-bulb/lifx-bulb-processed.pcap";
-// final String triggerTimesFile = path + "/2018-10/lifx-bulb/lifx-bulb-nov-1-2018.timestamps";
-// final String deviceIp = "192.168.1.231"; // .246 == phone; .231 == Lifx
-
- // 10) Amcrest Camera August 9 experiment
-// final String inputPcapFile = path + "/2018-08/amcrest-camera/amcrest-camera.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/amcrest-camera/amcrest-camera-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/amcrest-camera/amcrest-camera-aug-9-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .235 == camera
-
- // 11) Arlo Camera August 10 experiment
-// final String inputPcapFile = path + "/2018-08/arlo-camera/arlo-camera.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/arlo-camera/arlo-camera-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/arlo-camera/arlo-camera-aug-10-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .140 == camera
- // TODO: EXPERIMENT - November 13, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/arlo-camera/wlan1/arlo-camera.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/arlo-camera/wlan1/arlo-camera-processed.pcap";
-//// final String inputPcapFile = path + "/experimental_result/standalone/arlo-camera/eth0/arlo-camera.eth1.local.pcap";
-//// final String outputPcapFile = path + "/experimental_result/standalone/arlo-camera/eth0/arlo-camera-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/arlo-camera/timestamps/arlo-camera-nov-13-2018.timestamps";
-//// final String deviceIp = "192.168.1.140"; // .246 == phone; .140 == camera
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .140 == camera
-
- // 12) Blossom sprinkler August 13 experiment
-// final String inputPcapFile = path + "/2018-08/blossom/blossom.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/blossom/blossom-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/blossom/blossom-aug-13-2018.timestamps";
-// final String deviceIp = "192.168.1.229"; // .246 == phone; .229 == sprinkler
-// // 2 November
-// final String inputPcapFile = path + "/2018-10/blossom-sprinkler/blossom-sprinkler.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-10/blossom-sprinkler/blossom-sprinkler-processed.pcap";
-// final String triggerTimesFile = path + "/2018-10/blossom-sprinkler/blossom-sprinkler-nov-2-2018.timestamps";
-// final String deviceIp = "192.168.1.229"; // .246 == phone; .229 == sprinkler
- // January 9, 11, 13, 14
-// final String inputPcapFile = path + "/experimental_result/standalone/blossom-sprinkler/wlan1/blossom-sprinkler.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/blossom-sprinkler/wlan1/blossom-sprinkler-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/blossom-sprinkler/timestamps/blossom-sprinkler-standalone-jan-14-2019.timestamps";
-//// final String triggerTimesFile = path + "/experimental_result/standalone/blossom-sprinkler/timestamps/blossom-sprinkler-standalone-jan-11-2019.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .229 == sprinkler
-//// final String deviceIp = "192.168.1.229"; // .246 == phone; .229 == sprinkler
-
-// // 13) DLink siren August 14 experiment
-// final String inputPcapFile = path + "/2018-08/dlink-siren/dlink-siren.wlan1.local.pcap";
-// //final String inputPcapFile = path + "/evaluation/dlink-siren/dlink-siren.data.wlan1.pcap";
-// final String outputPcapFile = path + "/2018-08/dlink-siren/dlink-siren-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/dlink-siren/dlink-siren-oct-12-2018.timestamps";
-// //final String triggerTimesFile = path + "/2018-08/dlink-siren/dlink-siren-aug-14-2018.timestamps";
-// //final String triggerTimesFile = path + "/actual/timestamps/dlink-siren-8hr-data-oct-10-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .183 == siren
- // TODO: EXPERIMENT - November 9, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/dlink-siren/wlan1/dlink-siren.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/dlink-siren/wlan1/dlink-siren-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/dlink-siren/timestamps/dlink-siren-nov-9-2018.timestamps";
-//// final String deviceIp = "192.168.1.183"; // .246 == phone; .183 == siren
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .183 == siren
-
- // 14) Nest thermostat August 15 experiment
-// final String inputPcapFile = path + "/2018-08/nest/nest.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/nest/nest-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/nest/nest-aug-15-2018.timestamps";
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .127 == Nest thermostat
-// // TODO: EXPERIMENT - November 14, 2018
-// final String inputPcapFile = path + "/experimental_result/standalone/nest-thermostat/wlan1/nest-thermostat.wlan1.local.pcap";
-// final String outputPcapFile = path + "/experimental_result/standalone/nest-thermostat/wlan1/nest-thermostat-processed.pcap";
-//// final String inputPcapFile = path + "/experimental_result/standalone/nest-thermostat/eth0/nest-thermostat.eth1.local.pcap";
-//// final String outputPcapFile = path + "/experimental_result/standalone/nest-thermostat/eth0/nest-thermostat-processed.pcap";
-// final String triggerTimesFile = path + "/experimental_result/standalone/nest-thermostat/timestamps/nest-thermostat-nov-15-2018.timestamps";
-//// final String deviceIp = "192.168.1.127"; // .246 == phone; .127 == Nest thermostat
-// final String deviceIp = "192.168.1.246"; // .246 == phone; .127 == Nest thermostat
-
- // 15) Alexa August 16 experiment
-// final String inputPcapFile = path + "/2018-08/alexa/alexa.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/alexa/alexa-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/alexa/alexa-aug-16-2018.timestamps";
-// final String deviceIp = "192.168.1.225"; // .246 == phone; .225 == Alexa
- // August 17
-// final String inputPcapFile = path + "/2018-08/alexa/alexa2.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-08/alexa/alexa2-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/alexa/alexa-aug-17-2018.timestamps";
-// final String deviceIp = "192.168.1.225"; // .246 == phone; .225 == Alexa
-
- // September 17
-// final String inputPcapFile = path + "/2018-08/noise/noise.eth1.pcap";
-// final String outputPcapFile = path + "/2018-08/noise/noise-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/noise/noise-sept-17-2018.timestamps";
-// final String deviceIp = "192.168.1.142"; // .142 == SmartThings Hub; .199 == dlink plug; .183 == siren
- // September 26 - D-Link noise
-// final String inputPcapFile = path + "/2018-08/noise/noise.dlink.wlan1.pcap";
-// final String outputPcapFile = path + "/2018-08/noise/noise-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/noise/dlink-noise-sept-26-2018.timestamps";
-// final String deviceIp = "192.168.1.183"; // .199 == dlink plug; .183 == siren
- // September 27 - Kwikset noise
-// final String inputPcapFile = path + "/2018-08/noise/noise.kwikset.eth1.pcap";
-// final String outputPcapFile = path + "/2018-08/noise/noise-processed.pcap";
-// final String triggerTimesFile = path + "/2018-08/noise/kwikset-doorlock-noise-sept-27-2018.timestamps";
-// final String deviceIp = "192.168.1.142"; // .142 == SmartThings Hub;
-
- // TODO: The below part is just for 15-second time sensitivity experiment
- // TODO: The below part is just for 15-second time sensitivity experiment
- // TODO: The below part is just for 15-second time sensitivity experiment
- // D-Link plug
-// final String triggerTimesFile = path + "/experimental_result/standalone/dlink-plug/timestamps/dlink-plug-nov-7-2018.timestamps";
-//// final String onSignatureFile = path + "/experimental_result/standalone/dlink-plug/signatures/dlink-plug-onSignature-phone-side.sig";
-//// final String offSignatureFile = path + "/experimental_result/standalone/dlink-plug/signatures/dlink-plug-offSignature-phone-side.sig";
-// final String onSignatureFile = path + "/experimental_result/standalone/dlink-plug/signatures/dlink-plug-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/dlink-plug/signatures/dlink-plug-offSignature-device-side.sig";
- // TP-Link plug
- final String triggerTimesFile = path + "/experimental_result/standalone/tplink-plug/timestamps/tplink-plug-nov-8-2018.timestamps";
-//// final String onSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-onSignature-phone-side.sig";
-//// final String offSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-offSignature-phone-side.sig";
-// final String onSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-onSignature-device-side-outbound.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-offSignature-device-side-outbound.sig";
- final String onSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-onSignature-device-side.sig";
- final String offSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-offSignature-device-side.sig";
-
- // D-Link siren
-// final String triggerTimesFile = path + "/experimental_result/standalone/dlink-siren/timestamps/dlink-siren-nov-9-2018.timestamps";
-// final String onSignatureFile = path + "/experimental_result/standalone/dlink-siren/signatures/dlink-siren-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/dlink-siren/signatures/dlink-siren-offSignature-phone-side.sig";
- // Kwikset door lock
-// final String triggerTimesFile = path + "/experimental_result/standalone/kwikset-doorlock/timestamps/kwikset-doorlock-nov-10-2018.timestamps";
-// final String onSignatureFile = path + "/experimental_result/standalone/kwikset-doorlock/signatures/kwikset-doorlock-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/kwikset-doorlock/signatures/kwikset-doorlock-offSignature-phone-side.sig";
- // SmartThings plug
-// final String triggerTimesFile = path + "/experimental_result/standalone/st-plug/timestamps/st-plug-nov-12-2018.timestamps";
-// final String onSignatureFile = path + "/experimental_result/standalone/st-plug/signatures/st-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/st-plug/signatures/st-plug-offSignature-phone-side.sig";
- // Arlo Q
-// final String triggerTimesFile = path + "/experimental_result/standalone/arlo-camera/timestamps/arlo-camera-nov-13-2018.timestamps";
-// final String onSignatureFile = path + "/experimental_result/standalone/arlo-camera/signatures/arlo-camera-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/arlo-camera/signatures/arlo-camera-offSignature-phone-side.sig";
- // Nest thermostat
-// final String triggerTimesFile = path + "/experimental_result/standalone/nest-thermostat/timestamps/nest-thermostat-nov-15-2018.timestamps";
-// final String onSignatureFile = path + "/experimental_result/standalone/nest-thermostat/signatures/nest-thermostat-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/nest-thermostat/signatures/nest-thermostat-offSignature-phone-side.sig";
- // Blossom sprinkler
-// final String triggerTimesFile = path + "/experimental_result/standalone/blossom-sprinkler/timestamps/blossom-sprinkler-standalone-jan-14-2019.timestamps";
-// final String onSignatureFile = path + "/experimental_result/standalone/blossom-sprinkler/signatures/blossom-sprinkler-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/blossom-sprinkler/signatures/blossom-sprinkler-offSignature-device-side.sig";
-// final String onSignatureFile = path + "/experimental_result/standalone/blossom-sprinkler/signatures/blossom-sprinkler-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/blossom-sprinkler/signatures/blossom-sprinkler-offSignature-phone-side.sig";
- // TP-Link bulb
-// final String triggerTimesFile = path + "/experimental_result/standalone/tplink-bulb/timestamps/tplink-bulb-nov-16-2018.timestamps";
-// final String onSignatureFile = path + "/experimental_result/standalone/tplink-bulb/signatures/tplink-bulb-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/tplink-bulb/signatures/tplink-bulb-offSignature-phone-side.sig";
- // Philips hue
-// final String triggerTimesFile = path + "/2018-08/hue-bulb/hue-bulb-aug-7-2018.timestamps";
-// final String onSignatureFile = path + "/training/hue-bulb/signatures/hue-bulb-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/training/hue-bulb/signatures/hue-bulb-offSignature-phone-side.sig";
- // WeMo plug
-// final String triggerTimesFile = path + "/experimental_result/standalone/wemo-plug/timestamps/wemo-plug-nov-20-2018.timestamps";
-// final String onSignatureFile = path + "/experimental_result/standalone/wemo-plug/signatures/wemo-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/wemo-plug/signatures/wemo-plug-offSignature-phone-side.sig";
- // WeMo Insight plug
-// final String triggerTimesFile = path + "/experimental_result/standalone/wemo-insight-plug/timestamps/wemo-insight-plug-nov-21-2018.timestamps";
-// final String onSignatureFile = path + "/experimental_result/standalone/wemo-insight-plug/signatures/wemo-insight-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/wemo-insight-plug/signatures/wemo-insight-plug-offSignature-phone-side.sig";
-
-
- TriggerTimesFileReader ttfr = new TriggerTimesFileReader();
- List<Instant> triggerTimes = ttfr.readTriggerTimes(triggerTimesFile, false);
-
- System.out.println("ON signature file in use is " + onSignatureFile);
- System.out.println("OFF signature file in use is " + offSignatureFile);
-
- List<List<List<PcapPacket>>> onSignature = PrintUtils.deserializeSignatureFromFile(onSignatureFile);
- List<List<List<PcapPacket>>> offSignature = PrintUtils.deserializeSignatureFromFile(offSignatureFile);
-
- List<Instant> signatureTimestamps = new ArrayList<>();
- // Load ON signature last packet's timestamp
- // Get the last only
- List<List<PcapPacket>> lastListOn = onSignature.get(onSignature.size()-1);
- for (List<PcapPacket> list : lastListOn) {
- // Get timestamp Instant from the last packet
- int lastPacketIndex = list.size()-1;
- signatureTimestamps.add(list.get(lastPacketIndex).getTimestamp());
- }
- // Load OFF signature last packet's timestamp
- // Get the last only
- List<List<PcapPacket>> lastListOff = offSignature.get(offSignature.size()-1);
- for (List<PcapPacket> list : lastListOff) {
- // Get timestamp Instant from the last packet
- int lastPacketIndex = list.size()-1;
- signatureTimestamps.add(list.get(lastPacketIndex).getTimestamp());
- }
- // Sort the timestamps
- signatureTimestamps.sort((p1, p2) -> {
- return p1.compareTo(p2);
- });
-
- Iterator<Instant> iterTrig = triggerTimes.iterator();
- Iterator<Instant> iterSign = signatureTimestamps.iterator();
- System.out.println("Trigger to Last Packet:");
- while (iterTrig.hasNext() && iterSign.hasNext()) {
- Instant trigInst = (Instant) iterTrig.next();
- Instant signInst = (Instant) iterSign.next();
- Duration dur = Duration.between(trigInst, signInst);
- long duration = dur.toMillis();
- // Check duration --- should be below 15 seconds
- if (duration >= 0 && duration <= 15000) {
- System.out.println(dur.toMillis());
- } else if (duration > 15000) {
- while (duration > 15000) { // that means we have to move to the next trigger
- trigInst = (Instant) iterTrig.next();
- dur = Duration.between(trigInst, signInst);
- duration = dur.toMillis();
- }
- System.out.println(dur.toMillis());
- } else { // below 0 / negative --- that means we have to move to the next signature
- while (duration < 0) { // that means we have to move to the next trigger
- signInst = (Instant) iterSign.next();
- dur = Duration.between(trigInst, signInst);
- duration = dur.toMillis();
- }
- System.out.println(dur.toMillis());
- }
- }
-
-
- // ==========================================================================
- List<Instant> firstSignatureTimestamps = new ArrayList<>();
- List<Instant> lastSignatureTimestamps = new ArrayList<>();
- List<List<PcapPacket>> firstListOnSign = onSignature.get(0);
- List<List<PcapPacket>> lastListOnSign = onSignature.get(onSignature.size()-1);
- // Load ON signature first and last packet's timestamps
- for (List<PcapPacket> list : firstListOnSign) {
- // Get timestamp Instant from the last packet
- firstSignatureTimestamps.add(list.get(0).getTimestamp());
- }
- for (List<PcapPacket> list : lastListOnSign) {
- // Get timestamp Instant from the last packet
- int lastPacketIndex = list.size()-1;
- lastSignatureTimestamps.add(list.get(lastPacketIndex).getTimestamp());
- }
-
- List<List<PcapPacket>> firstListOffSign = offSignature.get(0);
- List<List<PcapPacket>> lastListOffSign = offSignature.get(offSignature.size()-1);
- // Load OFF signature first and last packet's timestamps
- for (List<PcapPacket> list : firstListOffSign) {
- // Get timestamp Instant from the last packet
- firstSignatureTimestamps.add(list.get(0).getTimestamp());
- }
- for (List<PcapPacket> list : lastListOffSign) {
- // Get timestamp Instant from the last packet
- int lastPacketIndex = list.size()-1;
- lastSignatureTimestamps.add(list.get(lastPacketIndex).getTimestamp());
- }
- // Sort the timestamps
- firstSignatureTimestamps.sort((p1, p2) -> {
- return p1.compareTo(p2);
- });
- // Sort the timestamps
- lastSignatureTimestamps.sort((p1, p2) -> {
- return p1.compareTo(p2);
- });
-
- Iterator<Instant> iterFirst = firstSignatureTimestamps.iterator();
- Iterator<Instant> iterLast = lastSignatureTimestamps.iterator();
- System.out.println("First to Last Packet:");
- while (iterFirst.hasNext() && iterLast.hasNext()) {
- Instant firstInst = (Instant) iterFirst.next();
- Instant lastInst = (Instant) iterLast.next();
- Duration dur = Duration.between(firstInst, lastInst);
- long duration = dur.toMillis();
- // Check duration --- should be below 15 seconds
- if (duration >= 0 && duration <= 15000) {
- System.out.println(dur.toMillis());
- } else if (duration > 15000) {
- while (duration > 15000) { // that means we have to move to the next trigger
- firstInst = (Instant) iterFirst.next();
- dur = Duration.between(firstInst, lastInst);
- duration = dur.toMillis();
- }
- System.out.println(dur.toMillis());
- } else { // below 0 / negative --- that means we have to move to the next signature
- while (duration < 0) { // that means we have to move to the next trigger
- lastInst = (Instant) iterLast.next();
- dur = Duration.between(firstInst, lastInst);
- duration = dur.toMillis();
- }
- System.out.println(dur.toMillis());
- }
- if (duration > 8000) {
- break;
- }
- }
-
- // TODO: The above part is just for 15-second time sensitivity experiment
- // TODO: The above part is just for 15-second time sensitivity experiment
- // TODO: The above part is just for 15-second time sensitivity experiment
-
-
-
-
-// TriggerTimesFileReader ttfr = new TriggerTimesFileReader();
-// List<Instant> triggerTimes = ttfr.readTriggerTimes(triggerTimesFile, false);
-// // Tag each trigger with "ON" or "OFF", assuming that the first trigger is an "ON" and that they alternate.
-// List<UserAction> userActions = new ArrayList<>();
-// for (int i = 0; i < triggerTimes.size(); i++) {
-// userActions.add(new UserAction(i % 2 == 0 ? Type.TOGGLE_ON : Type.TOGGLE_OFF, triggerTimes.get(i)));
-// }
-// TriggerTrafficExtractor tte = new TriggerTrafficExtractor(inputPcapFile, triggerTimes, deviceIp);
-// final PcapDumper outputter = Pcaps.openDead(DataLinkType.EN10MB, 65536).dumpOpen(outputPcapFile);
-// DnsMap dnsMap = new DnsMap();
-// TcpReassembler tcpReassembler = new TcpReassembler();
-// TrafficLabeler trafficLabeler = new TrafficLabeler(userActions);
-// tte.performExtraction(pkt -> {
-// try {
-// outputter.dump(pkt);
-// } catch (NotOpenException e) {
-// e.printStackTrace();
-// }
-// }, dnsMap, tcpReassembler, trafficLabeler);
-// outputter.flush();
-// outputter.close();
-//
-// if (tte.getPacketsIncludedCount() != trafficLabeler.getTotalPacketCount()) {
-// // Sanity/debug check
-// throw new AssertionError(String.format("mismatch between packet count in %s and %s",
-// TriggerTrafficExtractor.class.getSimpleName(), TrafficLabeler.class.getSimpleName()));
-// }
-//
-// // Extract all conversations present in the filtered trace.
-// List<Conversation> allConversations = tcpReassembler.getTcpConversations();
-// // Group conversations by hostname.
-// Map<String, List<Conversation>> convsByHostname = TcpConversationUtils.groupConversationsByHostname(allConversations, dnsMap);
-// System.out.println("Grouped conversations by hostname.");
-// // For each hostname, count the frequencies of packet lengths exchanged with that hostname.
-// final Map<String, Map<Integer, Integer>> pktLenFreqsByHostname = new HashMap<>();
-// convsByHostname.forEach((host, convs) -> pktLenFreqsByHostname.put(host, TcpConversationUtils.countPacketLengthFrequencies(convs)));
-// System.out.println("Counted frequencies of packet lengths exchanged with each hostname.");
-// // For each hostname, count the frequencies of packet sequences (i.e., count how many conversations exchange a
-// // sequence of packets of some specific lengths).
-// final Map<String, Map<String, Integer>> pktSeqFreqsByHostname = new HashMap<>();
-// convsByHostname.forEach((host, convs) -> pktSeqFreqsByHostname.put(host, TcpConversationUtils.countPacketSequenceFrequencies(convs)));
-// System.out.println("Counted frequencies of packet sequences exchanged with each hostname.");
-// // For each hostname, count frequencies of packet pairs exchanged with that hostname across all conversations
-// final Map<String, Map<String, Integer>> pktPairFreqsByHostname =
-// TcpConversationUtils.countPacketPairFrequenciesByHostname(allConversations, dnsMap);
-// System.out.println("Counted frequencies of packet pairs per hostname");
-// // For each user action, reassemble the set of TCP connections occurring shortly after
-// final Map<UserAction, List<Conversation>> userActionToConversations = trafficLabeler.getLabeledReassembledTcpTraffic();
-// final Map<UserAction, Map<String, List<Conversation>>> userActionsToConvsByHostname = trafficLabeler.getLabeledReassembledTcpTraffic(dnsMap);
-// System.out.println("Reassembled TCP conversations occurring shortly after each user event");
-//
-//
-//
-// /*
-// * NOTE: no need to generate these more complex on/off maps that also contain mappings from hostname and
-// * sequence identifiers as we do not care about hostnames and sequences during clustering.
-// * We can simply use the UserAction->List<Conversation> map to generate ON/OFF groupings of conversations.
-// */
-//
-//// // Contains all ON events: hostname -> sequence identifier -> list of conversations with that sequence
-//// Map<String, Map<String, List<Conversation>>> ons = new HashMap<>();
-//// // Contains all OFF events: hostname -> sequence identifier -> list of conversations with that sequence
-//// Map<String, Map<String, List<Conversation>>> offs = new HashMap<>();
-//// userActionsToConvsByHostname.forEach((ua, hostnameToConvs) -> {
-//// Map<String, Map<String, List<Conversation>>> outer = ua.getType() == Type.TOGGLE_ON ? ons : offs;
-//// hostnameToConvs.forEach((host, convs) -> {
-//// Map<String, List<Conversation>> seqsToConvs = TcpConversationUtils.
-//// groupConversationsByPacketSequence(convs, verbose);
-//// outer.merge(host, seqsToConvs, (oldMap, newMap) -> {
-//// newMap.forEach((sequence, cs) -> oldMap.merge(sequence, cs, (list1, list2) -> {
-//// list1.addAll(list2);
-//// return list1;
-//// }));
-//// return oldMap;
-//// });
-//// });
-//// });
-////
-//// System.out.println("==== ON ====");
-//// // Print out all the pairs into a file for ON events
-//// File fileOnEvents = new File(onPairsPath);
-//// PrintWriter pwOn = null;
-//// try {
-//// pwOn = new PrintWriter(fileOnEvents);
-//// } catch(Exception ex) {
-//// ex.printStackTrace();
-//// }
-//// for(Map.Entry<String, Map<String, List<Conversation>>> entry : ons.entrySet()) {
-//// Map<String, List<Conversation>> seqsToConvs = entry.getValue();
-//// for(Map.Entry<String, List<Conversation>> entryConv : seqsToConvs.entrySet()) {
-//// List<Conversation> listConv = entryConv.getValue();
-//// // Just get the first Conversation because all Conversations in this group
-//// // should have the same pairs of Application Data.
-//// for(Conversation conv : listConv) {
-//// // Process only if it is a TLS packet
-//// if (conv.isTls()) {
-//// List<PcapPacketPair> tlsAppDataList = TcpConversationUtils.extractTlsAppDataPacketPairs(conv);
-//// for(PcapPacketPair pair: tlsAppDataList) {
-//// System.out.println(PrintUtils.toCsv(pair, dnsMap));
-//// pwOn.println(PrintUtils.toCsv(pair, dnsMap));
-//// }
-//// } else { // Non-TLS conversations
-//// List<PcapPacketPair> packetList = TcpConversationUtils.extractPacketPairs(conv);
-//// for(PcapPacketPair pair: packetList) {
-//// System.out.println(PrintUtils.toCsv(pair, dnsMap));
-//// pwOn.println(PrintUtils.toCsv(pair, dnsMap));
-//// }
-//// }
-//// }
-//// }
-//// }
-//// pwOn.close();
-////
-//// System.out.println("==== OFF ====");
-//// // Print out all the pairs into a file for ON events
-//// File fileOffEvents = new File(offPairsPath);
-//// PrintWriter pwOff = null;
-//// try {
-//// pwOff = new PrintWriter(fileOffEvents);
-//// } catch(Exception ex) {
-//// ex.printStackTrace();
-//// }
-//// for(Map.Entry<String, Map<String, List<Conversation>>> entry : offs.entrySet()) {
-//// Map<String, List<Conversation>> seqsToConvs = entry.getValue();
-//// for(Map.Entry<String, List<Conversation>> entryConv : seqsToConvs.entrySet()) {
-//// List<Conversation> listConv = entryConv.getValue();
-//// // Just get the first Conversation because all Conversations in this group
-//// // should have the same pairs of Application Data.
-//// for(Conversation conv : listConv) {
-//// // Process only if it is a TLS packet
-//// if (conv.isTls()) {
-//// List<PcapPacketPair> tlsAppDataList = TcpConversationUtils.extractTlsAppDataPacketPairs(conv);
-//// for(PcapPacketPair pair: tlsAppDataList) {
-//// System.out.println(PrintUtils.toCsv(pair, dnsMap));
-//// pwOff.println(PrintUtils.toCsv(pair, dnsMap));
-//// }
-//// } else { // Non-TLS conversations
-//// List<PcapPacketPair> packetList = TcpConversationUtils.extractPacketPairs(conv);
-//// for (PcapPacketPair pair : packetList) {
-//// System.out.println(PrintUtils.toCsv(pair, dnsMap));
-//// pwOff.println(PrintUtils.toCsv(pair, dnsMap));
-//// }
-//// }
-//// }
-//// }
-//// }
-//// pwOff.close();
-//
-//
-// // ================================================ CLUSTERING ================================================
-// // Note: no need to use the more convoluted on/off maps; can simply use the UserAction->List<Conversation> map
-// // when don't care about hostnames and sequences (see comment earlier).
-//// List<Conversation> onConversations = userActionToConversations.entrySet().stream().
-//// filter(e -> e.getKey().getType() == Type.TOGGLE_ON). // drop all OFF events from stream
-//// map(e -> e.getValue()). // no longer interested in the UserActions
-//// flatMap(List::stream). // flatten List<List<T>> to a List<T>
-//// collect(Collectors.toList());
-//// List<Conversation> offConversations = userActionToConversations.entrySet().stream().
-//// filter(e -> e.getKey().getType() == Type.TOGGLE_OFF).
-//// map(e -> e.getValue()).
-//// flatMap(List::stream).
-//// collect(Collectors.toList());
-//// //Collections.sort(onConversations, (c1, c2) -> c1.getPackets().)
-////
-//// List<PcapPacketPair> onPairs = onConversations.stream().
-//// map(c -> c.isTls() ? TcpConversationUtils.extractTlsAppDataPacketPairs(c) :
-//// TcpConversationUtils.extractPacketPairs(c)).
-//// flatMap(List::stream). // flatten List<List<>> to List<>
-//// collect(Collectors.toList());
-//// List<PcapPacketPair> offPairs = offConversations.stream().
-//// map(c -> c.isTls() ? TcpConversationUtils.extractTlsAppDataPacketPairs(c) :
-//// TcpConversationUtils.extractPacketPairs(c)).
-//// flatMap(List::stream). // flatten List<List<>> to List<>
-//// collect(Collectors.toList());
-//// // Note: need to update the DnsMap of all PcapPacketPairs if we want to use the IP/hostname-sensitive distance.
-//// Stream.concat(Stream.of(onPairs), Stream.of(offPairs)).flatMap(List::stream).forEach(p -> p.setDnsMap(dnsMap));
-//// // Perform clustering on conversation logged as part of all ON events.
-////// DBSCANClusterer<PcapPacketPair> onClusterer = new DBSCANClusterer<>(10.0, 45);
-//// DBSCANClusterer<PcapPacketPair> onClusterer = new DBSCANClusterer<>(2, 2);
-//// //DBSCANClusterer<PcapPacketPair> onClusterer = new DBSCANClusterer<>(10.0, 10);
-//// List<Cluster<PcapPacketPair>> onClusters = onClusterer.cluster(onPairs);
-//// // Perform clustering on conversation logged as part of all OFF events.
-////// DBSCANClusterer<PcapPacketPair> offClusterer = new DBSCANClusterer<>(10.0, 45);
-//// DBSCANClusterer<PcapPacketPair> offClusterer = new DBSCANClusterer<>(2, 2);
-//// //DBSCANClusterer<PcapPacketPair> offClusterer = new DBSCANClusterer<>(10.0, 10);
-//// List<Cluster<PcapPacketPair>> offClusters = offClusterer.cluster(offPairs);
-//// // Sort the conversations as reference
-//// List<Conversation> sortedAllConversation = TcpConversationUtils.sortConversationList(allConversations);
-//// // Output clusters
-//// System.out.println("========================================");
-//// System.out.println(" Clustering results for ON ");
-//// System.out.println(" Number of clusters: " + onClusters.size());
-//// int count = 0;
-//// List<List<List<PcapPacket>>> ppListOfListReadOn = new ArrayList<>();
-//// List<List<List<PcapPacket>>> ppListOfListListOn = new ArrayList<>();
-//// for (Cluster<PcapPacketPair> c : onClusters) {
-//// System.out.println(String.format("<<< Cluster #%02d (%03d points) >>>", ++count, c.getPoints().size()));
-//// System.out.print(PrintUtils.toSummaryString(c));
-//// if(c.getPoints().size() > 45 && c.getPoints().size() < 55) {
-//// //if(c.getPoints().size() > 25) {
-//// // Print to file
-//// List<List<PcapPacket>> ppListOfList = PcapPacketUtils.clusterToListOfPcapPackets(c);
-//// ppListOfListListOn.add(ppListOfList);
-//// }
-//// }
-//// // TODO: Merging test
-//// ppListOfListListOn = PcapPacketUtils.mergeSignatures(ppListOfListListOn, sortedAllConversation);
-//// // TODO: Need to remove sequence 550 567 for Blossom phone side since it is not a good signature (overlap)!
-////// PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOn, 1);
-//// // TODO: Need to remove sequence 69 296 for Blossom device side since it is not a good signature (overlap)!
-////// PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOn, 2);
-//// // TODO: Need to remove sequence number 2 for ST plug since it is not a good signature!
-//// //PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOn, 2);
-//// // TODO: Need to remove sequence number 0 for Arlo Camera since it is not a good signature!
-//// //PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOn, 0);
-//// // TODO: Need to remove sequence number 0 for TP-Link plug since it is not a good signature!
-//// // TODO: This sequence actually belongs to the local communication between the plug and the phone
-//// //PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOn, 0);
-//// ppListOfListListOn = PcapPacketUtils.sortSignatures(ppListOfListListOn);
-//// PcapPacketUtils.printSignatures(ppListOfListListOn);
-//// //count = 0;
-//// /*for (List<List<PcapPacket>> ll : ppListOfListListOn) {
-//// PrintUtils.serializeClustersIntoFile("./onSignature" + ++count + ".sig", ll);
-//// ppListOfListReadOn.add(PrintUtils.deserializeClustersFromFile("./onSignature" + count + ".sig"));
-//// }*/
-//// PrintUtils.serializeSignatureIntoFile("./onSignature.sig", ppListOfListListOn);
-//// ppListOfListReadOn = PrintUtils.deserializeSignatureFromFile("./onSignature.sig");
-////
-//// System.out.println("========================================");
-//// System.out.println(" Clustering results for OFF ");
-//// System.out.println(" Number of clusters: " + offClusters.size());
-//// count = 0;
-//// List<List<List<PcapPacket>>> ppListOfListReadOff = new ArrayList<>();
-//// List<List<List<PcapPacket>>> ppListOfListListOff = new ArrayList<>();
-//// for (Cluster<PcapPacketPair> c : offClusters) {
-//// System.out.println(String.format("<<< Cluster #%03d (%06d points) >>>", ++count, c.getPoints().size()));
-//// System.out.print(PrintUtils.toSummaryString(c));
-//// if(c.getPoints().size() > 45 && c.getPoints().size() < 55) {
-//// //if(c.getPoints().size() > 25) {
-//// // Print to file
-//// List<List<PcapPacket>> ppListOfList = PcapPacketUtils.clusterToListOfPcapPackets(c);
-//// ppListOfListListOff.add(ppListOfList);
-//// }
-//// }
-//// // TODO: Merging test
-//// ppListOfListListOff = PcapPacketUtils.mergeSignatures(ppListOfListListOff, sortedAllConversation);
-//// // TODO: Need to remove sequence 69 296 for Blossom device side since it is not a good signature (overlap)!
-////// PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOff, 3);
-//// // TODO: Need to remove sequence number 1 for Nest Thermostat since it is not a good signature!
-//// //PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOff, 1);
-//// // TODO: Need to remove sequence number 0 for Arlo Camera since it is not a good signature!
-////// PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOff, 1);
-//// // TODO: Need to remove sequence number 2 for ST plug since it is not a good signature!
-//// //PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOff, 2);
-//// // TODO: Need to remove sequence number 0 for TP-Link plug since it is not a good signature!
-//// // TODO: This sequence actually belongs to the local communication between the plug and the phone
-//// //PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOff, 0);
-//// ppListOfListListOff = PcapPacketUtils.sortSignatures(ppListOfListListOff);
-//// PcapPacketUtils.printSignatures(ppListOfListListOff);
-//// //count = 0;
-//// /*for (List<List<PcapPacket>> ll : ppListOfListListOff) {
-//// PrintUtils.serializeClustersIntoFile("./offSignature" + ++count + ".sig", ll);
-//// ppListOfListReadOff.add(PrintUtils.deserializeClustersFromFile("./offSignature" + count + ".sig"));
-//// }*/
-//// PrintUtils.serializeSignatureIntoFile("./offSignature.sig", ppListOfListListOff);
-//// ppListOfListReadOff = PrintUtils.deserializeSignatureFromFile("./offSignature.sig");
-//// System.out.println("========================================");
-// // ============================================================================================================
-//
-// // TODO: This part is just for DBSCAN sensitivity experiment
-// // TODO: This part is just for DBSCAN sensitivity experiment
-// // TODO: This part is just for DBSCAN sensitivity experiment
-// // TODO: This part is just for DBSCAN sensitivity experiment
-// // TODO: This part is just for DBSCAN sensitivity experiment
-// List<Conversation> onConversations = userActionToConversations.entrySet().stream().
-// filter(e -> e.getKey().getType() == Type.TOGGLE_ON). // drop all OFF events from stream
-// map(e -> e.getValue()). // no longer interested in the UserActions
-// flatMap(List::stream). // flatten List<List<T>> to a List<T>
-// collect(Collectors.toList());
-// List<Conversation> offConversations = userActionToConversations.entrySet().stream().
-// filter(e -> e.getKey().getType() == Type.TOGGLE_OFF).
-// map(e -> e.getValue()).
-// flatMap(List::stream).
-// collect(Collectors.toList());
-// //Collections.sort(onConversations, (c1, c2) -> c1.getPackets().)
-//
-// List<PcapPacketPair> onPairs = onConversations.stream().
-// map(c -> c.isTls() ? TcpConversationUtils.extractTlsAppDataPacketPairs(c) :
-// TcpConversationUtils.extractPacketPairs(c)).
-// flatMap(List::stream). // flatten List<List<>> to List<>
-// collect(Collectors.toList());
-// List<PcapPacketPair> offPairs = offConversations.stream().
-// map(c -> c.isTls() ? TcpConversationUtils.extractTlsAppDataPacketPairs(c) :
-// TcpConversationUtils.extractPacketPairs(c)).
-// flatMap(List::stream). // flatten List<List<>> to List<>
-// collect(Collectors.toList());
-// // Note: need to update the DnsMap of all PcapPacketPairs if we want to use the IP/hostname-sensitive distance.
-// Stream.concat(Stream.of(onPairs), Stream.of(offPairs)).flatMap(List::stream).forEach(p -> p.setDnsMap(dnsMap));
-//
-// double eps = 10; // loop from eps 1-10
-// int minPts = 50; // loop from minPts 30-50
-// for(int epsCount = 7; epsCount <= eps; epsCount++) {
-// for(int minPtsCount = 30; minPtsCount <= minPts; minPtsCount++) {
-// System.out.println("Eps: " + epsCount + " --- minPts: " + minPtsCount);
-// DBSCANClusterer<PcapPacketPair> onClusterer = new DBSCANClusterer<>(epsCount, minPtsCount);
-// DBSCANClusterer<PcapPacketPair> offClusterer = new DBSCANClusterer<>(epsCount, minPtsCount);
-// List<Cluster<PcapPacketPair>> onClusters = onClusterer.cluster(onPairs);
-// List<Cluster<PcapPacketPair>> offClusters = offClusterer.cluster(offPairs);
-// // Sort the conversations as reference
-// List<Conversation> sortedAllConversation = TcpConversationUtils.sortConversationList(allConversations);
-// // Output clusters
-// System.out.println("========================================");
-// System.out.println(" Clustering results for ON ");
-// System.out.println(" Number of clusters: " + onClusters.size());
-// int count = 0;
-// List<List<List<PcapPacket>>> ppListOfListListOn = new ArrayList<>();
-// for (Cluster<PcapPacketPair> c : onClusters) {
-// System.out.println(String.format("<<< Cluster #%02d (%03d points) >>>", ++count, c.getPoints().size()));
-//// System.out.print(PrintUtils.toSummaryString(c));
-// if (c.getPoints().size() > 45 && c.getPoints().size() < 55) {
-//// if(c.getPoints().size() > 25) {
-// // Print to file
-// List<List<PcapPacket>> ppListOfList = PcapPacketUtils.clusterToListOfPcapPackets(c);
-// ppListOfListListOn.add(ppListOfList);
-// }
-// }
-// PcapPacketUtils.printSignatures(ppListOfListListOn);
-//
-// System.out.println("========================================");
-// System.out.println(" Clustering results for OFF ");
-// System.out.println(" Number of clusters: " + offClusters.size());
-// count = 0;
-// List<List<List<PcapPacket>>> ppListOfListListOff = new ArrayList<>();
-// for (Cluster<PcapPacketPair> c : offClusters) {
-// System.out.println(String.format("<<< Cluster #%03d (%06d points) >>>", ++count, c.getPoints().size()));
-//// System.out.print(PrintUtils.toSummaryString(c));
-// if (c.getPoints().size() > 45 && c.getPoints().size() < 55) {
-// //if(c.getPoints().size() > 25) {
-// // Print to file
-// List<List<PcapPacket>> ppListOfList = PcapPacketUtils.clusterToListOfPcapPackets(c);
-// ppListOfListListOff.add(ppListOfList);
-// }
-// }
-// PcapPacketUtils.printSignatures(ppListOfListListOff);
-// System.out.println();
-// System.out.println();
-// System.out.println();
-// // ============================================================================================================
-// }
-// }
-
-
-// // ================================================================================================
-// // <<< Some work-in-progress/explorative code that extracts a "representative" sequence >>>
-// //
-// // Currently need to know relevant hostname in advance :(
-// String hostname = "events.tplinkra.com";
-//// String hostname = "rfe-us-west-1.dch.dlink.com";
-// // Conversations with 'hostname' for ON events.
-// List<Conversation> onsForHostname = new ArrayList<>();
-// // Conversations with 'hostname' for OFF events.
-// List<Conversation> offsForHostname = new ArrayList<>();
-// // "Unwrap" sequence groupings in ons/offs maps.
-// ons.get(hostname).forEach((k,v) -> onsForHostname.addAll(v));
-// offs.get(hostname).forEach((k,v) -> offsForHostname.addAll(v));
-//
-//
-// Map<String, List<Conversation>> onsForHostnameGroupedByTlsAppDataSequence = TcpConversationUtils.groupConversationsByTlsApplicationDataPacketSequence(onsForHostname);
-//
-//
-// // Extract representative sequence for ON and OFF by providing the list of conversations with
-// // 'hostname' observed for each event type (the training data).
-// SequenceExtraction seqExtraction = new SequenceExtraction();
-//// ExtractedSequence extractedSequenceForOn = seqExtraction.extract(onsForHostname);
-//// ExtractedSequence extractedSequenceForOff = seqExtraction.extract(offsForHostname);
-//
-// ExtractedSequence extractedSequenceForOn = seqExtraction.extractByTlsAppData(onsForHostname);
-// ExtractedSequence extractedSequenceForOff = seqExtraction.extractByTlsAppData(offsForHostname);
-//
-// // Let's check how many ONs align with OFFs and vice versa (that is, how many times an event is incorrectly
-// // labeled).
-// int onsLabeledAsOff = 0;
-// Integer[] representativeOnSeq = TcpConversationUtils.getPacketLengthSequence(extractedSequenceForOn.getRepresentativeSequence());
-// Integer[] representativeOffSeq = TcpConversationUtils.getPacketLengthSequence(extractedSequenceForOff.getRepresentativeSequence());
-// SequenceAlignment<Integer> seqAlg = seqExtraction.getAlignmentAlgorithm();
-// for (Conversation c : onsForHostname) {
-// Integer[] onSeq = TcpConversationUtils.getPacketLengthSequence(c);
-// if (seqAlg.calculateAlignment(representativeOffSeq, onSeq) <= extractedSequenceForOff.getMaxAlignmentCost()) {
-// onsLabeledAsOff++;
-// }
-// }
-// int offsLabeledAsOn = 0;
-// for (Conversation c : offsForHostname) {
-// Integer[] offSeq = TcpConversationUtils.getPacketLengthSequence(c);
-// if (seqAlg.calculateAlignment(representativeOnSeq, offSeq) <= extractedSequenceForOn.getMaxAlignmentCost()) {
-// offsLabeledAsOn++;
-// }
-// }
-// System.out.println("");
-// // ================================================================================================
-//
-//
-// // -------------------------------------------------------------------------------------------------------------
-// // -------------------------------------------------------------------------------------------------------------
- }
-
-}
-
-
-// TP-Link MAC 50:c7:bf:33:1f:09 and usually IP 192.168.1.159 (remember to verify per file)
-// frame.len >= 556 && frame.len <= 558 && ip.addr == 192.168.1.159
\ No newline at end of file
+++ /dev/null
-package edu.uci.iotproject.analysis;
-
-import org.pcap4j.core.PcapPacket;
-
-/**
- * TODO add class documentation.
- *
- * @author Janus Varmarken
- */
-public interface PcapPacketFilter {
-
- boolean shouldIncludePacket(PcapPacket packet);
-
-}
+++ /dev/null
-package edu.uci.iotproject.analysis;
-
-import edu.uci.iotproject.DnsMap;
-import edu.uci.iotproject.util.PcapPacketUtils;
-import org.apache.commons.math3.stat.clustering.Clusterable;
-import org.pcap4j.core.PcapPacket;
-
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.Collection;
-import java.util.Optional;
-import java.util.Set;
-import java.util.stream.Collectors;
-
-import static edu.uci.iotproject.util.PcapPacketUtils.getSourceIp;
-
-/**
- * <p>
- * A simple wrapper for holding a pair of packets (e.g., a request and associated reply packet).
- * </p>
- *
- * <b>Note:</b> we use the deprecated version
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class PcapPacketPair implements Clusterable<PcapPacketPair> {
-
- /**
- * If {@code true}, {@link #distanceFrom(PcapPacketPair)} will only consider if the sources of the two packets in
- * the {@link PcapPacketPair}s being compared match in terms of whether the IP is a local or a remote IP. It will
- * <em>not</em> check if the IPs/hostnames are actually the same. Set to {@code false} to make the comparison more
- * strict, i.e., to enforce the requirement that the respective IPs (or hostnames) in the packets of the two
- * {@link PcapPacketPair}s must be identical.
- */
- private static final boolean SIMPLIFIED_SOURCE_COMPARISON = true;
-
- private final PcapPacket mFirst;
-
- private final Optional<PcapPacket> mSecond;
-
- /**
- * IP to hostname mappings.
- * Allows for grouping packets with different source IPs that map to the same hostname into one cluster.
- */
- private DnsMap mDnsMap; // TODO implement and invoke setter
-
- public PcapPacketPair(PcapPacket first, PcapPacket second) {
- mFirst = first;
- mSecond = Optional.ofNullable(second);
- }
-
- public PcapPacket getFirst() { return mFirst; }
-
- public boolean isFirstClient() {
- String firstIp = PcapPacketUtils.getSourceIp(mFirst);
- InetAddress ia = null;
- try {
- ia = InetAddress.getByName(firstIp);
- } catch (UnknownHostException ex) {
- ex.printStackTrace();
- }
- return ia.isSiteLocalAddress();
- }
-
- public Optional<PcapPacket> getSecond() { return mSecond; }
-
- public boolean isSecondClient() {
- // Return the value of the second source if it is not null
- if (mSecond.isPresent()) {
- String secondIp = PcapPacketUtils.getSourceIp(mSecond.get());
- InetAddress ia = null;
- try {
- ia = InetAddress.getByName(secondIp);
- } catch (UnknownHostException ex) {
- ex.printStackTrace();
- }
- return ia.isSiteLocalAddress();
- } else {
- // When it is null, we always return the opposite of the first source's status
- return !isFirstClient();
- }
- }
-
- /**
- * Get the {@link DnsMap} that is queried for hostnames mappings when performing IP/hostname-sensitive clustering.
- * @return the {@link DnsMap} that is queried for hostnames mappings when performing IP/hostname-sensitive clustering.
- */
- public DnsMap getDnsMap() {
- return mDnsMap;
- }
-
- /**
- * Set the {@link DnsMap} to be queried for hostnames mappings when performing IP/hostname-sensitive clustering.
- * @param dnsMap a {@code DnsMap} to be queried for hostnames mappings when performing IP/hostname-sensitive clustering.
- */
- public void setDnsMap(final DnsMap dnsMap) {
- mDnsMap = dnsMap;
- }
-
- @Override
- public String toString() {
- return String.format("%d, %s",
- getFirst().getOriginalLength(),
- getSecond().map(pkt -> Integer.toString(pkt.getOriginalLength())).orElse("null"));
- }
-
- // =================================================================================================================
- // Begin implementation of org.apache.commons.math3.stat.clustering.Clusterable interface
- @Override
- public double distanceFrom(PcapPacketPair that) {
- if (SIMPLIFIED_SOURCE_COMPARISON) {
- // Direction of packets in terms of client-to-server or server-to-client must match, but we don't care about
- // IPs and hostnames
- if (this.isFirstClient() != that.isFirstClient() || this.isSecondClient() != that.isSecondClient()) {
- // Distance is maximal if mismatch in direction of packets
- return Double.MAX_VALUE;
- }
- } else {
- // Strict mode enabled: IPs/hostnames must match!
- // Extract src ips of both packets of each pair.
- String thisSrc1 = getSourceIp(this.getFirst());
- String thisSrc2 = this.getSecond().map(pp -> getSourceIp(pp)).orElse("");
- String thatSrc1 = getSourceIp(that.getFirst());
- String thatSrc2 = that.getSecond().map(pp -> getSourceIp(pp)).orElse("");
-
- // Replace IPs with hostnames if possible.
- thisSrc1 = mapToHostname(thisSrc1);
- thisSrc2 = mapToHostname(thisSrc2);
- thatSrc1 = mapToHostname(thatSrc1);
- thatSrc2 = mapToHostname(thatSrc2);
-
- if(!thisSrc1.equals(thatSrc1) || !thisSrc2.equals(thatSrc2)) {
- // Distance is maximal if sources differ.
- return Double.MAX_VALUE;
- }
- }
-
- // If the sources match, the distance is the Euclidean distance between each pair of packet lengths.
- int thisLen1 = this.getFirst().getOriginalLength();
- // TODO should discard pairs w/o second packet from clustering; replace below with getSecond().get() when done.
- int thisLen2 = this.getSecond().map(pp -> pp.getOriginalLength()).orElse(0);
- int thatLen1 = that.getFirst().getOriginalLength();
- // TODO should discard pairs w/o second packet from clustering; replace below with getSecond().get() when done.
- int thatLen2 = that.getSecond().map(pp -> pp.getOriginalLength()).orElse(0);
- return Math.sqrt(
- Math.pow(thisLen1 - thatLen1, 2) +
- Math.pow(thisLen2 - thatLen2, 2)
- );
- }
-
- @Override
- public PcapPacketPair centroidOf(Collection<PcapPacketPair> p) {
- // No notion of centroid in DBSCAN
- throw new UnsupportedOperationException("Not implemented; no notion of a centroid in DBSCAN.");
- }
- // End implementation of org.apache.commons.math3.stat.clustering.Clusterable interface
- // =================================================================================================================
-
- private String mapToHostname(String ip) {
- Set<String> hostnames = mDnsMap.getHostnamesForIp(ip);
- if (hostnames != null && hostnames.size() > 0) {
- // append hostnames back-to-back separated by a delimiter if more than one item in set
- // note: use sorted() to ensure that output remains consistent (as Set has no internal ordering of elements)
- String result = hostnames.stream().sorted().collect(Collectors.joining(" "));
- if (hostnames.size() > 1) {
- // One IP can map to multiple hostnames, although that is rare. For now just raise a warning.
- String warningStr = String.format(
- "%s.mapToHostname(): encountered an IP (%s) that maps to multiple hostnames (%s)",
- getClass().getSimpleName(), ip, result);
- System.err.println(warningStr);
- }
- return result;
- }
- // If unable to map to a hostname, return ip for ease of use; caller can overwrite input value, defaulting to
- // the original value if no mapping is found:
- // String src = "<some-ip>";
- // src = mapToHostname(src); // src is now either a hostname or the original ip.
- return ip;
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.analysis;
-
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.DnsMap;
-import edu.uci.iotproject.util.PcapPacketUtils;
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.IpV4Packet;
-import org.pcap4j.packet.TcpPacket;
-
-import java.util.*;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
-
-import static edu.uci.iotproject.util.PcapPacketUtils.*;
-
-/**
- * Utility functions for analyzing and structuring (sets of) {@link Conversation}s.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class TcpConversationUtils {
-
- /**
- * Identifies the adjacency type of the signature for merging.
- */
- public enum SignaturePosition {
- NOT_ADJACENT,
- LEFT_ADJACENT,
- RIGHT_ADJACENT
- }
-
- /**
- * <p>
- * Given a {@link Conversation}, extract its set of "packet pairs", i.e., pairs of request-reply packets.
- * <em>The extracted pairs are formed from the full set of payload-carrying TCP packets.</em>
- * </p>
- *
- * <b>Note:</b> in the current implementation, if one endpoint sends multiple packets back-to-back with no
- * interleaved reply packets from the other endpoint, such packets are converted to one-item pairs (i.e., instances
- * of {@link PcapPacketPair} where {@link PcapPacketPair#getSecond()} is {@code null}).
- *
- * @param conv The {@code Conversation} for which packet pairs are to be extracted.
- * @return The packet pairs extracted from {@code conv}.
- */
- public static List<PcapPacketPair> extractPacketPairs(Conversation conv) {
- return extractPacketPairs(conv.getPackets());
- }
-
-
- /**
- * <p>
- * Given a {@link Conversation}, extract its set of "packet pairs", i.e., pairs of request-reply packets.
- * <em>The extracted pairs are formed from the full set of TLS Application Data packets.</em>
- * </p>
- *
- * <b>Note:</b> in the current implementation, if one endpoint sends multiple packets back-to-back with no
- * interleaved reply packets from the other endpoint, such packets are converted to one-item pairs (i.e., instances
- * of {@link PcapPacketPair} where {@link PcapPacketPair#getSecond()} is {@code null}).
- *
- * @param conv The {@code Conversation} for which packet pairs are to be extracted.
- * @return The packet pairs extracted from {@code conv}.
- */
- public static List<PcapPacketPair> extractTlsAppDataPacketPairs(Conversation conv) {
- if (!conv.isTls()) {
- throw new IllegalArgumentException(String.format("Provided %s argument is not a TLS session"));
- }
- return extractPacketPairs(conv.getTlsApplicationDataPackets());
- }
-
- // Helper method for implementing the public API of similarly named methods.
- private static List<PcapPacketPair> extractPacketPairs(List<PcapPacket> packets) {
- List<PcapPacketPair> pairs = new ArrayList<>();
-// for(PcapPacket pp : packets) {
-// System.out.print(pp.length() + " ");
-// }
-// System.out.println();
-
- int i = 0;
- while (i < packets.size()) {
- PcapPacket p1 = packets.get(i);
- String p1SrcIp = p1.get(IpV4Packet.class).getHeader().getSrcAddr().getHostAddress();
- int p1SrcPort = p1.get(TcpPacket.class).getHeader().getSrcPort().valueAsInt();
- if (i+1 < packets.size()) {
- PcapPacket p2 = packets.get(i+1);
- if (PcapPacketUtils.isSource(p2, p1SrcIp, p1SrcPort)) {
- // Two packets in a row going in the same direction -> create one item pair for p1
- pairs.add(new PcapPacketPair(p1, null));
- // Advance one packet as the following two packets may form a valid two-item pair.
- i++;
- } else {
- // The two packets form a response-reply pair, create two-item pair.
- pairs.add(new PcapPacketPair(p1, p2));
- // Advance two packets as we have already processed the packet at index i+1 in order to create the pair.
- i += 2;
- //i++;
- }
- } else {
- // Last packet of conversation => one item pair
- pairs.add(new PcapPacketPair(p1, null));
- // Advance i to ensure termination.
- i++;
- }
- }
- return pairs;
- // TODO: what if there is long time between response and reply packet? Should we add a threshold and exclude those cases?
- }
-
- /**
- * Given a collection of TCP conversations and associated DNS mappings, groups the conversations by hostname.
- * @param tcpConversations The collection of TCP conversations.
- * @param ipHostnameMappings The associated DNS mappings.
- * @return A map where each key is a hostname and its associated value is a list of conversations where one of the
- * two communicating hosts is that hostname (i.e. its IP maps to the hostname).
- */
- public static Map<String, List<Conversation>> groupConversationsByHostname(Collection<Conversation> tcpConversations, DnsMap ipHostnameMappings) {
- HashMap<String, List<Conversation>> result = new HashMap<>();
- for (Conversation c : tcpConversations) {
- if (c.getPackets().size() == 0) {
- String warningStr = String.format("Detected a %s [%s] with no payload packets.",
- c.getClass().getSimpleName(), c.toString());
- System.err.println(warningStr);
- continue;
- }
- IpV4Packet firstPacketIp = c.getPackets().get(0).get(IpV4Packet.class);
- String ipSrc = firstPacketIp.getHeader().getSrcAddr().getHostAddress();
- String ipDst = firstPacketIp.getHeader().getDstAddr().getHostAddress();
- // Check if src or dst IP is associated with one or more hostnames.
- Set<String> hostnames = ipHostnameMappings.getHostnamesForIp(ipSrc);
- if (hostnames == null) {
- // No luck with src ip (possibly because it's a client->srv packet), try dst ip.
- hostnames = ipHostnameMappings.getHostnamesForIp(ipDst);
- }
- if (hostnames != null) {
- // Put a reference to the conversation for each of the hostnames that the conversation's IP maps to.
- for (String hostname : hostnames) {
- List<Conversation> newValue = new ArrayList<>();
- newValue.add(c);
- result.merge(hostname, newValue, (l1, l2) -> { l1.addAll(l2); return l1; });
- }
- if (hostnames.size() > 1) {
- // Print notice of IP mapping to multiple hostnames (debugging)
- System.err.println(String.format("%s: encountered an IP that maps to multiple (%d) hostnames",
- TcpConversationUtils.class.getSimpleName(), hostnames.size()));
- }
- } else {
- // If no hostname mapping, store conversation under the key that is the concatenation of the two IPs.
- // In order to ensure consistency when mapping conversations, use lexicographic order to select which IP
- // goes first.
- String delimiter = "_";
- // Note that the in case the comparison returns 0, the strings are equal, so it doesn't matter which of
- // ipSrc and ipDst go first (also, this case should not occur in practice as it means that the device is
- // communicating with itself!)
- String key = ipSrc.compareTo(ipDst) <= 0 ? ipSrc + delimiter + ipDst : ipDst + delimiter + ipSrc;
- List<Conversation> newValue = new ArrayList<>();
- newValue.add(c);
- result.merge(key, newValue, (l1, l2) -> { l1.addAll(l2); return l1; });
- }
- }
- return result;
- }
-
- public static Map<String, Integer> countPacketSequenceFrequencies(Collection<Conversation> conversations) {
- Map<String, Integer> result = new HashMap<>();
- for (Conversation conv : conversations) {
- if (conv.getPackets().size() == 0) {
- // Skip conversations with no payload packets.
- continue;
- }
- StringBuilder sb = new StringBuilder();
- for (PcapPacket pp : conv.getPackets()) {
- sb.append(pp.length() + " ");
- }
- result.merge(sb.toString(), 1, (i1, i2) -> i1+i2);
- }
- return result;
- }
-
- /**
- * Given a {@link Collection} of {@link Conversation}s, builds a {@link Map} from {@link String} to {@link List}
- * of {@link Conversation}s such that each key is the <em>concatenation of the packet lengths of all payload packets
- * (i.e., the set of packets returned by {@link Conversation#getPackets()}) separated by a delimiter</em> of any
- * {@link Conversation} pointed to by that key. In other words, what the {@link Conversation}s {@code cs} pointed to
- * by the key {@code s} have in common is that they all contain exactly the same number of payload packets <em>and
- * </em> these payload packets are identical across all {@code Conversation}s in {@code cs} in terms of packet
- * length and packet order. For example, if the key is "152 440 550", this means that every individual
- * {@code Conversation} in the list of {@code Conversation}s pointed to by that key contain exactly three payload
- * packet of lengths 152, 440, and 550, and these three packets are ordered in the order prescribed by the key.
- *
- * @param conversations The collection of {@code Conversation}s to group by packet sequence.
- * @param verbose If set to {@code true}, the grouping (and therefore the key) will also include SYN/SYNACK,
- * FIN/FINACK, RST packets, and each payload-carrying packet will have an indication of the direction
- * of the packet prepended.
- * @return a {@link Map} from {@link String} to {@link List} of {@link Conversation}s such that each key is the
- * <em>concatenation of the packet lengths of all payload packets (i.e., the set of packets returned by
- * {@link Conversation#getPackets()}) separated by a delimiter</em> of any {@link Conversation} pointed to
- * by that key.
- */
- public static Map<String, List<Conversation>> groupConversationsByPacketSequence(Collection<Conversation> conversations, boolean verbose) {
- return conversations.stream().collect(Collectors.groupingBy(c -> toSequenceString(c, verbose)));
- }
-
- public static Map<String, List<Conversation>> groupConversationsByTlsApplicationDataPacketSequence(Collection<Conversation> conversations) {
- return conversations.stream().collect(Collectors.groupingBy(
- c -> c.getTlsApplicationDataPackets().stream().map(p -> Integer.toString(p.getOriginalLength())).
- reduce("", (s1, s2) -> s1.length() == 0 ? s2 : s1 + " " + s2))
- );
- }
-
- /**
- * Given a {@link Conversation}, counts the frequencies of each unique packet length seen as part of the
- * {@code Conversation}.
- * @param c The {@code Conversation} for which unique packet length frequencies are to be determined.
- * @return A mapping from packet length to its frequency.
- */
- public static Map<Integer, Integer> countPacketLengthFrequencies(Conversation c) {
- Map<Integer, Integer> result = new HashMap<>();
- for (PcapPacket packet : c.getPackets()) {
- result.merge(packet.length(), 1, (i1, i2) -> i1 + i2);
- }
- return result;
- }
-
- /**
- * Like {@link #countPacketLengthFrequencies(Conversation)}, but counts packet length frequencies for a collection
- * of {@code Conversation}s, i.e., the frequency of a packet length becomes the total number of packets with that
- * length across <em>all</em> {@code Conversation}s in {@code conversations}.
- * @param conversations The collection of {@code Conversation}s for which packet length frequencies are to be
- * counted.
- * @return A mapping from packet length to its frequency.
- */
- public static Map<Integer, Integer> countPacketLengthFrequencies(Collection<Conversation> conversations) {
- Map<Integer, Integer> result = new HashMap<>();
- for (Conversation c : conversations) {
- Map<Integer, Integer> intermediateResult = countPacketLengthFrequencies(c);
- for (Map.Entry<Integer, Integer> entry : intermediateResult.entrySet()) {
- result.merge(entry.getKey(), entry.getValue(), (i1, i2) -> i1 + i2);
- }
- }
- return result;
- }
-
- public static Map<String, Integer> countPacketPairFrequencies(Collection<PcapPacketPair> pairs) {
- Map<String, Integer> result = new HashMap<>();
- for (PcapPacketPair ppp : pairs) {
- result.merge(ppp.toString(), 1, (i1, i2) -> i1 + i2);
- }
- return result;
- }
-
- public static Map<String, Map<String, Integer>> countPacketPairFrequenciesByHostname(Collection<Conversation> tcpConversations, DnsMap ipHostnameMappings) {
- Map<String, List<Conversation>> convsByHostname = groupConversationsByHostname(tcpConversations, ipHostnameMappings);
- HashMap<String, Map<String, Integer>> result = new HashMap<>();
- for (Map.Entry<String, List<Conversation>> entry : convsByHostname.entrySet()) {
- // Merge all packet pairs exchanged during the course of all conversations with hostname into one list
- List<PcapPacketPair> allPairsExchangedWithHostname = new ArrayList<>();
- entry.getValue().forEach(conversation -> allPairsExchangedWithHostname.addAll(extractPacketPairs(conversation)));
- // Then count the frequencies of packet pairs exchanged with the hostname, irrespective of individual
- // conversations
- result.put(entry.getKey(), countPacketPairFrequencies(allPairsExchangedWithHostname));
- }
- return result;
- }
-
- /**
- * Given a {@link Conversation}, extract its packet length sequence.
- * @param c The {@link Conversation} from which a packet length sequence is to be extracted.
- * @return An {@code Integer[]} that holds the packet lengths of all payload-carrying packets in {@code c}. The
- * packet lengths in the returned array are ordered by packet timestamp.
- */
- public static Integer[] getPacketLengthSequence(Conversation c) {
- return getPacketLengthSequence(c.getPackets());
- }
-
-
- /**
- * Given a {@link Conversation}, extract its packet length sequence, but only include packet lengths of those
- * packets that carry TLS Application Data.
- * @param c The {@link Conversation} from which a TLS Application Data packet length sequence is to be extracted.
- * @return An {@code Integer[]} that holds the packet lengths of all packets in {@code c} that carry TLS Application
- * Data. The packet lengths in the returned array are ordered by packet timestamp.
- */
- public static Integer[] getPacketLengthSequenceTlsAppDataOnly(Conversation c) {
- if (!c.isTls()) {
- throw new IllegalArgumentException("Provided " + c.getClass().getSimpleName() + " was not a TLS session");
- }
- return getPacketLengthSequence(c.getTlsApplicationDataPackets());
- }
-
- /**
- * Given a list of packets, extract the packet lengths and wrap them in an array such that the packet lengths in the
- * resulting array appear in the same order as their corresponding packets in the input list.
- * @param packets The list of packets for which the packet lengths are to be extracted.
- * @return An array containing the packet lengths in the same order as their corresponding packets in the input list.
- */
- private static Integer[] getPacketLengthSequence(List<PcapPacket> packets) {
- return packets.stream().map(pkt -> pkt.getOriginalLength()).toArray(Integer[]::new);
- }
-
- /**
- * Builds a string representation of the sequence of packets exchanged as part of {@code c}.
- * @param c The {@link Conversation} for which a string representation of the packet sequence is to be constructed.
- * @param verbose {@code true} if set to true, the returned sequence string will also include SYN/SYNACK,
- * FIN/FINACK, RST packets, as well as an indication of the direction of payload-carrying packets.
- * @return a string representation of the sequence of packets exchanged as part of {@code c}.
- */
- private static String toSequenceString(Conversation c, boolean verbose) {
- // Payload-parrying packets are always included, but only prepend direction if verbose output is chosen.
- Stream<String> s = c.getPackets().stream().map(p -> verbose ? c.getDirection(p).toCompactString() + p.getOriginalLength() : Integer.toString(p.getOriginalLength()));
- if (verbose) {
- // In the verbose case, we also print SYN, FIN and RST packets.
- // Convert the SYN packets to a string representation and prepend them in front of the payload packets.
- s = Stream.concat(c.getSynPackets().stream().map(p -> isSyn(p) && isAck(p) ? "SYNACK" : "SYN"), s);
- // Convert the FIN packets to a string representation and append them after the payload packets.
- s = Stream.concat(s, c.getFinAckPairs().stream().map(f -> f.isAcknowledged() ? "FINACK" : "FIN"));
- // Convert the RST packets to a string representation and append at the end.
- s = Stream.concat(s, c.getRstPackets().stream().map(r -> "RST"));
- }
- /*
- * Note: the collector internally uses a StringBuilder, which is more efficient than simply doing string
- * concatenation as in the following example:
- * s.reduce("", (s1, s2) -> s1.length() == 0 ? s2 : s1 + " " + s2);
- * (above code is O(N^2) where N is the number of characters)
- */
- return s.collect(Collectors.joining(" "));
- }
-
- /**
- * Set of port numbers that we consider TLS traffic.
- * Note: purposefully initialized as a {@link HashSet} to get O(1) {@code contains()} call.
- */
- private static final Set<Integer> TLS_PORTS = Stream.of(443, 8443, 41143).
- collect(Collectors.toCollection(HashSet::new));
-
- /**
- * Check if a given port number is considered a TLS port.
- * @param port The port number to check.
- * @return {@code true} if the port number is considered a TLS port, {@code false} otherwise.
- */
- public static boolean isTlsPort(int port) {
- return TLS_PORTS.contains(port);
- }
-
- /**
- * Appends a space to {@code sb} <em>iff</em> {@code sb} already contains some content.
- * @param sb A {@link StringBuilder} that should have a space appended <em>iff</em> it is not empty.
- */
- private static void appendSpaceIfNotEmpty(StringBuilder sb) {
- if (sb.length() != 0) {
- sb.append(" ");
- }
- }
-
- /**
- * Given a list of {@link Conversation} objects, sort them by timestamps.
- * @param conversations The list of {@link Conversation} objects to be sorted.
- * @return A sorted list of {@code Conversation} based on timestamps of the first
- * packet in the {@code Conversation}.
- */
- public static List<Conversation> sortConversationList(List<Conversation> conversations) {
- // Get rid of Conversation objects with no packets.
- conversations.removeIf(x -> x.getPackets().size() == 0);
- // Sort the list based on the first packet's timestamp!
- Collections.sort(conversations, (c1, c2) ->
- c1.getPackets().get(0).getTimestamp().compareTo(c2.getPackets().get(0).getTimestamp()));
- return conversations;
- }
-
- /**
- * Given a {@code List} of {@link Conversation} objects, find one that has the given {@code List}
- * of {@code PcapPacket}.
- * @param conversations The {@code List} of {@link Conversation} objects as reference.
- * @param ppList The {@code List} of {@code PcapPacket} objects to search in the {@code List} of {@link Conversation}.
- * @return A {@code Conversation} that contains the given {@code List} of {@code PcapPacket}.
- */
- public static Conversation returnConversation(List<PcapPacket> ppList, List<Conversation> conversations) {
- // TODO: This part of comparison takes into account that the list of conversations is not sorted
- // TODO: We could optimize this to have a better performance by requiring a sorted-by-timestamp list
- // TODO: as a parameter
- // Find a Conversation that ppList is part of
- for (Conversation c : conversations) {
- // Figure out if c is the Conversation that ppList is in
- if (isPartOfConversation(ppList, c)) {
- return c;
- }
- }
- // Return null if not found
- return null;
- }
-
- /**
- * Given a {@link Conversation} objects, check if {@code List} of {@code PcapPacket} is part of it and return the
- * adjacency label based on {@code SignaturePosition}.
- * @param conversation The {@link Conversation} object as reference.
- * @param ppListFirst The first {@code List} of {@code PcapPacket} objects in the {@link Conversation}.
- * @param ppListSecond The second {@code List} of {@code PcapPacket} objects in the {@link Conversation} whose
- * position will be observed in the {@link Conversation} with respect to ppListFirst.
- * @return A {@code SignaturePosition} that represents the position of the signature against another signature
- * in a {@link Conversation}.
- */
- public static SignaturePosition isPartOfConversationAndAdjacent(List<PcapPacket> ppListFirst,
- List<PcapPacket> ppListSecond,
- Conversation conversation) {
- // Take the first element in ppList and compare it
- // The following elements in ppList are guaranteed to be in the same Conversation
- // TODO: This part of comparison takes into account that the list of conversations is not sorted
- // TODO: We could optimize this to have a better performance by requiring a sorted-by-timestamp list
- // TODO: as a parameter
- if (isPartOfConversation(ppListSecond, conversation)) {
- // Compare the first element of ppListSecond with the last element of ppListFirst to know
- // whether ppListSecond is RIGHT_ADJACENT relative to ppListFirst.
- PcapPacket lastElOfFirstList = ppListFirst.get(ppListFirst.size() - 1);
- PcapPacket firstElOfSecondList = ppListSecond.get(0);
- // If the positions of the two are in order, then they are adjacent.
- int indexOfLastElOfFirstList = returnIndexInConversation(lastElOfFirstList, conversation);
- int indexOfFirstElOfSecondList = returnIndexInConversation(firstElOfSecondList, conversation);
- if(indexOfLastElOfFirstList + 1 == indexOfFirstElOfSecondList) {
- return SignaturePosition.RIGHT_ADJACENT;
- }
- // NOT RIGHT_ADJACENT, so check for LEFT_ADJACENT.
- // Compare the first element of ppListRight with the last element of ppListSecond to know
- // whether ppListSecond is LEFT_ADJACENT relative to ppListFirst.
- PcapPacket firstElOfFirstList = ppListFirst.get(0);
- PcapPacket lastElOfSecondList = ppListSecond.get(ppListSecond.size() - 1);
- // If the positions of the two are in order, then they are adjacent.
- int indexOfFirstElOfFirstList = returnIndexInConversation(firstElOfFirstList, conversation);
- int indexOfLastElOfSecondList = returnIndexInConversation(lastElOfSecondList, conversation);
- if(indexOfLastElOfSecondList + 1 == indexOfFirstElOfFirstList) {
- return SignaturePosition.LEFT_ADJACENT;
- }
- }
- // Return NOT_ADJACENT if not found.
- return SignaturePosition.NOT_ADJACENT;
- }
-
- /**
- * Given a {@link Conversation} objects, check if {@code List} of {@code PcapPacket} is part of it.
- * @param conversation The {@link Conversation} object as reference.
- * @param ppList The {@code List} of {@code PcapPacket} objects to search in the {@link Conversation}.
- * @return A {@code Boolean} value that represents the presence of the {@code List} of {@code PcapPacket} in
- * the {@link Conversation}.
- */
- private static boolean isPartOfConversation(List<PcapPacket> ppList, Conversation conversation) {
- // Find the first element of ppList in conversation.
- if (conversation.getPackets().contains(ppList.get(0)))
- return true;
- // Return false if not found.
- return false;
- }
-
- /**
- * Given a {@link Conversation} objects, check the index of a {@code PcapPacket} in it.
- * @param conversation The {@link Conversation} object as reference.
- * @param pp The {@code PcapPacket} object to search in the {@link Conversation}.
- * @return An {@code Integer} value that gives the index of the {@code PcapPacket} in the {@link Conversation}.
- */
- private static int returnIndexInConversation(PcapPacket pp, Conversation conversation) {
- // Find pp in conversation.
- if (conversation.getPackets().contains(pp))
- return conversation.getPackets().indexOf(pp);
- // Return -1 if not found.
- return -1;
- }
-}
+++ /dev/null
-package edu.uci.iotproject.analysis;
-
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.DnsMap;
-import edu.uci.iotproject.trafficreassembly.layer3.TcpReassembler;
-import org.pcap4j.core.PacketListener;
-import org.pcap4j.core.PcapPacket;
-
-import java.time.Instant;
-import java.util.*;
-import java.util.function.Function;
-
-/**
- * A {@link PacketListener} that marks network traffic as (potentially) related to a user's actions by comparing the
- * timestamp of each packet to the timestamps of the provided list of user actions.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class TrafficLabeler implements PacketListener {
-
- private final Map<UserAction, List<PcapPacket>> mActionToTrafficMap;
- private final List<UserAction> mActionsSorted;
- /**
- * The total number of packets labeled, i.e, the sum of the sizes of the values in {@link #mActionToTrafficMap}.
- */
- private long mPackets = 0;
-
- public TrafficLabeler(List<UserAction> userActions) {
- // Init map with empty lists (no packets have been mapped to UserActions at the onset).
- mActionToTrafficMap = new HashMap<>();
- userActions.forEach(ua -> mActionToTrafficMap.put(ua, new ArrayList<>()));
- // Sort list of UserActions by timestamp in order to facilitate fast Packet-to-UserAction mapping.
- // For safety reasons, we create an internal copy of the list to prevent external code from changing the list's
- // contents as that would render our assumptions about order of elements invalid.
- // In addition, this also ensures that we do not break assumptions made by external code as we avoid reordering
- // the elements of the list passed from the external code.
- // If performance is to be favored over safety, assign userActions to mActionsSorted directly.
- mActionsSorted = new ArrayList<>();
- mActionsSorted.addAll(userActions);
- Collections.sort(mActionsSorted, (ua1, ua2) -> ua1.getTimestamp().compareTo(ua2.getTimestamp()));
- }
-
-
- @Override
- public void gotPacket(PcapPacket packet) {
- // Locate UserAction corresponding to packet, if any.
- int index = Collections.binarySearch(mActionsSorted, new UserAction(null, packet.getTimestamp()), (listItem, key) -> {
- // Start of inclusion interval is the time of the user action
- Instant intervalStart = listItem.getTimestamp();
- // End of inclusion interval is some arbitrary number of milliseconds after the user action.
- Instant intervalEnd = intervalStart.plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS);
- if (key.getTimestamp().isAfter(intervalStart) && key.getTimestamp().isBefore(intervalEnd)) {
- // Packet lies within specified interval after the current UserAction, so we're done.
- // Communicate termination to binarySearch by returning 0 which indicates equality.
- return 0;
- }
- // If packet lies outside inclusion interval of current list item, continue search in lower or upper half of
- // list depending on whether the timestamp of the current list item is smaller or greater than that of the
- // packet.
- return listItem.getTimestamp().compareTo(key.getTimestamp());
- });
- if (index >= 0) {
- // Associate the packet to the its corresponding user action (located during the binary search above).
- mActionToTrafficMap.get(mActionsSorted.get(index)).add(packet);
- mPackets++;
- }
- // Ignore packet if it is not found to be in temporal proximity of a user action.
- }
-
- /**
- * Get the total number of packets labeled by this {@code TrafficLabeler}.
- *
- * @return the total number of packets labeled by this {@code TrafficLabeler}.
- */
- public long getTotalPacketCount() {
- return mPackets;
- }
-
- /**
- * Get the labeled traffic.
- *
- * @return A {@link Map} in which a {@link UserAction} points to a {@link List} of {@link PcapPacket}s believed to
- * be related (occurring as a result of) that {@code UserAction}.
- */
- public Map<UserAction, List<PcapPacket>> getLabeledTraffic() {
- return Collections.unmodifiableMap(mActionToTrafficMap);
- }
-
- /**
- * Like {@link #getLabeledTraffic()}, but allows the caller to supply a mapping function that is applied to
- * the traffic associated with each {@link UserAction} (the traffic label) before returning the labeled traffic.
- * This may for example be useful for a caller who wishes to perform some postprocessing of labeled traffic, e.g.,
- * in order to perform additional filtering or to transform the representation of labeled traffic.
- * <p>
- * An example usecase is provided in {@link #getLabeledReassembledTcpTraffic()} which uses this function to
- * build a {@link Map} in which a {@link UserAction} points to the reassembled TCP connections believed to have
- * occurred as a result of that {@code UserAction}.
- * </p>
- *
- * @param mappingFunction A mapping function that converts a {@link List} of {@link PcapPacket} into some other type
- * {@code T}.
- * @param <T> The return type of {@code mappingFunction}.
- * @return A {@link Map} in which a {@link UserAction} points to the result of applying {@code mappingFunction} to
- * the set of packets believed to be related (occurring as a result of) that {@code UserAction}.
- */
- public <T> Map<UserAction, T> getLabeledTraffic(Function<List<PcapPacket>, T> mappingFunction) {
- Map<UserAction, T> result = new HashMap<>();
- mActionToTrafficMap.forEach((ua, packets) -> result.put(ua, mappingFunction.apply(packets)));
- return result;
- }
-
-
- /**
- * Get the labeled traffic reassembled as TCP connections (<b>note:</b> <em>discards</em> all non-TCP traffic).
- *
- * @return A {@link Map} in which a {@link UserAction} points to a {@link List} of {@link Conversation}s believed to
- * be related (occurring as a result of) that {@code UserAction}.
- */
- public Map<UserAction, List<Conversation>> getLabeledReassembledTcpTraffic() {
- return getLabeledTraffic(packets -> {
- TcpReassembler tcpReassembler = new TcpReassembler();
- packets.forEach(p -> tcpReassembler.gotPacket(p));
- return tcpReassembler.getTcpConversations();
- });
- }
-
- /**
- * Like {@link #getLabeledReassembledTcpTraffic()}, but uses the provided {@code ipHostnameMappings} to group
- * {@link Conversation}s by hostname.
- *
- * @param ipHostnameMappings A {@link DnsMap} with IP to hostname mappings used for reverse DNS lookup.
- * @return A {@link Map} in which a {@link UserAction} points to the set of {@link Conversation}s believed to be
- * related (occurring as a result of) that {@code UserAction}. More precisely, each {@code UserAction} in
- * the returned {@code Map} points to <em>another</em> {@code Map} in which a hostname points to the set of
- * {@code Conversation}s involving that hostname.
- */
- public Map<UserAction, Map<String, List<Conversation>>> getLabeledReassembledTcpTraffic(DnsMap ipHostnameMappings) {
- return getLabeledTraffic(packets -> {
- TcpReassembler tcpReassembler = new TcpReassembler();
- packets.forEach(p -> tcpReassembler.gotPacket(p));
- return TcpConversationUtils.groupConversationsByHostname(tcpReassembler.getTcpConversations(), ipHostnameMappings);
- });
- }
-
-}
\ No newline at end of file
+++ /dev/null
-package edu.uci.iotproject.analysis;
-
-import edu.uci.iotproject.io.PcapHandleReader;
-import org.pcap4j.core.*;
-
-import java.time.Instant;
-import java.util.Collections;
-import java.util.List;
-import java.util.concurrent.TimeoutException;
-
-/**
- * TODO add class documentation.
- *
- * @author Janus Varmarken
- */
-public class TriggerTrafficExtractor implements PcapPacketFilter {
-
- private final String mPcapFilePath;
- private final List<Instant> mTriggerTimes;
- private final String mDeviceIp;
-
- private int mTriggerIndex = 0;
-
- /**
- * The total number of packets marked for inclusion during one run of {@link #performExtraction(PacketListener...)}.
- */
- private long mIncludedPackets = 0;
-
- public static final int INCLUSION_WINDOW_MILLIS = 15_000;
-
- public TriggerTrafficExtractor(String pcapFilePath, List<Instant> triggerTimes, String deviceIp) throws PcapNativeException, NotOpenException {
- mPcapFilePath = pcapFilePath;
- // Ensure that trigger times are sorted in ascending as we rely on this fact in the logic that works out if a
- // packet is related to a trigger.
- Collections.sort(triggerTimes, (i1, i2) -> {
- if (i1.isBefore(i2)) return -1;
- else if (i2.isBefore(i1)) return 1;
- else return 0;
- });
- mTriggerTimes = Collections.unmodifiableList(triggerTimes);
- mDeviceIp = deviceIp;
- }
-
-
- public void performExtraction(PacketListener... extractedPacketsConsumers) throws PcapNativeException, NotOpenException, TimeoutException {
- // Reset trigger index and packet counter in case client code chooses to rerun the extraction.
- mTriggerIndex = 0;
- mIncludedPackets = 0;
- PcapHandle handle;
- try {
- handle = Pcaps.openOffline(mPcapFilePath, PcapHandle.TimestampPrecision.NANO);
- } catch (PcapNativeException pne) {
- handle = Pcaps.openOffline(mPcapFilePath);
- }
- // Use the native support for BPF to immediately filter irrelevant traffic.
- handle.setFilter("ip host " + mDeviceIp, BpfProgram.BpfCompileMode.OPTIMIZE);
- PcapHandleReader pcapReader = new PcapHandleReader(handle, this, extractedPacketsConsumers);
- pcapReader.readFromHandle();
-
- }
-
- /**
- * Return the number of extracted packets (i.e., packets selected for inclusion) as a result of the most recent call
- * to {@link #performExtraction(PacketListener...)}.
- *
- * @return the number of extracted packets (i.e., packets selected for inclusion) as a result of the most recent
- * call to {@link #performExtraction(PacketListener...)}.
- */
- public long getPacketsIncludedCount() {
- return mIncludedPackets;
- }
-
- @Override
- public boolean shouldIncludePacket(PcapPacket packet) {
- // New version. Simpler, but slower: the later a packet arrives, the more elements of mTriggerTimes will need to
- // be traversed.
- boolean include = mTriggerTimes.stream().anyMatch(
- trigger -> trigger.isBefore(packet.getTimestamp()) &&
- packet.getTimestamp().isBefore(trigger.plusMillis(INCLUSION_WINDOW_MILLIS))
- );
- if (include) {
- mIncludedPackets++;
- }
- return include;
-
- /*
- // Old version. Faster, but more complex - is it correct?
- if (mTriggerIndex >= mTriggerTimes.size()) {
- // Don't include packet if we've exhausted the list of trigger times.
- return false;
- }
-
- // TODO hmm, is this correct?
- Instant trigger = mTriggerTimes.get(mTriggerIndex);
- if (trigger.isBefore(packet.getTimestamp()) &&
- packet.getTimestamp().isBefore(trigger.plusMillis(INCLUSION_WINDOW_MILLIS))) {
- // Packet lies within INCLUSION_WINDOW_MILLIS after currently considered trigger, include it.
- return true;
- } else {
- if (!trigger.isBefore(packet.getTimestamp())) {
- // Packet is before currently considered trigger, so it shouldn't be included
- return false;
- } else {
- // Packet is >= INCLUSION_WINDOW_MILLIS after currently considered trigger.
- // Proceed to next trigger to see if it lies in range of that.
- // Note that there's an assumption here that no two trigger intervals don't overlap!
- mTriggerIndex++;
- return shouldIncludePacket(packet);
- }
- }
- */
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.analysis;
-
-import java.time.Instant;
-import java.time.ZoneId;
-import java.time.format.DateTimeFormatter;
-
-/**
- * Models a user's action, such as toggling the smart plug on/off at a given time.
- *
- * @author Janus Varmarken
- */
-public class UserAction {
-
- private static volatile DateTimeFormatter TIMESTAMP_FORMATTER = DateTimeFormatter.ISO_ZONED_DATE_TIME.
- withZone(ZoneId.of("America/Los_Angeles"));
-
- /**
- * Sets the {@link DateTimeFormatter} used when outputting a user action as a string and parsing a user action from
- * a string.
- * @param formatter The formatter to use for outputting and parsing.
- */
- public static void setTimestampFormatter(DateTimeFormatter formatter) {
- TIMESTAMP_FORMATTER = formatter;
- }
-
- /**
- * Instantiates a {@code UserAction} from a string that obeys the format used in {@link UserAction#toString()}.
- * @param string The string that represents a {@code UserAction}
- * @return A {@code UserAction} resulting from deserializing the string.
- */
- public static UserAction fromString(String string) {
- String[] parts = string.split("@");
- if (parts.length != 2) {
- throw new IllegalArgumentException("Invalid string format");
- }
- // If any of these two parses fail, an exception is thrown -- no need to check return values.
- UserAction.Type actionType = UserAction.Type.valueOf(parts[0].trim());
- Instant timestamp = TIMESTAMP_FORMATTER.parse(parts[1].trim(), Instant::from);
- return new UserAction(actionType, timestamp);
- }
-
-
- /**
- * The specific type of action the user performed.
- */
- private final Type mType;
-
- /**
- * The time the action took place.
- */
- private final Instant mTimestamp;
-
- public UserAction(Type typeOfAction, Instant timeOfAction) {
- mType = typeOfAction;
- mTimestamp = timeOfAction;
- }
-
- /**
- * Get the specific type of action performed by the user.
- * @return the specific type of action performed by the user.
- */
- public Type getType() {
- return mType;
- }
-
- /**
- * Get the time at which the user performed this action.
- * @return the time at which the user performed this action.
- */
- public Instant getTimestamp() {
- return mTimestamp;
- }
-
- /**
- * Enum for indicating what type of action the user performed.
- */
- public enum Type {
- TOGGLE_ON, TOGGLE_OFF
- }
-
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (obj instanceof UserAction) {
- UserAction that = (UserAction) obj;
- return this.mType == that.mType && this.mTimestamp.equals(that.mTimestamp);
- } else {
- return false;
- }
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int hashCode = 17;
- hashCode = prime * hashCode + mType.hashCode();
- hashCode = prime * hashCode + mTimestamp.hashCode();
- return hashCode;
- }
-
- @Override
- public String toString() {
- return String.format("%s @ %s", mType.name(), TIMESTAMP_FORMATTER.format(mTimestamp));
- }
-}
+++ /dev/null
-package edu.uci.iotproject.comparison;
-
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.FlowPattern;
-
-/**
- * Models the result of comparing a {@link Conversation} and a {@link FlowPattern}.
- *
- * @param <T> The type of the result; can be something as simple as a {@code Boolean} for a complete match comparison or
- * or a complex data type for more sophisticated comparisons.
- */
-public abstract class AbstractPatternComparisonResult<T> {
-
- /**
- * The result of the comparison.
- */
- private final T mResult;
-
- /**
- * The {@code Conversation} that was compared against {@link #mFlowPattern}.
- */
- protected final Conversation mConversation;
-
- /**
- * The {@code FlowPattern} that {@link #mConversation} was compared against.
- */
- protected final FlowPattern mFlowPattern;
-
- public AbstractPatternComparisonResult(Conversation conversation, FlowPattern flowPattern, T result) {
- this.mResult = result;
- this.mConversation = conversation;
- this.mFlowPattern = flowPattern;
- }
-
- /**
- * Gets the result of the comparison.
- * @return the result of the comparison
- */
- public T getResult() {
- return mResult;
- }
-
- /**
- * Get a textual description of the comparison result suitable for output on std.out.
- * @return a textual description of the comparison result suitable for output on std.out.
- */
- abstract public String getTextualDescription();
-
-}
\ No newline at end of file
+++ /dev/null
-package edu.uci.iotproject.comparison;
-
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.FlowPattern;
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.TcpPacket;
-
-import java.util.List;
-import java.util.function.BiFunction;
-
-/**
- * Contains concrete implementations of comparison functions that compare a {@link Conversation} and a {@link FlowPattern}.
- * These functions are supplied to {@link PatternComparisonTask} which in turn facilitates comparison on a background thread.
- * This design provides plugability: currently, we only support complete match comparison, but further down the road we
- * can simply introduce more sophisticated comparison functions here (e.g. Least Common Substring) simply replace the
- * argument passed to the {@link PatternComparisonTask} constructor to switch between the different implementations.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class ComparisonFunctions {
-
- /**
- * Comparison function that checks for a <em>complete</em> match, i.e. a match in which every packet in the
- * {@link Conversation} has the same length as the corresponding packet in the {@link FlowPattern}.
- */
- public static final BiFunction<Conversation, FlowPattern, CompleteMatchPatternComparisonResult> COMPLETE_MATCH = (conversation, flowPattern) -> {
- List<PcapPacket> convPackets = conversation.getPackets();
- if (convPackets.size() != flowPattern.getLength()) {
- return new CompleteMatchPatternComparisonResult(conversation, flowPattern, false);
- }
- for (int i = 0; i < convPackets.size(); i++) {
- TcpPacket tcpPacket = convPackets.get(i).get(TcpPacket.class);
- if (tcpPacket.getPayload().length() != flowPattern.getPacketOrder().get(i)) {
- return new CompleteMatchPatternComparisonResult(conversation, flowPattern, false);
- }
- }
- return new CompleteMatchPatternComparisonResult(conversation, flowPattern, true);
- };
-
- /**
- * Comparison function that searches a {@link Conversation} looking for the presence of a complete match of a {@link FlowPattern}.
- * Unlike {@link #COMPLETE_MATCH}, which searches for a 1:1 match between the {@code Conversation} and the {@code FlowPattern},
- * this function targets cases where the {@code Conversation} is longer than the {@code FlowPattern}.
- * In other words, this function searches for a complete match of a sub sequence of packets in the {@code Conversation}.
- * Note: this is a slow, brute force search.
- */
- public static final BiFunction<Conversation, FlowPattern, CompleteMatchPatternComparisonResult> SUB_SEQUENCE_COMPLETE_MATCH = new BiFunction<Conversation, FlowPattern, CompleteMatchPatternComparisonResult>() {
- // TODO needs review; I was tired when I wrote this :).
- private boolean find(Conversation conversation, FlowPattern flowPattern, int nextIndex, int matchedIndices) {
- if (matchedIndices == flowPattern.getLength()) {
- // Found a full sub sequence.
- return true;
- }
- List<PcapPacket> convPackets = conversation.getPackets();
- if (nextIndex >= convPackets.size()) {
- // Reached end of list without finding a match.
- return false;
- }
- if (convPackets.get(nextIndex).get(TcpPacket.class).getPayload().length() == flowPattern.getPacketOrder().get(matchedIndices)) {
- // So far, so good. Still need to check if the remainder of the sub sequence is present.
- return find(conversation, flowPattern, ++nextIndex, ++matchedIndices);
- } else {
- // Miss; trace back and retry the search starting at the index immediately after the index from the
- // recursive calls potentially started matching some of the sub sequence.
- return find(conversation, flowPattern, nextIndex-matchedIndices+1, 0);
- }
- }
-
- @Override
- public CompleteMatchPatternComparisonResult apply(Conversation conversation, FlowPattern flowPattern) {
- return new CompleteMatchPatternComparisonResult(conversation, flowPattern, find(conversation, flowPattern, 0, 0));
- }
-
- };
-
-}
\ No newline at end of file
+++ /dev/null
-package edu.uci.iotproject.comparison;
-
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.FlowPattern;
-
-/**
- * The result of a search for a complete match. Serves as an example implementation of
- * {@link AbstractPatternComparisonResult}.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class CompleteMatchPatternComparisonResult extends AbstractPatternComparisonResult<Boolean> {
-
- public CompleteMatchPatternComparisonResult(Conversation conversation, FlowPattern flowPattern, Boolean result) {
- super(conversation, flowPattern, result);
- }
-
- @Override
- public String getTextualDescription() {
- if (getResult()) {
- return String.format("[ find ] Detected a COMPLETE MATCH of pattern '%s' at %s!",
- mFlowPattern.getPatternId(), mConversation.getPackets().get(0).getTimestamp().toString());
- } else {
- return String.format("[ miss ] flow starting at %s was **not** a complete match of pattern '%s'",
- mConversation.getPackets().get(0).getTimestamp().toString(), mFlowPattern.getPatternId());
- }
- }
-
-}
\ No newline at end of file
+++ /dev/null
-package edu.uci.iotproject.comparison;
-
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.FlowPattern;
-
-import java.util.concurrent.Callable;
-import java.util.function.BiFunction;
-
-/**
- * A task that compares a given {@link Conversation} and {@link FlowPattern} using a provided comparison function.
- * The task implements {@link Callable} and can hence be executed on a background thread.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class PatternComparisonTask<R extends AbstractPatternComparisonResult<?>> implements Callable<R> {
-
- private final Conversation mConversation;
- private final FlowPattern mFlowPattern;
- private final BiFunction<Conversation, FlowPattern, R> mComparator;
-
- /**
- * Create a new {@code PatternComparisonTask}.
- *
- * @param conversation The conversation to compare against {@code pattern}.
- * @param pattern The pattern to compare against {@code conversation}.
- * @param comparisonFunction The function that compares {@code pattern} and {@code conversation}.
- */
- public PatternComparisonTask(Conversation conversation, FlowPattern pattern, BiFunction<Conversation, FlowPattern, R> comparisonFunction) {
- this.mConversation = conversation;
- this.mFlowPattern = pattern;
- this.mComparator = comparisonFunction;
- }
-
- @Override
- public R call() throws Exception {
- return mComparator.apply(mConversation, mFlowPattern);
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.comparison.seqalignment;
-
-import java.util.function.ToIntBiFunction;
-import java.util.function.ToIntFunction;
-
-/**
- * Provides a generic implementation for the calculation of the cost of aligning two elements of a sequence as part of
- * the sequence alignment algorithm (the algorithm is implemented in {@link SequenceAlignment}).
- *
- * @param <T> The type of the elements that are being aligned.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class AlignmentPricer<T> {
-
- /**
- * A function that provides the cost of aligning a {@link T} with a gap.
- */
- private final ToIntFunction<T> mGapCostFunction;
-
- /**
- * A function that provides the cost of aligning a {@link T} with some other {@link T}.
- */
- private final ToIntBiFunction<T,T> mAlignmentCostFunction;
-
- /**
- * Constructs a new {@link AlignmentPricer}.
- *
- * @param alignmentCostFunction A function that specifies the cost of aligning a {@link T} with some other {@link T}
- * (e.g., based on the values of the properties of the two instances).
- * @param gapCostFunction A function that specifies the cost of aligning a {@link T} with a gap. Note that the
- * function is free to specify <em>different</em> gap costs for different {@link T}s.
- */
- public AlignmentPricer(ToIntBiFunction<T,T> alignmentCostFunction, ToIntFunction<T> gapCostFunction) {
- mAlignmentCostFunction = alignmentCostFunction;
- mGapCostFunction = gapCostFunction;
- }
-
- /**
- * Calculate the cost of aligning {@code item1} with {@code item2}. If either of the two arguments is set to
- * {@code null}, the cost of aligning the other argument with a gap will be returned. Note that both arguments
- * cannot be {@code null} at the same time as that translates to aligning a gap with a gap, which is pointless.
- *
- * @param item1 The first of the two aligned objects. Set to {@code null} to calculate the cost of aligning
- * {@code item2} with a gap.
- * @param item2 The second of the two aligned objects. Set to {@code null} to calculate the cost of aligning
- * {@code item2} with a gap.
- * @return The cost of aligning {@code item1} with {@code item2}.
- */
- public int alignmentCost(T item1, T item2) {
- // If both arguments are null, the caller is aligning a gap with a gap which is pointless might as well remove
- // both gaps in that case!)
- if (item1 == null && item2 == null) {
- throw new IllegalArgumentException("Both arguments cannot be null: you are aligning a gap with a gap!");
- }
- // If one item is null, it means we're aligning an int with a gap.
- // Invoke the provided gap cost function to get the gap cost.
- if (item1 == null) {
- return mGapCostFunction.applyAsInt(item2);
- }
- if (item2 == null) {
- return mGapCostFunction.applyAsInt(item1);
- }
- // If both arguments are present, we simply delegate the task of calculating the cost of aligning the two items
- // to the provided alignment cost function.
- return mAlignmentCostFunction.applyAsInt(item1, item2);
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.comparison.seqalignment;
-
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import org.pcap4j.core.PcapPacket;
-
-import java.util.List;
-
-/**
- * TODO add class documentation.
- *
- * @author Janus Varmarken
- */
-public class ExtractedSequence {
-
- private final Conversation mRepresentativeSequence;
-
- private final int mMaxAlignmentCost;
-
- private final String mSequenceString;
-
- public ExtractedSequence(Conversation sequence, int maxAlignmentCost, boolean tlsAppDataAlignment) {
- mRepresentativeSequence = sequence;
- mMaxAlignmentCost = maxAlignmentCost;
- StringBuilder sb = new StringBuilder();
- List<PcapPacket> pkts = tlsAppDataAlignment ? sequence.getTlsApplicationDataPackets() : sequence.getPackets();
- pkts.forEach(p -> {
- if (sb.length() != 0) sb.append(" ");
- sb.append(p.getOriginalLength());
- });
- mSequenceString = sb.toString();
- }
-
- public Conversation getRepresentativeSequence() {
- return mRepresentativeSequence;
- }
-
- public int getMaxAlignmentCost() {
- return mMaxAlignmentCost;
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.comparison.seqalignment;
-
-/**
- * A sample {@link AlignmentPricer} for computing the cost of aligning integer values. In this sample implementation,
- * the cost of aligning two integers {@code i1} and {@code i2} is {@code Math.abs(i1 - i2)}, i.e., it is the absolute
- * value of the difference between {@code i1} and {@code i2}. The cost of aligning an integer {@code i} with a gap is
- * simply {@code i}, i.e., the gap is essentially treated as a zero.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class SampleIntegerAlignmentPricer extends AlignmentPricer<Integer> {
-
- /**
- * Constructs a new {@link SampleIntegerAlignmentPricer}.
- */
- public SampleIntegerAlignmentPricer() {
- // Cost of aligning integers i1 and i2 is the absolute value of their difference.
- // Cost of aligning integer i with a gap is i (as it was aligned with 0).
- super((i1,i2) -> Math.abs(i1 - i2) , (i) -> i);
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.comparison.seqalignment;
-
-/**
- * A generic implementation of the sequence alignment algorithm given in Kleinberg's and Tardos' "Algorithm Design".
- * This implementation is the basic version. There is a more complex version which significantly reduces the space
- * complexity at a slight cost to time complexity.
- *
- * @param <ALIGNMENT_UNIT> The <em>unit of the alignment</em>, or, in other words, the <em>granularity</em> of the
- * alignment. For example, for 'classical' string alignment (as in sequence alignment where we
- * try to align two strings character by character -- the example most often used in books on
- * algorithms) this would be a {@link Character}. As a second example, by specifying
- * {@link String}, one can decrease the granularity so as to align <em>blocks</em> of characters
- * (e.g., if one wants to align to two string arrays).
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class SequenceAlignment<ALIGNMENT_UNIT> {
-
-
- /**
- * Provides the cost of aligning two {@link ALIGNMENT_UNIT}s with one another as well as the cost of aligning an
- * {@link ALIGNMENT_UNIT} with a gap.
- */
- private final AlignmentPricer<ALIGNMENT_UNIT> mAlignmentPricer;
-
- /**
- * Constructs a new {@link SequenceAlignment}. The new instance relies on the provided {@code alignmentPricer} to
- * provide the cost of aligning two {@link ALIGNMENT_UNIT}s as well as the cost of aligning an
- * {@link ALIGNMENT_UNIT} with a gap.
- *
- * @param alignmentPricer An {@link AlignmentPricer} that provides the cost of aligning two {@link ALIGNMENT_UNIT}s
- * with one another as well as the cost of aligning an {@link ALIGNMENT_UNIT} with a gap.
- */
- public SequenceAlignment(AlignmentPricer<ALIGNMENT_UNIT> alignmentPricer) {
- mAlignmentPricer = alignmentPricer;
- }
-
-
- /**
- * Calculates the cost of aligning {@code sequence1} with {@code sequence2}.
- *
- * @param sequence1 A sequence that is to be aligned with {@code sequence2}.
- * @param sequence2 A sequence that is to be aligned with {@code sequence1}.
- *
- * @return The cost of aligning {@code sequence1} with {@code sequence2}.
- */
- public int calculateAlignment(ALIGNMENT_UNIT[] sequence1, ALIGNMENT_UNIT[] sequence2) {
- int[][] costs = new int[sequence1.length + 1][sequence2.length +1];
- /*
- * TODO:
- * This is a homebrewn initialization; it is different from the one in the Kleinberg book - is it correct?
- * It tries to add support for *different* gap costs depending on the input (e.g., such that one can say that
- * matching a 'c' with a gap is more expensive than matching a 'b' with a gap).
- */
- for (int i = 1; i <= sequence1.length; i++) {
- costs[i][0] = mAlignmentPricer.alignmentCost(sequence1[i-1], null) + costs[i-1][0];
- }
- for (int j = 1; j <= sequence2.length; j++) {
- costs[0][j] = mAlignmentPricer.alignmentCost(sequence2[j-1], null) + costs[0][j-1];
- }
- for (int j = 1; j <= sequence2.length; j++) {
- for (int i = 1; i <= sequence1.length; i++) {
- // The cost when current items of both sequences are aligned.
- int costAligned = mAlignmentPricer.alignmentCost(sequence2[j-1], sequence1[i-1]) + costs[i-1][j-1];
- // The cost when current item from sequence1 is not aligned (it's matched with a gap)
- int seq1ItemNotMached = mAlignmentPricer.alignmentCost(sequence1[i-1], null) + costs[i-1][j];
- // The cost when current item from sequence2 is not aligned (it's matched with a gap)
- int seq2ItemNotMached = mAlignmentPricer.alignmentCost(sequence2[j-1], null) + costs[i][j-1];
- costs[i][j] = Math.min(costAligned, Math.min(seq1ItemNotMached, seq2ItemNotMached));
- }
- }
- return costs[sequence1.length][sequence2.length];
- }
-}
+++ /dev/null
-package edu.uci.iotproject.comparison.seqalignment;
-
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.analysis.TcpConversationUtils;
-
-import java.util.List;
-import java.util.Map;
-import java.util.stream.Collectors;
-
-/**
- * TODO add class documentation.
- *
- * @author Janus Varmarken
- */
-public class SequenceExtraction {
-
-
- private final SequenceAlignment<Integer> mAlignmentAlg;
-
-
- public SequenceExtraction() {
- mAlignmentAlg = new SequenceAlignment<>(new AlignmentPricer<>((i1,i2) -> Math.abs(i1-i2), i -> 10));
- }
-
-
- public SequenceExtraction(SequenceAlignment<Integer> alignmentAlgorithm) {
- mAlignmentAlg = alignmentAlgorithm;
- }
-
- /**
- * Gets the {@link SequenceAlignment} used to perform the sequence extraction.
- * @return the {@link SequenceAlignment} used to perform the sequence extraction.
- */
- public SequenceAlignment<Integer> getAlignmentAlgorithm() {
- return mAlignmentAlg;
- }
-
- // Initial
-// /**
-// *
-// * @param convsForAction A set of {@link Conversation}s known to be associated with a single type of user action.
-// */
-// public void extract(List<Conversation> convsForAction) {
-// int maxDifference = 0;
-//
-// for (int i = 0; i < convsForAction.size(); i++) {
-// for (int j = i+1; j < convsForAction.size(); i++) {
-// Integer[] sequence1 = getPacketLengthSequence(convsForAction.get(i));
-// Integer[] sequence2 = getPacketLengthSequence(convsForAction.get(j));
-// int alignmentCost = mAlignmentAlg.calculateAlignment(sequence1, sequence2);
-// if (alignmentCost > maxDifference) {
-// maxDifference = alignmentCost;
-// }
-// }
-// }
-//
-// }
-
-
-// public void extract(Map<String, List<Conversation>> hostnameToConvs) {
-// int maxDifference = 0;
-//
-// for (int i = 0; i < convsForAction.size(); i++) {
-// for (int j = i+1; j < convsForAction.size(); i++) {
-// Integer[] sequence1 = getPacketLengthSequence(convsForAction.get(i));
-// Integer[] sequence2 = getPacketLengthSequence(convsForAction.get(j));
-// int alignmentCost = mAlignmentAlg.calculateAlignment(sequence1, sequence2);
-// if (alignmentCost > maxDifference) {
-// maxDifference = alignmentCost;
-// }
-// }
-// }
-//
-// }
-
- // Building signature from entire sequence
- public ExtractedSequence extract(List<Conversation> convsForActionForHostname) {
- // First group conversations by packet sequences.
- // TODO: the introduction of SYN/SYNACK, FIN/FINACK and RST as part of the sequence ID may be undesirable here
- // as it can potentially result in sequences that are equal in terms of payload packets to be considered
- // different due to differences in how they are terminated.
- Map<String, List<Conversation>> groupedBySequence =
- TcpConversationUtils.groupConversationsByPacketSequence(convsForActionForHostname, false);
-
- // Then get a hold of one of the conversations that gave rise to the most frequent sequence.
- Conversation mostFrequentConv = null;
- int maxFrequency = 0;
- for (Map.Entry<String, List<Conversation>> seqMapEntry : groupedBySequence.entrySet()) {
- if (seqMapEntry.getValue().size() > maxFrequency) {
- // Found a more frequent sequence
- maxFrequency = seqMapEntry.getValue().size();
- // We just pick the first conversation as the representative conversation for this sequence type.
- mostFrequentConv = seqMapEntry.getValue().get(0);
- } else if (seqMapEntry.getValue().size() == maxFrequency) {
- // This sequence has the same frequency as the max frequency seen so far.
- // Break ties by choosing the longest sequence.
- // First get an arbitrary representative of currently examined sequence; we just pick the first.
- Conversation c = seqMapEntry.getValue().get(0);
- mostFrequentConv = c.getPackets().size() > mostFrequentConv.getPackets().size() ? c : mostFrequentConv;
- }
- }
- // Now find the maximum cost of aligning the most frequent (or, alternatively longest) conversation with the
- // each of the rest of the conversations also associated with this action and hostname.
- int maxCost = 0;
- final Integer[] mostFrequentConvSeq = TcpConversationUtils.getPacketLengthSequence(mostFrequentConv);
- for (Conversation c : convsForActionForHostname) {
- if (c == mostFrequentConv) {
- // Don't compute distance to self.
- continue;
- }
- Integer[] cSeq = TcpConversationUtils.getPacketLengthSequence(c);
- int alignmentCost = mAlignmentAlg.calculateAlignment(mostFrequentConvSeq, cSeq);
- if (alignmentCost > maxCost) {
- maxCost = alignmentCost;
- }
- }
- return new ExtractedSequence(mostFrequentConv, maxCost, false);
- }
-
- // Building signature from only TLS Application Data packets
- public ExtractedSequence extractByTlsAppData(List<Conversation> convsForActionForHostname) {
- // TODO: temporary hack to avoid 97-only conversations for dlink plug. We need some preprocessing/data cleaning.
- convsForActionForHostname = convsForActionForHostname.stream().filter(c -> c.getTlsApplicationDataPackets().size() > 1).collect(Collectors.toList());
-
- Map<String, List<Conversation>> groupedByTlsAppDataSequence =
- TcpConversationUtils.groupConversationsByTlsApplicationDataPacketSequence(convsForActionForHostname);
- // Get a Conversation representing the most frequent TLS application data sequence.
- Conversation mostFrequentConv = groupedByTlsAppDataSequence.values().stream().max((l1, l2) -> {
- // The frequency of a conversation with a specific packet sequence is the list size as that represents how
- // many conversations exhibit that packet sequence.
- // Hence, the difference between the list sizes can be used directly as the return value of the Comparator.
- // Note: we break ties by choosing the one with the most TLS application data packets (i.e., the longest
- // sequence) in case the frequencies are equal.
- int diff = l1.size() - l2.size();
- return diff != 0 ? diff : l1.get(0).getTlsApplicationDataPackets().size() - l2.get(0).getTlsApplicationDataPackets().size();
- }).get().get(0); // Just pick the first as a representative of the most frequent sequence.
- // Lengths of TLS Application Data packets in the most frequent (or most frequent and longest) conversation.
- Integer[] mostFreqSeq = TcpConversationUtils.getPacketLengthSequenceTlsAppDataOnly(mostFrequentConv);
- // Now find the maximum cost of aligning the most frequent (or, alternatively longest) conversation with the
- // each of the rest of the conversations also associated with this action and hostname.
- int maxCost = 0;
- for (Conversation c : convsForActionForHostname) {
- if (c == mostFrequentConv) continue;
- int cost = mAlignmentAlg.calculateAlignment(mostFreqSeq, TcpConversationUtils.getPacketLengthSequenceTlsAppDataOnly(c));
- maxCost = cost > maxCost ? cost : maxCost;
- }
- return new ExtractedSequence(mostFrequentConv, maxCost, true);
- // Now find the maximum cost of aligning the most frequent (or, alternatively longest) conversation with the
- // each of the rest of the conversations also associated with this action and hostname.
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.detection;
-
-import org.pcap4j.core.PcapPacket;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
-
-/**
- * Base class for classes that search a traffic trace for sequences of packets that "belong to" a given cluster (in
- * other words, classes that attempt to classify traffic as pertaining to a given cluster).
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-abstract public class AbstractClusterMatcher {
-
- /**
- * The cluster that describes the sequence of packets that this {@link AbstractClusterMatcher} is trying to detect
- * in the observed traffic.
- */
- protected final List<List<PcapPacket>> mCluster;
-
- /**
- * Observers registered for callbacks from this {@link AbstractClusterMatcher}.
- */
- protected final List<ClusterMatcherObserver> mObservers;
-
- protected AbstractClusterMatcher(List<List<PcapPacket>> cluster) {
- // ===================== PRECONDITION SECTION =====================
- cluster = Objects.requireNonNull(cluster, "cluster cannot be null");
- if (cluster.isEmpty() || cluster.stream().anyMatch(inner -> inner.isEmpty())) {
- throw new IllegalArgumentException("cluster is empty (or contains an empty inner List)");
- }
- for (List<PcapPacket> clusterMember : cluster) {
- if (clusterMember.size() != cluster.get(0).size()) {
- throw new IllegalArgumentException("All sequences in cluster must contain the same number of packets");
- }
- }
- // ================================================================
- // Let the subclass prune the provided cluster
- mCluster = pruneCluster(cluster);
- mObservers = new ArrayList<>();
- }
-
- /**
- * Register for callbacks from this cluster matcher.
- * @param observer The target of the callbacks.
- */
- public final void addObserver(ClusterMatcherObserver observer) {
- mObservers.add(observer);
- }
-
- /**
- * Deregister for callbacks from this cluster matcher.
- * @param observer The callback target that is to be deregistered.
- */
- public final void removeObserver(ClusterMatcherObserver observer) {
- mObservers.remove(observer);
- }
-
- /**
- * Allows subclasses to specify how to prune the input cluster provided to the constructor.
- * @param cluster The input cluster provided to the constructor.
- * @return The pruned cluster to use in place of the input cluster.
- */
- abstract protected List<List<PcapPacket>> pruneCluster(List<List<PcapPacket>> cluster);
-
- // TODO: move Direction outside Conversation so that this is less confusing.
-// abstract protected Conversation.Direction[] getPacketDirections(List<PcapPacket> packets);
-
-}
+++ /dev/null
-package edu.uci.iotproject.detection;
-
-import org.pcap4j.core.PcapPacket;
-
-import java.util.*;
-
-/**
- * TODO add class documentation.
- *
- * @author Janus Varmarken
- */
-public abstract class AbstractSignatureDetector implements ClusterMatcherObserver {
-
-
- /**
- * The signature that this {@link AbstractSignatureDetector} is searching for.
- */
- private final List<List<List<PcapPacket>>> mSignature;
-
- /**
- * The {@link AbstractClusterMatcher}s in charge of detecting each individual sequence of packets that together make
- * up the the signature.
- */
- private final List<AbstractClusterMatcher> mClusterMatchers;
-
- /**
- * For each {@code i} ({@code i >= 0 && i < pendingMatches.length}), {@code pendingMatches[i]} holds the matches
- * found by the {@link AbstractClusterMatcher} at {@code mClusterMatchers.get(i)} that have yet to be "consumed",
- * i.e., have yet to be included in a signature detected by this {@link AbstractSignatureDetector} (a signature can
- * be encompassed of multiple packet sequences occurring shortly after one another on multiple connections).
- */
- private final List<List<PcapPacket>>[] pendingMatches;
-
- /**
- * Maps an {@link AbstractClusterMatcher} to its corresponding index in {@link #pendingMatches}.
- */
- private final Map<AbstractClusterMatcher, Integer> mClusterMatcherIds;
-
- public AbstractSignatureDetector(List<List<List<PcapPacket>>> searchedSignature) {
- mSignature = Collections.unmodifiableList(searchedSignature);
- List<AbstractClusterMatcher> clusterMatchers = new ArrayList<>();
- for (List<List<PcapPacket>> cluster : mSignature) {
- AbstractClusterMatcher clusterMatcher = constructClusterMatcher(cluster);
- clusterMatcher.addObserver(this);
- clusterMatchers.add(clusterMatcher);
- }
- mClusterMatchers = Collections.unmodifiableList(clusterMatchers);
- pendingMatches = new List[mClusterMatchers.size()];
- for (int i = 0; i < pendingMatches.length; i++) {
- pendingMatches[i] = new ArrayList<>();
- }
- Map<AbstractClusterMatcher, Integer> clusterMatcherIds = new HashMap<>();
- for (int i = 0; i < mClusterMatchers.size(); i++) {
- clusterMatcherIds.put(mClusterMatchers.get(i), i);
- }
- mClusterMatcherIds = Collections.unmodifiableMap(clusterMatcherIds);
- }
-
- abstract protected AbstractClusterMatcher constructClusterMatcher(List<List<PcapPacket>> cluster);
-
- /**
- * Encapsulates a {@code List<PcapPacket>} so as to allow the list to be used as a vertex in a graph while avoiding
- * the expensive {@link AbstractList#equals(Object)} calls when adding vertices to the graph.
- * Using this wrapper makes the incurred {@code equals(Object)} calls delegate to {@link Object#equals(Object)}
- * instead of {@link AbstractList#equals(Object)}. The net effect is a faster implementation, but the graph will not
- * recognize two lists that contain the same items--from a value and not reference point of view--as the same
- * vertex. However, this is fine for our purposes -- in fact restricting it to reference equality seems more
- * appropriate.
- */
- private static class Vertex {
- private final List<PcapPacket> sequence;
- private Vertex(List<PcapPacket> wrappedSequence) {
- sequence = wrappedSequence;
- }
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.detection;
-
-import org.pcap4j.core.PcapPacket;
-
-import java.util.List;
-
-/**
- * Interface used by client code to register for receiving a notification whenever an {@link AbstractClusterMatcher}
- * detects traffic that matches an element of its associated cluster.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public interface ClusterMatcherObserver {
-
- /**
- * Callback that is invoked by an {@link AbstractClusterMatcher} whenever it detects traffic that matches an element
- * of its associated cluster.
- *
- * @param clusterMatcher The {@link AbstractClusterMatcher} that detected a match (i.e., classified traffic as
- * pertaining to its associated cluster).
- * @param match The traffic that was deemed to match the cluster associated with {@code clusterMatcher}.
- */
- void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match);
-
-}
+++ /dev/null
-package edu.uci.iotproject.detection;
-
-import org.pcap4j.core.PcapPacket;
-
-import java.util.List;
-
-/**
- * Used for registering for notifications from a signature detector.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public interface SignatureDetectorObserver {
-
- /**
- * Invoked when the signature detector has detected the presence of a signature in the traffic that it's examining.
- * @param searchedSignature The signature that the signature detector reporting the match is searching for.
- * @param matchingTraffic The actual traffic trace that matches the searched signature.
- */
- void onSignatureDetected(List<List<List<PcapPacket>>> searchedSignature, List<List<PcapPacket>> matchingTraffic);
-
-}
+++ /dev/null
-package edu.uci.iotproject.detection.layer2;
-
-import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassembler;
-import edu.uci.iotproject.trafficreassembly.layer2.Layer2Flow;
-import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassemblerObserver;
-import edu.uci.iotproject.detection.AbstractClusterMatcher;
-import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowObserver;
-import org.pcap4j.core.*;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.function.Function;
-
-/**
- * Attempts to detect members of a cluster (packet sequence mutations) in layer 2 flows.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Layer2FlowReassemblerObserver, Layer2FlowObserver {
-
- /**
- * Maps from a flow to a table of {@link Layer2SequenceMatcher}s for that particular flow. The table {@code t} is
- * structured such that {@code t[i][j]} is a {@link Layer2SequenceMatcher} that attempts to match member {@code i}
- * of {@link #mCluster} and has so far matched {@code j} packets of that particular sequence.
- */
- private final Map<Layer2Flow, Layer2SequenceMatcher[][]> mPerFlowSeqMatchers = new HashMap<>();
-
- private final Function<Layer2Flow, Boolean> mFlowFilter;
-
- /**
- * Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members.
- * @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for.
- */
- public Layer2ClusterMatcher(List<List<PcapPacket>> cluster) {
- // Consider all flows if no flow filter specified.
- this(cluster, flow -> true);
- }
-
- /**
- * Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members.
- * @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for.
- * @param flowFilter A filter that defines what {@link Layer2Flow}s the new {@link Layer2ClusterMatcher} should
- * search for {@code cluster}'s members in. If {@code flowFilter} returns {@code true}, the flow
- * will be included (searched). Note that {@code flowFilter} is only queried once for each flow,
- * namely when the {@link Layer2FlowReassembler} notifies the {@link Layer2ClusterMatcher} about
- * the new flow. This functionality may for example come in handy when one only wants to search
- * for matches in the subset of flows that involves a specific (range of) MAC(s).
- */
- public Layer2ClusterMatcher(List<List<PcapPacket>> cluster, Function<Layer2Flow, Boolean> flowFilter) {
- super(cluster);
- mFlowFilter = flowFilter;
- }
-
- @Override
- public void onNewPacket(Layer2Flow flow, PcapPacket newPacket) {
- if (mPerFlowSeqMatchers.get(flow) == null) {
- // If this is the first time we encounter this flow, we need to set up sequence matchers for it.
- // All sequences of the cluster have the same length, so we only need to compute the length of the nested
- // arrays once. We want to make room for a cluster matcher in each state, including the initial empty state
- // but excluding the final "full match" state (as there is no point in keeping a terminated sequence matcher
- // around), so the length of the inner array is simply the sequence length.
- Layer2SequenceMatcher[][] matchers = new Layer2SequenceMatcher[mCluster.size()][mCluster.get(0).size()];
- // Prepare a "state 0" sequence matcher for each sequence variation in the cluster.
- for (int i = 0; i < matchers.length; i++) {
- matchers[i][0] = new Layer2SequenceMatcher(mCluster.get(i));
- }
- // Associate the new sequence matcher table with the new flow
- mPerFlowSeqMatchers.put(flow, matchers);
- }
- // Fetch table that contains sequence matchers for this flow.
- Layer2SequenceMatcher[][] matchers = mPerFlowSeqMatchers.get(flow);
- // Present the packet to all sequence matchers.
- for (int i = 0; i < matchers.length; i++) {
- // Present packet to the sequence matchers that has advanced the most first. This is to prevent discarding
- // the sequence matchers that have advanced the most in the special case where the searched sequence
- // contains two packets of the same length going in the same direction.
- for (int j = matchers[i].length - 1; j >= 0 ; j--) {
- Layer2SequenceMatcher sm = matchers[i][j];
- if (sm == null) {
- // There is currently no sequence matcher that has managed to match j packets.
- continue;
- }
- boolean matched = sm.matchPacket(newPacket);
- if (matched) {
- if (sm.getMatchedPacketsCount() == sm.getTargetSequencePacketCount()) {
- // Sequence matcher has a match. Report it to observers.
- mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets()));
- // Remove the now terminated sequence matcher.
- matchers[i][j] = null;
- } else {
- // Sequence matcher advanced one step, so move it to its corresponding new position iff the
- // packet that advanced it has a later timestamp than that of the last matched packet of the
- // sequence matcher at the new index, if any. In most traces, a small amount of the packets
- // appear out of order (with regards to their timestamp), which is why this check is required.
- // Obviously it would not be needed if packets where guaranteed to be processed in timestamp
- // order here.
- if (matchers[i][j+1] == null ||
- newPacket.getTimestamp().isAfter(matchers[i][j+1].getLastPacket().getTimestamp())) {
- matchers[i][j+1] = sm;
- }
- }
- // We always want to have a sequence matcher in state 0, regardless of if the one that advanced
- // from state zero completed its matching or if it replaced a different one in state 1 or not.
- if (sm.getMatchedPacketsCount() == 1) {
- matchers[i][j] = new Layer2SequenceMatcher(sm.getTargetSequence());
- }
- }
- }
- }
- }
-
-
- @Override
- protected List<List<PcapPacket>> pruneCluster(List<List<PcapPacket>> cluster) {
- // Note: we assume that all sequences in the input cluster are of the same length and that their packet
- // directions are identical.
- List<List<PcapPacket>> prunedCluster = new ArrayList<>();
- for (List<PcapPacket> originalClusterSeq : cluster) {
- boolean alreadyPresent = prunedCluster.stream().anyMatch(pcPkts -> {
- for (int i = 0; i < pcPkts.size(); i++) {
- if (pcPkts.get(i).getOriginalLength() != originalClusterSeq.get(i).getOriginalLength()) {
- return false;
- }
- }
- return true;
- });
- if (!alreadyPresent) {
- // Add the sequence if not already present in the pruned cluster.
- prunedCluster.add(originalClusterSeq);
- }
- }
- return prunedCluster;
- }
-
- private static final boolean DEBUG = false;
-
- @Override
- public void onNewFlow(Layer2FlowReassembler reassembler, Layer2Flow newFlow) {
- // New flow detected. Check if we should consider it when searching for cluster member matches.
- if (mFlowFilter.apply(newFlow)) {
- if (DEBUG) {
- System.out.println(">>> ACCEPTING FLOW: " + newFlow + " <<<");
- }
- // Subscribe to the new flow to get updates whenever a new packet pertaining to the flow is processed.
- newFlow.addFlowObserver(this);
- } else if (DEBUG) {
- System.out.println(">>> IGNORING FLOW: " + newFlow + " <<<");
- }
- }
-}
+++ /dev/null
-package edu.uci.iotproject.detection.layer2;
-
-import edu.uci.iotproject.analysis.TriggerTrafficExtractor;
-import edu.uci.iotproject.util.PcapPacketUtils;
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.util.MacAddress;
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * Attempts to detect the presence of a specific packet sequence in the set of packets provided through multiple calls
- * to {@link #matchPacket(PcapPacket)}, considering only layer 2 information.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class Layer2SequenceMatcher {
-
- /**
- * The sequence this {@link Layer2SequenceMatcher} is searching for.
- */
- private final List<PcapPacket> mSequence;
-
- /**
- * Buffer of actual packets seen so far that match the searched sequence (i.e., constitutes a subsequence of the
- * searched sequence).
- */
- private final List<PcapPacket> mMatchedPackets = new ArrayList<>();
-
- /**
- * Models the directions of packets in {@link #mSequence}. As the sequence matcher assumes that it is only presented
- * with packet from a single flow (packets exchanged between two devices), we can model the packet directions with a
- * single bit. We don't have any notion "phone to device" or "device to phone" as we don't know the MAC addresses
- * of devices in advance during matching.
- */
- private final boolean[] mPacketDirections;
-
- /**
- * Create a {@code Layer2SequenceMatcher}.
- * @param sequence The sequence to match against (search for).
- */
- public Layer2SequenceMatcher(List<PcapPacket> sequence) {
- mSequence = sequence;
- // Compute packet directions for sequence.
- mPacketDirections = new boolean[sequence.size()];
- for (int i = 0; i < sequence.size(); i++) {
- if (i == 0) {
- // No previous packet; boolean parameter is ignored in this special case.
- mPacketDirections[i] = getPacketDirection(null, true, sequence.get(i));
- } else {
- // Base direction marker on direction of previous packet.
- PcapPacket prevPkt = mSequence.get(i-1);
- boolean prevPktDirection = mPacketDirections[i-1];
- mPacketDirections[i] = getPacketDirection(prevPkt, prevPktDirection, sequence.get(i));
- }
- }
- }
-
- /**
- * Attempt to advance this {@code Layer2SequenceMatcher} by matching {@code packet} against the packet that this
- * {@code Layer2SequenceMatcher} expects as the next packet of the sequence it is searching for.
- * @param packet
- * @return {@code true} if this {@code Layer2SequenceMatcher} could advance by adding {@code packet} to its set of
- * matched packets, {@code false} otherwise.
- */
- public boolean matchPacket(PcapPacket packet) {
- if (getMatchedPacketsCount() == getTargetSequencePacketCount()) {
- // We already matched the entire sequence, so we can't match any more packets.
- return false;
- }
-
- // Verify that new packet pertains to same flow as previously matched packets, if any.
- if (getMatchedPacketsCount() > 0) {
- MacAddress pktSrc = PcapPacketUtils.getEthSrcAddr(packet);
- MacAddress pktDst = PcapPacketUtils.getEthDstAddr(packet);
- MacAddress earlierPktSrc = PcapPacketUtils.getEthSrcAddr(mMatchedPackets.get(0));
- MacAddress earlierPktDst = PcapPacketUtils.getEthDstAddr(mMatchedPackets.get(0));
- if (!(pktSrc.equals(earlierPktSrc) && pktDst.equals(earlierPktDst) ||
- pktSrc.equals(earlierPktDst) && pktDst.equals(earlierPktSrc))) {
- return false;
- }
- }
-
- // Get representative of the packet we expect to match next.
- PcapPacket expected = mSequence.get(mMatchedPackets.size());
- // First verify if the received packet has the length we're looking for.
- if (packet.getOriginalLength() == expected.getOriginalLength()) {
- // If this is the first packet, we only need to verify that its length is correct. Time constraints are
- // obviously satisfied as there are no previous packets. Furthermore, direction matches by definition as we
- // don't know the MAC of the device (or phone) in advance, so we can't enforce a rule saying "first packet
- // must originate from this particular MAC".
- if (getMatchedPacketsCount() == 0) {
- // Store packet as matched and advance.
- mMatchedPackets.add(packet);
- return true;
- }
- // Check if direction of packet matches expected direction.
- boolean actualDirection = getPacketDirection(mMatchedPackets.get(getMatchedPacketsCount()-1),
- mPacketDirections[getMatchedPacketsCount()-1], packet);
- boolean expectedDirection = mPacketDirections[getMatchedPacketsCount()];
- if (actualDirection != expectedDirection) {
- return false;
- }
- // Next apply timing constraints:
- // 1: to be a match, the packet must have a later timestamp than any other packet currently matched
- // 2: does adding the packet cause the max allowed time between first packet and last packet to be exceeded?
- if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) {
- return false;
- }
- if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
- plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) {
- return false;
- }
- // If we made it here, it means that this packet has the expected length, direction, and obeys the timing
- // constraints, so we store it and advance.
- mMatchedPackets.add(packet);
- if (mMatchedPackets.size() == mSequence.size()) {
- // TODO report (to observers?) that we are done?
- }
- return true;
- }
- return false;
- }
-
- public int getMatchedPacketsCount() {
- return mMatchedPackets.size();
- }
-
- public int getTargetSequencePacketCount() {
- return mSequence.size();
- }
-
- public List<PcapPacket> getTargetSequence() {
- return mSequence;
- }
-
- public List<PcapPacket> getMatchedPackets() {
- return mMatchedPackets;
- }
-
- /**
- * Utility for {@code getMatchedPackets().get(getMatchedPackets().size()-1)}.
- * @return The last matched packet, or {@code null} if no packets have been matched yet.
- */
- public PcapPacket getLastPacket() {
- return mSequence.size() > 0 ? mSequence.get(mSequence.size()-1) : null;
- }
-
- /**
- * Compute the direction of a packet based on the previous packet. If no previous packet is provided, the direction
- * of {@code currPkt} is {@code true} by definition.
- * @param prevPkt The previous packet, if any.
- * @param prevPktDirection The computed direction of the previous packet
- * @param currPkt The current packet for which the direction is to be determined.
- * @return The direction of {@code currPkt}.
- */
- private boolean getPacketDirection(PcapPacket prevPkt, boolean prevPktDirection, PcapPacket currPkt) {
- if (prevPkt == null) {
- // By definition, use true as direction marker for first packet
- return true;
- }
- if (PcapPacketUtils.getEthSrcAddr(prevPkt).equals(PcapPacketUtils.getEthSrcAddr(currPkt))) {
- // Current packet goes in same direction as previous packet.
- return prevPktDirection;
- } else {
- // Current packet goes in opposite direction of previous packet.
- return !prevPktDirection;
- }
- }
-
-
-}
+++ /dev/null
-package edu.uci.iotproject.detection.layer2;
-
-import edu.uci.iotproject.analysis.TriggerTrafficExtractor;
-import edu.uci.iotproject.analysis.UserAction;
-import edu.uci.iotproject.detection.AbstractClusterMatcher;
-import edu.uci.iotproject.detection.ClusterMatcherObserver;
-import edu.uci.iotproject.detection.SignatureDetectorObserver;
-import edu.uci.iotproject.io.PcapHandleReader;
-import edu.uci.iotproject.io.PrintWriterUtils;
-import edu.uci.iotproject.trafficreassembly.layer2.Layer2Flow;
-import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassembler;
-import edu.uci.iotproject.util.PrintUtils;
-import org.jgrapht.GraphPath;
-import org.jgrapht.alg.shortestpath.DijkstraShortestPath;
-import org.jgrapht.graph.DefaultWeightedEdge;
-import org.jgrapht.graph.SimpleDirectedWeightedGraph;
-import org.pcap4j.core.*;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.time.Duration;
-import java.util.*;
-import java.util.function.Function;
-import java.util.regex.Pattern;
-
-/**
- * Performs layer 2 signature detection.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class Layer2SignatureDetector implements PacketListener, ClusterMatcherObserver {
-
- /**
- * If set to {@code true}, output written to the results file is also dumped to standard out.
- */
- private static boolean DUPLICATE_OUTPUT_TO_STD_OUT = true;
-
- private static List<Function<Layer2Flow, Boolean>> parseSignatureMacFilters(String filtersString) {
- List<Function<Layer2Flow, Boolean>> filters = new ArrayList<>();
- String[] filterRegexes = filtersString.split(";");
- for (String filterRegex : filterRegexes) {
- final Pattern regex = Pattern.compile(filterRegex);
- // Create a filter that includes all flows where one of the two MAC addresses match the regex.
- filters.add(flow -> regex.matcher(flow.getEndpoint1().toString()).matches() || regex.matcher(flow.getEndpoint2().toString()).matches());
- }
- return filters;
- }
-
- public static void main(String[] args) throws PcapNativeException, NotOpenException, IOException {
- // Parse required parameters.
- if (args.length < 5) {
- String errMsg = String.format("Usage: %s inputPcapFile onSignatureFile offSignatureFile resultsFile" +
- "\n inputPcapFile: the target of the detection" +
- "\n onSignatureFile: the file that contains the ON signature to search for" +
- "\n offSignatureFile: the file that contains the OFF signature to search for" +
- "\n resultsFile: where to write the results of the detection" +
- "\n signatureDuration: the maximum duration of signature detection",
- Layer2SignatureDetector.class.getSimpleName());
- System.out.println(errMsg);
- String optParamsExplained = "Above are the required, positional arguments. In addition to these, the " +
- "following options and associated positional arguments may be used:\n" +
- " '-onmacfilters <regex>;<regex>;...;<regex>' which specifies that sequence matching should ONLY" +
- " be performed on flows where the MAC of one of the two endpoints matches the given regex. Note " +
- "that you MUST specify a regex for each cluster of the signature. This is to facilitate more " +
- "aggressive filtering on parts of the signature (e.g., the communication that involves the " +
- "smart home device itself as one can drop all flows that do not include an endpoint with a MAC " +
- "that matches the vendor's prefix).\n" +
- " '-offmacfilters <regex>;<regex>;...;<regex>' works exactly the same as onmacfilters, but " +
- "applies to the OFF signature instead of the ON signature.\n" +
- " '-sout <boolean literal>' true/false literal indicating if output should also be printed to std out; default is true.";
- System.out.println(optParamsExplained);
- return;
- }
- final String pcapFile = args[0];
- final String onSignatureFile = args[1];
- final String offSignatureFile = args[2];
- final String resultsFile = args[3];
- final int signatureDuration = Integer.parseInt(args[4]);
-
- // Parse optional parameters.
- List<Function<Layer2Flow, Boolean>> onSignatureMacFilters = null, offSignatureMacFilters = null;
- final int optParamsStartIdx = 5;
- if (args.length > optParamsStartIdx) {
- for (int i = optParamsStartIdx; i < args.length; i++) {
- if (args[i].equalsIgnoreCase("-onMacFilters")) {
- // Next argument is the cluster-wise MAC filters (separated by semicolons).
- onSignatureMacFilters = parseSignatureMacFilters(args[i+1]);
- } else if (args[i].equalsIgnoreCase("-offMacFilters")) {
- // Next argument is the cluster-wise MAC filters (separated by semicolons).
- offSignatureMacFilters = parseSignatureMacFilters(args[i+1]);
- } else if (args[i].equalsIgnoreCase("-sout")) {
- // Next argument is a boolean true/false literal.
- DUPLICATE_OUTPUT_TO_STD_OUT = Boolean.parseBoolean(args[i+1]);
- }
- }
- }
-
- // Prepare file outputter.
- File outputFile = new File(resultsFile);
- outputFile.getParentFile().mkdirs();
- final PrintWriter resultsWriter = new PrintWriter(new FileWriter(outputFile));
- // Include metadata as comments at the top
- PrintWriterUtils.println("# Detection results for:", resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
- PrintWriterUtils.println("# - inputPcapFile: " + pcapFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
- PrintWriterUtils.println("# - onSignatureFile: " + onSignatureFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
- PrintWriterUtils.println("# - offSignatureFile: " + offSignatureFile, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
- resultsWriter.flush();
-
- // Create signature detectors and add observers that output their detected events.
- List<List<List<PcapPacket>>> onSignature = PrintUtils.deserializeSignatureFromFile(onSignatureFile);
- List<List<List<PcapPacket>>> offSignature = PrintUtils.deserializeSignatureFromFile(offSignatureFile);
- Layer2SignatureDetector onDetector = onSignatureMacFilters == null ?
- new Layer2SignatureDetector(onSignature) : new Layer2SignatureDetector(onSignature, onSignatureMacFilters, signatureDuration);
- Layer2SignatureDetector offDetector = offSignatureMacFilters == null ?
- new Layer2SignatureDetector(offSignature) : new Layer2SignatureDetector(offSignature, offSignatureMacFilters, signatureDuration);
- onDetector.addObserver((signature, match) -> {
- UserAction event = new UserAction(UserAction.Type.TOGGLE_ON, match.get(0).get(0).getTimestamp());
- PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
- });
- offDetector.addObserver((signature, match) -> {
- UserAction event = new UserAction(UserAction.Type.TOGGLE_OFF, match.get(0).get(0).getTimestamp());
- PrintWriterUtils.println(event, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
- });
-
- // Load the PCAP file
- PcapHandle handle;
- try {
- handle = Pcaps.openOffline(pcapFile, PcapHandle.TimestampPrecision.NANO);
- } catch (PcapNativeException pne) {
- handle = Pcaps.openOffline(pcapFile);
- }
- PcapHandleReader reader = new PcapHandleReader(handle, p -> true, onDetector, offDetector);
- // Parse the file
- reader.readFromHandle();
-
- // Flush output to results file and close it.
- resultsWriter.flush();
- resultsWriter.close();
- }
-
- /**
- * The signature that this {@link Layer2SignatureDetector} is searching for.
- */
- private final List<List<List<PcapPacket>>> mSignature;
-
- /**
- * The {@link Layer2ClusterMatcher}s in charge of detecting each individual sequence of packets that together make
- * up the the signature.
- */
- private final List<Layer2ClusterMatcher> mClusterMatchers;
-
- /**
- * For each {@code i} ({@code i >= 0 && i < mPendingMatches.length}), {@code mPendingMatches[i]} holds the matches
- * found by the {@link Layer2ClusterMatcher} at {@code mClusterMatchers.get(i)} that have yet to be "consumed",
- * i.e., have yet to be included in a signature detected by this {@link Layer2SignatureDetector} (a signature can
- * be encompassed of multiple packet sequences occurring shortly after one another on multiple connections).
- */
- private final List<List<PcapPacket>>[] mPendingMatches;
-
- /**
- * Maps a {@link Layer2ClusterMatcher} to its corresponding index in {@link #mPendingMatches}.
- */
- private final Map<Layer2ClusterMatcher, Integer> mClusterMatcherIds;
-
- /**
- * In charge of reassembling layer 2 packet flows.
- */
- private final Layer2FlowReassembler mFlowReassembler = new Layer2FlowReassembler();
-
- private final List<SignatureDetectorObserver> mObservers = new ArrayList<>();
-
- private int mInclusionTimeMillis;
-
- public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature) {
- this(searchedSignature, null, 0);
- }
-
- public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, List<Function<Layer2Flow, Boolean>> flowFilters, int inclusionTimeMillis) {
- if (flowFilters != null && flowFilters.size() != searchedSignature.size()) {
- throw new IllegalArgumentException("If flow filters are used, there must be a flow filter for each cluster of the signature.");
- }
- mSignature = Collections.unmodifiableList(searchedSignature);
- List<Layer2ClusterMatcher> clusterMatchers = new ArrayList<>();
- for (int i = 0; i < mSignature.size(); i++) {
- List<List<PcapPacket>> cluster = mSignature.get(i);
- Layer2ClusterMatcher clusterMatcher = flowFilters == null ?
- new Layer2ClusterMatcher(cluster) : new Layer2ClusterMatcher(cluster, flowFilters.get(i));
- clusterMatcher.addObserver(this);
- clusterMatchers.add(clusterMatcher);
- }
- mClusterMatchers = Collections.unmodifiableList(clusterMatchers);
- mPendingMatches = new List[mClusterMatchers.size()];
- for (int i = 0; i < mPendingMatches.length; i++) {
- mPendingMatches[i] = new ArrayList<>();
- }
- Map<Layer2ClusterMatcher, Integer> clusterMatcherIds = new HashMap<>();
- for (int i = 0; i < mClusterMatchers.size(); i++) {
- clusterMatcherIds.put(mClusterMatchers.get(i), i);
- }
- mClusterMatcherIds = Collections.unmodifiableMap(clusterMatcherIds);
- // Register all cluster matchers to receive a notification whenever a new flow is encountered.
- mClusterMatchers.forEach(cm -> mFlowReassembler.addObserver(cm));
- mInclusionTimeMillis =
- inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
- }
-
- @Override
- public void gotPacket(PcapPacket packet) {
- // Forward packet processing to the flow reassembler that in turn notifies the cluster matchers as appropriate
- mFlowReassembler.gotPacket(packet);
- }
-
- @Override
- public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match) {
- // TODO: a cluster matcher found a match
- if (clusterMatcher instanceof Layer2ClusterMatcher) {
- // Add the match at the corresponding index
- mPendingMatches[mClusterMatcherIds.get(clusterMatcher)].add(match);
- checkSignatureMatch();
- }
- }
-
- public void addObserver(SignatureDetectorObserver observer) {
- mObservers.add(observer);
- }
-
- public boolean removeObserver(SignatureDetectorObserver observer) {
- return mObservers.remove(observer);
- }
-
-
- @SuppressWarnings("Duplicates")
- private void checkSignatureMatch() {
- // << Graph-based approach using Balint's idea. >>
- // This implementation assumes that the packets in the inner lists (the sequences) are ordered by asc timestamp.
-
- // There cannot be a signature match until each Layer3ClusterMatcher has found a match of its respective sequence.
- if (Arrays.stream(mPendingMatches).noneMatch(l -> l.isEmpty())) {
- // Construct the DAG
- final SimpleDirectedWeightedGraph<Vertex, DefaultWeightedEdge> graph =
- new SimpleDirectedWeightedGraph<>(DefaultWeightedEdge.class);
- // Add a vertex for each match found by all cluster matchers.
- // And maintain an array to keep track of what cluster matcher each vertex corresponds to
- final List<Vertex>[] vertices = new List[mPendingMatches.length];
- for (int i = 0; i < mPendingMatches.length; i++) {
- vertices[i] = new ArrayList<>();
- for (List<PcapPacket> sequence : mPendingMatches[i]) {
- Vertex v = new Vertex(sequence);
- vertices[i].add(v); // retain reference for later when we are to add edges
- graph.addVertex(v); // add to vertex to graph
- }
- }
- // Add dummy source and sink vertices to facilitate search.
- final Vertex source = new Vertex(null);
- final Vertex sink = new Vertex(null);
- graph.addVertex(source);
- graph.addVertex(sink);
- // The source is connected to all vertices that wrap the sequences detected by cluster matcher at index 0.
- // Note: zero cost edges as this is just a dummy link to facilitate search from a common start node.
- for (Vertex v : vertices[0]) {
- DefaultWeightedEdge edge = graph.addEdge(source, v);
- graph.setEdgeWeight(edge, 0.0);
- }
- // Similarly, all vertices that wrap the sequences detected by the last cluster matcher of the signature
- // are connected to the sink node.
- for (Vertex v : vertices[vertices.length-1]) {
- DefaultWeightedEdge edge = graph.addEdge(v, sink);
- graph.setEdgeWeight(edge, 0.0);
- }
- // Now link sequences detected by the cluster matcher at index i to sequences detected by the cluster
- // matcher at index i+1 if they obey the timestamp constraint (i.e., that the latter is later in time than
- // the former).
- for (int i = 0; i < vertices.length; i++) {
- int j = i + 1;
- if (j < vertices.length) {
- for (Vertex iv : vertices[i]) {
- PcapPacket ivLast = iv.sequence.get(iv.sequence.size()-1);
- for (Vertex jv : vertices[j]) {
- PcapPacket jvFirst = jv.sequence.get(jv.sequence.size()-1);
- if (ivLast.getTimestamp().isBefore(jvFirst.getTimestamp())) {
- DefaultWeightedEdge edge = graph.addEdge(iv, jv);
- // The weight is the duration of the i'th sequence plus the duration between the i'th
- // and i+1'th sequence.
- Duration d = Duration.
- between(iv.sequence.get(0).getTimestamp(), jvFirst.getTimestamp());
- // Unfortunately weights are double values, so must convert from long to double.
- // TODO: need nano second precision? If so, use d.toNanos().
- // TODO: risk of overflow when converting from long to double..?
- graph.setEdgeWeight(edge, Long.valueOf(d.toMillis()).doubleValue());
- }
- // Alternative version if we cannot assume that sequences are ordered by timestamp:
-// if (iv.sequence.stream().max(Comparator.comparing(PcapPacket::getTimestamp)).get()
-// .getTimestamp().isBefore(jv.sequence.stream().min(
-// Comparator.comparing(PcapPacket::getTimestamp)).get().getTimestamp())) {
-//
-// }
- }
- }
- }
- }
- // Graph construction complete, run shortest-path to find a (potential) signature match.
- DijkstraShortestPath<Vertex, DefaultWeightedEdge> dijkstra = new DijkstraShortestPath<>(graph);
- GraphPath<Vertex, DefaultWeightedEdge> shortestPath = dijkstra.getPath(source, sink);
- if (shortestPath != null) {
- // The total weight is the duration between the first packet of the first sequence and the last packet
- // of the last sequence, so we simply have to compare the weight against the timeframe that we allow
- // the signature to span. For now we just use the inclusion window we defined for training purposes.
- // Note however, that we must convert back from double to long as the weight is stored as a double in
- // JGraphT's API.
- if (((long)shortestPath.getWeight()) < mInclusionTimeMillis) {
- // There's a signature match!
- // Extract the match from the vertices
- List<List<PcapPacket>> signatureMatch = new ArrayList<>();
- for(Vertex v : shortestPath.getVertexList()) {
- if (v == source || v == sink) {
- // Skip the dummy source and sink nodes.
- continue;
- }
- signatureMatch.add(v.sequence);
- // As there is a one-to-one correspondence between vertices[] and pendingMatches[], we know that
- // the sequence we've "consumed" for index i of the matched signature is also at index i in
- // pendingMatches. We must remove it from pendingMatches so that we don't use it to construct
- // another signature match in a later call.
- mPendingMatches[signatureMatch.size()-1].remove(v.sequence);
- }
- // Declare success: notify observers
- mObservers.forEach(obs -> obs.onSignatureDetected(mSignature,
- Collections.unmodifiableList(signatureMatch)));
- }
- }
- }
- }
-
- /**
- * Encapsulates a {@code List<PcapPacket>} so as to allow the list to be used as a vertex in a graph while avoiding
- * the expensive {@link AbstractList#equals(Object)} calls when adding vertices to the graph.
- * Using this wrapper makes the incurred {@code equals(Object)} calls delegate to {@link Object#equals(Object)}
- * instead of {@link AbstractList#equals(Object)}. The net effect is a faster implementation, but the graph will not
- * recognize two lists that contain the same items--from a value and not reference point of view--as the same
- * vertex. However, this is fine for our purposes -- in fact restricting it to reference equality seems more
- * appropriate.
- */
- private static class Vertex {
- private final List<PcapPacket> sequence;
- private Vertex(List<PcapPacket> wrappedSequence) {
- sequence = wrappedSequence;
- }
- }
-}
+++ /dev/null
-package edu.uci.iotproject.detection.layer3;
-
-import edu.uci.iotproject.detection.AbstractClusterMatcher;
-import edu.uci.iotproject.detection.ClusterMatcherObserver;
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.trafficreassembly.layer3.TcpReassembler;
-import edu.uci.iotproject.analysis.TcpConversationUtils;
-import edu.uci.iotproject.io.PcapHandleReader;
-import edu.uci.iotproject.util.PrintUtils;
-import org.pcap4j.core.*;
-
-import java.time.ZoneId;
-import java.util.*;
-import java.util.stream.Collectors;
-
-import static edu.uci.iotproject.util.PcapPacketUtils.*;
-
-/**
- * Searches a traffic trace for sequences of packets "belong to" a given cluster (in other words, attempts to classify
- * traffic as pertaining to a given cluster).
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class Layer3ClusterMatcher extends AbstractClusterMatcher implements PacketListener {
-
- // Test client
- public static void main(String[] args) throws PcapNativeException, NotOpenException {
-
-// String path = "/scratch/July-2018"; // Rahmadi
- String path = "/Users/varmarken/temp/UCI IoT Project/experiments"; // Janus
- final String inputPcapFile = path + "/2018-07/dlink/dlink.wlan1.local.pcap";
- final String signatureFile = path + "/2018-07/dlink/offSignature1.sig";
-
- List<List<PcapPacket>> signature = PrintUtils.deserializeClustersFromFile(signatureFile);
- Layer3ClusterMatcher clusterMatcher = new Layer3ClusterMatcher(signature, null,
- (sig, match) -> System.out.println(
- String.format("[ !!! SIGNATURE DETECTED AT %s !!! ]",
- match.get(0).getTimestamp().atZone(ZoneId.of("America/Los_Angeles")))
- )
- );
-
- PcapHandle handle;
- try {
- handle = Pcaps.openOffline(inputPcapFile, PcapHandle.TimestampPrecision.NANO);
- } catch (PcapNativeException pne) {
- handle = Pcaps.openOffline(inputPcapFile);
- }
- PcapHandleReader reader = new PcapHandleReader(handle, p -> true, clusterMatcher);
- reader.readFromHandle();
- clusterMatcher.performDetection();
- }
-
- /**
- * The ordered directions of packets in the sequences that make up {@link #mCluster}.
- */
- private final Conversation.Direction[] mClusterMemberDirections;
-
- /**
- * For reassembling the observed traffic into TCP connections.
- */
- private final TcpReassembler mTcpReassembler = new TcpReassembler();
-
- /**
- * IP of the router's WAN port (if analyzed traffic is captured at the ISP's point of view).
- */
- private final String mRouterWanIp;
-
- /**
- * Create a {@link Layer3ClusterMatcher}.
- * @param cluster The cluster that traffic is matched against.
- * @param routerWanIp The router's WAN IP if examining traffic captured at the ISP's point of view (used for
- * determining the direction of packets).
- * @param detectionObservers Client code that wants to get notified whenever the {@link Layer3ClusterMatcher} detects that
- * (a subset of) the examined traffic is similar to the traffic that makes up
- * {@code cluster}, i.e., when the examined traffic is classified as pertaining to
- * {@code cluster}.
- */
- public Layer3ClusterMatcher(List<List<PcapPacket>> cluster, String routerWanIp,
- ClusterMatcherObserver... detectionObservers) {
- super(cluster);
- Objects.requireNonNull(detectionObservers, "detectionObservers cannot be null");
- for (ClusterMatcherObserver obs : detectionObservers) {
- addObserver(obs);
- }
- // Build the cluster members' direction sequence.
- // Note: assumes that the provided cluster was captured within the local network (routerWanIp is set to null).
- mClusterMemberDirections = getPacketDirections(cluster.get(0), null);
- /*
- * Enforce restriction on cluster members: all representatives must exhibit the same direction pattern and
- * contain the same number of packets. Note that this is a somewhat heavy operation, so it may be disabled later
- * on in favor of performance. However, it is only run once (at instantiation), so the overhead may be warranted
- * in order to ensure correctness, especially during the development/debugging phase.
- */
- if (mCluster.stream().
- anyMatch(inner -> !Arrays.equals(mClusterMemberDirections, getPacketDirections(inner, null)))) {
- throw new IllegalArgumentException(
- "cluster members must contain the same number of packets and exhibit the same packet direction " +
- "pattern"
- );
- }
- mRouterWanIp = routerWanIp;
- }
-
- @Override
- public void gotPacket(PcapPacket packet) {
- // Present packet to TCP reassembler so that it can be mapped to a connection (if it is a TCP packet).
- mTcpReassembler.gotPacket(packet);
- }
-
- /**
- * Get the cluster that describes the packet sequence that this {@link Layer3ClusterMatcher} is searching for.
- * @return the cluster that describes the packet sequence that this {@link Layer3ClusterMatcher} is searching for.
- */
- public List<List<PcapPacket>> getCluster() {
- return mCluster;
- }
-
- public void performDetection() {
- /*
- * Let's start out simple by building a version that only works for signatures that do not span across multiple
- * TCP conversations...
- */
- for (Conversation c : mTcpReassembler.getTcpConversations()) {
- if (c.isTls() && c.getTlsApplicationDataPackets().isEmpty() || !c.isTls() && c.getPackets().isEmpty()) {
- // Skip empty conversations.
- continue;
- }
- for (List<PcapPacket> signatureSequence : mCluster) {
- if (isTlsSequence(signatureSequence) != c.isTls()) {
- // We consider it a mismatch if one is a TLS application data sequence and the other is not.
- continue;
- }
- // Fetch set of packets to examine based on TLS or not.
- List<PcapPacket> cPkts = c.isTls() ? c.getTlsApplicationDataPackets() : c.getPackets();
- /*
- * Note: we embed the attempt to detect the signature sequence in a loop in order to capture those cases
- * where the same signature sequence appears multiple times in one Conversation.
- *
- * Note: since we expect all sequences that together make up the signature to exhibit the same direction
- * pattern, we can simply pass the precomputed direction array for the signature sequence so that it
- * won't have to be recomputed internally in each call to findSubsequenceInSequence().
- */
- Optional<List<PcapPacket>> match;
- while ((match = findSubsequenceInSequence(signatureSequence, cPkts, mClusterMemberDirections, null)).
- isPresent()) {
- List<PcapPacket> matchSeq = match.get();
- // Notify observers about the match.
- mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq));
- /*
- * Get the index in cPkts of the last packet in the sequence of packets that matches the searched
- * signature sequence.
- */
- int matchSeqEndIdx = cPkts.indexOf(matchSeq.get(matchSeq.size()-1));
- // We restart the search for the signature sequence immediately after that index, so truncate cPkts.
- cPkts = cPkts.stream().skip(matchSeqEndIdx + 1).collect(Collectors.toList());
- }
- }
- /*
- * TODO:
- * if no item in cluster matches, also perform a distance-based matching to cover those cases where we did
- * not manage to capture every single mutation of the sequence during training.
- *
- * Need to compute average/centroid of cluster to do so...? Compute within-cluster variance, then check if
- * distance between input conversation and cluster average/centroid is smaller than or equal to the computed
- * variance?
- */
- }
- }
-
- /**
- * Checks if {@code sequence} is a sequence of TLS packets. Note: the current implementation relies on inspection
- * of the port numbers when deciding between TLS vs. non-TLS. Therefore, only the first packet of {@code sequence}
- * is examined as it is assumed that all packets in {@code sequence} pertain to the same {@link Conversation} and
- * hence share the same set of two src/dst port numbers (albeit possibly alternating between which one is the src
- * and which one is the dst, as packets in {@code sequence} may be in alternating directions).
- * @param sequence The sequence of packets for which it is to be determined if it is a sequence of TLS packets or
- * non-TLS packets.
- * @return {@code true} if {@code sequence} is a sequence of TLS packets, {@code false} otherwise.
- */
- private boolean isTlsSequence(List<PcapPacket> sequence) {
- // NOTE: Assumes ALL packets in sequence pertain to the same TCP connection!
- PcapPacket firstPkt = sequence.get(0);
- int srcPort = getSourcePort(firstPkt);
- int dstPort = getDestinationPort(firstPkt);
- return TcpConversationUtils.isTlsPort(srcPort) || TcpConversationUtils.isTlsPort(dstPort);
- }
-
- /**
- * Examine if a given sequence of packets ({@code sequence}) contains a given shorter sequence of packets
- * ({@code subsequence}). Note: the current implementation actually searches for a substring as it does not allow
- * for interleaving packets in {@code sequence} that are not in {@code subsequence}; for example, if
- * {@code subsequence} consists of packet lengths [2, 3, 5] and {@code sequence} consists of packet lengths
- * [2, 3, 4, 5], the result will be that there is no match (because of the interleaving 4). If we are to allow
- * interleaving packets, we need a modified version of
- * <a href="https://stackoverflow.com/a/20545604/1214974">this</a>.
- *
- * @param subsequence The sequence to search for.
- * @param sequence The sequence to search.
- * @param subsequenceDirections The directions of packets in {@code subsequence} such that for all {@code i},
- * {@code subsequenceDirections[i]} is the direction of the packet returned by
- * {@code subsequence.get(i)}. May be set to {@code null}, in which this call will
- * internally compute the packet directions.
- * @param sequenceDirections The directions of packets in {@code sequence} such that for all {@code i},
- * {@code sequenceDirections[i]} is the direction of the packet returned by
- * {@code sequence.get(i)}. May be set to {@code null}, in which this call will internally
- * compute the packet directions.
- *
- * @return An {@link Optional} containing the part of {@code sequence} that matches {@code subsequence}, or an empty
- * {@link Optional} if no part of {@code sequence} matches {@code subsequence}.
- */
- private Optional<List<PcapPacket>> findSubsequenceInSequence(List<PcapPacket> subsequence,
- List<PcapPacket> sequence,
- Conversation.Direction[] subsequenceDirections,
- Conversation.Direction[] sequenceDirections) {
- if (sequence.size() < subsequence.size()) {
- // If subsequence is longer, it cannot be contained in sequence.
- return Optional.empty();
- }
- if (isTlsSequence(subsequence) != isTlsSequence(sequence)) {
- // We consider it a mismatch if one is a TLS application data sequence and the other is not.
- return Optional.empty();
- }
- // If packet directions have not been precomputed by calling code, we need to construct them.
- if (subsequenceDirections == null) {
- subsequenceDirections = getPacketDirections(subsequence, mRouterWanIp);
- }
- if (sequenceDirections == null) {
- sequenceDirections = getPacketDirections(sequence, mRouterWanIp);
- }
- int subseqIdx = 0;
- int seqIdx = 0;
- while (seqIdx < sequence.size()) {
- PcapPacket subseqPkt = subsequence.get(subseqIdx);
- PcapPacket seqPkt = sequence.get(seqIdx);
- // We only have a match if packet lengths and directions match.
- if (subseqPkt.getOriginalLength() == seqPkt.getOriginalLength() &&
- subsequenceDirections[subseqIdx] == sequenceDirections[seqIdx]) {
- // A match; advance both indices to consider next packet in subsequence vs. next packet in sequence.
- subseqIdx++;
- seqIdx++;
- if (subseqIdx == subsequence.size()) {
- // We managed to match the entire subsequence in sequence.
- // Return the sublist of sequence that matches subsequence.
- /*
- * TODO:
- * ASSUMES THE BACKING LIST (i.e., 'sequence') IS _NOT_ STRUCTURALLY MODIFIED, hence may not work
- * for live traces!
- */
- return Optional.of(sequence.subList(seqIdx - subsequence.size(), seqIdx));
- }
- } else {
- // Mismatch.
- if (subseqIdx > 0) {
- /*
- * If we managed to match parts of subsequence, we restart the search for subsequence in sequence at
- * the index of sequence where the current mismatch occurred. I.e., we must reset subseqIdx, but
- * leave seqIdx untouched.
- */
- subseqIdx = 0;
- } else {
- /*
- * First packet of subsequence didn't match packet at seqIdx of sequence, so we move forward in
- * sequence, i.e., we continue the search for subsequence in sequence starting at index seqIdx+1 of
- * sequence.
- */
- seqIdx++;
- }
- }
- }
- return Optional.empty();
- }
-
- /**
- * Given a cluster, produces a pruned version of that cluster. In the pruned version, there are no duplicate cluster
- * members. Two cluster members are considered identical if their packets lengths and packet directions are
- * identical. The resulting pruned cluster is unmodifiable (this applies to both the outermost list as well as the
- * nested lists) in order to preserve its integrity when exposed to external code (e.g., through
- * {@link #getCluster()}).
- *
- * @param cluster A cluster to prune.
- * @return The resulting pruned cluster.
- */
- @Override
- protected List<List<PcapPacket>> pruneCluster(List<List<PcapPacket>> cluster) {
- List<List<PcapPacket>> prunedCluster = new ArrayList<>();
- for (List<PcapPacket> originalClusterSeq : cluster) {
- boolean alreadyPresent = false;
- for (List<PcapPacket> prunedClusterSeq : prunedCluster) {
- Optional<List<PcapPacket>> duplicate = findSubsequenceInSequence(originalClusterSeq, prunedClusterSeq,
- mClusterMemberDirections, mClusterMemberDirections);
- if (duplicate.isPresent()) {
- alreadyPresent = true;
- break;
- }
- }
- if (!alreadyPresent) {
- prunedCluster.add(Collections.unmodifiableList(originalClusterSeq));
- }
- }
- return Collections.unmodifiableList(prunedCluster);
- }
-
- /**
- * Given a {@code List<PcapPacket>}, generate a {@code Conversation.Direction[]} such that each entry in the
- * resulting {@code Conversation.Direction[]} specifies the direction of the {@link PcapPacket} at the corresponding
- * index in the input list.
- * @param packets The list of packets for which to construct a corresponding array of packet directions.
- * @param routerWanIp The IP of the router's WAN port. This is used for determining the direction of packets when
- * the traffic is captured just outside the local network (at the ISP side of the router). Set to
- * {@code null} if {@code packets} stem from traffic captured within the local network.
- * @return A {@code Conversation.Direction[]} specifying the direction of the {@link PcapPacket} at the
- * corresponding index in {@code packets}.
- */
- private static Conversation.Direction[] getPacketDirections(List<PcapPacket> packets, String routerWanIp) {
- Conversation.Direction[] directions = new Conversation.Direction[packets.size()];
- for (int i = 0; i < packets.size(); i++) {
- PcapPacket pkt = packets.get(i);
- if (getSourceIp(pkt).equals(getDestinationIp(pkt))) {
- // Sanity check: we shouldn't be processing loopback traffic
- throw new AssertionError("loopback traffic detected");
- }
- if (isSrcIpLocal(pkt) || getSourceIp(pkt).equals(routerWanIp)) {
- directions[i] = Conversation.Direction.CLIENT_TO_SERVER;
- } else if (isDstIpLocal(pkt) || getDestinationIp(pkt).equals(routerWanIp)) {
- directions[i] = Conversation.Direction.SERVER_TO_CLIENT;
- } else {
- //throw new IllegalArgumentException("no local IP or router WAN port IP found, can't detect direction");
- }
- }
- return directions;
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.detection.layer3;
-
-import edu.uci.iotproject.analysis.TriggerTrafficExtractor;
-import edu.uci.iotproject.analysis.UserAction;
-import edu.uci.iotproject.detection.AbstractClusterMatcher;
-import edu.uci.iotproject.detection.ClusterMatcherObserver;
-import edu.uci.iotproject.io.PcapHandleReader;
-import edu.uci.iotproject.util.PrintUtils;
-import org.jgrapht.GraphPath;
-import org.jgrapht.alg.shortestpath.DijkstraShortestPath;
-import org.jgrapht.graph.DefaultWeightedEdge;
-import org.jgrapht.graph.SimpleDirectedWeightedGraph;
-import org.pcap4j.core.*;
-
-import java.time.Duration;
-import java.time.ZoneId;
-import java.time.format.DateTimeFormatter;
-import java.time.format.FormatStyle;
-import java.util.*;
-import java.util.function.Consumer;
-
-/**
- * Detects an event signature that spans one or multiple TCP connections.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class SignatureDetector implements PacketListener, ClusterMatcherObserver {
-
- // Test client
- public static void main(String[] args) throws PcapNativeException, NotOpenException {
-// if (args.length < 3) {
-// String errMsg = String.format("Usage: %s inputPcapFile onSignatureFile offSignatureFile",
-// SignatureDetector.class.getSimpleName());
-// System.out.println(errMsg);
-// return;
-// }
-// final String inputPcapFile = args[0];
-// final String onSignatureFile = args[1];
-// final String offSignatureFile = args[2];
-
- String path = "/scratch/July-2018"; // Rahmadi
-// String path = "/Users/varmarken/temp/UCI IoT Project/experiments"; // Janus
-// String path = "/home/jvarmark/iot_project/datasets"; // Hera (server)
-// String path = "/raid/varmarken/iot_project/datasets"; // Zeus (server)
-
- // No activity test
- //final String inputPcapFile = path + "/evaluation/no-activity/no-activity.wlan1.pcap";
-
- // D-Link Siren experiment
-// final String inputPcapFile = path + "/evaluation/dlink-siren/dlink-siren.data.wlan1.pcap";
-// final String inputPcapFile = path + "/evaluation/dlink-siren/dlink-siren.eth0.local.pcap";
- // D-Link Siren DEVICE signatures
-// final String onSignatureFile = path + "/2018-08/dlink-siren/onSignature-DLink-Siren-device.sig";
-// final String offSignatureFile = path + "/2018-08/dlink-siren/offSignature-DLink-Siren-device.sig";
- // D-Link Siren PHONE signatures
-// final String onSignatureFile = path + "/2018-08/dlink-siren/onSignature-DLink-Siren-phone.sig";
-// final String offSignatureFile = path + "/2018-08/dlink-siren/offSignature-DLink-Siren-phone.sig";
- // TODO: EXPERIMENT - November 19, 2018
- // Hue Bulb experiment
-// final String inputPcapFile = path + "/2018-08/hue-bulb/hue-bulb.wlan1.local.pcap";
- // Hue Bulb PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/hue-bulb/signatures/hue-bulb-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/hue-bulb/signatures/hue-bulb-offSignature-phone-side.sig";
-
- /*
- // Kwikset Doorlock Sep 12 experiment
-// final String inputPcapFile = path + "/evaluation/kwikset-doorlock/kwikset-doorlock.data.wlan1.pcap";
- final String inputPcapFile = path + "/evaluation/kwikset-doorlock/kwikset-doorlock.data.eth0.pcap";
-// // Kwikset Doorlock PHONE signatures
- final String onSignatureFile = path + "/2018-08/kwikset-doorlock/onSignature-Kwikset-Doorlock-phone-new.sig";
- final String offSignatureFile = path + "/2018-08/kwikset-doorlock/offSignature-Kwikset-Doorlock-phone-new.sig";
- */
-
- // D-Link Plug experiment
- //final String inputPcapFile = path + "/evaluation/dlink/dlink-plug.data.wlan1.pcap";
-// final String inputPcapFile = path + "/evaluation/dlink/dlink-plug.data.eth0.pcap";
-
- // D-Link Plug DEVICE signatures
-// final String onSignatureFile = path + "/2018-07/dlink/onSignature-DLink-Plug-device.sig";
-// final String offSignatureFile = path + "/2018-07/dlink/offSignature-DLink-Plug-device.sig";
- // D-Link Plug PHONE signatures
-// final String onSignatureFile = path + "/2018-07/dlink/onSignature-DLink-Plug-phone.sig";
-// final String offSignatureFile = path + "/2018-07/dlink/offSignature-DLink-Plug-phone.sig";
-
- // TODO: The following are negative tests against the PCAP file from UNSW
-// final String inputPcapFile = path + "/UNSW/16-10-04.pcap"; // TODO: Seems to be broken! Zero-payload!
-// final String inputPcapFile = path + "/UNSW/16-10-12.pcap";
-
-// final String inputPcapFile = path + "/UNSW/16-09-28.pcap"; // TODO: Seems to be broken! Zero-payload!
-// final String inputPcapFile = path + "/UNSW/16-10-02.pcap"; // TODO: Seems to be broken!
-// final String inputPcapFile = path + "/UNSW/16-10-03.pcap"; // TODO: Seems to be broken!
-// final String inputPcapFile = path + "/UNSW/16-10-04-a.pcap"; // TODO: Seems to be broken! Zero-payload!
-// final String inputPcapFile = path + "/UNSW/16-10-04-b.pcap"; // TODO: Seems to be broken! Zero-payload!
-// final String inputPcapFile = path + "/UNSW/16-10-07.pcap"; // TODO: Seems to be broken!
-// final String inputPcapFile = path + "/UNSW/16-10-08.pcap"; // TODO: Seems to be broken!
-// final String inputPcapFile = path + "/UNSW/16-10-09.pcap"; // TODO: Seems to be broken!
-// final String inputPcapFile = path + "/UNSW/16-10-10.pcap"; // TODO: Seems to be broken!
-// final String inputPcapFile = path + "/UNSW/16-10-11.pcap"; // TODO: Seems to be broken!
- // TODO: The following one is very long!!! - Split into smaller files!
-// final String inputPcapFile = path + "/UNSW/16-10-12-a.pcap";
-// final String inputPcapFile = path + "/UNSW/16-10-12-b.pcap";
-// final String inputPcapFile = path + "/UNSW/16-10-12-c.pcap";
-// final String inputPcapFile = path + "/UNSW/16-10-12-d.pcap";
-
-// final String inputPcapFile = path + "/UNSW/16-09-23.pcap";
-// final String inputPcapFile = path + "/UNSW/16-09-24.pcap";
-// final String inputPcapFile = path + "/UNSW/16-09-25.pcap";
-// final String inputPcapFile = path + "/UNSW/16-09-26.pcap";
-// final String inputPcapFile = path + "/UNSW/16-09-27.pcap";
-// final String inputPcapFile = path + "/UNSW/16-09-29.pcap";
-// final String inputPcapFile = path + "/UNSW/16-10-01.pcap";
-// final String inputPcapFile = path + "/UNSW/16-10-06.pcap";
- // Negative test: dataset from UNB
-// final String inputPcapFile = path + "/evaluation/negative-datasets/UNB/Monday-WorkingHours_one-local-endpoint-001.pcap";
-
- // TODO: The following are tests for signatures against training data
-
- // D-Link Plug experiment
-// final String inputPcapFile = path + "/training/dlink-plug/wlan1/dlink-plug.wlan1.local.pcap";
- // D-Link Plug DEVICE signatures
-// final String onSignatureFile = path + "/training/dlink-plug/signatures/dlink-plug-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/training/dlink-plug/signatures/dlink-plug-offSignature-device-side.sig";
- // D-Link Plug PHONE signatures
-// final String onSignatureFile = path + "/training/dlink-plug/signatures/dlink-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/training/dlink-plug/signatures/dlink-plug-offSignature-phone-side.sig";
-
- // TODO: EXPERIMENT - November 7, 2018
- // D-Link Plug experiment
- //final String inputPcapFile = path + "/experimental_result/standalone/dlink-plug/wlan1/dlink-plug.wlan1.local.pcap";
- //final String inputPcapFile = path + "/experimental_result/smarthome/dlink-plug/wlan1/dlink-plug.wlan1.detection.pcap";
- //final String inputPcapFile = path + "/experimental_result/smarthome/dlink-plug/eth0/dlink-plug.eth0.detection.pcap";
- // D-Link Plug DEVICE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/dlink-plug/signatures/dlink-plug-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/dlink-plug/signatures/dlink-plug-offSignature-device-side.sig";
- // D-Link Plug PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/dlink-plug/signatures/dlink-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/dlink-plug/signatures/dlink-plug-offSignature-phone-side.sig";
-
- // TODO: EXPERIMENT - November 9, 2018
- // D-Link Siren experiment
- //final String inputPcapFile = path + "/experimental_result/standalone/dlink-siren/wlan1/dlink-siren.wlan1.local.pcap";
- //final String inputPcapFile = path + "/experimental_result/smarthome/dlink-siren/wlan1/dlink-siren.wlan1.detection.pcap";
-// final String inputPcapFile = path + "/experimental_result/smarthome/dlink-siren/eth0/dlink-siren.eth0.detection.pcap";
- // D-Link Siren DEVICE signatures
- // TODO: The device signature does not have pairs---only one packet which is 216, so we don't consider this as a signature
-// final String onSignatureFile = path + "/experimental_result/standalone/dlink-siren/signatures/dlink-siren-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/dlink-siren/signatures/dlink-siren-offSignature-device-side.sig";
- // D-Link Siren PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/dlink-siren/signatures/dlink-siren-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/dlink-siren/signatures/dlink-siren-offSignature-phone-side.sig";
-// final String onSignatureFile = path + "/training/signatures/dlink-siren/dlink-siren-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/training/signatures/dlink-siren/dlink-siren-offSignature-phone-side.sig";
-
- // TP-Link Plug experiment
-//// final String inputPcapFile = path + "/training/tplink-plug/wlan1/tplink-plug.wlan1.local.pcap";
-//// final String inputPcapFile = path + "/experimental_result/wifi-Sniffer/tests2/airtool_2019-01-04_11.08.45.AM.pcap";
-// final String inputPcapFile = path + "/experimental_result/wifi-Sniffer/tests2/command-frames-only.pcap";
-// // TP-Link Plug DEVICE signatures
-// final String onSignatureFile = path + "/training/tplink-plug/signatures/tplink-plug-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/training/tplink-plug/signatures/tplink-plug-offSignature-device-side.sig";
- // TODO: EXPERIMENT - November 8, 2018
- // TP-Link Plug experiment
-// final String inputPcapFile = path + "/experimental_result/standalone/tplink-plug/wlan1/tplink-plug.wlan1.local.pcap";
-// final String inputPcapFile = path + "/experimental_result/standalone/tplink-plug/eth0/tplink-plug.eth0.local.pcap";
-// final String inputPcapFile = path + "/experimental_result/smarthome/tplink-plug/wlan1/tplink-plug.wlan1.detection.pcap";
- //final String inputPcapFile = path + "/experimental_result/smarthome/tplink-plug/eth0/tplink-plug.eth0.detection.pcap";
- // TP-Link Plug DEVICE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-offSignature-device-side.sig";
-// final String onSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-onSignature-device-side-outbound.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-offSignature-device-side-outbound.sig";
- // TP-Link Plug PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/tplink-plug/signatures/tplink-plug-offSignature-phone-side.sig";
-
- // Arlo camera experiment
-// final String inputPcapFile = path + "/training/arlo-camera/wlan1/arlo-camera.wlan1.local.pcap";
-//// // TP-Link Plug DEVICE signatures
-// final String onSignatureFile = path + "/training/arlo-camera/signatures/arlo-camera-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/training/arlo-camera/signatures/arlo-camera-offSignature-phone-side.sig";
- // TODO: EXPERIMENT - November 13, 2018
- // Arlo Camera experiment
-// final String inputPcapFile = path + "/experimental_result/standalone/arlo-camera/wlan1/arlo-camera.wlan1.local.pcap";
-// final String inputPcapFile = path + "/experimental_result/standalone/arlo-camera/eth0/arlo-camera.eth0.local.pcap";
-// final String inputPcapFile = path + "/experimental_result/smarthome/arlo-camera/wlan1/arlo-camera.wlan1.detection.pcap";
-// final String inputPcapFile = path + "/experimental_result/smarthome/arlo-camera/eth0/arlo-camera.eth0.detection.pcap";
-// final String inputPcapFile = path + "/training/arlo-camera/eth0/arlo-camera.eth0.local.pcap";
- // Arlo Camera PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/arlo-camera/signatures/arlo-camera-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/arlo-camera/signatures/arlo-camera-offSignature-phone-side.sig";
-
- // Amazon Alexa experiment
-// final String inputPcapFile = path + "/training/amazon-alexa/wlan1/alexa2.wlan1.local.pcap";
-// // TP-Link Plug DEVICE signatures
-// final String onSignatureFile = path + "/training/amazon-alexa/signatures/amazon-alexa-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/training/amazon-alexa/signatures/amazon-alexa-offSignature-device-side.sig";
-
- // SmartThings Plug experiment
-// final String inputPcapFile = path + "/training/st-plug/wlan1/st-plug.wlan1.local.pcap";
-// // SmartThings Plug DEVICE signatures
-// //final String onSignatureFile = path + "/training/st-plug/signatures/st-plug-onSignature-device-side.sig";
-// //final String offSignatureFile = path + "/training/st-plug/signatures/st-plug-offSignature-device-side.sig";
-// // SmartThings Plug PHONE signatures
-// final String onSignatureFile = path + "/training/st-plug/signatures/st-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/training/st-plug/signatures/st-plug-offSignature-phone-side.sig";
- // TODO: EXPERIMENT - November 12, 2018
- // SmartThings Plug experiment
-// final String inputPcapFile = path + "/experimental_result/standalone/st-plug/wlan1/st-plug.wlan1.local.pcap";
-// final String inputPcapFile = path + "/experimental_result/standalone/st-plug/eth0/st-plug.eth0.local.pcap";
-// //final String inputPcapFile = path + "/experimental_result/smarthome/st-plug/wlan1/st-plug.wlan1.detection.pcap";
-// final String inputPcapFile = path + "/experimental_result/smarthome/st-plug/eth0/st-plug.eth0.detection.pcap";
-// // SmartThings Plug PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/st-plug/signatures/st-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/st-plug/signatures/st-plug-offSignature-phone-side.sig";
-// final String onSignatureFile = path + "/training/signatures/st-plug/st-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/training/signatures/st-plug/st-plug-offSignature-phone-side.sig";
-
- // TODO: EXPERIMENT - January 9, 2018
- // Blossom Sprinkler experiment
-// final String inputPcapFile = path + "/experimental_result/standalone/blossom-sprinkler/wlan1/blossom-sprinkler.wlan1.local.pcap";
- final String inputPcapFile = path + "/experimental_result/smarthome/blossom-sprinkler/eth0/blossom-sprinkler.eth0.detection.pcap";
-// final String inputPcapFile = path + "/experimental_result/smarthome/blossom-sprinkler/wlan1/blossom-sprinkler.wlan1.detection.pcap";
- // Blossom Sprinkler DEVICE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/blossom-sprinkler/signatures/blossom-sprinkler-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/blossom-sprinkler/signatures/blossom-sprinkler-offSignature-device-side.sig";
- // Blossom Sprinkler PHONE signatures
- final String onSignatureFile = path + "/experimental_result/standalone/blossom-sprinkler/signatures/blossom-sprinkler-onSignature-phone-side.sig";
- final String offSignatureFile = path + "/experimental_result/standalone/blossom-sprinkler/signatures/blossom-sprinkler-offSignature-phone-side.sig";
-
- // LiFX Bulb experiment
-// final String inputPcapFile = path + "/training/lifx-bulb/wlan1/lifx-bulb.wlan1.local.pcap";
-// // LiFX Bulb DEVICE signatures
-// final String onSignatureFile = path + "/training/lifx-bulb/signatures/lifx-bulb-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/training/lifx-bulb/signatures/lifx-bulb-offSignature-device-side.sig";
- // LiFX Bulb PHONE signatures
-// final String onSignatureFile = path + "/training/lifx-bulb/signatures/lifx-bulb-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/training/lifx-bulb/signatures/lifx-bulb-offSignature-phone-side.sig";
-
- // Blossom Sprinkler experiment
-// //final String inputPcapFile = path + "/training/blossom-sprinkler/wlan1/blossom-sprinkler.wlan1.local.pcap";
-// final String inputPcapFile = path + "/2018-08/blossom/blossom.wlan1.local.pcap";
-// //final String inputPcapFile = path + "/training/blossom-sprinkler/eth0/blossom-sprinkler.eth0.local.pcap";
-// // Blossom Sprinkler DEVICE signatures
-// final String onSignatureFile = path + "/training/blossom-sprinkler/signatures/blossom-sprinkler-onSignature-device-side.sig";
-// final String offSignatureFile = path + "/training/blossom-sprinkler/signatures/blossom-sprinkler-offSignature-device-side.sig";
-
- // Nest Thermostat experiment
-// final String inputPcapFile = path + "/training/nest-thermostat/wlan1/nest-thermostat.wlan1.local.pcap";
-// // Nest Thermostat DEVICE signatures
-//// final String onSignatureFile = path + "/training/nest-thermostat/signatures/nest-thermostat-onSignature-device-side.sig";
-//// final String offSignatureFile = path + "/training/nest-thermostat/signatures/nest-thermostat-offSignature-device-side.sig";
-// // Nest Thermostat PHONE signatures
-// final String onSignatureFile = path + "/training/nest-thermostat/signatures/nest-thermostat-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/training/nest-thermostat/signatures/nest-thermostat-offSignature-phone-side.sig";
- // TODO: EXPERIMENT - November 15, 2018
- // Nest Thermostat experiment
-// final String inputPcapFile = path + "/experimental_result/standalone/nest-thermostat/wlan1/nest-thermostat.wlan1.local.pcap";
-//// final String inputPcapFile = path + "/experimental_result/standalone/nest-thermostat/eth0/nest-thermostat.eth0.local.pcap";
-//// final String inputPcapFile = path + "/experimental_result/smarthome/nest-thermostat/wlan1/nest-thermostat.wlan1.detection.pcap";
-// final String inputPcapFile = path + "/experimental_result/smarthome/nest-thermostat/eth0/nest-thermostat.eth0.detection.pcap";
-//// // Nest Thermostat PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/nest-thermostat/signatures/nest-thermostat-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/nest-thermostat/signatures/nest-thermostat-offSignature-phone-side.sig";
-
- /*
- // Hue Bulb experiment
- final String inputPcapFile = path + "/training/hue-bulb/wlan1/hue-bulb.wlan1.local.pcap";
- // Hue Bulb PHONE signatures
- final String onSignatureFile = path + "/training/hue-bulb/signatures/hue-bulb-onSignature-phone-side.sig";
- final String offSignatureFile = path + "/training/hue-bulb/signatures/hue-bulb-offSignature-phone-side.sig";
- */
-
-
-
- // TP-Link Bulb experiment
-// final String inputPcapFile = path + "/training/tplink-bulb/wlan1/tplink-bulb.wlan1.local.pcap";
-// // TP-Link Bulb PHONE signatures
-// final String onSignatureFile = path + "/training/tplink-bulb/signatures/tplink-bulb-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/training/tplink-bulb/signatures/tplink-bulb-offSignature-phone-side.sig";
- // TODO: EXPERIMENT - November 16, 2018
- // TP-Link Bulb experiment
-// final String inputPcapFile = path + "/experimental_result/standalone/tplink-bulb/wlan1/tplink-bulb.wlan1.local.pcap";
-// final String inputPcapFile = path + "/experimental_result/standalone/tplink-bulb/eth0/tplink-bulb.eth0.local.pcap";
-// final String inputPcapFile = path + "/experimental_result/smarthome/tplink-bulb/wlan1/tplink-bulb.wlan1.detection.pcap";
-//// final String inputPcapFile = path + "/experimental_result/smarthome/tplink-bulb/eth0/tplink-bulb.eth0.detection.pcap";
-// // TP-Link Bulb PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/tplink-bulb/signatures/tplink-bulb-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/tplink-bulb/signatures/tplink-bulb-offSignature-phone-side.sig";
-
- /*
- // WeMo Plug experiment
- final String inputPcapFile = path + "/training/wemo-plug/wlan1/wemo-plug.wlan1.local.pcap";
- // WeMo Plug PHONE signatures
- final String onSignatureFile = path + "/training/wemo-plug/signatures/wemo-plug-onSignature-device-side.sig";
- final String offSignatureFile = path + "/training/wemo-plug/signatures/wemo-plug-offSignature-device-side.sig";
- */
- // TODO: EXPERIMENT - November 20, 2018
- // WeMo Plug experiment
-// final String inputPcapFile = path + "/experimental_result/standalone/wemo-plug/wlan1/wemo-plug.wlan1.local.pcap";
-// final String inputPcapFile = path + "/experimental_result/standalone/wemo-plug/eth0/wemo-plug.eth0.local.pcap";
- // TODO: WE HAVE 4 ADDITIONAL EVENTS (TRIGGERED MANUALLY), SO WE JUST IGNORE THEM BECAUSE THEY HAPPENED BEFORE
- // TODO: THE ACTUAL TRIGGERS
-// final String inputPcapFile = path + "/experimental_result/smarthome/wemo-plug/wlan1/wemo-plug.wlan1.detection.pcap";
-//// final String inputPcapFile = path + "/experimental_result/smarthome/wemo-plug/eth0/wemo-plug.eth0.detection.pcap";
-// // WeMo Plug PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/wemo-plug/signatures/wemo-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/wemo-plug/signatures/wemo-plug-offSignature-phone-side.sig";
-
- /*
- // WeMo Insight Plug experiment
- final String inputPcapFile = path + "/training/wemo-insight-plug/wlan1/wemo-insight-plug.wlan1.local.pcap";
- // WeMo Insight Plug PHONE signatures
- final String onSignatureFile = path + "/training/wemo-insight-plug/signatures/wemo-insight-plug-onSignature-device-side.sig";
- final String offSignatureFile = path + "/training/wemo-insight-plug/signatures/wemo-insight-plug-offSignature-device-side.sig";
- */
- // TODO: EXPERIMENT - November 21, 2018
- // WeMo Insight Plug experiment
-// final String inputPcapFile = path + "/experimental_result/standalone/wemo-insight-plug/wlan1/wemo-insight-plug.wlan1.local.pcap";
-// final String inputPcapFile = path + "/experimental_result/standalone/wemo-insight-plug/eth0/wemo-insight-plug.eth0.local.pcap";
- // TODO: WE HAVE 1 ADDITIONAL EVENT (FROM WEMO PLUG)
-// final String inputPcapFile = path + "/experimental_result/smarthome/wemo-insight-plug/wlan1/wemo-insight-plug.wlan1.detection.pcap";
-// final String inputPcapFile = path + "/experimental_result/smarthome/wemo-insight-plug/eth0/wemo-insight-plug.eth0.detection.pcap";
- // WeMo Insight Plug PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/wemo-insight-plug/signatures/wemo-insight-plug-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/wemo-insight-plug/signatures/wemo-insight-plug-offSignature-phone-side.sig";
-
-
- // Kwikset Doorlock Sep 12 experiment
-// final String inputPcapFile = path + "/2018-08/kwikset-doorlock/kwikset3.wlan1.local.pcap";
-// // Kwikset Doorlock PHONE signatures
-// final String onSignatureFile = path + "/2018-08/kwikset-doorlock/onSignature-Kwikset-Doorlock-phone.sig";
-// final String offSignatureFile = path + "/2018-08/kwikset-doorlock/offSignature-Kwikset-Doorlock-phone.sig";
- // TODO: EXPERIMENT - November 10, 2018
- // Kwikset Door lock experiment
-// final String inputPcapFile = path + "/experimental_result/standalone/kwikset-doorlock/wlan1/kwikset-doorlock.wlan1.local.pcap";
-// //final String inputPcapFile = path + "/experimental_result/smarthome/kwikset-doorlock/wlan1/kwikset-doorlock.wlan1.detection.pcap";
-// final String inputPcapFile = path + "/experimental_result/smarthome/kwikset-doorlock/eth0/kwikset-doorlock.eth0.detection.pcap";
-//// // Kwikset Door lock PHONE signatures
-// final String onSignatureFile = path + "/experimental_result/standalone/kwikset-doorlock/signatures/kwikset-doorlock-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/experimental_result/standalone/kwikset-doorlock/signatures/kwikset-doorlock-offSignature-phone-side.sig";
-// final String onSignatureFile = path + "/training/signatures/kwikset-doorlock/kwikset-doorlock-onSignature-phone-side.sig";
-// final String offSignatureFile = path + "/training/signatures/kwikset-doorlock/kwikset-doorlock-offSignature-phone-side.sig";
-
-
-
- // D-Link Siren experiment
-// final String inputPcapFile = path + "/2018-08/dlink-siren/dlink-siren.wlan1.local.pcap";
- // D-Link Siren DEVICE signatures
- //final String onSignatureFile = path + "/2018-08/dlink-siren/onSignature-DLink-Siren-device.sig";
- //final String offSignatureFile = path + "/2018-08/dlink-siren/offSignature-DLink-Siren-device.sig";
- // D-Link Siren PHONE signatures
-// final String onSignatureFile = path + "/2018-08/dlink-siren/onSignature-DLink-Siren-phone.sig";
-// final String offSignatureFile = path + "/2018-08/dlink-siren/offSignature-DLink-Siren-phone.sig";
-
-
- // Output file names used (to make it easy to catch if one forgets to change them)
- System.out.println("ON signature file in use is " + onSignatureFile);
- System.out.println("OFF signature file in use is " + offSignatureFile);
- System.out.println("PCAP file that is the target of detection is " + inputPcapFile);
-
- List<List<List<PcapPacket>>> onSignature = PrintUtils.deserializeSignatureFromFile(onSignatureFile);
- List<List<List<PcapPacket>>> offSignature = PrintUtils.deserializeSignatureFromFile(offSignatureFile);
-
- // LAN
-// SignatureDetector onDetector = new SignatureDetector(onSignature, null);
-// SignatureDetector offDetector = new SignatureDetector(offSignature, null);
- // WAN
- SignatureDetector onDetector = new SignatureDetector(onSignature, "128.195.205.105", 0);
- SignatureDetector offDetector = new SignatureDetector(offSignature, "128.195.205.105", 0);
-
- final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofLocalizedDateTime(FormatStyle.MEDIUM).
- withLocale(Locale.US).withZone(ZoneId.of("America/Los_Angeles"));
-
- // Outputs information about a detected event to std.out
- final Consumer<UserAction> outputter = ua -> {
- String eventDescription;
- switch (ua.getType()) {
- case TOGGLE_ON:
- eventDescription = "ON";
- break;
- case TOGGLE_OFF:
- eventDescription = "OFF";
- break;
- default:
- throw new AssertionError("unhandled event type");
- }
- //String output = String.format("[ !!! %s SIGNATURE DETECTED at %s !!! ]",
- // eventDescription, dateTimeFormatter.format(ua.getTimestamp()));
- String output = String.format("%s",
- dateTimeFormatter.format(ua.getTimestamp()));
- System.out.println(output);
- };
-
- // Let's create observers that construct a UserAction representing the detected event.
- final List<UserAction> detectedEvents = new ArrayList<>();
- onDetector.addObserver((searched, match) -> {
- PcapPacket firstPkt = match.get(0).get(0);
- detectedEvents.add(new UserAction(UserAction.Type.TOGGLE_ON, firstPkt.getTimestamp()));
- });
- offDetector.addObserver((searched, match) -> {
- PcapPacket firstPkt = match.get(0).get(0);
- detectedEvents.add(new UserAction(UserAction.Type.TOGGLE_OFF, firstPkt.getTimestamp()));
- });
-
- PcapHandle handle;
- try {
- handle = Pcaps.openOffline(inputPcapFile, PcapHandle.TimestampPrecision.NANO);
- } catch (PcapNativeException pne) {
- handle = Pcaps.openOffline(inputPcapFile);
- }
- PcapHandleReader reader = new PcapHandleReader(handle, p -> true, onDetector, offDetector);
- reader.readFromHandle();
-
- // TODO: need a better way of triggering detection than this...
- onDetector.mClusterMatchers.forEach(cm -> cm.performDetection());
- offDetector.mClusterMatchers.forEach(cm -> cm.performDetection());
-
- // Sort the list of detected events by timestamp to make it easier to compare it line-by-line with the trigger
- // times file.
- Collections.sort(detectedEvents, Comparator.comparing(UserAction::getTimestamp));
-
- // Output the detected events
- detectedEvents.forEach(outputter);
-
- System.out.println("Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
- detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count());
- System.out.println("Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
- detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count());
-
-
- // TODO: Temporary clean up until we clean the pipeline
-// List<UserAction> cleanedDetectedEvents = SignatureDetector.removeDuplicates(detectedEvents);
-// cleanedDetectedEvents.forEach(outputter);
- }
-
- /**
- * The signature that this {@link SignatureDetector} is searching for.
- */
- private final List<List<List<PcapPacket>>> mSignature;
-
- /**
- * The {@link Layer3ClusterMatcher}s in charge of detecting each individual sequence of packets that together make up the
- * the signature.
- */
- private final List<Layer3ClusterMatcher> mClusterMatchers;
-
- /**
- * For each {@code i} ({@code i >= 0 && i < pendingMatches.length}), {@code pendingMatches[i]} holds the matches
- * found by the {@link Layer3ClusterMatcher} at {@code mClusterMatchers.get(i)} that have yet to be "consumed", i.e.,
- * have yet to be included in a signature detected by this {@link SignatureDetector} (a signature can be encompassed
- * of multiple packet sequences occurring shortly after one another on multiple connections).
- */
- private final List<List<PcapPacket>>[] pendingMatches;
-
- /**
- * Maps a {@link Layer3ClusterMatcher} to its corresponding index in {@link #pendingMatches}.
- */
- private final Map<Layer3ClusterMatcher, Integer> mClusterMatcherIds;
-
- private final List<SignatureDetectionObserver> mObservers = new ArrayList<>();
-
- private int mInclusionTimeMillis;
-
- /**
- * Remove duplicates in {@code List} of {@code UserAction} objects. We need to clean this up for user actions
- * that appear multiple times.
- * TODO: This static method is probably just for temporary and we could get rid of this after we clean up
- * TODO: the pipeline
- *
- * @param listUserAction A {@link List} of {@code UserAction}.
- *
- */
- public static List<UserAction> removeDuplicates(List<UserAction> listUserAction) {
-
- // Iterate and check for duplicates (check timestamps)
- Set<Long> epochSecondSet = new HashSet<>();
- // Create a target list for cleaned up list
- List<UserAction> listUserActionClean = new ArrayList<>();
- for(UserAction userAction : listUserAction) {
- // Don't insert if any duplicate is found
- if(!epochSecondSet.contains(userAction.getTimestamp().getEpochSecond())) {
- listUserActionClean.add(userAction);
- epochSecondSet.add(userAction.getTimestamp().getEpochSecond());
- }
- }
- return listUserActionClean;
- }
-
- public SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, String routerWanIp, int inclusionTimeMillis) {
- // note: doesn't protect inner lists from changes :'(
- mSignature = Collections.unmodifiableList(searchedSignature);
- // Generate corresponding/appropriate ClusterMatchers based on the provided signature
- List<Layer3ClusterMatcher> clusterMatchers = new ArrayList<>();
- for (List<List<PcapPacket>> cluster : mSignature) {
- clusterMatchers.add(new Layer3ClusterMatcher(cluster, routerWanIp, this));
- }
- mClusterMatchers = Collections.unmodifiableList(clusterMatchers);
-
- // < exploratory >
- pendingMatches = new List[mClusterMatchers.size()];
- for (int i = 0; i < pendingMatches.length; i++) {
- pendingMatches[i] = new ArrayList<>();
- }
- Map<Layer3ClusterMatcher, Integer> clusterMatcherIds = new HashMap<>();
- for (int i = 0; i < mClusterMatchers.size(); i++) {
- clusterMatcherIds.put(mClusterMatchers.get(i), i);
- }
- mClusterMatcherIds = Collections.unmodifiableMap(clusterMatcherIds);
- mInclusionTimeMillis =
- inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
- }
-
- public void addObserver(SignatureDetectionObserver observer) {
- mObservers.add(observer);
- }
-
- public boolean removeObserver(SignatureDetectionObserver observer) {
- return mObservers.remove(observer);
- }
-
- @Override
- public void gotPacket(PcapPacket packet) {
- // simply delegate packet reception to all ClusterMatchers.
- mClusterMatchers.forEach(cm -> cm.gotPacket(packet));
- }
-
- @Override
- public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match) {
- // Add the match at the corresponding index
- pendingMatches[mClusterMatcherIds.get(clusterMatcher)].add(match);
- checkSignatureMatch();
- }
-
- private void checkSignatureMatch() {
- // << Graph-based approach using Balint's idea. >>
- // This implementation assumes that the packets in the inner lists (the sequences) are ordered by asc timestamp.
-
- // There cannot be a signature match until each Layer3ClusterMatcher has found a match of its respective sequence.
- if (Arrays.stream(pendingMatches).noneMatch(l -> l.isEmpty())) {
- // Construct the DAG
- final SimpleDirectedWeightedGraph<Vertex, DefaultWeightedEdge> graph =
- new SimpleDirectedWeightedGraph<>(DefaultWeightedEdge.class);
- // Add a vertex for each match found by all ClusterMatchers
- // And maintain an array to keep track of what cluster matcher each vertex corresponds to
- final List<Vertex>[] vertices = new List[pendingMatches.length];
- for (int i = 0; i < pendingMatches.length; i++) {
- vertices[i] = new ArrayList<>();
- for (List<PcapPacket> sequence : pendingMatches[i]) {
- Vertex v = new Vertex(sequence);
- vertices[i].add(v); // retain reference for later when we are to add edges
- graph.addVertex(v); // add to vertex to graph
- }
- }
- // Add dummy source and sink vertices to facilitate search.
- final Vertex source = new Vertex(null);
- final Vertex sink = new Vertex(null);
- graph.addVertex(source);
- graph.addVertex(sink);
- // The source is connected to all vertices that wrap the sequences detected by Layer3ClusterMatcher at index 0.
- // Note: zero cost edges as this is just a dummy link to facilitate search from a common start node.
- for (Vertex v : vertices[0]) {
- DefaultWeightedEdge edge = graph.addEdge(source, v);
- graph.setEdgeWeight(edge, 0.0);
- }
- // Similarly, all vertices that wrap the sequences detected by the last Layer3ClusterMatcher of the signature
- // are connected to the sink node.
- for (Vertex v : vertices[vertices.length-1]) {
- DefaultWeightedEdge edge = graph.addEdge(v, sink);
- graph.setEdgeWeight(edge, 0.0);
- }
- // Now link sequences detected by Layer3ClusterMatcher at index i to sequences detected by Layer3ClusterMatcher at index
- // i+1 if they obey the timestamp constraint (i.e., that the latter is later in time than the former).
- for (int i = 0; i < vertices.length; i++) {
- int j = i + 1;
- if (j < vertices.length) {
- for (Vertex iv : vertices[i]) {
- PcapPacket ivLast = iv.sequence.get(iv.sequence.size()-1);
- for (Vertex jv : vertices[j]) {
- PcapPacket jvFirst = jv.sequence.get(jv.sequence.size()-1);
- if (ivLast.getTimestamp().isBefore(jvFirst.getTimestamp())) {
- DefaultWeightedEdge edge = graph.addEdge(iv, jv);
- // The weight is the duration of the i'th sequence plus the duration between the i'th
- // and i+1'th sequence.
- Duration d = Duration.
- between(iv.sequence.get(0).getTimestamp(), jvFirst.getTimestamp());
- // Unfortunately weights are double values, so must convert from long to double.
- // TODO: need nano second precision? If so, use d.toNanos().
- // TODO: risk of overflow when converting from long to double..?
- graph.setEdgeWeight(edge, Long.valueOf(d.toMillis()).doubleValue());
- }
- // Alternative version if we cannot assume that sequences are ordered by timestamp:
-// if (iv.sequence.stream().max(Comparator.comparing(PcapPacket::getTimestamp)).get()
-// .getTimestamp().isBefore(jv.sequence.stream().min(
-// Comparator.comparing(PcapPacket::getTimestamp)).get().getTimestamp())) {
-//
-// }
- }
- }
- }
- }
- // Graph construction complete, run shortest-path to find a (potential) signature match.
- DijkstraShortestPath<Vertex, DefaultWeightedEdge> dijkstra = new DijkstraShortestPath<>(graph);
- GraphPath<Vertex, DefaultWeightedEdge> shortestPath = dijkstra.getPath(source, sink);
- if (shortestPath != null) {
- // The total weight is the duration between the first packet of the first sequence and the last packet
- // of the last sequence, so we simply have to compare the weight against the timeframe that we allow
- // the signature to span. For now we just use the inclusion window we defined for training purposes.
- // Note however, that we must convert back from double to long as the weight is stored as a double in
- // JGraphT's API.
- if (((long)shortestPath.getWeight()) < mInclusionTimeMillis) {
- // There's a signature match!
- // Extract the match from the vertices
- List<List<PcapPacket>> signatureMatch = new ArrayList<>();
- for(Vertex v : shortestPath.getVertexList()) {
- if (v == source || v == sink) {
- // Skip the dummy source and sink nodes.
- continue;
- }
- signatureMatch.add(v.sequence);
- // As there is a one-to-one correspondence between vertices[] and pendingMatches[], we know that
- // the sequence we've "consumed" for index i of the matched signature is also at index i in
- // pendingMatches. We must remove it from pendingMatches so that we don't use it to construct
- // another signature match in a later call.
- pendingMatches[signatureMatch.size()-1].remove(v.sequence);
- }
- // Declare success: notify observers
- mObservers.forEach(obs -> obs.onSignatureDetected(mSignature,
- Collections.unmodifiableList(signatureMatch)));
- }
- }
- }
- }
-
- /**
- * Used for registering for notifications of signatures detected by a {@link SignatureDetector}.
- */
- interface SignatureDetectionObserver {
-
- /**
- * Invoked when the {@link SignatureDetector} detects the presence of a signature in the traffic that it's
- * examining.
- * @param searchedSignature The signature that the {@link SignatureDetector} reporting the match is searching
- * for.
- * @param matchingTraffic The actual traffic trace that matches the searched signature.
- */
- void onSignatureDetected(List<List<List<PcapPacket>>> searchedSignature,
- List<List<PcapPacket>> matchingTraffic);
- }
-
- /**
- * Encapsulates a {@code List<PcapPacket>} so as to allow the list to be used as a vertex in a graph while avoiding
- * the expensive {@link AbstractList#equals(Object)} calls when adding vertices to the graph.
- * Using this wrapper makes the incurred {@code equals(Object)} calls delegate to {@link Object#equals(Object)}
- * instead of {@link AbstractList#equals(Object)}. The net effect is a faster implementation, but the graph will not
- * recognize two lists that contain the same items--from a value and not reference point of view--as the same
- * vertex. However, this is fine for our purposes -- in fact restricting it to reference equality seems more
- * appropriate.
- */
- private static class Vertex {
- private final List<PcapPacket> sequence;
- private Vertex(List<PcapPacket> wrappedSequence) {
- sequence = wrappedSequence;
- }
- }
-}
+++ /dev/null
-package edu.uci.iotproject.evaluation;
-
-import edu.uci.iotproject.analysis.TriggerTrafficExtractor;
-import edu.uci.iotproject.analysis.UserAction;
-import edu.uci.iotproject.io.PrintWriterUtils;
-import edu.uci.iotproject.io.TriggerTimesFileReader;
-
-import java.io.*;
-import java.time.Instant;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Optional;
-
-/**
- * Utility for comparing detected events to logged (actual) events.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class DetectionResultsAnalyzer {
-
- private static boolean DUPLICATE_OUTPUT_TO_STD_OUT = true;
-
- public static void main(String[] args) throws IOException {
- if (args.length < 3) {
- String errMsg = String.format("Usage: %s triggerTimesFile detectionOutputFile [stdOut]" +
- "\n - triggerTimesFile: the file that contains the timestamps for the user actions" +
- "\n - detectionOutputFile: the file that contains the detected events" +
- "\n - analysisResultsFile: where to write the results of the detection analysis" +
- "\n - stdOut: optional true/false literal indicating if output should also be printed to std out; default is true",
- DetectionResultsAnalyzer.class.getSimpleName());
- return;
- }
- String triggerTimesFile = args[0];
- File detectionOutputFile = new File(args[1]);
- String analysisResultsFile = args[2];
- if (args.length > 3) {
- DUPLICATE_OUTPUT_TO_STD_OUT = Boolean.parseBoolean(args[3]);
- }
-
- // -------------------------------------- Parse the input files --------------------------------------
-
- // Read the trigger times.
- // The trigger times file does not contain event types as we initially assumed that we would just be alternating
- // between ON and OFF.
- List<Instant> triggerTimestamps = new TriggerTimesFileReader().readTriggerTimes(triggerTimesFile, false);
- // Now generate user actions based on this alternating ON/OFF pattern.
- List<UserAction> triggers = new ArrayList<>();
- for (int i = 0; i < triggerTimestamps.size(); i++) {
- // NOTE: assumes triggers alternate between ON and OFF
- UserAction.Type actionType = i % 2 == 0 ? UserAction.Type.TOGGLE_ON : UserAction.Type.TOGGLE_OFF;
- triggers.add(new UserAction(actionType, triggerTimestamps.get(i)));
- }
- // Read the detection output file, assuming a format as specified in UserAction.toString()
- List<UserAction> detectedEvents = new ArrayList<>();
- try (BufferedReader br = new BufferedReader(new FileReader(detectionOutputFile))) {
- String s;
- while ((s = br.readLine()) != null) {
- if (s.startsWith("#")) {
- // Ignore comments.
- continue;
- }
- detectedEvents.add(UserAction.fromString(s));
- }
- }
-
- // ----------------- Now ready to compare the detected events with the logged events -----------------
-
- // To contain all detected events that could be mapped to a trigger
- List<UserAction> truePositives = new ArrayList<>();
- for (UserAction detectedEvent : detectedEvents) {
- Optional<UserAction> matchingTrigger = triggers.stream()
- .filter(t -> t.getType() == detectedEvent.getType() &&
- t.getTimestamp().isBefore(detectedEvent.getTimestamp()) &&
- t.getTimestamp().plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS).
- isAfter(detectedEvent.getTimestamp())
- ).findFirst();
- matchingTrigger.ifPresent(mt -> {
- // We've consumed the trigger (matched it with a detected event), so remove it so we don't match with
- // another detected event.
- triggers.remove(mt);
- // The current detected event was a true positive as we could match it with a trigger.
- truePositives.add(detectedEvent);
- });
- }
- // Now the false positives are those elements in detectedEvents that are not in truePositives
- List<UserAction> falsePositives = new ArrayList<>();
- falsePositives.addAll(detectedEvents);
- falsePositives.removeAll(truePositives);
-
- // Output the results...
- PrintWriter outputter = new PrintWriter(new FileWriter(analysisResultsFile));
- PrintWriterUtils.println("---------- False negatives (events that where not detected) ----------", outputter, DUPLICATE_OUTPUT_TO_STD_OUT);
- for (UserAction missing : triggers) {
- PrintWriterUtils.println(missing, outputter, DUPLICATE_OUTPUT_TO_STD_OUT);
- }
- PrintWriterUtils.println("Total of " + Integer.toString(triggers.size()), outputter, DUPLICATE_OUTPUT_TO_STD_OUT);
- PrintWriterUtils.printEmptyLine(outputter, DUPLICATE_OUTPUT_TO_STD_OUT);
- PrintWriterUtils.println("---------- False positives (detected, but no matching trigger) ----------", outputter, DUPLICATE_OUTPUT_TO_STD_OUT);
- for (UserAction fp : falsePositives) {
- PrintWriterUtils.println(fp, outputter, DUPLICATE_OUTPUT_TO_STD_OUT);
- }
- PrintWriterUtils.println("Total of " + Integer.toString(falsePositives.size()), outputter, DUPLICATE_OUTPUT_TO_STD_OUT);
- outputter.flush();
- outputter.close();
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.evaluation;
-
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.trafficreassembly.layer3.TcpReassembler;
-import edu.uci.iotproject.io.PcapHandleReader;
-import edu.uci.iotproject.util.PrintUtils;
-import org.pcap4j.core.*;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Optional;
-
-/**
- * Hacky utility for producing a sanity signature for negative test sets.
- * <p>
- * More precisely, given information about packet lengths and packet directions known to be present in an input trace,
- * this class locates the first occurrence of a matching sequence in the input trace and outputs it to a file in the
- * signature format (i.e., a {@code List<List<List<PcapPacket>>>}.
- * </p>
- * <p>
- * Note: can only produce simplistic signatures, i.e., a signature that is a <em>single</em> packet sequence that
- * occurs on a single TCP connection.
- * </p>
- *
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class SanitySignatureGenerator {
-
- public static void main(String[] args) throws PcapNativeException, NotOpenException {
- // The pcap file
- final String pcapPath = "/Users/varmarken/temp/UCI IoT Project/experiments/evaluation/negative-datasets/UNB/Monday-WorkingHours_one-local-endpoint.pcap";
- final String sigOutputPath = "/Users/varmarken/temp/UCI IoT Project/experiments/evaluation/negative-datasets/UNB/Monday-WorkingHours_one-local-endpoint_sanity.sig";
- // The sequence of packet lengths known to be present in the trace
- final List<Integer> pktLengths = new ArrayList<>();
- pktLengths.add(340);
- pktLengths.add(295);
- // ...and their corresponding directions
- final List<Conversation.Direction> pktDirections = new ArrayList<>();
- pktDirections.add(Conversation.Direction.CLIENT_TO_SERVER);
- pktDirections.add(Conversation.Direction.SERVER_TO_CLIENT);
- // Is the signature a TLS sequence?
- final boolean tlsSequence = false;
-
-
- PcapHandle handle;
- try {
- handle = Pcaps.openOffline(pcapPath, PcapHandle.TimestampPrecision.NANO);
- } catch (PcapNativeException pne) {
- handle = Pcaps.openOffline(pcapPath);
- }
- SequenceFinder seqFinder = new SequenceFinder(pktLengths, pktDirections, tlsSequence, sigOutputPath);
- final PcapHandleReader reader = new PcapHandleReader(handle, p -> true, seqFinder);
- seqFinder.setPcapHandleReader(reader);
- reader.readFromHandle();
- }
-
-
- private static class SequenceFinder implements PacketListener {
- private final TcpReassembler mTcpReassembler = new TcpReassembler();
- private final List<Integer> mPktLengths;
- private final List<Conversation.Direction> mPktDirections;
- private final boolean mTlsSequence;
- private PcapHandleReader mReader;
- private final String mSignatureOutputPath;
-
- private SequenceFinder(List<Integer> pktLengths,
- List<Conversation.Direction> pktDirections,
- boolean tlsSequence,
- String sigOutputPath) {
- mPktLengths = pktLengths;
- mPktDirections = pktDirections;
- mTlsSequence = tlsSequence;
- mSignatureOutputPath = sigOutputPath;
- }
-
- @Override
- public void gotPacket(PcapPacket packet) {
- // Skip packets not matching expected length
- if (!mPktLengths.contains(packet.getOriginalLength())) {
- return;
- }
- // Otherwise forward to TCP reassembler.
- mTcpReassembler.gotPacket(packet);
- // We are done as soon as we have one conversation that has the expected number of packets with the expected
- // directions.
- Optional<Conversation> match = mTcpReassembler.getTcpConversations().stream().filter(c -> {
- List<PcapPacket> cPkts = mTlsSequence ? c.getTlsApplicationDataPackets() : c.getPackets();
- if (cPkts.size() != mPktLengths.size()) {
- return false;
- }
- for (int i = 0; i < cPkts.size(); i++) {
- if (c.getDirection(cPkts.get(i)) != mPktDirections.get(i) ||
- cPkts.get(i).getOriginalLength() != mPktLengths.get(i)) {
- return false;
- }
- }
- return true;
- }).findFirst();
- if (match.isPresent()) {
- System.out.println("match found");
- // Terminate reader; no need to process the full file as we already have the data to produce the signature.
- mReader.stopReading();
- // Convert sequence to signature format.
- List<List<List<PcapPacket>>> signature = new ArrayList<>();
- List<List<PcapPacket>> cluster = new ArrayList<>();
- List<PcapPacket> sequence = mTlsSequence ? match.get().getTlsApplicationDataPackets() : match.get().getPackets();
- cluster.add(sequence);
- signature.add(cluster);
- // Output the signature to a file.
- PrintUtils.serializeSignatureIntoFile(mSignatureOutputPath, signature);
- }
- }
-
- private void setPcapHandleReader(PcapHandleReader reader) {
- mReader = reader;
- }
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.io;
-
-import org.pcap4j.core.*;
-import org.pcap4j.packet.namednumber.DataLinkType;
-import org.pcap4j.util.NifSelector;
-
-import java.io.IOException;
-import java.util.Objects;
-
-/**
- * Utility methods for setting up a {@link PcapHandleReader} that reads live traffic from a network interface card.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class LiveCapture {
-
- // This main method is just for experimental purposes!
- public static void main(String[] args) throws PcapNativeException, NotOpenException, InterruptedException {
- // ================================================ EXAMPLE USE ================================================
- final String outputPcapFile = System.getProperty("user.home") + "/temp/livecapture42.pcap";
- final PcapDumper outputter = Pcaps.openDead(DataLinkType.EN10MB, 65536).dumpOpen(outputPcapFile);
- // Prompt user to select what interface we should be listening to; dump packets to a file.
- PcapHandleReader reader = fromCliNicSelection(
- p -> {
- try {
- outputter.dump(p);
- } catch (NotOpenException noe) {
- noe.printStackTrace();
- }
- }
- );
-
- // Read on separate thread so that we can get a chance to terminate the reader on this thread.
- Thread readerThread = new Thread(() -> {
- try {
- reader.readFromHandle();
- } catch (PcapNativeException e) {
- e.printStackTrace();
- } catch (NotOpenException e) {
- e.printStackTrace();
- }
- });
- readerThread.start();
-
- // Pause to let reader read some packets before we terminate it.
- Thread.sleep(30_000);
-
- // Shutdown reader.
- reader.stopReading();
- System.out.println("Waiting for " + reader.getClass().getSimpleName() + " to terminate...");
- while (!reader.hasTerminated());
- // remember to flush any buffered output
- outputter.flush();
- System.out.println(reader.getClass().getSimpleName() + " terminated.");
- // =============================================================================================================
- }
-
- /**
- * Prompts the user to pick a Network Interface Card (NIC) for which live traffic is to be captured, then creates a
- * {@link PcapHandleReader} that is ready to start capturing live traffic from that NIC.
- *
- * @param listeners One or more {@link PacketListener}s to which packets read from the NIC will be delivered.
- *
- * @return A {@link PcapHandleReader} that is ready to start capturing live traffic from the selected NIC or
- * {@code null} if no NICs can be found.
- *
- * @throws PcapNativeException if an error occurs in the pcap native library.
- */
- public static PcapHandleReader fromCliNicSelection(PacketListener... listeners) throws PcapNativeException {
- PcapNetworkInterface networkInterface = null;
- try {
- networkInterface = new NifSelector().selectNetworkInterface();
- } catch (IOException ioe) {
- System.err.println("No network interfaces found.");
- ioe.printStackTrace();
- }
- return networkInterface != null ? fromNic(networkInterface, listeners) : null;
- }
-
- /**
- * Creates a {@link PcapHandleReader} that is ready to start capturing live traffic from the provided Network
- * Interface Card (NIC).
- *
- * @param networkInterface The target NIC.
- * @param listeners One or more {@link PacketListener}s to which packets read from the NIC will be delivered.
- *
- * @return A {@link PcapHandleReader} that is ready to start capturing live traffic from the provided NIC.
- *
- * @throws PcapNativeException if an error occurs in the pcap native library.
- */
- public static PcapHandleReader fromNic(PcapNetworkInterface networkInterface, PacketListener... listeners)
- throws PcapNativeException {
- Objects.requireNonNull(networkInterface);
- int snapshotLength = 65536; // in bytes
- int readTimeout = 10000; // 0 is infinite on all systems but Solaris
- PcapHandle handle = networkInterface.openLive(snapshotLength, PcapNetworkInterface.PromiscuousMode.PROMISCUOUS, readTimeout);
- // Supply a filter that accepts all packets (p -> true) as we want to examine all traffic.
- return new PcapHandleReader(handle, p -> true, listeners);
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.io;
-
-import edu.uci.iotproject.analysis.PcapPacketFilter;
-import org.pcap4j.core.*;
-
-import java.io.EOFException;
-import java.util.concurrent.TimeoutException;
-
-/**
- * Reads packets from a {@link PcapHandle} (online or offline) and delivers those packets that pass the test exercised
- * by the provided {@link PcapPacketFilter} onto the provided {@link PacketListener}s.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class PcapHandleReader {
-
- private final PcapPacketFilter mPacketFilter;
- private final PcapHandle mHandle;
- private final PacketListener[] mPacketListeners;
- private volatile boolean mTerminated = false;
-
- /**
- * Create a {@code PcapHandleReader}.
- * @param handle An <em>open</em> {@link PcapHandle} that packets will be read from.
- * @param packetFilter A {@link PcapPacketFilter} that dictates which of the packets read from {@code handle} should
- * be delivered to {@code packetListeners}. Note that while a value of {@code null} is not
- * permitted here, the caller can instead simply provide an implementation that always returns
- * {@code true} if they want to include all packets read from {@code handle}.
- * @param packetListeners One or more {@link PacketListener}s to which those packets read from {@code handle} that
- * pass through {@code packetFilter} are delivered.
- */
- public PcapHandleReader(PcapHandle handle, PcapPacketFilter packetFilter, PacketListener... packetListeners) {
- mHandle = handle;
- mPacketFilter = packetFilter;
- mPacketListeners = packetListeners;
- }
-
-
- /**
- * Start reading (and filtering) packets from the provided {@link PcapHandle}.
- * @throws PcapNativeException if an error occurs in the pcap native library.
- * @throws NotOpenException if the provided {@code PcapHandle} is not open.
- */
- public void readFromHandle() throws PcapNativeException, NotOpenException {
- int outOfOrderPackets = 0;
- try {
- PcapPacket prevPacket = null;
- PcapPacket packet = null;
-
- while (!mTerminated) {
- try {
- packet = mHandle.getNextPacketEx();
- } catch (TimeoutException te) {
- System.err.println("timeout occurred while reading from network interface");
- // No need to check termination flag here. Can defer it to the loop condition as it is the next
- // instruction anyway.
- continue;
- }
-
- if (packet == null) {
- System.err.println("null-packet read from handle");
- continue;
- }
-
- if (prevPacket != null && packet.getTimestamp().isBefore(prevPacket.getTimestamp())) {
- outOfOrderPackets++;
- /*
- // Fail early if assumption doesn't hold.
- mHandle.close();
- throw new AssertionError("Packets not in ascending temporal order");
- */
- }
- if (mPacketFilter.shouldIncludePacket(packet)) {
- // Packet accepted for inclusion; deliver it to observing client code.
- for (PacketListener consumer : mPacketListeners) {
- consumer.gotPacket(packet);
- }
- }
- prevPacket = packet;
- }
- } catch (EOFException eof) {
- // Reached end of file. All good.
- System.out.println(String.format("%s: finished reading pcap file", getClass().getSimpleName()));
- }
- if (outOfOrderPackets > 0) {
- System.err.println(
- String.format("[[[ %s: %d packets appeared out of order (with regards to their timestamps) ]]]",
- getClass().getSimpleName(), outOfOrderPackets));
- }
- mHandle.close();
- }
-
- /**
- * Stop reading from the wrapped {@link PcapHandle}. Note that this call only <em>initiates</em> the shutdown by
- * setting a termination flag. Shutdown will be deferred until the time at which this flag can be checked by
- * {@link #readFromHandle()}. For example, if {@link #readFromHandle()} is currently in the middle of a blocking
- * call to {@link PcapHandle#getNextPacketEx()}, shutdown will not occur until the next packet is returned from the
- * wrapped {@link PcapHandle} or its read timeout expires. Use {@link #hasTerminated()} to check if the shutdown
- * has completed.
- */
- public void stopReading() {
- mTerminated = true;
- }
-
- /**
- * Checks if this {@link PcapHandleReader} has gracefully terminated, i.e., that the wrapped {@link PcapHandle} has
- * been closed.
- *
- * @return {@code true} if this {@link PcapHandleReader} has terminated, {@code false} otherwise.
- */
- public boolean hasTerminated() {
- return mTerminated && !mHandle.isOpen();
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.io;
-
-import java.io.PrintWriter;
-
-/**
- * Utility methods for (jointly) printing to a {@link PrintWriter} (and standard output).
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public final class PrintWriterUtils {
-
- private PrintWriterUtils() {
- // Disallow instantiation. Static-only class.
- }
-
- /**
- * Invoke {@link PrintWriter#println(Object)} passing {@code line} as argument while also printing {@code line} to
- * standard output if {@code duplicateToStdOut} is {@code true}.
- * @param line The line to be printed.
- * @param writer The {@link PrintWriter} that is to print {@code line}.
- * @param duplicateToStdOut Set to {@code true} if {@code line} should also be printed in standard output.
- */
- public static void println(Object line, PrintWriter writer, boolean duplicateToStdOut) {
- if (duplicateToStdOut) {
- System.out.println(line);
- }
- writer.println(line);
- }
-
- /**
- * Make writer (and standard output, if {@code duplicateToStdOut} is {@code true}) print an empty line.
- * @param writer The writer that {@link PrintWriter#println()} is to be invoked on.
- * @param duplicateToStdOut If {@code true}, prints an empty line to standard output.
- */
- public static void printEmptyLine(PrintWriter writer, boolean duplicateToStdOut) {
- if (duplicateToStdOut) {
- System.out.println();
- }
- writer.println();
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.io;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
-import java.time.Instant;
-import java.time.LocalDateTime;
-import java.time.ZoneId;
-import java.time.ZonedDateTime;
-import java.time.format.DateTimeFormatter;
-import java.util.*;
-
-/**
- * Parses a file to obtain the timestamps at which the smart plug was toggled on/off.
- *
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- */
-public class TriggerTimesFileReader {
-
- public static final ZoneId ZONE_ID_LOS_ANGELES = ZoneId.of("America/Los_Angeles");
- public static final ZoneId ZONE_ID_BUDAPEST = ZoneId.of("Europe/Budapest");
-
- /**
- * Reads a file with trigger timestamps and parses the timestamps into {@link Instant}s using the rules specified
- * by {@link #parseTriggerTimestamp(String, boolean)}.
- * @param fileName The absolute path to the file with trigger timestamps.
- * @param _24hFormat {@code true} if the timestamps in the file are in 24 hour format, {@code false} if they are in
- * AM/PM format.
- * @return A containing the trigger timestamps represented as {@code Instant}s.
- */
- public List<Instant> readTriggerTimes(String fileName, boolean _24hFormat) {
- List<Instant> listTriggerTimes = new ArrayList<>();
- File file = new File(fileName);
- try (BufferedReader br = new BufferedReader(new FileReader(file))) {
- String s;
- while ((s = br.readLine()) != null) {
- listTriggerTimes.add(parseTriggerTimestamp(s, _24hFormat));
- }
- } catch (IOException e) {
- e.printStackTrace();
- }
- System.out.println("List has: " + listTriggerTimes.size());
- return listTriggerTimes;
- }
-
- /**
- * Parses a timestamp string to an {@link Instant} (UTC). Assumes timestamps are LA time.
- * Format is expected to be either "MM/dd/uuuu HH:mm:ss" or "MM/dd/uuuu h:mm:ss a".
- *
- * @param timestampStr The string containing a date-time timestamp for LA's timezone.
- * @param _24hFormat {@code true} if the time in {@code timestampStr} is given in 24 hour format, {@code false} if
- * it is given in AM/PM format.
- * @return An {@code Instant} representation of the parsed timestamp. Note that the {@code Instant} marks a point on
- * the timeline in UTC. Use {@link Instant#atZone(ZoneId)} to convert to the corresponding time in a given
- * timezone.
- */
- public Instant parseTriggerTimestamp(String timestampStr, boolean _24hFormat) {
- // Note: only one 'h' when not prefixed with leading 0 for 1-9; and only one 'a' for AM/PM marker in Java 8 time
- String format = _24hFormat ? "MM/dd/uuuu HH:mm:ss" : "MM/dd/uuuu h:mm:ss a";
- LocalDateTime localDateTime = LocalDateTime.parse(timestampStr, DateTimeFormatter.ofPattern(format, Locale.US));
- ZonedDateTime laZonedDateTime = localDateTime.atZone(ZONE_ID_LOS_ANGELES);
- return laZonedDateTime.toInstant();
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.maclayer;
-
-import java.util.Collections;
-import java.util.List;
-
-/**
- * TODO create base class for FlowPattern and derive MacLayer, TCP/IP layer versions from that.
- *
- * @author Janus Varmarken
- */
-public class MacLayerFlowPattern {
-
- private final List<Integer> mPacketLengthSequence;
- private final String mMacPrefix;
- private final String mPatternId;
- private final byte[] mMacPreixBytes;
-
- public MacLayerFlowPattern(String patternId, String macPrefix, List<Integer> packetLengthSequence) {
- mMacPrefix = macPrefix;
- mPatternId = patternId;
- mPacketLengthSequence = packetLengthSequence;
- // Conversion provided by https://stackoverflow.com/a/10839361/1214974
- String[] addressParts = macPrefix.split(":");
- mMacPreixBytes = new byte[addressParts.length];
- for(int i = 0; i < mMacPreixBytes.length; i++) {
- Integer hex = Integer.parseInt(addressParts[i], 16);
- mMacPreixBytes[i] = hex.byteValue();
- }
- }
-
- public String getPatternId() {
- return mPatternId;
- }
-
- public byte[] getMacPrefixRawBytes() {
- return mMacPreixBytes;
- }
-
- public List<Integer> getPacketLengthSequence() {
- return Collections.unmodifiableList(mPacketLengthSequence);
- }
-
- public int getLength() {
- return mPacketLengthSequence.size();
- }
-}
+++ /dev/null
-package edu.uci.iotproject.maclayer;
-
-import edu.uci.iotproject.FlowPattern;
-import org.pcap4j.core.NotOpenException;
-import org.pcap4j.core.PcapHandle;
-import org.pcap4j.core.PcapNativeException;
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.RadiotapPacket;
-
-import java.io.EOFException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Objects;
-import java.util.concurrent.TimeoutException;
-
-/**
- * Performs a search for {@link FlowPattern}
- * TODO: May want to create an abstract FlowPatternFinder and then derive MacLayer, TcpipLayer FlowPatternFinders from that one.
- *
- * @author Janus Varmarken
- */
-public class MacLayerFlowPatternFinder {
-
- private final MacLayerFlowPattern mPattern;
- private final PcapHandle mPcap;
-
- public MacLayerFlowPatternFinder(PcapHandle pcap, MacLayerFlowPattern pattern) {
- this.mPcap = Objects.requireNonNull(pcap,
- String.format("Argument of type '%s' cannot be null", PcapHandle.class.getSimpleName()));
- this.mPattern = Objects.requireNonNull(pattern,
- String.format("Argument of type '%s' cannot be null", FlowPattern.class.getSimpleName()));
- }
-
- public void findFlowPattern() {
- PcapPacket packet;
- try {
- // Packets matched to flow pattern searched for.
- List<PcapPacket> patternPackets = new ArrayList<>();
- while ((packet = mPcap.getNextPacketEx()) != null) {
- RadiotapPacket radiotapPacket;
- try {
- // Some packets throw an IAE with message "msi must be between 0 and 6 but is actually: 7"
- // when accessing the RadiotapPacket.
- radiotapPacket = packet.get(RadiotapPacket.class);
- } catch (IllegalArgumentException iae) {
- System.out.println(iae.getMessage());
- continue;
- }
- if (radiotapPacket == null) {
- continue;
- }
- // Restart search if pattern not found within reasonable time frame (hardcoded for now).
- if (patternPackets.size() > 0 && packet.getTimestamp().getEpochSecond() -
- patternPackets.get(patternPackets.size()-1).getTimestamp().getEpochSecond() > 2) {
- patternPackets = new ArrayList<>();
- }
-
- byte[] rawData = radiotapPacket.getPayload().getRawData();
- // Search rawData for MAC of FlowPattern in sender/receiver section
- // [TODO needs verification that this section is actually the sender/receiver section]
- if (rawData.length < 16) {
- continue;
- }
- int prefixLength = mPattern.getMacPrefixRawBytes().length;
- byte[] mac1 = Arrays.copyOfRange(rawData, 4, prefixLength < 6 ? 4 + prefixLength : 10);
- byte[] mac2 = Arrays.copyOfRange(rawData, 10, prefixLength < 6 ? 10 + prefixLength : 16);
- if (!Arrays.equals(mac1, mPattern.getMacPrefixRawBytes()) && !Arrays.equals(mac2, mPattern.getMacPrefixRawBytes())) {
- // MAC prefix not present in raw data.
- continue;
- }
- // Packet related to device associated with the pattern we are looking for.
- int expectedLength = mPattern.getPacketLengthSequence().get(patternPackets.size());
- if (packet.length() == expectedLength) {
- patternPackets.add(packet);
- if (patternPackets.size() == mPattern.getLength()) {
- // Full pattern found, declare success if packets are within some reasonable amount of time of
- // one another.
- // For now, we use a hardcoded value.
- if (patternPackets.get(patternPackets.size()-1).getTimestamp().getEpochSecond() -
- patternPackets.get(0).getTimestamp().getEpochSecond() < 5) {
- System.out.println(String.format("[ find ] Detected a COMPLETE MATCH of pattern '%s' at %s!",
- mPattern.getPatternId(), patternPackets.get(0).getTimestamp().toString()));
- }
- // Reset search by resetting list.
- patternPackets = new ArrayList<>();
- }
- } else {
- // Discard packet, not relevant to pattern.
- continue;
- }
- }
- } catch (EOFException e) {
- // TODO wait for, and print, results.
- } catch (PcapNativeException|TimeoutException|NotOpenException e) {
- e.printStackTrace();
- }
- }
-
-}
-
-
+++ /dev/null
-package edu.uci.iotproject.trafficreassembly.layer2;
-
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.EthernetPacket;
-import org.pcap4j.util.MacAddress;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-/**
- * Models a layer 2 flow: groups packets exchanged between two specific endpoints (MAC addresses).
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class Layer2Flow {
-
- /**
- * The first endpoint of this layer 2 flow.
- */
- private final MacAddress mEndpoint1;
-
- /**
- * The second endpoint of this layer 2 flow.
- */
- private final MacAddress mEndpoint2;
-
- /**
- * Clients observing for changes to this layer 2 flow.
- */
- private final List<Layer2FlowObserver> mFlowObservers = new ArrayList<>();
-
- public Layer2Flow(MacAddress endpoint1, MacAddress endpoint2) {
- mEndpoint1 = endpoint1;
- mEndpoint2 = endpoint2;
- }
-
- /**
- * Get the first endpoint of this flow.
- * @return the first endpoint of this flow.
- */
- public MacAddress getEndpoint1() {
- return mEndpoint1;
- }
-
- /**
- * Get the second endpoint of this flow.
- * @return the second endpoint of this flow.
- */
- public MacAddress getEndpoint2() {
- return mEndpoint2;
- }
-
- /**
- * Register as an observer of this flow.
- * @param observer The client that is to be notified whenever this flow changes (has new packets added).
- */
- public void addFlowObserver(Layer2FlowObserver observer) {
- mFlowObservers.add(observer);
- }
-
- /**
- * Deregister as an observer of this flow.
- * @param observer The client that no longer wishes to be notified whenever this flow changes.
- */
- public void removeFlowObserver(Layer2FlowObserver observer) {
- mFlowObservers.remove(observer);
- }
-
- /**
- * The packets in the flow.
- */
- private final List<PcapPacket> mPackets = new ArrayList<>();
-
- /**
- * Add a packet to this flow.
- * @param packet The packet that is to be added to the flow.
- */
- public void addPacket(PcapPacket packet) {
- verifyAddresses(packet);
- mPackets.add(packet);
- // Notify flow observers of the new packet
- mFlowObservers.forEach(o -> o.onNewPacket(this, packet));
- }
-
- /**
- * Get the packets pertaining to this flow.
- * @return The packets pertaining to this flow.
- */
- public List<PcapPacket> getPackets() {
- return Collections.unmodifiableList(mPackets);
- }
-
- /**
- * Verify that a packet pertains to this flow.
- * @param packet The packet that is to be verified.
- */
- private void verifyAddresses(PcapPacket packet) {
- EthernetPacket ethPkt = packet.get(EthernetPacket.class);
- MacAddress srcAddr = ethPkt.getHeader().getSrcAddr();
- MacAddress dstAddr = ethPkt.getHeader().getDstAddr();
- if ((mEndpoint1.equals(srcAddr) && mEndpoint2.equals(dstAddr)) ||
- (mEndpoint1.equals(dstAddr) && mEndpoint2.equals(srcAddr))) {
- // All is good.
- return;
- }
- throw new IllegalArgumentException("Mismatch in MACs: packet does not pertain to this flow");
- }
-
- @Override
- public String toString() {
- return getClass().getSimpleName() + String.format(" with mEndpoint1=%s and mEndpoint2=%s", mEndpoint1, mEndpoint2);
- }
-}
+++ /dev/null
-package edu.uci.iotproject.trafficreassembly.layer2;
-
-import org.pcap4j.core.PcapPacket;
-
-/**
- * Interface for observing a {@link Layer2Flow}.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public interface Layer2FlowObserver {
-
- /**
- * Invoked when a new packet is added to the observed flow.
- * @param flow The observed flow.
- * @param newPacket The packet that was added to the flow.
- */
- void onNewPacket(Layer2Flow flow, PcapPacket newPacket);
-
-}
+++ /dev/null
-package edu.uci.iotproject.trafficreassembly.layer2;
-
-import edu.uci.iotproject.trafficreassembly.layer2.Layer2Flow;
-import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassemblerObserver;
-import org.pcap4j.core.PacketListener;
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.EthernetPacket;
-import org.pcap4j.util.MacAddress;
-
-import java.util.*;
-
-/**
- * Reassembles traffic flows at layer 2, i.e., for each combination of hosts, creates a list of packets exchanged
- * between said hosts.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class Layer2FlowReassembler implements PacketListener {
-
- /**
- * Maps a pair of MAC addresses to the packets exchanged between the two hosts.
- * The key is the concatenation of the two MAC addresses in hex string format, where the lexicographically smaller
- * MAC is at the front of the string.
- */
- private final Map<String, Layer2Flow> mFlows = new HashMap<>();
-
- private final List<Layer2FlowReassemblerObserver> mObservers = new ArrayList<>();
-
- @Override
- public void gotPacket(PcapPacket packet) {
- // TODO: update to 802.11 packet...?
- EthernetPacket ethPkt = packet.get(EthernetPacket.class);
-
- MacAddress srcAddr = ethPkt.getHeader().getSrcAddr();
- MacAddress dstAddr = ethPkt.getHeader().getDstAddr();
-
- String key = keyFromAddresses(srcAddr, dstAddr);
- // Create a new list if this pair of MAC addresses where not previously encountered and add packet to that list,
- // or simply add to an existing list if one is present.
- mFlows.computeIfAbsent(key, k -> {
- Layer2Flow newFlow = new Layer2Flow(srcAddr, dstAddr);
- // Inform observers of the new flow
- mObservers.forEach(o -> o.onNewFlow(this, newFlow));
- return newFlow;
- }).addPacket(packet);
- }
-
- public void addObserver(Layer2FlowReassemblerObserver observer) {
- mObservers.add(observer);
- }
-
- public void removeObserver(Layer2FlowReassemblerObserver observer) {
- mObservers.remove(observer);
- }
-
- /**
- * Get the traffic flow between two local endpoints ({@link MacAddress}es).
- * @param addr1 The first endpoint.
- * @param addr2 The second endpoint
- * @return The traffic exchanged between the two endpoints.
- */
- public Layer2Flow getFlowForAddresses(MacAddress addr1, MacAddress addr2) {
- return mFlows.get(keyFromAddresses(addr1, addr2));
- }
-
- /**
- * Get all traffic flows, i.e., a traffic flow for each unique pair of endpoints (MAC addresses).
- * @return All traffic flows.
- */
- public Collection<Layer2Flow> getFlows() {
- return mFlows.values();
- }
-
- /**
- * Given two {@link MacAddress}es, generates the corresponding key string used in {@link #mFlows}.
- * @param addr1 The first address.
- * @param addr2 The second address.
- * @return the key string used in {@link #mFlows} corresponding to the two addresses.
- */
- private String keyFromAddresses(MacAddress addr1, MacAddress addr2) {
- String addr1Str = addr1.toString();
- String addr2Str = addr2.toString();
- return addr1Str.compareTo(addr2Str) < 0 ? addr1Str + addr2Str : addr2Str + addr1Str;
- }
-}
+++ /dev/null
-package edu.uci.iotproject.trafficreassembly.layer2;
-
-/**
- * For observing a {@link Layer2FlowReassembler}.
- *
- * @author Janus Varmarken
- */
-public interface Layer2FlowReassemblerObserver {
-
- /**
- * Invoked when when a {@link Layer2FlowReassembler} detects a new flow (i.e., when it encounters traffic between two
- * MAC addresses that has not previously communicated in the traffic trace).
- *
- * @param reassembler The {@link Layer2FlowReassembler} that detected the new flow.
- * @param newFlow The new flow.
- */
- void onNewFlow(Layer2FlowReassembler reassembler, Layer2Flow newFlow);
-
-}
+++ /dev/null
-package edu.uci.iotproject.trafficreassembly.layer3;
-
-import edu.uci.iotproject.analysis.TcpConversationUtils;
-import edu.uci.iotproject.util.PcapPacketUtils;
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.IpV4Packet;
-import org.pcap4j.packet.Packet;
-import org.pcap4j.packet.TcpPacket;
-
-import java.util.*;
-
-/**
- * Models a (TCP) conversation/connection/session/flow (packet's belonging to the same session between a client and a
- * server).
- * Holds a list of {@link PcapPacket}s identified as pertaining to the flow. Note that this list is <em>not</em>
- * considered when determining equality of two {@code Conversation} instances in order to allow for a
- * {@code Conversation} to function as a key in data structures such as {@link java.util.Map} and {@link java.util.Set}.
- * See {@link #equals(Object)} for the definition of equality.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class Conversation {
-
- /* Begin instance properties */
- /**
- * The IP of the host that is considered the client (i.e. the host that initiates the conversation)
- * in this conversation.
- */
- private final String mClientIp;
-
- /**
- * The port number used by the host that is considered the client in this conversation.
- */
- private final int mClientPort;
-
- /**
- * The IP of the host that is considered the server (i.e. is the responder) in this conversation.
- */
- private final String mServerIp;
-
- /**
- * The port number used by the server in this conversation.
- */
- private final int mServerPort;
-
- /**
- * The list of packets (with payload) pertaining to this conversation.
- */
- private final List<PcapPacket> mPackets;
-
- /**
- * If {@link #isTls()} is {@code true}, this list contains the subset of {@link #mPackets} which are TLS Application
- * Data packets.
- */
- private final List<PcapPacket> mTlsApplicationDataPackets;
-
- /**
- * Contains the sequence numbers used thus far by the host that is considered the <em>client</em> in this
- * {@code Conversation}.
- * Used for filtering out retransmissions.
- */
- private final Set<Integer> mSeqNumbersClient;
-
- /**
- * Contains the sequence numbers used thus far by the host that is considered the <em>server</em> in this
- * {@code Conversation}.
- * Used for filtering out retransmissions.
- */
- private final Set<Integer> mSeqNumbersSrv;
-
- /**
- * List of SYN packets pertaining to this conversation.
- */
- private final List<PcapPacket> mSynPackets;
-
- /**
- * List of pairs FINs and their corresponding ACKs associated with this conversation.
- */
- private final List<FinAckPair> mFinPackets;
-
- /**
- * List of RST packets associated with this conversation.
- */
- private final List<PcapPacket> mRstPackets;
-
- /**
- * Boolean to mark the packet as Application Data based on the previous packet that reaches MTU
- */
- private boolean mApplicationData;
- /* End instance properties */
-
- /**
- * Factory method for creating a {@code Conversation} from a {@link PcapPacket}.
- * @param pcapPacket The {@code PcapPacket} that wraps a TCP segment for which a {@code Conversation} is to be initiated.
- * @param clientIsSrc If {@code true}, the source address and source port found in the IP datagram and TCP segment
- * wrapped in the {@code PcapPacket} are regarded as pertaining to the client, and the destination
- * address and destination port are regarded as pertaining to the server---and vice versa if set
- * to {@code false}.
- * @return A {@code Conversation} initiated with ip:port for client and server according to the direction of the packet.
- */
- public static Conversation fromPcapPacket(PcapPacket pcapPacket, boolean clientIsSrc) {
- IpV4Packet ipPacket = pcapPacket.get(IpV4Packet.class);
- TcpPacket tcpPacket = pcapPacket.get(TcpPacket.class);
- String clientIp = clientIsSrc ? ipPacket.getHeader().getSrcAddr().getHostAddress() :
- ipPacket.getHeader().getDstAddr().getHostAddress();
- String srvIp = clientIsSrc ? ipPacket.getHeader().getDstAddr().getHostAddress() :
- ipPacket.getHeader().getSrcAddr().getHostAddress();
- int clientPort = clientIsSrc ? tcpPacket.getHeader().getSrcPort().valueAsInt() :
- tcpPacket.getHeader().getDstPort().valueAsInt();
- int srvPort = clientIsSrc ? tcpPacket.getHeader().getDstPort().valueAsInt() :
- tcpPacket.getHeader().getSrcPort().valueAsInt();
- return new Conversation(clientIp, clientPort, srvIp, srvPort);
- }
-
- /**
- * Constructs a new {@code Conversation}.
- * @param clientIp The IP of the host that is considered the client (i.e. the host that initiates the conversation)
- * in the conversation.
- * @param clientPort The port number used by the client for the conversation.
- * @param serverIp The IP of the host that is considered the server (i.e. is the responder) in the conversation.
- * @param serverPort The port number used by the server for the conversation.
- */
- public Conversation(String clientIp, int clientPort, String serverIp, int serverPort) {
- this.mClientIp = clientIp;
- this.mClientPort = clientPort;
- this.mServerIp = serverIp;
- this.mServerPort = serverPort;
- this.mPackets = new ArrayList<>();
- this.mTlsApplicationDataPackets = new ArrayList<>();
- this.mSeqNumbersClient = new HashSet<>();
- this.mSeqNumbersSrv = new HashSet<>();
- this.mSynPackets = new ArrayList<>();
- this.mFinPackets = new ArrayList<>();
- this.mRstPackets = new ArrayList<>();
- this.mApplicationData = false;
- }
-
- /**
- * Add a packet to the list of packets associated with this conversation.
- * @param packet The packet that is to be added to (associated with) this conversation.
- * @param ignoreRetransmissions Boolean value indicating if retransmissions should be ignored.
- * If set to {@code true}, {@code packet} will <em>not</em> be added to the
- * internal list of packets pertaining to this {@code Conversation}
- * <em>iff</em> the sequence number of {@code packet} was already
- * seen in a previous packet.
- */
- public void addPacket(PcapPacket packet, boolean ignoreRetransmissions) {
- // Precondition: verify that packet does indeed pertain to conversation.
- onAddPrecondition(packet);
- if (ignoreRetransmissions && isRetransmission(packet)) {
- // Packet is a retransmission. Ignore it.
- return;
- }
- // Select direction-dependent set of sequence numbers seen so far and update it with sequence number of new packet.
- addSeqNumber(packet);
- // Finally add packet to list of packets pertaining to this conversation.
- mPackets.add(packet);
- // Preserve order of packets in list: sort according to timestamp.
- if (mPackets.size() > 1 &&
- mPackets.get(mPackets.size()-1).getTimestamp().isBefore(mPackets.get(mPackets.size()-2).getTimestamp())) {
- Collections.sort(mPackets, (o1, o2) -> {
- if (o1.getTimestamp().isBefore(o2.getTimestamp())) { return -1; }
- else if (o2.getTimestamp().isBefore(o1.getTimestamp())) { return 1; }
- else { return 0; }
- });
- }
- // If TLS, inspect packet to see if it's a TLS Application Data packet, and if so add it to the list of TLS
- // Application Data packets.
- if (isTls()) {
- TcpPacket tcpPacket = packet.get(TcpPacket.class);
- Packet tcpPayload = tcpPacket.getPayload();
- if (tcpPayload == null) {
- return;
- }
- byte[] rawPayload = tcpPayload.getRawData();
- // The SSL record header is at the front of the payload and is 5 bytes long.
- // The SSL record header type field (the first byte) is set to 23 if it is an Application Data packet.
- if (rawPayload != null && rawPayload.length >= 5) {
- if (rawPayload[0] == 23) {
- mTlsApplicationDataPackets.add(packet);
- // Consider the following packet a data packet if this packet's size == MTU size 1448
- if (rawPayload.length >= 1448)
- mApplicationData = true;
- } else if (rawPayload[0] == 20) {
- // Do nothing for now - CHANGE_CIPHER_SPEC
- } else if (rawPayload[0] == 21) {
- // Do nothing for now - ALERT
- } else if (rawPayload[0] == 22) {
- // Do nothing for now - HANDSHAKE
- } else {
- // If it is TLS with payload, but rawPayload[0] != 23
- if (mApplicationData == true) {
- // It is a continuation of the previous packet if the previous packet reaches MTU size 1448 and
- // it is not either type 20, 21, or 22
- mTlsApplicationDataPackets.add(packet);
- if (rawPayload.length < 1448)
- mApplicationData = false;
- }
- }
- }
- }
- }
-
- /**
- * Get a list of packets pertaining to this {@code Conversation}.
- * The returned list is a read-only list.
- * @return the list of packets pertaining to this {@code Conversation}.
- */
- public List<PcapPacket> getPackets() {
- // Return read-only view to prevent external code from manipulating internal state (preserve invariant).
- return Collections.unmodifiableList(mPackets);
- }
-
- /**
- * Records a TCP SYN packet as pertaining to this conversation (adds it to the the internal list).
- * Attempts to add duplicate SYN packets will be ignored, and the caller is made aware of the attempt to add a
- * duplicate by the return value being {@code false}.
- *
- * @param synPacket A {@link PcapPacket} wrapping a TCP SYN packet.
- * @return {@code true} if the packet was successfully added to this {@code Conversation}, {@code false} otherwise.
- */
- public boolean addSynPacket(PcapPacket synPacket) {
- onAddPrecondition(synPacket);
- final IpV4Packet synPacketIpSection = synPacket.get(IpV4Packet.class);
- final TcpPacket synPacketTcpSection = synPacket.get(TcpPacket.class);
- if (synPacketTcpSection == null || !synPacketTcpSection.getHeader().getSyn()) {
- throw new IllegalArgumentException("Not a SYN packet.");
- }
- // We are only interested in recording one copy of the two SYN packets (one SYN packet in each direction), i.e.,
- // we want to discard retransmitted SYN packets.
- if (mSynPackets.size() >= 2) {
- return false;
- }
- // Check the set of recorded SYN packets to see if we have already recorded a SYN packet going in the same
- // direction as the packet given in the argument.
- boolean matchingPrevSyn = mSynPackets.stream().anyMatch(p -> {
- IpV4Packet pIp = p.get(IpV4Packet.class);
- TcpPacket pTcp = p.get(TcpPacket.class);
- boolean srcAddrMatch = synPacketIpSection.getHeader().getSrcAddr().getHostAddress().
- equals(pIp.getHeader().getSrcAddr().getHostAddress());
- boolean dstAddrMatch = synPacketIpSection.getHeader().getDstAddr().getHostAddress().
- equals(pIp.getHeader().getDstAddr().getHostAddress());
- boolean srcPortMatch = synPacketTcpSection.getHeader().getSrcPort().valueAsInt() ==
- pTcp.getHeader().getSrcPort().valueAsInt();
- boolean dstPortMatch = synPacketTcpSection.getHeader().getDstPort().valueAsInt() ==
- pTcp.getHeader().getDstPort().valueAsInt();
- return srcAddrMatch && dstAddrMatch && srcPortMatch && dstPortMatch;
- });
- if (matchingPrevSyn) {
- return false;
- }
- // Update direction-dependent set of sequence numbers and record/log packet.
- addSeqNumber(synPacket);
- return mSynPackets.add(synPacket);
-
- /*
- mSynPackets.stream().anyMatch(p -> {
- IpV4Packet pIp = p.get(IpV4Packet.class);
- TcpPacket pTcp = p.get(TcpPacket.class);
- boolean srcAddrMatch = synPacketIpSection.getHeader().getSrcAddr().getHostAddress().
- equals(pIp.getHeader().getSrcAddr().getHostAddress());
- boolean dstAddrMatch = synPacketIpSection.getHeader().getDstAddr().getHostAddress().
- equals(pIp.getHeader().getDstAddr().getHostAddress());
- boolean srcPortMatch = synPacketTcpSection.getHeader().getSrcPort().valueAsInt() ==
- pTcp.getHeader().getSrcPort().valueAsInt();
- boolean dstPortMatch = synPacketTcpSection.getHeader().getDstPort().value() ==
- pTcp.getHeader().getDstPort().value();
-
- boolean fourTupleMatch = srcAddrMatch && dstAddrMatch && srcPortMatch && dstPortMatch;
-
- boolean seqNoMatch = synPacketTcpSection.getHeader().getSequenceNumber() ==
- pTcp.getHeader().getSequenceNumber();
-
- if (fourTupleMatch && !seqNoMatch) {
- // If the four tuple that identifies the conversation matches, but the sequence number is different,
- // it means that this SYN packet is, in fact, an attempt to establish a **new** connection, and hence
- // the given packet is NOT part of this conversation, even though the ip:port combinations are (by
- // chance) selected such that they match this conversation.
- throw new IllegalArgumentException("Attempt to add SYN packet that belongs to a different conversation " +
- "(which is identified by the same four tuple as this conversation)");
- }
- return fourTupleMatch && seqNoMatch;
- });
- */
- }
-
- /**
- * Get a list of SYN packets pertaining to this {@code Conversation}.
- * The returned list is a read-only list.
- * @return the list of SYN packets pertaining to this {@code Conversation}.
- */
- public List<PcapPacket> getSynPackets() {
- return Collections.unmodifiableList(mSynPackets);
- }
-
- /**
- * Adds a TCP FIN packet to the list of TCP FIN packets associated with this conversation.
- * @param finPacket The TCP FIN packet that is to be added to (associated with) this conversation.
- */
- public void addFinPacket(PcapPacket finPacket) {
- // Precondition: verify that packet does indeed pertain to conversation.
- onAddPrecondition(finPacket);
- // TODO: should call addSeqNumber here?
- addSeqNumber(finPacket);
- mFinPackets.add(new FinAckPair(finPacket));
- }
-
- /**
- * Attempt to ACK any FIN packets held by this conversation.
- * @param ackPacket The ACK for a FIN previously added to this conversation.
- */
- public void attemptAcknowledgementOfFin(PcapPacket ackPacket) {
- // Precondition: verify that the packet pertains to this conversation.
- onAddPrecondition(ackPacket);
- // Mark unack'ed FIN(s) that this ACK matches as ACK'ed (there might be more than one in case of retransmissions..?)
- mFinPackets.replaceAll(finAckPair -> !finAckPair.isAcknowledged() && finAckPair.isCorrespondingAckPacket(ackPacket) ? new FinAckPair(finAckPair.getFinPacket(), ackPacket) : finAckPair);
- }
-
- /**
- * Retrieves an unmodifiable view of the list of {@link FinAckPair}s associated with this {@code Conversation}.
- * @return an unmodifiable view of the list of {@link FinAckPair}s associated with this {@code Conversation}.
- */
- public List<FinAckPair> getFinAckPairs() {
- return Collections.unmodifiableList(mFinPackets);
- }
-
- /**
- * Get if this {@code Conversation} is considered to have been gracefully shut down.
- * A {@code Conversation} has been gracefully shut down if it contains a FIN+ACK pair for both directions
- * (client to server, and server to client).
- * @return {@code true} if the connection has been gracefully shut down, false otherwise.
- */
- public boolean isGracefullyShutdown() {
- // The conversation has been gracefully shut down if we have recorded a FIN from both the client and the server which have both been ack'ed.
- return mFinPackets.stream().anyMatch(finAckPair -> finAckPair.isAcknowledged() && PcapPacketUtils.isSource(finAckPair.getFinPacket(), mClientIp, mClientPort)) &&
- mFinPackets.stream().anyMatch(finAckPair -> finAckPair.isAcknowledged() && PcapPacketUtils.isSource(finAckPair.getFinPacket(), mServerIp, mServerPort));
- }
-
- /**
- * Add a TCP segment for which the RST flag is set to this {@code Conversation}.
- * @param packet A {@link PcapPacket} wrapping a TCP segment pertaining to this {@code Conversation} for which the
- * RST flag is set.
- */
- public void addRstPacket(PcapPacket packet) {
- /*
- * TODO:
- * When now also keeping track of RST packets, should we also...?
- * 1) Prevent later packets from being added once a RST segment has been added?
- * 2) Extend 'isGracefullyShutdown()' to also consider RST segments, or add another method, 'isShutdown()' that
- * both considers FIN/ACK (graceful) as well as RST (abrupt/"ungraceful") shutdown?
- * 3) Should it be impossible to associate more than one RST segment with each Conversation?
- */
- onAddPrecondition(packet);
- TcpPacket tcpPacket = packet.get(TcpPacket.class);
- if (tcpPacket == null || !tcpPacket.getHeader().getRst()) {
- throw new IllegalArgumentException("not a RST packet");
- }
- mRstPackets.add(packet);
- }
-
- /**
- * Get the TCP segments pertaining to this {@code Conversation} for which it was detected that the RST flag is set.
- * @return the TCP segments pertaining to this {@code Conversation} for which it was detected that the RST flag is
- * set.
- */
- public List<PcapPacket> getRstPackets() {
- return Collections.unmodifiableList(mRstPackets);
- }
-
- // =========================================================================================================
- // We simply reuse equals and hashCode methods of String.class to be able to use this class as a key
- // in a Map.
-
- /**
- * <em>Note:</em> currently, equality is determined based on pairwise equality of the elements of the four tuple
- * ({@link #mClientIp}, {@link #mClientPort}, {@link #mServerIp}, {@link #mServerPort}) for {@code this} and
- * {@code obj}.
- * @param obj The object to test for equality with {@code this}.
- * @return {@code true} if {@code obj} is considered equal to {@code this} based on the definition of equality given above.
- */
- @Override
- public boolean equals(Object obj) {
- return obj instanceof Conversation && this.toString().equals(obj.toString());
- }
-
- @Override
- public int hashCode() {
- return toString().hashCode();
- }
- // =========================================================================================================
-
- @Override
- public String toString() {
- return String.format("%s:%d %s:%d", mClientIp, mClientPort, mServerIp, mServerPort);
- }
-
- /**
- * Invoke to verify that the precondition holds when a caller attempts to add a packet to this {@code Conversation}.
- * An {@link IllegalArgumentException} is thrown if the precondition is violated.
- * @param packet the packet to be added to this {@code Conversation}
- */
- private void onAddPrecondition(PcapPacket packet) {
- // Apply precondition to preserve class invariant: all packets in mPackets must match the 4 tuple that
- // defines the conversation.
- IpV4Packet ipPacket = Objects.requireNonNull(packet.get(IpV4Packet.class));
- // For now we only support TCP flows.
- TcpPacket tcpPacket = Objects.requireNonNull(packet.get(TcpPacket.class));
- String ipSrc = ipPacket.getHeader().getSrcAddr().getHostAddress();
- String ipDst = ipPacket.getHeader().getDstAddr().getHostAddress();
- int srcPort = tcpPacket.getHeader().getSrcPort().valueAsInt();
- int dstPort = tcpPacket.getHeader().getDstPort().valueAsInt();
- String clientIp, serverIp;
- int clientPort, serverPort;
- if (ipSrc.equals(mClientIp)) {
- clientIp = ipSrc;
- clientPort = srcPort;
- serverIp = ipDst;
- serverPort = dstPort;
- } else {
- clientIp = ipDst;
- clientPort = dstPort;
- serverIp = ipSrc;
- serverPort = srcPort;
- }
- if (!(clientIp.equals(mClientIp) && clientPort == mClientPort &&
- serverIp.equals(mServerIp) && serverPort == mServerPort)) {
- throw new IllegalArgumentException(
- String.format("Attempt to add packet that does not pertain to %s",
- Conversation.class.getSimpleName()));
- }
- }
-
- /**
- * <p>
- * Determines if the TCP packet contained in {@code packet} is a retransmission of a previously seen (logged)
- * packet.
- * </p>
- *
- * <b>
- * TODO:
- * the current implementation, which uses a set of previously seen sequence numbers, will consider a segment
- * with a reused sequence number---occurring as a result of sequence number wrap around for a very long-lived
- * connection---as a retransmission (and may therefore end up discarding it even though it is in fact NOT a
- * retransmission). Ideas?
- * </b>
- *
- * @param packet The packet.
- * @return {@code true} if {@code packet} was determined to be a retransmission, {@code false} otherwise.
- */
- public boolean isRetransmission(PcapPacket packet) {
- // Extract sequence number.
- int seqNo = packet.get(TcpPacket.class).getHeader().getSequenceNumber();
- switch (getDirection(packet)) {
- case CLIENT_TO_SERVER:
- return mSeqNumbersClient.contains(seqNo);
- case SERVER_TO_CLIENT:
- return mSeqNumbersSrv.contains(seqNo);
- default:
- throw new AssertionError(String.format("Unexpected value of enum '%s'",
- Direction.class.getSimpleName()));
- }
- }
-
- /**
- * <p>
- * Is this {@code Conversation} a TLS session?
- * </p>
- *
- * <em>Note: the current implementation simply examines the port number(s) for 443; it does <b>not</b> verify if the
- * application data is indeed encrypted.</em>
- *
- * @return {@code true} if this {@code Conversation} is interpreted as a TLS session, {@code false} otherwise.
- */
- public boolean isTls() {
- /*
- * TODO:
- * - may want to change this to be "return mServerPort == 443 || mClientPort == 443;" in order to also detect
- * TLS in those cases where it is not possible to correctly label who is the client and who is the server,
- * i.e., when the trace does not contain the SYN/SYNACK exchange.
- * - current implementation relies on the server using the conventional TLS port number; may instead want to
- * inspect the first 4 bytes of each potential TLS packet to see if they match the SSL record header.
- *
- * 08/31/18: Added unconvetional TLS ports used by WeMo plugs and LiFX bulb.
- * 09/20/18: Moved hardcoded ports to other class to allow other classes to query the set of TLS ports.
- */
- return TcpConversationUtils.isTlsPort(mServerPort);
- }
-
- /**
- * If this {@code Conversation} is backing a TLS session (i.e., if the value of {@link #isTls()} is {@code true}),
- * get the packets labeled as TLS Application Data packets. This is a subset of the full set of payload-carrying
- * packets (as returned by {@link #getPackets()}). An exception is thrown if this method is invoked on a
- * {@code Conversation} for which {@link #isTls()} returns {@code false}.
- *
- * @return A list containing exactly those packets that could be identified as TLS Application Data packets (through
- * inspecting of the SSL record header). The list may be empty, if no TLS application data packets have been
- * recorded for this {@code Conversation}.
- */
- public List<PcapPacket> getTlsApplicationDataPackets() {
- if (!isTls()) {
- throw new NoSuchElementException("cannot get TLS Application Data packets for non-TLS TCP conversation");
- }
- return Collections.unmodifiableList(mTlsApplicationDataPackets);
- }
-
- /**
- * Extracts the TCP sequence number from {@code packet} and adds it to the proper set of sequence numbers by
- * analyzing the direction of the packet.
- * @param packet A TCP packet (wrapped in a {@code PcapPacket}) that was added to this conversation and whose
- * sequence number is to be recorded as seen.
- */
- private void addSeqNumber(PcapPacket packet) {
- // Note: below check is redundant if client code is correct as the call to check the precondition should already
- // have been made by the addXPacket method that invokes this method. As such, the call below may be removed in
- // favor of speed, but the improvement will be minor, hence the added safety may be worth it.
- onAddPrecondition(packet);
- // Extract sequence number.
- int seqNo = packet.get(TcpPacket.class).getHeader().getSequenceNumber();
- // Determine direction of packet and add packet's sequence number to corresponding set of sequence numbers.
- switch (getDirection(packet)) {
- case CLIENT_TO_SERVER:
- // Client to server packet.
- mSeqNumbersClient.add(seqNo);
- break;
- case SERVER_TO_CLIENT:
- // Server to client packet.
- mSeqNumbersSrv.add(seqNo);
- break;
- default:
- throw new AssertionError(String.format("Unexpected value of enum '%s'",
- Direction.class.getSimpleName()));
- }
- }
-
- /**
- * Determine the direction of {@code packet}. An {@link IllegalArgumentException} is thrown if {@code packet} does
- * not pertain to this conversation.
- *
- * @param packet The packet whose direction is to be determined.
- * @return A {@link Direction} indicating the direction of the packet.
- */
- public Direction getDirection(PcapPacket packet) {
- IpV4Packet ipPacket = packet.get(IpV4Packet.class);
- String ipSrc = ipPacket.getHeader().getSrcAddr().getHostAddress();
- String ipDst = ipPacket.getHeader().getDstAddr().getHostAddress();
- // Determine direction of packet.
- if (ipSrc.equals(mClientIp) && ipDst.equals(mServerIp)) {
- // Client to server packet.
- return Direction.CLIENT_TO_SERVER;
- } else if (ipSrc.equals(mServerIp) && ipDst.equals(mClientIp)) {
- // Server to client packet.
- return Direction.SERVER_TO_CLIENT;
- } else {
- throw new IllegalArgumentException("getDirection: packet not related to " + getClass().getSimpleName());
- }
- }
-
- /**
- * Utility enum for expressing the direction of a packet pertaining to this {@code Conversation}.
- */
- public enum Direction {
-
- CLIENT_TO_SERVER {
- @Override
- public String toCompactString() {
- return "*";
- }
- },
- SERVER_TO_CLIENT {
- @Override
- public String toCompactString() {
- return "";
- }
- };
-
- /**
- * Get a compact string representation of this {@code Direction}.
- * @return a compact string representation of this {@code Direction}.
- */
- abstract public String toCompactString();
-
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.trafficreassembly.layer3;
-
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.IpV4Packet;
-import org.pcap4j.packet.TcpPacket;
-
-/**
- * Groups a FIN packet and its corresponding ACK packet. <b>Immutable and thread safe</b>.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class FinAckPair {
-
- private final PcapPacket mFinPacket;
- private final PcapPacket mCorrespondingAckPacket;
-
- /**
- * Constructs a {@code FinAckPair} given a FIN packet.
- * The corresponding ACK packet field is set to {@code null}.
- * @param finPacket A FIN packet.
- */
- public FinAckPair(PcapPacket finPacket) {
- if (!finPacket.get(TcpPacket.class).getHeader().getFin()) {
- throw new IllegalArgumentException("not a FIN packet");
- }
- mFinPacket = finPacket;
- mCorrespondingAckPacket = null;
- }
-
- /**
- * Constructs a {@code FinAckPair} given a FIN and an ACK packet.
- * @param finPacket A FIN packet.
- * @param correspondingAckPacket The ACK packet corresponding to {@code finPacket}.
- */
- public FinAckPair(PcapPacket finPacket, PcapPacket correspondingAckPacket) {
- // Enforce class invariant, i.e. that the FIN and ACK are related.
- // Note that it is indirectly checked whether finPacket is indeed a FIN packet
- // as isCorrespondingAckPacket calls the single parameter constructor.
- if (!FinAckPair.isCorrespondingAckPacket(finPacket, correspondingAckPacket)) {
- throw new IllegalArgumentException("FIN and ACK not related");
- }
- mFinPacket = finPacket;
- mCorrespondingAckPacket = correspondingAckPacket;
- }
-
- /**
- * Get the FIN packet of this pair.
- * @return the FIN packet of this pair.
- */
- public PcapPacket getFinPacket() {
- return mFinPacket;
- }
-
- /**
- * Get the corresponding ACK packet of this pair, if any.
- * @return the corresponding ACK packet of this pair, if any.
- */
- public PcapPacket getCorrespondingAckPacket() {
- return mCorrespondingAckPacket;
- }
-
- /**
- * Was the FIN in this {@code FinAckPair} acknowledged?
- *
- * @return {@code true} if the corresponding ACK has been set in this {@code FinAckPair}.
- */
- public boolean isAcknowledged() {
- return mFinPacket != null && mCorrespondingAckPacket != null;
- }
-
- /**
- * Checks if a given packet is an ACK corresponding to the FIN packet in this {@code FinAckPair}.
- * @return {@code true} if {@code packet} is an ACK that corresponds to the FIN in this pair, {@code false} otherwise.
- */
- public boolean isCorrespondingAckPacket(PcapPacket packet) {
- IpV4Packet inputIpPacket = packet.get(IpV4Packet.class);
- TcpPacket inputTcpPacket = packet.get(TcpPacket.class);
- if (inputIpPacket == null || inputTcpPacket == null || !inputTcpPacket.getHeader().getAck()) {
- return false;
- }
-
- IpV4Packet finIpPacket = mFinPacket.get(IpV4Packet.class);
- TcpPacket finTcpPacket = mFinPacket.get(TcpPacket.class);
-
- // Extract (srcIp:port,dstIp:port) for input and member (FIN) packets.
- String inputPacketIpSrc = inputIpPacket.getHeader().getSrcAddr().getHostAddress();
- String inputPacketIpDst = inputIpPacket.getHeader().getDstAddr().getHostAddress();
- int inputPacketPortSrc = inputTcpPacket.getHeader().getSrcPort().valueAsInt();
- int inputPacketPortDst = inputTcpPacket.getHeader().getDstPort().valueAsInt();
- String finPacketIpSrc = finIpPacket.getHeader().getSrcAddr().getHostAddress();
- String finPacketIpDst = finIpPacket.getHeader().getDstAddr().getHostAddress();
- int finPacketPortSrc = finTcpPacket.getHeader().getSrcPort().valueAsInt();
- int finPacketPortDst = finTcpPacket.getHeader().getDstPort().valueAsInt();
-
- // For the two packets to be related, the dst of one must be the src of the other.
- // Split into multiple if statements for readability. First check IP fields, then ports.
- if (!(inputPacketIpDst.equals(finPacketIpSrc) && finPacketIpDst.equals(inputPacketIpSrc))) {
- return false;
- }
- if (!(inputPacketPortDst == finPacketPortSrc && finPacketPortDst == inputPacketPortSrc)) {
- return false;
- }
-
- // Packets are (most likely) related (part of same conversation/stream).
- // Now all that is left for us to check is if the sequence numbers match.
- // Note: recall that the FIN packet advances the seq numbers by 1,
- // so the ACK number will be one larger than the seq. number in the FIN packet.
- return inputTcpPacket.getHeader().getAcknowledgmentNumber() == finTcpPacket.getHeader().getSequenceNumber() + 1;
- }
-
- /**
- * Static method to check if two given packets are a FIN and the corresponding ACK packet.
- * The purpose of this method is a workaround to enforce the class invariant in the two parameter constructor.
- * Specifically, the following should be avoided:
- * <pre>
- * public FinAckPair(PcapPacket finPacket, PcapPacket correspondingAckPacket) {
- * mFinPacket = finPacket;
- * // Below line is considered bad practice as the object has not been fully initialized at this stage.
- * if (!this.isCorrespondingAckPacket(correspondingAckPacket)) {
- * // ... throw exception
- * }
- * }
- * </pre>
- * @param finPacket The FIN packet.
- * @param ackPacket The ACK packet that is to be checked if it corresponds to the given FIN packet.
- * @return {@code true} if the ACK corresponds to the FIN, {@code false} otherwise.
- */
- private static boolean isCorrespondingAckPacket(PcapPacket finPacket, PcapPacket ackPacket) {
- FinAckPair tmp = new FinAckPair(finPacket);
- return tmp.isCorrespondingAckPacket(ackPacket);
- }
-
-}
+++ /dev/null
-package edu.uci.iotproject.trafficreassembly.layer3;
-
-import org.pcap4j.core.PacketListener;
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.*;
-
-import java.util.*;
-
-/**
- * Reassembles TCP conversations (streams).
- * <b>Note: current version only supports TCP over IPv4.</b>
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class TcpReassembler implements PacketListener {
-
- /**
- * Holds <em>open</em> {@link Conversation}s, i.e., {@code Conversation}s that have <em>not</em> been detected as
- * (gracefully) terminated based on the set of packets observed thus far.
- * A {@link Conversation} is moved to {@link #mTerminatedConversations} if it can be determined that it is has
- * terminated. Termination can be detected by a) observing two {@link FinAckPair}s, one in each direction, (graceful
- * termination, see {@link Conversation#isGracefullyShutdown()}) or b) by observing a SYN packet that matches the
- * four tuple of an existing {@code Conversation}, but which holds a <em>different</em> sequence number than the
- * same-direction SYN packet recorded for the {@code Conversation}.
- * <p>
- * Note that due to limitations of the {@link Set} interface (specifically, there is no {@code get(T t)} method),
- * we have to resort to a {@link Map} (in which keys map to themselves) to "mimic" a set with {@code get(T t)}
- * functionality.
- *
- * @see <a href="https://stackoverflow.com/questions/7283338/getting-an-element-from-a-set">this question on StackOverflow.com</a>
- */
- private final Map<Conversation, Conversation> mOpenConversations = new HashMap<>();
-
- /**
- * Holds <em>terminated</em> {@link Conversation}s.
- */
- private final List<Conversation> mTerminatedConversations = new ArrayList<>();
-
- @Override
- public void gotPacket(PcapPacket pcapPacket) {
- IpV4Packet ipPacket = pcapPacket.get(IpV4Packet.class);
- TcpPacket tcpPacket = pcapPacket.get(TcpPacket.class);
-
- if (ipPacket == null || tcpPacket == null) {
- return;
- }
- // ... TODO?
- processPacket(pcapPacket);
-// Class clazz = pcapPacket.getClass();
-// RadiotapPacket radiotapPacket = pcapPacket.get(RadiotapPacket.class);
-// Dot11ManagementPacket dot11ManagementPacket = pcapPacket.get(Dot11ManagementPacket.class);
-// if (dot11ManagementPacket != null) {
-// return;
-// }
-// if (radiotapPacket != null) {
-// processRadiotapPacket(pcapPacket);
-// }
- }
-
- /**
- * Get the reassembled TCP connections. Note that if this is called while packets are still being processed (by
- * calls to {@link #gotPacket(PcapPacket)}), the behavior is undefined and the returned list may be inconsistent.
- * @return The reassembled TCP connections.
- */
- public List<Conversation> getTcpConversations() {
- ArrayList<Conversation> combined = new ArrayList<>();
- combined.addAll(mTerminatedConversations);
- combined.addAll(mOpenConversations.values());
- return combined;
- }
-
- private void processRadiotapPacket(PcapPacket pcapPacket) {
- RadiotapPacket radiotapPacket = pcapPacket.get(RadiotapPacket.class);
-
- RadiotapPacket.RadiotapHeader header = radiotapPacket.getHeader();
- short length = header.getLength();
- ArrayList<RadiotapPacket.RadiotapData> radiotapData = header.getDataFields();
- // TODO: We can handle this 802.11 QoS data by creating our own class
- // TODO: We only need to handle the first few bytes for source, destination, receiver, and transmitter
- // TODO: addresses
- Packet dataPacket = radiotapPacket.getPayload();
- int dataLength = dataPacket.length();
- }
-
- private void processPacket(PcapPacket pcapPacket) {
- TcpPacket tcpPacket = pcapPacket.get(TcpPacket.class);
- // Handle client connection initiation attempts.
- if (tcpPacket.getHeader().getSyn() && !tcpPacket.getHeader().getAck()) {
- // A segment with the SYN flag set, but no ACK flag indicates that a client is attempting to initiate a new
- // connection.
- processNewConnectionRequest(pcapPacket);
- return;
- }
- // Handle server connection initiation acknowledgement
- if (tcpPacket.getHeader().getSyn() && tcpPacket.getHeader().getAck()) {
- // A segment with both the SYN and ACK flags set indicates that the server has accepted the client's request
- // to initiate a new connection.
- processNewConnectionAck(pcapPacket);
- return;
- }
- // Handle resets
- if (tcpPacket.getHeader().getRst()) {
- processRstPacket(pcapPacket);
- return;
- }
- // Handle FINs
- if (tcpPacket.getHeader().getFin()) {
- // Handle FIN packet.
- processFinPacket(pcapPacket);
- }
- // Handle ACKs (currently only ACKs of FINS)
- if (tcpPacket.getHeader().getAck()) {
- processAck(pcapPacket);
- }
- // Handle packets that carry payload (application data).
- if (tcpPacket.getPayload() != null) {
- processPayloadPacket(pcapPacket);
- }
- }
-
- private void processNewConnectionRequest(PcapPacket clientSynPacket) {
- // A SYN w/o ACK always originates from the client.
- Conversation conv = Conversation.fromPcapPacket(clientSynPacket, true);
- conv.addSynPacket(clientSynPacket);
- // Is there an ongoing conversation for the same four tuple (clientIp, clientPort, serverIp, serverPort) as
- // found in the new SYN packet?
- Conversation ongoingConv = mOpenConversations.get(conv);
- if (ongoingConv != null) {
- if (ongoingConv.isRetransmission(clientSynPacket)) {
- // SYN retransmission detected, do nothing.
- return;
- // TODO: the way retransmission detection is implemented may cause a bug for connections where we have
- // not recorded the initial SYN, but only the SYN ACK, as retransmission is determined by comparing the
- // sequence numbers of initial SYNs -- and if no initial SYN is present for the Conversation, the new
- // SYN will be interpreted as a retransmission. Possible fix: let isRentransmission ALWAYS return false
- // when presented with a SYN packet when the Conversation already holds a SYN ACK packet?
- } else {
- // New SYN has different sequence number than SYN recorded for ongoingConv, so this must be an attempt
- // to establish a new conversation with the same four tuple as ongoingConv.
- // Mark existing connection as terminated.
- // TODO: is this 100% theoretically correct, e.g., if many connection attempts are made back to back? And RST packets?
- mTerminatedConversations.add(ongoingConv);
- mOpenConversations.remove(ongoingConv);
- }
- }
- // Finally, update the map of open connections with the new connection.
- mOpenConversations.put(conv, conv);
- }
-
-
- /*
- * TODO a problem across the board for all processXPacket methods below:
- * if we start the capture in the middle of a TCP connection, we will not have an entry for the conversation in the
- * map as we have not seen the initial SYN packet.
- * Two ways we can address this:
- * a) Perform null-checks and ignore packets for which we have not seen SYN
- * + easy to get correct
- * - we discard data (issue for long-lived connections!)
- * b) Add a corresponding conversation entry whenever we encounter a packet that does not map to a conversation
- * + we consider all data
- * - not immediately clear if this will introduce bugs (incorrectly mapping packets to wrong conversations?)
- *
- * [[[ I went with option b) for now; see getOngoingConversationOrCreateNew(PcapPacket pcapPacket). ]]]
- */
-
- private void processNewConnectionAck(PcapPacket srvSynPacket) {
- // Find the corresponding ongoing connection, if any (if we start the capture just *after* the initial SYN, no
- // ongoing conversation entry will exist, so it must be created in that case).
-// Conversation conv = mOpenConversations.get(Conversation.fromPcapPacket(srvSynPacket, false));
- Conversation conv = getOngoingConversationOrCreateNew(srvSynPacket);
- // Note: exploits &&'s short-circuit operation: only attempts to add non-retransmissions.
- if (!conv.isRetransmission(srvSynPacket) && !conv.addSynPacket(srvSynPacket)) {
- // For safety/debugging: if NOT a retransmission and add fails,
- // something has gone terribly wrong/invariant is broken.
-// throw new AssertionError("Attempt to add SYN ACK packet that was NOT a retransmission failed." +
-// Conversation.class.getSimpleName() + " invariant broken.");
- }
- }
-
- private void processRstPacket(PcapPacket rstPacket) {
- Conversation conv = getOngoingConversationOrCreateNew(rstPacket);
- // Add RST packet to conversation.
- conv.addRstPacket(rstPacket);
- // Move conversation to set of terminated conversations.
- mTerminatedConversations.add(conv);
- mOpenConversations.remove(conv, conv);
- }
-
- private void processFinPacket(PcapPacket finPacket) {
-// getOngoingConversationForPacket(finPacket).addFinPacket(finPacket);
- getOngoingConversationOrCreateNew(finPacket).addFinPacket(finPacket);
- }
-
- private void processAck(PcapPacket ackPacket) {
-// getOngoingConversationForPacket(ackPacket).attemptAcknowledgementOfFin(ackPacket);
- // Note that unlike the style for SYN, FIN, and payload packets, for "ACK only" packets, we want to avoid
- // creating a new conversation.
- Conversation conv = getOngoingConversationForPacket(ackPacket);
- if (conv != null) {
- // The ACK may be an ACK of a FIN, so attempt to mark the FIN as ack'ed.
- conv.attemptAcknowledgementOfFin(ackPacket);
- if (conv.isGracefullyShutdown()) {
- // Move conversation to set of terminated conversations.
- mTerminatedConversations.add(conv);
- mOpenConversations.remove(conv);
- }
- }
- // Note: add (additional) processing of ACKs (that are not ACKs of FINs) as necessary here...
- }
-
- private void processPayloadPacket(PcapPacket pcapPacket) {
-// getOngoingConversationForPacket(pcapPacket).addPacket(pcapPacket, true);
- getOngoingConversationOrCreateNew(pcapPacket).addPacket(pcapPacket, true);
- }
-
- /**
- * Locates an ongoing conversation (if any) that {@code pcapPacket} pertains to.
- * @param pcapPacket The packet that is to be mapped to an ongoing {@code Conversation}.
- * @return The {@code Conversation} matching {@code pcapPacket} or {@code null} if there is no match.
- */
- private Conversation getOngoingConversationForPacket(PcapPacket pcapPacket) {
- // We cannot know if this is a client-to-server or server-to-client packet without trying both options...
- Conversation conv = mOpenConversations.get(Conversation.fromPcapPacket(pcapPacket, true));
- if (conv == null) {
- conv = mOpenConversations.get(Conversation.fromPcapPacket(pcapPacket, false));
- }
- return conv;
- }
-
- /**
- * Like {@link #getOngoingConversationForPacket(PcapPacket)}, but creates and inserts a new {@code Conversation}
- * into {@link #mOpenConversations} if no open conversation is found (i.e., in the case that
- * {@link #getOngoingConversationForPacket(PcapPacket)} returns {@code null}).
- *
- * @param pcapPacket The packet that is to be mapped to an ongoing {@code Conversation}.
- * @return The existing, ongoing {@code Conversation} matching {@code pcapPacket} or the newly created one in case
- * no match was found.
- */
- private Conversation getOngoingConversationOrCreateNew(PcapPacket pcapPacket) {
- Conversation conv = getOngoingConversationForPacket(pcapPacket);
- if (conv == null) {
- TcpPacket tcpPacket = pcapPacket.get(TcpPacket.class);
- if (tcpPacket.getHeader().getSyn() && tcpPacket.getHeader().getAck()) {
- // A SYN ACK packet always originates from the server (it is a reply to the initial SYN packet from the client)
- conv = Conversation.fromPcapPacket(pcapPacket, false);
- } else {
- // TODO: can we do anything else but arbitrarily select who is designated as the server in this case?
- // We can check if the IP prefix matches a local IP when handling traffic observed inside the local
- // network, but that obviously won't be a useful strategy for an observer at the WAN port.
- String srcIp = pcapPacket.get(IpV4Packet.class).getHeader().getSrcAddr().getHostAddress();
- // TODO: REPLACE THE ROUTER'S IP WITH A PARAMETER!!!
- boolean clientIsSrc = srcIp.startsWith("10.") || srcIp.startsWith("192.168.") || srcIp.equals("128.195.205.105");
- conv = Conversation.fromPcapPacket(pcapPacket, clientIsSrc);
- }
- mOpenConversations.put(conv, conv);
- }
- return conv;
- }
-}
+++ /dev/null
-package edu.uci.iotproject.util;
-
-import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
-import edu.uci.iotproject.analysis.PcapPacketPair;
-import edu.uci.iotproject.analysis.TcpConversationUtils;
-import edu.uci.iotproject.analysis.TriggerTrafficExtractor;
-import org.apache.commons.math3.stat.clustering.Cluster;
-import org.pcap4j.core.PcapPacket;
-import org.pcap4j.packet.EthernetPacket;
-import org.pcap4j.packet.IpV4Packet;
-import org.pcap4j.packet.TcpPacket;
-import org.pcap4j.util.MacAddress;
-
-import java.util.*;
-
-/**
- * Utility methods for inspecting {@link PcapPacket} properties.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public final class PcapPacketUtils {
-
- /**
- * This is the threshold value for a signature's number of members
- * If after a merging the number of members of a signature falls below this threshold, then we can boldly
- * get rid of that signature.
- */
- private static final int SIGNATURE_MERGE_THRESHOLD = 5;
-
- /**
- * This is an overlap counter (we consider overlaps between signatures if it happens more than once)
- */
- private static int mOverlapCounter = 0;
-
-
- /**
- * Gets the source address of the Ethernet part of {@code packet}.
- * @param packet The packet for which the Ethernet source address is to be extracted.
- * @return The source address of the Ethernet part of {@code packet}.
- */
- public static MacAddress getEthSrcAddr(PcapPacket packet) {
- return getEthernetPacketOrThrow(packet).getHeader().getSrcAddr();
- }
-
- /**
- * Gets the destination address of the Ethernet part of {@code packet}.
- * @param packet The packet for which the Ethernet destination address is to be extracted.
- * @return The destination address of the Ethernet part of {@code packet}.
- */
- public static MacAddress getEthDstAddr(PcapPacket packet) {
- return getEthernetPacketOrThrow(packet).getHeader().getDstAddr();
- }
-
- /**
- * Determines if a given {@link PcapPacket} wraps a {@link TcpPacket}.
- * @param packet The {@link PcapPacket} to inspect.
- * @return {@code true} if {@code packet} wraps a {@link TcpPacket}, {@code false} otherwise.
- */
- public static boolean isTcp(PcapPacket packet) {
- return packet.get(TcpPacket.class) != null;
- }
-
- /**
- * Gets the source IP (in decimal format) of an IPv4 packet.
- * @param packet The packet for which the IPv4 source address is to be extracted.
- * @return The decimal representation of the source IP of {@code packet} <em>iff</em> {@code packet} wraps an
- * {@link IpV4Packet}.
- * @throws NullPointerException if {@code packet} does not encapsulate an {@link IpV4Packet}.
- */
- public static String getSourceIp(PcapPacket packet) {
- return getIpV4PacketOrThrow(packet).getHeader().getSrcAddr().getHostAddress();
- }
-
- /**
- * Gets the destination IP (in decimal format) of an IPv4 packet.
- * @param packet The packet for which the IPv4 source address is to be extracted.
- * @return The decimal representation of the destination IP of {@code packet} <em>iff</em> {@code packet} wraps an
- * {@link IpV4Packet}.
- * @throws NullPointerException if {@code packet} does not encapsulate an {@link IpV4Packet}.
- */
- public static String getDestinationIp(PcapPacket packet) {
- return getIpV4PacketOrThrow(packet).getHeader().getDstAddr().getHostAddress();
- }
-
- /**
- * Gets the source port of a TCP packet.
- * @param packet The packet for which the source port is to be extracted.
- * @return The source port of the {@link TcpPacket} encapsulated by {@code packet}.
- * @throws IllegalArgumentException if {@code packet} does not encapsulate a {@link TcpPacket}.
- */
- public static int getSourcePort(PcapPacket packet) {
- TcpPacket tcpPacket = packet.get(TcpPacket.class);
- if (tcpPacket == null) {
- throw new IllegalArgumentException("not a TCP packet");
- }
- return tcpPacket.getHeader().getSrcPort().valueAsInt();
- }
-
- /**
- * Gets the destination port of a TCP packet.
- * @param packet The packet for which the destination port is to be extracted.
- * @return The destination port of the {@link TcpPacket} encapsulated by {@code packet}.
- * @throws IllegalArgumentException if {@code packet} does not encapsulate a {@link TcpPacket}.
- */
- public static int getDestinationPort(PcapPacket packet) {
- TcpPacket tcpPacket = packet.get(TcpPacket.class);
- if (tcpPacket == null) {
- throw new IllegalArgumentException("not a TCP packet");
- }
- return tcpPacket.getHeader().getDstPort().valueAsInt();
- }
-
- /**
- * Helper method to determine if the given combination of IP and port matches the source of the given packet.
- * @param packet The packet to check.
- * @param ip The IP to look for in the ip.src field of {@code packet}.
- * @param port The port to look for in the tcp.port field of {@code packet}.
- * @return {@code true} if the given ip+port match the corresponding fields in {@code packet}.
- */
- public static boolean isSource(PcapPacket packet, String ip, int port) {
- IpV4Packet ipPacket = Objects.requireNonNull(packet.get(IpV4Packet.class));
- // For now we only support TCP flows.
- TcpPacket tcpPacket = Objects.requireNonNull(packet.get(TcpPacket.class));
- String ipSrc = ipPacket.getHeader().getSrcAddr().getHostAddress();
- int srcPort = tcpPacket.getHeader().getSrcPort().valueAsInt();
- return ipSrc.equals(ip) && srcPort == port;
- }
-
- /**
- * Helper method to determine if the given combination of IP and port matches the destination of the given packet.
- * @param packet The packet to check.
- * @param ip The IP to look for in the ip.dst field of {@code packet}.
- * @param port The port to look for in the tcp.dstport field of {@code packet}.
- * @return {@code true} if the given ip+port match the corresponding fields in {@code packet}.
- */
- public static boolean isDestination(PcapPacket packet, String ip, int port) {
- IpV4Packet ipPacket = Objects.requireNonNull(packet.get(IpV4Packet.class));
- // For now we only support TCP flows.
- TcpPacket tcpPacket = Objects.requireNonNull(packet.get(TcpPacket.class));
- String ipDst = ipPacket.getHeader().getDstAddr().getHostAddress();
- int dstPort = tcpPacket.getHeader().getDstPort().valueAsInt();
- return ipDst.equals(ip) && dstPort == port;
- }
-
- /**
- * Checks if the source IP address of the {@link IpV4Packet} contained in {@code packet} is a local address, i.e.,
- * if it pertains to subnet 10.0.0.0/8, 172.16.0.0/16, or 192.168.0.0/16.
- * @param packet The packet for which the source IP address is to be examined.
- * @return {@code true} if {@code packet} wraps a {@link IpV4Packet} for which the source IP address is a local IP
- * address, {@code false} otherwise.
- * @throws NullPointerException if {@code packet} does not encapsulate an {@link IpV4Packet}.
- */
- public static boolean isSrcIpLocal(PcapPacket packet) {
- return getIpV4PacketOrThrow(packet).getHeader().getSrcAddr().isSiteLocalAddress();
- }
-
- /**
- * Checks if the destination IP address of the {@link IpV4Packet} contained in {@code packet} is a local address,
- * i.e., if it pertains to subnet 10.0.0.0/8, 172.16.0.0/16, or 192.168.0.0/16.
- * @param packet The packet for which the destination IP address is to be examined.
- * @return {@code true} if {@code packet} wraps a {@link IpV4Packet} for which the destination IP address is a local
- * IP address, {@code false} otherwise.
- * @throws NullPointerException if {@code packet} does not encapsulate an {@link IpV4Packet}.
- */
- public static boolean isDstIpLocal(PcapPacket packet) {
- return getIpV4PacketOrThrow(packet).getHeader().getDstAddr().isSiteLocalAddress();
- }
-
- /**
- * Checks if {@code packet} wraps a TCP packet that has the SYN flag set.
- * @param packet A {@link PcapPacket} that is suspected to contain a {@link TcpPacket} for which the SYN flag is set.
- * @return {@code true} <em>iff</em> {@code packet} contains a {@code TcpPacket} for which the SYN flag is set,
- * {@code false} otherwise.
- */
- public static boolean isSyn(PcapPacket packet) {
- TcpPacket tcp = packet.get(TcpPacket.class);
- return tcp != null && tcp.getHeader().getSyn();
- }
-
- /**
- * Checks if {@code packet} wraps a TCP packet th at has the ACK flag set.
- * @param packet A {@link PcapPacket} that is suspected to contain a {@link TcpPacket} for which the ACK flag is set.
- * @return {@code true} <em>iff</em> {@code packet} contains a {@code TcpPacket} for which the ACK flag is set,
- * {@code false} otherwise.
- */
- public static boolean isAck(PcapPacket packet) {
- TcpPacket tcp = packet.get(TcpPacket.class);
- return tcp != null && tcp.getHeader().getAck();
- }
-
- /**
- * Transform a {@code Cluster} of {@code PcapPacketPair} objects into a {@code List} of {@code List} of
- * {@code PcapPacket} objects.
- * @param cluster A {@link Cluster} of {@link PcapPacketPair} objects that needs to be transformed.
- * @return A {@link List} of {@link List} of {@link PcapPacket} objects as the result of the transformation.
- */
- public static List<List<PcapPacket>> clusterToListOfPcapPackets(Cluster<PcapPacketPair> cluster) {
- List<List<PcapPacket>> ppListOfList = new ArrayList<>();
- for (PcapPacketPair ppp: cluster.getPoints()) {
- // Create a list of PcapPacket objects (list of two members).
- List<PcapPacket> ppList = new ArrayList<>();
- ppList.add(ppp.getFirst());
- if(ppp.getSecond().isPresent())
- ppList.add(ppp.getSecond().get());
- else
- ppList.add(null);
- // Create a list of list of PcapPacket objects.
- ppListOfList.add(ppList);
- }
- // Sort the list of lists based on the first packet's timestamp!
- Collections.sort(ppListOfList, (p1, p2) -> p1. get(0).getTimestamp().compareTo(p2.get(0).getTimestamp()));
- return ppListOfList;
- }
-
- /**
- * Merge signatures in {@code List} of {@code List} of {@code List} of {@code PcapPacket} objects.
- * We cross-check these with {@code List} of {@code Conversation} objects to see
- * if two {@code List} of {@code PcapPacket} objects actually belong to the same {@code Conversation}.
- * @param signatures A {@link List} of {@link List} of {@link List} of
- * {@link PcapPacket} objects that needs to be checked and merged.
- * @param conversations A {@link List} of {@link Conversation} objects as reference for merging.
- * @return A {@link List} of {@link List} of {@link List} of
- * {@link PcapPacket} objects as the result of the merging.
- */
- public static List<List<List<PcapPacket>>>
- mergeSignatures(List<List<List<PcapPacket>>> signatures, List<Conversation> conversations) {
-
- // TODO: THIS IS NOT A DEEP COPY; IT BASICALLY CREATES A REFERENCE TO THE SAME LIST OBJECT
- // List<List<List<PcapPacket>>> copySignatures = new ArrayList<>(signatures);
- // Make a deep copy first.
- List<List<List<PcapPacket>>> copySignatures = new ArrayList<>();
- listDeepCopy(copySignatures, signatures);
- // Traverse and look into the pairs of signatures.
- for (int first = 0; first < signatures.size(); first++) {
- List<List<PcapPacket>> firstList = signatures.get(first);
- for (int second = first+1; second < signatures.size(); second++) {
- int maxSignatureEl = 0; // Number of maximum signature elements.
- List<List<PcapPacket>> secondList = signatures.get(second);
- int initialSecondListMembers = secondList.size();
- // Iterate over the signatures in the first list.
- for (List<PcapPacket> signature : firstList) {
- signature.removeIf(el -> el == null); // Clean up null elements.
- // Return the Conversation that the signature is part of.
- Conversation conv = TcpConversationUtils.returnConversation(signature, conversations);
- // Find the element of the second list that is a match for that Conversation.
- for (List<PcapPacket> ppList : secondList) {
- ppList.removeIf(el -> el == null); // Clean up null elements.
- // Check if they are part of a Conversation and are adjacent to the first signature.
- // If yes then merge into the first list.
- TcpConversationUtils.SignaturePosition position =
- TcpConversationUtils.isPartOfConversationAndAdjacent(signature, ppList, conv);
- if (position == TcpConversationUtils.SignaturePosition.LEFT_ADJACENT) {
- // Merge to the left side of the first signature.
- ppList.addAll(signature);
- signature = ppList;
- maxSignatureEl = signature.size() > maxSignatureEl ? signature.size() : maxSignatureEl;
- secondList.remove(ppList); // Remove as we merge.
- break;
- } else if (position == TcpConversationUtils.SignaturePosition.RIGHT_ADJACENT) {
- // Merge to the right side of the first signature.
- signature.addAll(ppList);
- maxSignatureEl = signature.size() > maxSignatureEl ? signature.size() : maxSignatureEl;
- secondList.remove(ppList); // Remove as we merge.
- break;
- } // TcpConversationUtils.SignaturePosition.NOT_ADJACENT.
- }
- }
- // Call it a successful merging if there are only less than 5 elements from the second list that
- // cannot be merged.
- if (secondList.size() < SIGNATURE_MERGE_THRESHOLD) {
- // Prune the unsuccessfully merged signatures (i.e., these will have size() < maxSignatureEl).
- final int maxNumOfEl = maxSignatureEl;
- // TODO: DOUBLE CHECK IF WE REALLY NEED TO PRUNE FAILED BINDINGS
- // TODO: SOMETIMES THE SEQUENCES ARE JUST INCOMPLETE
- // TODO: AND BOTH THE COMPLETE AND INCOMPLETE SEQUENCES ARE VALID SIGNATURES!
- firstList.removeIf(el -> el.size() < maxNumOfEl);
- // Remove the merged set of signatures when successful.
- signatures.remove(secondList);
- } else if (secondList.size() < initialSecondListMembers) {
- // If only some of the signatures from the second list are merged, this means UNSUCCESSFUL merging.
- // Return the original copy of the signatures object.
- return copySignatures;
- }
- }
- }
- return signatures;
- }
-
- /**
- * Deep copy to create an entirely new {@link List} of {@link List} of {@link List} of {@link PcapPacket} objects.
- * @param destList A {@link List} of {@link List} of {@link List} of
- * {@link PcapPacket} objects that will be the final container of the deep copy
- * @param sourceList A {@link List} of {@link List} of {@link List} of
- * {@link PcapPacket} objects that will be the source of the deep copy.
- */
- private static void listDeepCopy(List<List<List<PcapPacket>>> destList, List<List<List<PcapPacket>>> sourceList) {
-
- for(List<List<PcapPacket>> llPcapPacket : sourceList) {
- List<List<PcapPacket>> tmpListOfList = new ArrayList<>();
- for(List<PcapPacket> lPcapPacket : llPcapPacket) {
- List<PcapPacket> tmpList = new ArrayList<>();
- for(PcapPacket pcapPacket : lPcapPacket) {
- tmpList.add(pcapPacket);
- }
- tmpListOfList.add(tmpList);
- }
- destList.add(tmpListOfList);
- }
- }
-
- /**
- * Sort the signatures in the {@code List} of {@code List} of {@code List} of {@code PcapPacket} objects.
- * The purpose of this is to sort the order of signatures in the signature list. For detection purposes, we need
- * to know if one signature occurs earlier/later in time with respect to the other signatures for more confidence
- * in detecting the occurrence of an event.
- * @param signatures A {@code List} of {@code List} of {@code List} of {@code PcapPacket} objects that needs sorting.
- * We assume that innermost {@code List} of {@code PcapPacket} objects have been sorted ascending
- * by timestamps. By the time we use this method, we should have sorted it when calling the
- * {@code clusterToListOfPcapPackets} method.
- * @return A sorted {@code List} of {@code List} of {@code List} of {@code PcapPacket} objects.
- */
- public static List<List<List<PcapPacket>>> sortSignatures(List<List<List<PcapPacket>>> signatures) {
- // TODO: This is the simplest solution!!! Might not cover all corner cases.
- // TODO: Sort the list of lists based on the first packet's timestamps!
-// Collections.sort(signatures, (p1, p2) -> {
-// //return p1.get(0).get(0).getTimestamp().compareTo(p2.get(0).get(0).getTimestamp());
-// int compare = p1.get(0).get(0).getTimestamp().compareTo(p2.get(0).get(0).getTimestamp());
-// return compare;
-// });
- // TODO: The following is a more complete solution that covers corner cases.
- // Sort the list of lists based on one-to-one comparison between timestamps of signatures on both lists.
- // This also takes into account the fact that the number of signatures in the two lists could be different.
- // Additionally, this code forces the comparison between two signatures only if they occur in the
- // INCLUSION_WINDOW_MILLIS window; otherwise, it tries to find the right pair of signatures in the time window.
- Collections.sort(signatures, (p1, p2) -> {
- int compare = 0;
- int comparePrev = 0;
- int count1 = 0;
- int count2 = 0;
- // Need to make sure that both are not out of bound!
- while (count1 + 1 < p1.size() && count2 + 1 < p2.size()) {
- long timestamp1 = p1.get(count1).get(0).getTimestamp().toEpochMilli();
- long timestamp2 = p2.get(count2).get(0).getTimestamp().toEpochMilli();
- // The two timestamps have to be within a 15-second window!
- if (Math.abs(timestamp1 - timestamp2) < TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS) {
- // If these two are within INCLUSION_WINDOW_MILLIS window then compare!
- compare = p1.get(count1).get(0).getTimestamp().compareTo(p2.get(count2).get(0).getTimestamp());
-// if (comparePrev != 0) { // First time since it is 0
-// if (Integer.signum(compare) != Integer.signum(comparePrev)) {
-// // Throw an exception if the order of the two signatures is not consistent,
-// // E.g., 111, 222, 333 in one occassion and 222, 333, 111 in the other.
-// throw new Error("OVERLAP WARNING: " + "" +
-// "Please remove one of the sequences: " +
-// p1.get(0).get(0).length() + "... OR " +
-// p2.get(0).get(0).length() + "...");
-// }
-// }
- overlapChecking(compare, comparePrev, p1.get(count1), p2.get(count2));
- comparePrev = compare;
- count1++;
- count2++;
- } else {
- // If not within INCLUSION_WINDOW_MILLIS window then find the correct pair
- // by incrementing one of them.
- if (timestamp1 < timestamp2)
- count1++;
- else
- count2++;
- }
- }
- return compare;
- });
- return signatures;
- }
-
- /**
- * Checks for overlapping between two packet sequences.
- * @param compare Current comparison value between packet sequences p1 and p2
- * @param comparePrev Previous comparison value between packet sequences p1 and p2
- * @param sequence1 The packet sequence ({@link List} of {@link PcapPacket} objects).
- * @param sequence2 The packet sequence ({@link List} of {@link PcapPacket} objects).
- */
- private static void overlapChecking(int compare, int comparePrev, List<PcapPacket> sequence1, List<PcapPacket> sequence2) {
-
- // Check if p1 occurs before p2 but both have same overlap
- if (comparePrev != 0) { // First time since it is 0
- if (Integer.signum(compare) != Integer.signum(comparePrev)) {
- // Throw an exception if the order of the two signatures is not consistent,
- // E.g., 111, 222, 333 in one occassion and 222, 333, 111 in the other.
- throw new Error("OVERLAP WARNING: " + "" +
- "Two sequences have some overlap. Please remove one of the sequences: " +
- sequence1.get(0).length() + "... OR " +
- sequence2.get(0).length() + "...");
- }
- }
- // Check if p1 is longer than p2 and p2 occurs during the occurrence of p1
- int lastIndexOfSequence1 = sequence1.size() - 1;
- int lastIndexOfSequence2 = sequence2.size() - 1;
- int compareLast =
- sequence1.get(lastIndexOfSequence1).getTimestamp().compareTo(sequence2.get(lastIndexOfSequence2).getTimestamp());
- // Check the signs of compare and compareLast
- if ((compare <= 0 && compareLast > 0) ||
- (compareLast <= 0 && compare > 0)) {
- mOverlapCounter++;
- // TODO: Probably not the best approach but we consider overlap if it happens more than once
- if (mOverlapCounter > 1) {
- throw new Error("OVERLAP WARNING: " + "" +
- "One sequence is in the other. Please remove one of the sequences: " +
- sequence1.get(0).length() + "... OR " +
- sequence2.get(0).length() + "...");
- }
- }
-
- }
-
- /**
- * Gets the {@link IpV4Packet} contained in {@code packet}, or throws a {@link NullPointerException} if
- * {@code packet} does not contain an {@link IpV4Packet}.
- * @param packet A {@link PcapPacket} that is expected to contain an {@link IpV4Packet}.
- * @return The {@link IpV4Packet} contained in {@code packet}.
- * @throws NullPointerException if {@code packet} does not encapsulate an {@link IpV4Packet}.
- */
- private static IpV4Packet getIpV4PacketOrThrow(PcapPacket packet) {
- return Objects.requireNonNull(packet.get(IpV4Packet.class), "not an IPv4 packet");
- }
-
- /**
- * Gets the {@link EthernetPacket} contained in {@code packet}, or throws a {@link NullPointerException} if
- * {@code packet} does not contain an {@link EthernetPacket}.
- * @param packet A {@link PcapPacket} that is expected to contain an {@link EthernetPacket}.
- * @return The {@link EthernetPacket} contained in {@code packet}.
- * @throws NullPointerException if {@code packet} does not encapsulate an {@link EthernetPacket}.
- */
- private static final EthernetPacket getEthernetPacketOrThrow(PcapPacket packet) {
- return Objects.requireNonNull(packet.get(EthernetPacket.class), "not an Ethernet packet");
- }
-
- /**
- * Print signatures in {@code List} of {@code List} of {@code List} of {@code PcapPacket} objects.
- *
- * @param signatures A {@link List} of {@link List} of {@link List} of
- * {@link PcapPacket} objects that needs to be printed.
- */
- public static void printSignatures(List<List<List<PcapPacket>>> signatures) {
-
- // Iterate over the list of all clusters/sequences
- int sequenceCounter = 0;
- for(List<List<PcapPacket>> listListPcapPacket : signatures) {
- // Iterate over every member of a cluster/sequence
- System.out.print("====== SEQUENCE " + ++sequenceCounter);
- System.out.println(" - " + listListPcapPacket.size() + " MEMBERS ======");
- for(List<PcapPacket> listPcapPacket : listListPcapPacket) {
- // Print out packet lengths in a sequence
- int packetCounter = 0;
- for(PcapPacket pcapPacket : listPcapPacket) {
- if(pcapPacket != null) {
- System.out.print(pcapPacket.length());
- }
- if(packetCounter < listPcapPacket.size() - 1) {
- System.out.print(" "); // Provide space if not last packet
- } else {
- System.out.println(); // Newline if last packet
- }
- packetCounter++;
- }
- }
- }
- }
-
- /**
- * Remove a sequence in a signature object.
- *
- * @param signatures A {@link List} of {@link List} of {@link List} of
- * {@link PcapPacket} objects.
- * @param sequenceIndex An index for a sequence that consists of {{@link List} of {@link List} of
- * {@link PcapPacket} objects.
- */
- public static void removeSequenceFromSignature(List<List<List<PcapPacket>>> signatures, int sequenceIndex) {
-
- // Sequence index starts from 0
- signatures.remove(sequenceIndex);
- }
-}
+++ /dev/null
-package edu.uci.iotproject.util;
-
-import edu.uci.iotproject.DnsMap;
-import edu.uci.iotproject.analysis.PcapPacketPair;
-import org.apache.commons.math3.stat.clustering.Cluster;
-
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.util.List;
-import java.util.Optional;
-import java.util.Set;
-import java.util.stream.Collectors;
-
-import org.pcap4j.core.PcapPacket;
-
-/**
- * Utility methods for generating (output) strings.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class PrintUtils {
-
- /**
- * This is the path for writing the list of list of packet pairs {@code List<List<PcapPacket>>} into a file.
- * The packet pairs are the pairs in one cluster, so the list represents a cluster that has been derived through
- * the DBSCAN algorithm.
- *
- * E.g., this file could contain a list like the following:
- *
- * [[1109, 613],[1111, 613],[1115, 613],...]
- *
- * This list has lists of PcapPacket pairs as its members. We do not maintain the pairs in the form of
- * {@code Cluster<PcapPacketPair>} objects because there might be a situation where we could combine multiple
- * PcapPacketPair objects into a longer signature, i.e., a string of PcapPacket objects and not just a pair.
- */
- private static final String SERIALIZABLE_FILE_PATH = "./signature.sig";
-
- private PrintUtils() { /* private constructor to prevent instantiation */ }
-
- /**
- * Write the list of list of packet pairs {@code List<List<PcapPacket>>} into a file.
- *
- * After the DBSCAN algorithm derives the clusters from pairs, we save the signature in the form of list of
- * packet pairs. We harvest the pairs and transform them back into a list of PcapPacket objects.
- * We do not maintain the pairs in the form of {@code Cluster<PcapPacketPair>} objects because there might be
- * a situation where we could combine multiple PcapPacketPair objects into a longer signature, i.e., a string of
- * PcapPacket objects and not just a pair.
- *
- * @param fileName The path of the file in {@link String}. We could leave this one {@code null} if we wanted the
- * default file name {@code SERIALIZABLE_FILE_PATH}.
- * @param clusterPackets The {@link Cluster} objects in the form of list of {@code PcapPacket} objects.
- */
- public static void serializeClustersIntoFile(String fileName, List<List<PcapPacket>> clusterPackets) {
- if (fileName == null)
- fileName = SERIALIZABLE_FILE_PATH;
- try (ObjectOutputStream oos =
- new ObjectOutputStream(new FileOutputStream(fileName))) {
- oos.writeObject(clusterPackets);
- } catch (Exception ex) {
- ex.printStackTrace();
- }
- }
-
- /**
- * Write the signature {@code List<List<List<PcapPacket>>>} into a file.
- *
- * After the DBSCAN algorithm derives the clusters from pairs, we save the signature in the form of list of
- * packet pairs. We harvest the pairs and transform them back into a list of PcapPacket objects.
- * We do not maintain the pairs in the form of {@code Cluster<PcapPacketPair>} objects because there might be
- * a situation where we could combine multiple PcapPacketPair objects into a longer signature, i.e., a string of
- * PcapPacket objects and not just a pair.
- *
- * @param fileName The path of the file in {@link String}. We could leave this one {@code null} if we wanted the
- * default file name {@code SERIALIZABLE_FILE_PATH}.
- * @param signature The {@link Cluster} objects in the form of list of {@code PcapPacket} objects.
- */
- public static void serializeSignatureIntoFile(String fileName, List<List<List<PcapPacket>>> signature) {
- if (fileName == null)
- fileName = SERIALIZABLE_FILE_PATH;
- try (ObjectOutputStream oos =
- new ObjectOutputStream(new FileOutputStream(fileName))) {
- oos.writeObject(signature);
- } catch (Exception ex) {
- ex.printStackTrace();
- }
- }
-
- /**
- * Read the list of list of packet pairs {@code List<List<PcapPacket>>} from a file.
- *
- * After the DBSCAN algorithm derives the clusters from pairs, we save the signature in the form of list of
- * packet pairs. We harvest the pairs and transform them back into a list of PcapPacket objects.
- * We do not maintain the pairs in the form of {@code Cluster<PcapPacketPair>} objects because there might be
- * a situation where we could combine multiple PcapPacketPair objects into a longer signature, i.e., a string of
- * PcapPacket objects and not just a pair.
- *
- * @param fileName The path of the file in {@link String}. We could leave this one {@code null} if we wanted the
- * default file name {@code SERIALIZABLE_FILE_PATH}.
- * @return The list of list of {@link Cluster} objects ({@code List<List<PcapPacket>>}) that is read from file.
- */
- public static List<List<PcapPacket>> deserializeClustersFromFile(String fileName) {
- if (fileName == null)
- fileName = SERIALIZABLE_FILE_PATH;
- List<List<PcapPacket>> ppListOfList = null;
- try (ObjectInputStream ois =
- new ObjectInputStream(new FileInputStream(fileName))) {
- ppListOfList = (List<List<PcapPacket>>) ois.readObject();
- } catch (Exception ex) {
- ex.printStackTrace();
- }
-
- return ppListOfList;
- }
-
- /**
- * Read the list of list of packet pairs {@code List<List<List<PcapPacket>>>} from a file.
- *
- * After the DBSCAN algorithm derives the clusters from pairs, we save the signature in the form of list of
- * packet pairs. We harvest the pairs and transform them back into a list of PcapPacket objects.
- * We do not maintain the pairs in the form of {@code Cluster<PcapPacketPair>} objects because there might be
- * a situation where we could combine multiple PcapPacketPair objects into a longer signature, i.e., a string of
- * PcapPacket objects and not just a pair.
- *
- * @param fileName The path of the file in {@link String}. We could leave this one {@code null} if we wanted the
- * default file name {@code SERIALIZABLE_FILE_PATH}.
- * @return The list of list of list of {@link Cluster} objects ({@code List<List<List<PcapPacket>>>})
- * that is read from file.
- */
- public static List<List<List<PcapPacket>>> deserializeSignatureFromFile(String fileName) {
- if (fileName == null)
- fileName = SERIALIZABLE_FILE_PATH;
- List<List<List<PcapPacket>>> ppListOfListOfList = null;
- try (ObjectInputStream ois =
- new ObjectInputStream(new FileInputStream(fileName))) {
- ppListOfListOfList = (List<List<List<PcapPacket>>>) ois.readObject();
- } catch (Exception ex) {
- ex.printStackTrace();
- }
-
- return ppListOfListOfList;
- }
-
- /**
- * Converts a {@code PcapPacketPair} into a CSV string containing the packet lengths of the two packets in the pair.
- *
- * For example, the resulting string will be "123, 456" if the first packet of the pair has a length of 123 and the
- * second packet of the pair has a length of 456.
- *
- * <b>Note:</b> if the {@link PcapPacketPair} has no second element, 0 is printed as the length of the second packet
- * in the pair.
- *
- * @return a CSV string containing the packet lengths of the two packets of the given {@code PcapPacketPair}.
- */
- public static String toCsv(PcapPacketPair packetPair) {
- return String.format("%d, %d", packetPair.getFirst().getOriginalLength(),
- packetPair.getSecond().map(pp -> pp.getOriginalLength()).orElse(0));
- }
-
- /**
- * Converts a {@code PcapPacketPair} into a CSV string containing the packet lengths of the two packets in the pair
- * followed by the source of each packet. The source will be a (set of) hostname(s) if the source IP can be resolved
- * to a (set of) hostname(s) using the provided {@link DnsMap}.
- *
- * For example, the resulting string will be "123, 456, 192.168.1.42, domain.com" if the first packet of the pair
- * has a length of 123, the second packet of the pair has a length of 456, the first packet of the pair the pair has
- * a source IP of '192.168.1.42' that cannot be resolved to a hostname, and the second packet of the pair has an IP
- * that resolves to 'domain.com'.
- *
- * <b>Note:</b> if the {@link PcapPacketPair} has no second element, 0 is printed as the length of the second packet
- * in the pair, and null is printed for its source.
- *
- * @return a CSV string containing the packet lengths of the two packets of the given {@code PcapPacketPair} as well
- * as their respective sources.
- */
- public static String toCsv(PcapPacketPair packetPair, DnsMap ipHostnameMappings) {
- // First obtain source IPs
- String firstSrc = PcapPacketUtils.getSourceIp(packetPair.getFirst());
- // Note: use optional for second item in pair as there might not be one.
- Optional<String> secondSrc = packetPair.getSecond().map(pkt -> PcapPacketUtils.getSourceIp(pkt));
-
- // If possible, map source IPs to hostnames.
- Set<String> firstHostnames = ipHostnameMappings.getHostnamesForIp(firstSrc);
- Optional<Set<String>> secondHostnames = secondSrc.map(src -> ipHostnameMappings.getHostnamesForIp(src));
- final String delimiter = " ";
- if (firstHostnames != null) {
- // If one IP maps to multiple hostnames, we concatenate the hostnames (separated by a delimiter).
- firstSrc = firstHostnames.stream().collect(Collectors.joining(delimiter));
- }
- // If one IP maps to multiple hostnames, we concatenate the hostnames (separated by a delimiter).
- Optional<String> hostnames = secondHostnames.map(hostnameSet -> hostnameSet.stream().collect(Collectors.joining(delimiter)));
- // Fall back to IP if we couldn't second pair is present, but we couldn't map to (a) hostname(s).
- secondSrc = hostnames.isPresent() ? hostnames : secondSrc;
-
- // Check if the first source is C (client) or S (server).
- String firstSrcCorS = packetPair.isFirstClient() ? "C" : "S";
- String secondSrcCorS = packetPair.isSecondClient() ? "C" : "S";
-
- return String.format("%d, %d, %s, %s, %s, %s", packetPair.getFirst().getOriginalLength(),
- packetPair.getSecond().map(pp -> pp.getOriginalLength()).orElse(0),
- firstSrc,
- secondSrc.orElse("null"),
- firstSrcCorS,
- secondSrcCorS);
- }
-
- /**
- * Generate a string that summarizes/describes {@code cluster}.
- * @param cluster The {@link Cluster} to summarize/describe.
- * @return A string that summarizes/describes {@code cluster}.
- */
- public static String toSummaryString(Cluster<PcapPacketPair> cluster) {
- StringBuilder sb = new StringBuilder();
- for (PcapPacketPair ppp : cluster.getPoints()) {
- sb.append(toCsv(ppp, ppp.getDnsMap()) + System.lineSeparator());
- }
- return sb.toString();
- }
-}
+++ /dev/null
-package edu.uci.iotproject.test;
-
-import edu.uci.iotproject.comparison.seqalignment.AlignmentPricer;
-import edu.uci.iotproject.comparison.seqalignment.SequenceAlignment;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.util.function.ToIntBiFunction;
-import java.util.function.ToIntFunction;
-
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-/**
- * Tests the implementation of {@link SequenceAlignment}.
- *
- * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
- * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
- */
-public class SequenceAlignmentTest {
-
- private char[] lowercaseVowels;
- private char[] lowercaseConsonants;
-
- private Character[] meanChars;
- private Character[] nameChars;
-
- /**
- * Cost function for the alignment of letters in the example execution of the sequence alignment algorithm in
- * Kleinberg's and Tardos' "Algorithm Design", where 'mean' and 'name' are aligned.
- */
- private ToIntBiFunction<Character, Character> kleinbergExampleAlignmentCostFunc;
-
- /**
- * Cost function for the alignment of letters with gaps in the example execution of the sequence alignment algorithm
- * in Kleinberg's and Tardos' "Algorithm Design", where 'mean' and 'name' are aligned. Gap cost is set to 2,
- * regardless of input character.
- */
- private ToIntFunction<Character> kleinbergExampleGapCostFunc;
-
- /**
- * Calculates the cost of aligning a letter with another letter or a letter with a gap according to the cost recipe
- * used in the example in Kleinberg & Tardos.
- */
- private AlignmentPricer<Character> kleinbergAlignmentPricer;
-
- /**
- * Executes the sequence alignment algorithm using the cost function defined in the example in Kleinberg & Tardos,
- * i.e., {@link #kleinbergAlignmentPricer}.
- */
- private SequenceAlignment<Character> kleinbergSequenceAligner;
-
- @Before
- public void initialize() {
- // We consider 'y' a vowel for the sake of simplicity.
- // Note: we assume an all lowercase string!
- lowercaseVowels = new char[] { 'a', 'e', 'i', 'o', 'u', 'y' };
- lowercaseConsonants = new char[] { 'b', 'c', 'd', 'f', 'g', 'h', 'j', 'k', 'l', 'm', 'n', 'p', 'q', 'r', 's',
- 't', 'v', 'w', 'x', 'z' };
- kleinbergExampleAlignmentCostFunc = (c1, c2) -> {
- // Unbox to primitive type for the sake of brevity in the statements to follow.
- final char char1 = c1.charValue();
- final char char2 = c2.charValue();
-
- // If char1 and char2 are the same characters, the cost of aligning them is 0.
- if (char1 == char2) return 0;
-
- final boolean char1IsVowel = isVowel(char1);
- final boolean char1IsConsonant = isConsonant(char1);
- final boolean char2IsVowel = isVowel(char2);
- final boolean char2IsConsonant = isConsonant(char2);
-
- // Alignment cost is undefined for non alphabet characters.
- if (!char1IsVowel && !char1IsConsonant) fail("not an alphabet letter: " + char1);
- if (!char2IsVowel && !char2IsConsonant) fail("not an alphabet letter: " + char2);
-
- // If char1 and char2 are both vowels or both consonants, the cost is 1.
- if (char1IsVowel && char2IsVowel || char1IsConsonant && char2IsConsonant) return 1;
-
- // If one of char1 and char2 is a consonant, while the other is a vowel, the cost is 3.
- return 3;
- };
- // The cost of a gap is 2, regardless of what letter is aligned with the gap.
- kleinbergExampleGapCostFunc = c -> 2;
-
- // char[] -> Character[] conversion courtesy of https://stackoverflow.com/a/27690990/1214974
- meanChars = "mean".chars().mapToObj(c -> (char)c).toArray(Character[]::new);
- nameChars = "name".chars().mapToObj(c -> (char)c).toArray(Character[]::new);
-
- kleinbergAlignmentPricer = new AlignmentPricer<>(kleinbergExampleAlignmentCostFunc,
- kleinbergExampleGapCostFunc);
-
- kleinbergSequenceAligner = new SequenceAlignment<>(kleinbergAlignmentPricer);
- }
-
- @Test
- public void kleinbergExampleOptAlignmentCostShouldBe6() {
- // Cost of the optimal alignment of the two words
- final int optAlignmentCost = kleinbergSequenceAligner.calculateAlignment(meanChars, nameChars);
- final int expectedAlignmentCost = 6;
- String msg = String.format("Kleinberg example: computed opt != expected opt (computed=%d expected=%d)",
- optAlignmentCost, expectedAlignmentCost);
- assertTrue(msg, optAlignmentCost == expectedAlignmentCost);
- }
-
-
- @Test
- public void meanAlignedWithEmptyStringShouldBe8() {
- final int optAlignmentCost = kleinbergSequenceAligner.calculateAlignment(meanChars, new Character[0]);
- // 'mean' aligned with the empty string equals paying four gap costs, so total cost is: 4 * 2 = 8.
- final int expectedAlignmentCost = 8;
- String msg = String.format("'mean' aligned with empty string: computed opt != expected opt (computed=%d expected=%d)",
- optAlignmentCost, expectedAlignmentCost);
- assertTrue(msg, optAlignmentCost == expectedAlignmentCost);
- }
-
- @Test
- public void mAlignedWithNameShouldBe6() {
- /*
- * Note: this also uses the cost function specified in Kleinberg & Tardos.
- * Best alignment should be:
- * n a m e
- * _ _ m _
- * This should have a cost of 3 * gapCost = 6
- */
- final int optAlignmentCost = kleinbergSequenceAligner.calculateAlignment(new Character[] { 'm' }, nameChars);
- final int expectedAlignmentCost = 6;
- String msg = String.format("'m' aligned with 'name': computed opt != expected opt (computed=%d expected=%d)",
- optAlignmentCost, expectedAlignmentCost);
- assertTrue(msg, optAlignmentCost == expectedAlignmentCost);
- }
-
- @Test
- public void meAlignedWithNameShouldBe4() {
- /*
- * Note: this also uses the cost function specified in Kleinberg & Tardos.
- * Best alignment should be:
- * n a m e
- * _ _ m e
- * This should have a cost of 2 * gapCost = 4
- */
- final int optAlignmentCost = kleinbergSequenceAligner.calculateAlignment(new Character[] { 'm', 'e' }, nameChars);
- final int expectedAlignmentCost = 4;
- String msg = String.format("'me' aligned with 'name': computed opt != expected opt (computed=%d expected=%d)",
- optAlignmentCost, expectedAlignmentCost);
- assertTrue(msg, optAlignmentCost == expectedAlignmentCost);
- // Check that order of arguments doesn't matter
- final int optAlignmentCostReversed = kleinbergSequenceAligner.calculateAlignment(nameChars, new Character[] { 'm', 'e' });
- msg = "'me' aligned with 'name': different order of arguments unexpectedly produced different result";
- assertTrue(msg, optAlignmentCostReversed == optAlignmentCost && optAlignmentCostReversed == expectedAlignmentCost);
- }
-
- @Test
- public void ameAlignedWithNameShouldBe2() {
- /*
- * Note: this also uses the cost function specified in Kleinberg & Tardos.
- * Best alignment should be:
- * n a m e
- * _ a m e
- * This should have a cost of 1 * gapCost = 2
- */
- final int optAlignmentCost = kleinbergSequenceAligner.calculateAlignment(new Character[] { 'a', 'm', 'e' }, nameChars);
- final int expectedAlignmentCost = 2;
- String msg = String.format("'ame' aligned with 'name': computed opt != expected opt (computed=%d expected=%d)",
- optAlignmentCost, expectedAlignmentCost);
- assertTrue(msg, optAlignmentCost == expectedAlignmentCost);
- }
-
- @Test
- public void fameAlignedWithNameShouldBe1() {
- /*
- * Note: this also uses the cost function specified in Kleinberg & Tardos.
- * Best alignment should be:
- * n a m e
- * f a m e
- * This should have a cost of 1 * consonantMatchedWithConsonantCost = 1
- */
- final int optAlignmentCost = kleinbergSequenceAligner.calculateAlignment(new Character[] { 'f', 'a', 'm', 'e' },
- nameChars);
- final int expectedAlignmentCost = 1;
- String msg = String.format("'fame' aligned with 'name': computed opt != expected opt (computed=%d expected=%d)",
- optAlignmentCost, expectedAlignmentCost);
- assertTrue(msg, optAlignmentCost == expectedAlignmentCost);
- }
-
- @Test
- public void nameAlignedWithNameShouldBe0() {
- /*
- * Note: this also uses the cost function specified in Kleinberg & Tardos.
- * Best alignment should be:
- * n a m e
- * n a m e
- * This should have a cost of 0.
- */
- final int optAlignmentCost = kleinbergSequenceAligner.calculateAlignment(new Character[] { 'n', 'a', 'm', 'e' },
- nameChars);
- final int expectedAlignmentCost = 0;
- String msg = String.format("'name' aligned with 'name': computed opt != expected opt (computed=%d expected=%d)",
- optAlignmentCost, expectedAlignmentCost);
- assertTrue(msg, optAlignmentCost == expectedAlignmentCost);
- }
-
- @Test
- public void emanAlignedWithNameShouldBe6() {
- /*
- * Note: this also uses the cost function specified in Kleinberg & Tardos.
- * Best alignment should be:
- *
- * _ n a m e
- * e m a n _
- *
- * or
- *
- * n a m e _
- * _ e m a n
- *
- * This should have a cost of 2 * gapCost + 2 * consonantMatchedWithConsonantCost = 2 * 2 + 2 * 1 = 6.
- */
- final int optAlignmentCost = kleinbergSequenceAligner.calculateAlignment(new Character[] { 'e', 'm', 'a', 'n' },
- nameChars);
- final int expectedAlignmentCost = 6;
- String msg = String.format("'eman' aligned with 'name': computed opt != expected opt (computed=%d expected=%d)",
- optAlignmentCost, expectedAlignmentCost);
- assertTrue(msg, optAlignmentCost == expectedAlignmentCost);
- }
-
- @Test
- public void naemAlignedWithNameShouldBe4() {
- /*
- * Note: this also uses the cost function specified in Kleinberg & Tardos.
- * Best alignment should be:
- *
- * n a _ m e
- * n a e m _
- *
- * or
- *
- * n a m e _
- * n a _ e m
- *
- * This should have a cost of 2 * gapCost = 4.
- */
- final int optAlignmentCost = kleinbergSequenceAligner.calculateAlignment(new Character[] { 'n', 'a', 'e', 'm' },
- nameChars);
- final int expectedAlignmentCost = 4;
- String msg = String.format("'naem' aligned with 'name': computed opt != expected opt (computed=%d expected=%d)",
- optAlignmentCost, expectedAlignmentCost);
- assertTrue(msg, optAlignmentCost == expectedAlignmentCost);
- }
-
-
- /**
- * Checks if {@code letter} is a lowercase vowel. Note: for simplicity, 'y' is considered a <em>vowel</em>.
- * @param letter A {@code char} expected to be a vowel.
- * @return {@code true} if {@code letter} is a vowel, {@code false} otherwise.
- */
- private boolean isVowel(char letter) {
- for (char vowel : lowercaseVowels) {
- if (letter == vowel) {
- return true;
- }
- }
- return false;
- }
-
- /**
- * Checks if {@code letter} is a lowercase consonant. Note: for simplicity, 'y' is considered a <em>vowel</em>.
- * @param letter A {@code char} expected to be a consonant.
- * @return {@code true} if {@code letter} is a consonant, {@code false} otherwise.
- */
- private boolean isConsonant(char letter) {
- for (char consonant : lowercaseConsonants) {
- if (letter == consonant) {
- return true;
- }
- }
- return false;
- }
-}