* @param clusterMatcher The {@link AbstractClusterMatcher} that detected a match (i.e., classified traffic as
* pertaining to its associated cluster).
* @param match The traffic that was deemed to match the cluster associated with {@code clusterMatcher}.
- * @param maxSkippedPackets Maximum number of skipped packets.
*/
- void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match, int maxSkippedPackets);
+ void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match);
}
*/
protected final boolean[] mPacketDirections;
- /**
- * Keep track of the numbers of skipped packets
- */
- protected int mSkippedPackets;
- protected int mMaxSkippedPackets;
-
/**
* Create a {@code Layer2AbstractMatcher}.
* @param sequence The sequence of the signature.
mPacketDirections[i] = getPacketDirection(prevPkt, prevPktDirection, sequence.get(i));
}
}
- mSkippedPackets = 0;
- mMaxSkippedPackets = 0;
}
/**
return mMatchedPackets;
}
- public int getMaxSkippedPackets() {
- return mMaxSkippedPackets;
- }
-
/**
* Utility for {@code getMatchedPackets().get(getMatchedPackets().size()-1)}.
* @return The last matched packet, or {@code null} if no packets have been matched yet.
import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassemblerObserver;
import edu.uci.iotproject.detection.AbstractClusterMatcher;
import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowObserver;
+import org.jetbrains.annotations.NotNull;
import org.pcap4j.core.*;
import java.util.ArrayList;
private int mInclusionTimeMillis;
+ /**
+ * Keeping track of maximum number of skipped packets
+ */
+ //private int mMaxSkippedPackets;
+ private List<Integer> mMaxSkippedPackets;
+
/**
* Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members.
* @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for.
mEps = eps;
mInclusionTimeMillis =
inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
+ //mMaxSkippedPackets = 0;
+ mMaxSkippedPackets = new ArrayList<>();
}
@Override
boolean matched = sm.matchPacket(newPacket);
if (matched) {
if (sm.getMatchedPacketsCount() == sm.getTargetSequencePacketCount()) {
+ // Update maximum skipped packets
+ updateMaxSkippedPackets(flow.getPackets(), sm.getMatchedPackets());
// Sequence matcher has a match. Report it to observers.
- mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets(),
- sm.getMaxSkippedPackets()));
+ mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets()));
// Remove the now terminated sequence matcher.
matchers[i][j] = null;
} else {
}
}
+ // Update the maximum number of skipped packets
+ private void updateMaxSkippedPackets(List<PcapPacket> flowPackets, List<PcapPacket> matchedPackets) {
+ // Count number of skipped packets by looking into
+ // the difference of indices of two matched packets
+ for(int i = 1; i < matchedPackets.size(); ++i) {
+ int currIndex = flowPackets.indexOf(matchedPackets.get(i-1));
+ int nextIndex = flowPackets.indexOf(matchedPackets.get(i));
+ int skippedPackets = nextIndex - currIndex;
+// if (mMaxSkippedPackets < skippedPackets) {
+// mMaxSkippedPackets = skippedPackets;
+// }
+ mMaxSkippedPackets.add(skippedPackets);
+ }
+ }
+
private void rangeBasedMatching(Layer2Flow flow, PcapPacket newPacket) {
// TODO: For range-based matching, we need to create a new matcher every time we see the first element of
// the sequence (between lower and upper bounds).
boolean matched = sm.matchPacket(newPacket);
if (matched) {
if (sm.getMatchedPacketsCount() == sm.getTargetSequencePacketCount()) {
+ // Update maximum skipped packets
+ updateMaxSkippedPackets(flow.getPackets(), sm.getMatchedPackets());
// Sequence matcher has a match. Report it to observers.
- mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets(),
- sm.getMaxSkippedPackets()));
+ mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets()));
// Terminate sequence matcher since matching is complete.
listMatchers.remove(matcher);
}
System.out.println(">>> IGNORING FLOW: " + newFlow + " <<<");
}
}
+
+ /**
+ * Return the maximum number of skipped packets.
+ */
+// public int getMaxSkippedPackets() {
+// return mMaxSkippedPackets;
+// }
+ public List<Integer> getMaxSkippedPackets() {
+ return mMaxSkippedPackets;
+ }
}
mPacketDirections[getMatchedPacketsCount()-1], packet);
boolean expectedDirection = mPacketDirections[getMatchedPacketsCount()];
if (actualDirection != expectedDirection) {
- mSkippedPackets++;
return false;
}
// Next apply timing constraints:
// 1: to be a match, the packet must have a later timestamp than any other packet currently matched
// 2: does adding the packet cause the max allowed time between first packet and last packet to be exceeded?
if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) {
- mSkippedPackets++;
return false;
}
// if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
// plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) {
if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
plusMillis(mInclusionTimeMillis))) {
- mSkippedPackets++;
return false;
}
// If we made it here, it means that this packet has the expected length, direction, and obeys the timing
// constraints, so we store it and advance.
- if (mMaxSkippedPackets < mSkippedPackets) {
- mMaxSkippedPackets = mSkippedPackets;
- mSkippedPackets = 0;
- }
mMatchedPackets.add(packet);
if (mMatchedPackets.size() == mSequence.size()) {
// TODO report (to observers?) that we are done?
detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count();
String resultOff = "# Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
- String onMaxSkippedPackets = "# Number of skipped packets in ON signature " +
- Integer.toString(onDetector.getMaxSkippedPackets());
- String offMaxSkippedPackets = "# Number of skipped packets in OFF signature " +
- Integer.toString(offDetector.getMaxSkippedPackets());
+// String onMaxSkippedPackets = "# Number of skipped packets in ON signature " +
+// Integer.toString(onDetector.getMaxSkippedPackets());
+ String onMaxSkippedPackets = "# Number of skipped packets in ON signature: ";
+ for(Integer skippedPackets : onDetector.getMaxSkippedPackets()) {
+ System.out.println(skippedPackets);
+ }
+// String offMaxSkippedPackets = "# Number of skipped packets in OFF signature " +
+// Integer.toString(offDetector.getMaxSkippedPackets());
+ String offMaxSkippedPackets = "# Number of skipped packets in OFF signature: ";
+ for(Integer skippedPackets : offDetector.getMaxSkippedPackets()) {
+ System.out.println(skippedPackets);
+ }
PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
PrintWriterUtils.println(onMaxSkippedPackets, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
private int mInclusionTimeMillis;
- private int mMaxSkippedPackets;
+ //private int mMaxSkippedPackets;
+ private List<Integer> mMaxSkippedPackets;
public Layer2SignatureDetector(List<List<List<PcapPacket>>> searchedSignature, int signatureDuration, boolean isRangeBased, double eps) {
this(searchedSignature, null, signatureDuration, isRangeBased, eps);
mClusterMatchers.forEach(cm -> mFlowReassembler.addObserver(cm));
mInclusionTimeMillis =
inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
- mMaxSkippedPackets = 0;
+ //mMaxSkippedPackets = 0;
+ mMaxSkippedPackets = new ArrayList<>();
}
- public int getMaxSkippedPackets() {
+// public int getMaxSkippedPackets() {
+// return mMaxSkippedPackets;
+// }
+ public List<Integer> getMaxSkippedPackets() {
return mMaxSkippedPackets;
}
}
@Override
- public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match, int maxSkippedPackets) {
- // Update the number of skipped packets
- if (mMaxSkippedPackets < maxSkippedPackets) {
- mMaxSkippedPackets = maxSkippedPackets;
- }
+ public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match) {
// TODO: a cluster matcher found a match
if (clusterMatcher instanceof Layer2ClusterMatcher) {
// Add the match at the corresponding index
mPendingMatches[mClusterMatcherIds.get(clusterMatcher)].add(match);
checkSignatureMatch();
+ // Update maximum number of skipped packets
+ //if (mMaxSkippedPackets < ((Layer2ClusterMatcher) clusterMatcher).getMaxSkippedPackets()) {
+ // mMaxSkippedPackets = ((Layer2ClusterMatcher) clusterMatcher).getMaxSkippedPackets();
+ //}
+ mMaxSkippedPackets = ((Layer2ClusterMatcher) clusterMatcher).getMaxSkippedPackets();
}
}
List<PcapPacket> matchSeq = match.get();
// Notify observers about the match.
// Max number of skipped packets in layer 3 is 0 (no skipped packets)
- mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq, 0));
+ mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq));
/*
* Get the index in cPkts of the last packet in the sequence of packets that matches the searched
* signature sequence.
List<PcapPacket> matchSeq = match.get();
// Notify observers about the match.
// Max number of skipped packets in layer 3 is 0 (no skipped packets)
- mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq, 0));
+ mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq));
/*
* Get the index in cPkts of the last packet in the sequence of packets that matches the searched
* signature sequence.
}
@Override
- public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match, int maxSkippedPackets) {
+ public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match) {
// Add the match at the corresponding index
pendingMatches[mClusterMatcherIds.get(clusterMatcher)].add(match);
checkSignatureMatch();