From: rtrimana Date: Mon, 18 Jun 2018 21:55:19 +0000 (-0700) Subject: Adding timestamp checks into the packet filtering for obtaining datapoints. X-Git-Url: http://plrg.eecs.uci.edu/git/?p=pingpong.git;a=commitdiff_plain;h=4358ee3c642036913970802b86f191808f660c40 Adding timestamp checks into the packet filtering for obtaining datapoints. --- diff --git a/Code/Projects/SmartPlugDetector/devices/tplink_switch/datapoints.csv b/Code/Projects/SmartPlugDetector/devices/tplink_switch/datapoints.csv new file mode 100644 index 0000000..d3261f8 --- /dev/null +++ b/Code/Projects/SmartPlugDetector/devices/tplink_switch/datapoints.csv @@ -0,0 +1,37 @@ +2018-02-13T21:38:05.043416Z, 583, 1514 +2018-02-13T21:38:05.155228Z, 257, 117 +2018-02-13T21:38:05.163863Z, 556, 1093 +2018-02-13T21:38:05.308829Z, 97, 1514 +2018-02-13T21:39:04.000762Z, 257, 117 +2018-02-13T21:39:04.010561Z, 557, 1095 +2018-02-13T21:39:04.206016Z, 97, 1514 +2018-02-13T21:40:05.753243Z, 257, 117 +2018-02-13T21:40:05.762267Z, 556, 1093 +2018-02-13T21:40:05.931412Z, 97, 1514 +2018-02-13T21:41:08.353766Z, 257, 117 +2018-02-13T21:41:08.362631Z, 557, 1094 +2018-02-13T21:41:08.546560Z, 97, 1514 +2018-02-13T21:42:08.123413Z, 257, 117 +2018-02-13T21:42:08.131924Z, 556, 1093 +2018-02-13T21:42:08.494681Z, 97, 1514 +2018-02-13T21:43:09.826520Z, 257, 117 +2018-02-13T21:43:09.837181Z, 557, 1094 +2018-02-13T21:43:09.966621Z, 97, 1514 +2018-02-13T21:45:25.365342Z, 257, 117 +2018-02-13T21:45:25.603747Z, 556, 1093 +2018-02-13T21:45:25.845745Z, 97, 1514 +2018-02-13T21:46:27.695935Z, 257, 117 +2018-02-13T21:46:27.704376Z, 557, 1094 +2018-02-13T21:46:27.830049Z, 97, 1514 +2018-02-13T21:47:29.288401Z, 257, 117 +2018-02-13T21:47:29.296717Z, 556, 1093 +2018-02-13T21:47:29.429058Z, 97, 1514 +2018-02-13T21:48:29.928399Z, 257, 117 +2018-02-13T21:48:29.937240Z, 557, 1094 +2018-02-13T21:48:30.137628Z, 97, 1514 +2018-02-13T21:49:31.802264Z, 257, 117 +2018-02-13T21:49:31.811145Z, 556, 1093 +2018-02-13T21:49:31.945247Z, 97, 1514 +2018-02-13T21:50:31.153609Z, 257, 117 +2018-02-13T21:50:31.163110Z, 557, 1094 +2018-02-13T21:50:31.329159Z, 97, \ No newline at end of file diff --git a/Code/Projects/SmartPlugDetector/devices/tplink_switch/tplink-feb-13-2018.timestamps b/Code/Projects/SmartPlugDetector/devices/tplink_switch/tplink-feb-13-2018.timestamps new file mode 100644 index 0000000..a4d55b0 --- /dev/null +++ b/Code/Projects/SmartPlugDetector/devices/tplink_switch/tplink-feb-13-2018.timestamps @@ -0,0 +1,12 @@ +9:38:04 PM +9:39:03 PM +9:40:05 PM +9:41:08 PM +9:42:07 PM +9:43:09 PM +9:45:25 PM +9:46:27 PM +9:47:28 PM +9:48:29 PM +9:49:31 PM +9:50:30 PM diff --git a/Code/Projects/SmartPlugDetector/devices/tplink_switch/tplink-june-14-2018.timestamps b/Code/Projects/SmartPlugDetector/devices/tplink_switch/tplink-june-14-2018.timestamps new file mode 100644 index 0000000..58b118e --- /dev/null +++ b/Code/Projects/SmartPlugDetector/devices/tplink_switch/tplink-june-14-2018.timestamps @@ -0,0 +1,680 @@ +2:24:40 PM +2:26:52 PM +2:29:04 PM +2:31:15 PM +2:33:27 PM +2:35:39 PM +2:37:51 PM +2:40:02 PM +2:42:14 PM +2:44:26 PM +2:46:37 PM +2:48:49 PM +2:51:01 PM +2:53:13 PM +2:55:24 PM +2:57:36 PM +2:59:48 PM +3:02:00 PM +3:04:11 PM +3:06:23 PM +3:08:35 PM +3:10:46 PM +3:12:58 PM +3:15:10 PM +3:17:22 PM +3:19:33 PM +3:21:45 PM +3:23:57 PM +3:26:08 PM +3:28:20 PM +3:30:32 PM +3:32:44 PM +3:34:55 PM +3:37:07 PM +3:39:19 PM +3:41:30 PM +3:43:42 PM +3:45:54 PM +3:48:06 PM +3:50:18 PM +3:52:29 PM +3:54:41 PM +3:56:53 PM +3:59:05 PM +4:01:16 PM +4:03:28 PM +4:05:40 PM +4:07:52 PM +4:10:03 PM +4:12:15 PM +4:14:27 PM +4:16:38 PM +4:18:50 PM +4:21:02 PM +4:23:14 PM +4:25:25 PM +4:27:37 PM +4:29:49 PM +4:32:00 PM +4:34:12 PM +4:36:24 PM +4:38:36 PM +4:40:47 PM +4:42:59 PM +4:45:11 PM +4:47:22 PM +4:49:34 PM +4:51:46 PM +4:53:58 PM +4:56:09 PM +4:58:21 PM +5:00:33 PM +5:02:44 PM +5:04:56 PM +5:07:08 PM +5:09:20 PM +5:11:31 PM +5:13:43 PM +5:15:55 PM +5:18:06 PM +5:20:18 PM +5:22:30 PM +5:24:42 PM +5:26:53 PM +5:29:05 PM +5:31:17 PM +5:33:28 PM +5:35:40 PM +5:37:52 PM +5:40:03 PM +5:42:15 PM +5:44:27 PM +5:46:39 PM +5:48:50 PM +5:51:02 PM +5:53:14 PM +5:55:25 PM +5:57:37 PM +5:59:49 PM +6:02:01 PM +6:04:12 PM +6:06:24 PM +6:08:36 PM +6:10:48 PM +6:13:00 PM +6:15:11 PM +6:17:23 PM +6:19:35 PM +6:21:47 PM +6:23:58 PM +6:26:10 PM +6:28:22 PM +6:30:33 PM +6:32:45 PM +6:34:57 PM +6:37:09 PM +6:39:20 PM +6:41:32 PM +6:43:44 PM +6:45:55 PM +6:48:07 PM +6:50:19 PM +6:52:31 PM +6:54:42 PM +6:56:54 PM +6:59:06 PM +7:01:18 PM +7:03:29 PM +7:05:41 PM +7:07:53 PM +7:10:04 PM +7:12:16 PM +7:14:28 PM +7:16:40 PM +7:18:51 PM +7:21:03 PM +7:23:15 PM +7:25:26 PM +7:27:38 PM +7:29:50 PM +7:32:02 PM +7:34:13 PM +7:36:25 PM +7:38:37 PM +7:40:48 PM +7:43:00 PM +7:45:12 PM +7:47:23 PM +7:49:35 PM +7:51:47 PM +7:53:59 PM +7:56:10 PM +7:58:22 PM +8:00:34 PM +8:02:46 PM +8:04:57 PM +8:07:09 PM +8:09:21 PM +8:11:32 PM +8:13:44 PM +8:15:56 PM +8:18:08 PM +8:20:19 PM +8:22:31 PM +8:24:43 PM +8:26:55 PM +8:29:06 PM +8:31:18 PM +8:33:30 PM +8:35:41 PM +8:37:53 PM +8:40:05 PM +8:42:17 PM +8:44:28 PM +8:46:40 PM +8:48:52 PM +8:51:03 PM +8:53:15 PM +8:55:27 PM +8:57:39 PM +8:59:50 PM +9:02:02 PM +9:04:14 PM +9:06:26 PM +9:08:37 PM +9:10:49 PM +9:13:01 PM +9:15:13 PM +9:17:24 PM +9:19:36 PM +9:21:48 PM +9:23:59 PM +9:26:11 PM +9:28:23 PM +9:30:35 PM +9:32:46 PM +9:34:58 PM +9:37:10 PM +9:39:22 PM +9:41:33 PM +9:43:45 PM +9:45:57 PM +9:48:09 PM +9:50:20 PM +9:52:32 PM +9:54:44 PM +9:56:56 PM +9:59:07 PM +10:01:19 PM +10:03:31 PM +10:05:43 PM +10:07:54 PM +10:10:06 PM +10:12:18 PM +10:14:29 PM +10:16:41 PM +10:18:53 PM +10:21:05 PM +10:23:17 PM +10:25:29 PM +10:27:40 PM +10:29:52 PM +10:32:04 PM +10:34:16 PM +10:36:27 PM +10:38:39 PM +10:40:51 PM +10:43:02 PM +10:45:14 PM +10:47:26 PM +10:49:38 PM +10:51:49 PM +10:54:01 PM +10:56:13 PM +10:58:25 PM +11:00:36 PM +11:02:48 PM +11:05:00 PM +11:07:12 PM +11:09:23 PM +11:11:35 PM +11:13:47 PM +11:15:58 PM +11:18:10 PM +11:20:22 PM +11:22:33 PM +11:24:45 PM +11:26:57 PM +11:29:09 PM +11:31:20 PM +11:33:32 PM +11:35:44 PM +11:37:56 PM +11:40:07 PM +11:42:19 PM +11:44:31 PM +11:46:42 PM +11:48:54 PM +11:51:06 PM +11:53:17 PM +11:55:29 PM +11:57:41 PM +11:59:53 PM +12:02:04 AM +12:04:16 AM +12:06:28 AM +12:08:40 AM +12:10:51 AM +12:13:03 AM +12:15:15 AM +12:17:27 AM +12:19:38 AM +12:21:50 AM +12:24:02 AM +12:26:13 AM +12:28:25 AM +12:30:37 AM +12:32:49 AM +12:35:00 AM +12:37:12 AM +12:39:24 AM +12:41:36 AM +12:43:47 AM +12:45:59 AM +12:48:11 AM +12:50:23 AM +12:52:34 AM +12:54:46 AM +12:56:58 AM +12:59:10 AM +1:01:21 AM +1:03:33 AM +1:05:45 AM +1:07:57 AM +1:10:08 AM +1:12:20 AM +1:14:32 AM +1:16:44 AM +1:18:55 AM +1:21:07 AM +1:23:19 AM +1:25:31 AM +1:27:42 AM +1:29:54 AM +1:32:06 AM +1:34:18 AM +1:36:29 AM +1:38:41 AM +1:40:53 AM +1:43:04 AM +1:45:16 AM +1:47:28 AM +1:49:40 AM +1:51:51 AM +1:54:03 AM +1:56:15 AM +1:58:27 AM +2:00:38 AM +2:02:50 AM +2:05:02 AM +2:07:13 AM +2:09:25 AM +2:11:37 AM +2:13:48 AM +2:16:00 AM +2:18:12 AM +2:20:24 AM +2:22:35 AM +2:24:47 AM +2:26:59 AM +2:29:11 AM +2:31:22 AM +2:33:34 AM +2:35:46 AM +2:37:57 AM +2:40:09 AM +2:42:21 AM +2:44:33 AM +2:46:44 AM +2:48:56 AM +2:51:08 AM +2:53:19 AM +2:55:31 AM +2:57:43 AM +2:59:55 AM +3:02:06 AM +3:04:18 AM +3:06:30 AM +3:08:42 AM +3:10:53 AM +3:13:05 AM +3:15:17 AM +3:17:29 AM +3:19:40 AM +3:21:52 AM +3:24:04 AM +3:26:15 AM +3:28:27 AM +3:30:39 AM +3:32:51 AM +3:35:02 AM +3:37:14 AM +3:39:26 AM +3:41:37 AM +3:43:49 AM +3:46:01 AM +3:48:13 AM +3:50:24 AM +3:52:36 AM +3:54:48 AM +3:57:00 AM +3:59:11 AM +4:01:23 AM +4:03:35 AM +4:05:47 AM +4:07:58 AM +4:10:10 AM +4:12:22 AM +4:14:33 AM +4:16:45 AM +4:18:57 AM +4:21:09 AM +4:23:20 AM +4:25:32 AM +4:27:44 AM +4:29:56 AM +4:32:07 AM +4:34:19 AM +4:36:31 AM +4:38:42 AM +4:40:54 AM +4:43:06 AM +4:45:18 AM +4:47:29 AM +4:49:41 AM +4:51:53 AM +4:54:05 AM +4:56:16 AM +4:58:28 AM +5:00:40 AM +5:02:52 AM +5:05:03 AM +5:07:15 AM +5:09:27 AM +5:11:39 AM +5:13:50 AM +5:16:02 AM +5:18:14 AM +5:20:26 AM +5:22:38 AM +5:24:49 AM +5:27:01 AM +5:29:13 AM +5:31:25 AM +5:33:36 AM +5:35:48 AM +5:38:00 AM +5:40:11 AM +5:42:23 AM +5:44:35 AM +5:46:47 AM +5:48:58 AM +5:51:10 AM +5:53:22 AM +5:55:33 AM +5:57:45 AM +5:59:57 AM +6:02:09 AM +6:04:21 AM +6:06:32 AM +6:08:44 AM +6:10:56 AM +6:13:07 AM +6:15:19 AM +6:17:31 AM +6:19:43 AM +6:21:54 AM +6:24:06 AM +6:26:18 AM +6:28:30 AM +6:30:41 AM +6:32:53 AM +6:35:05 AM +6:37:17 AM +6:39:28 AM +6:41:40 AM +6:43:52 AM +6:46:03 AM +6:48:15 AM +6:50:27 AM +6:52:39 AM +6:54:50 AM +6:57:02 AM +6:59:14 AM +7:01:26 AM +7:03:37 AM +7:05:49 AM +7:08:01 AM +7:10:13 AM +7:12:24 AM +7:14:36 AM +7:16:48 AM +7:18:59 AM +7:21:11 AM +7:23:23 AM +7:25:35 AM +7:27:46 AM +7:29:58 AM +7:32:10 AM +7:34:22 AM +7:36:33 AM +7:38:45 AM +7:40:57 AM +7:43:08 AM +7:45:20 AM +7:47:32 AM +7:49:44 AM +7:51:55 AM +7:54:07 AM +7:56:19 AM +7:58:30 AM +8:00:42 AM +8:02:54 AM +8:05:06 AM +8:07:17 AM +8:09:29 AM +8:11:41 AM +8:13:53 AM +8:16:04 AM +8:18:16 AM +8:20:28 AM +8:22:39 AM +8:24:51 AM +8:27:03 AM +8:29:15 AM +8:31:26 AM +8:33:38 AM +8:35:50 AM +8:38:01 AM +8:40:13 AM +8:42:25 AM +8:44:36 AM +8:46:48 AM +8:49:00 AM +8:51:11 AM +8:53:23 AM +8:55:35 AM +8:57:47 AM +8:59:58 AM +9:02:10 AM +9:04:22 AM +9:06:34 AM +9:08:45 AM +9:10:57 AM +9:13:09 AM +9:15:21 AM +9:17:32 AM +9:19:44 AM +9:21:56 AM +9:24:07 AM +9:26:19 AM +9:28:31 AM +9:30:43 AM +9:32:54 AM +9:35:06 AM +9:37:18 AM +9:39:30 AM +9:41:41 AM +9:43:53 AM +9:46:05 AM +9:48:18 AM +9:50:30 AM +9:52:42 AM +9:54:54 AM +9:57:06 AM +9:59:18 AM +10:01:30 AM +10:03:42 AM +10:05:54 AM +10:08:07 AM +10:10:19 AM +10:12:31 AM +10:14:43 AM +10:16:55 AM +10:19:07 AM +10:21:19 AM +10:23:32 AM +10:25:44 AM +10:27:56 AM +10:30:08 AM +10:32:20 AM +10:34:32 AM +10:36:44 AM +10:38:56 AM +10:41:09 AM +10:43:21 AM +10:45:33 AM +10:47:45 AM +10:49:57 AM +10:52:09 AM +10:54:21 AM +10:56:34 AM +10:58:46 AM +11:00:58 AM +11:03:10 AM +11:05:22 AM +11:07:34 AM +11:09:46 AM +11:11:58 AM +11:14:11 AM +11:16:23 AM +11:18:35 AM +11:20:47 AM +11:22:59 AM +11:25:11 AM +11:27:23 AM +11:29:35 AM +11:31:48 AM +11:34:00 AM +11:36:12 AM +11:38:23 AM +11:40:35 AM +11:42:47 AM +11:44:59 AM +11:47:10 AM +11:49:22 AM +11:51:34 AM +11:53:46 AM +11:55:57 AM +11:58:09 AM +12:00:21 PM +12:02:33 PM +12:04:44 PM +12:06:56 PM +12:09:08 PM +12:11:20 PM +12:13:31 PM +12:15:43 PM +12:17:55 PM +12:20:06 PM +12:22:18 PM +12:24:30 PM +12:26:42 PM +12:28:54 PM +12:31:05 PM +12:33:17 PM +12:35:29 PM +12:37:40 PM +12:39:52 PM +12:42:04 PM +12:44:16 PM +12:46:27 PM +12:48:39 PM +12:50:51 PM +12:53:02 PM +12:55:14 PM +12:57:26 PM +12:59:38 PM +1:01:50 PM +1:04:01 PM +1:06:13 PM +1:08:25 PM +1:10:36 PM +1:12:48 PM +1:15:00 PM +1:17:12 PM +1:19:23 PM +1:21:35 PM +1:23:47 PM +1:25:58 PM +1:28:10 PM +1:30:22 PM +1:32:34 PM +1:34:45 PM +1:36:57 PM +1:39:09 PM +1:41:20 PM +1:43:32 PM +1:45:44 PM +1:47:56 PM +1:50:07 PM +1:52:19 PM +1:54:31 PM +1:56:43 PM +1:58:54 PM +2:01:06 PM +2:03:18 PM +2:05:29 PM +2:07:41 PM +2:09:53 PM +2:12:05 PM +2:14:16 PM +2:16:28 PM +2:18:40 PM +2:20:51 PM +2:23:03 PM +2:25:15 PM +2:27:27 PM +2:29:39 PM +2:31:50 PM +2:34:02 PM +2:36:14 PM +2:38:26 PM +2:40:37 PM +2:42:49 PM +2:45:01 PM +2:47:13 PM +2:49:24 PM +2:51:36 PM +2:53:48 PM +2:56:00 PM +2:58:11 PM +3:00:23 PM +3:02:35 PM +3:04:47 PM +3:06:58 PM +3:09:10 PM +3:11:22 PM +3:13:34 PM +3:15:45 PM diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/ConversationPair.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/ConversationPair.java index 7d5ddb6..b864ee5 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/ConversationPair.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/ConversationPair.java @@ -6,6 +6,8 @@ import org.pcap4j.core.PcapPacket; import java.io.FileNotFoundException; import java.io.PrintWriter; import java.io.UnsupportedEncodingException; +import java.util.HashMap; +import java.util.Map; /** * Models a (TCP) conversation/connection/session/flow (packet's belonging to the same session between a client and a @@ -36,6 +38,12 @@ public class ConversationPair { */ private boolean firstPacket; + /** + * Count the frequencies of points + */ + private Map pointFreq; + private String dataPoint; + /** * Four possible directions of conversations. * E.g., DEVICE_TO_SERVER means the conversation is started from @@ -60,12 +68,14 @@ public class ConversationPair { public ConversationPair(String fileName, Direction direction) { try { this.pw = new PrintWriter(fileName, "UTF-8"); - this.direction = direction; - this.firstPacket = true; } catch(UnsupportedEncodingException | FileNotFoundException e) { e.printStackTrace(); } + this.direction = direction; + this.firstPacket = true; + this.pointFreq = new HashMap<>(); + this.dataPoint = null; } /** @@ -81,24 +91,55 @@ public class ConversationPair { if (fromClient && firstPacket) { // first packet pw.print(packet.getTimestamp() + ", " + packet.getPayload().length() + ", "); System.out.print(packet.getTimestamp() + ", " + packet.getPayload().length() + ", "); + dataPoint = Integer.toString(packet.getPayload().length()) + ", "; firstPacket = false; } else if (fromServer && !firstPacket) { // second packet pw.println(packet.getPayload().length()); System.out.println(packet.getPayload().length()); + dataPoint = dataPoint + Integer.toString(packet.getPayload().length()); + countFrequency(dataPoint); firstPacket = true; } // Write server data point first and then device } else if (direction == Direction.SERVER_TO_DEVICE || direction == Direction.SERVER_TO_PHONE) { if (fromServer && firstPacket) { // first packet pw.print(packet.getTimestamp() + ", " + packet.getPayload().length() + ", "); + dataPoint = Integer.toString(packet.getPayload().length()) + ", "; firstPacket = false; } else if (fromClient && !firstPacket) { // second packet pw.println(packet.getPayload().length()); + dataPoint = dataPoint + Integer.toString(packet.getPayload().length()); + countFrequency(dataPoint); firstPacket = true; } } } + /** + * Counts the frequencies of data points. + * @param dataPoint One data point for a conversation pair, e.g., 556, 1232. + */ + private void countFrequency(String dataPoint) { + + Integer freq = null; + if (pointFreq.containsKey(dataPoint)) { + freq = pointFreq.get(dataPoint); + } else { + freq = new Integer(0); + } + freq = freq + 1; + pointFreq.put(dataPoint, freq); + } + + /** + * Prints the frequencies of data points from the Map. + */ + public void printListFrequency() { + for(Map.Entry entry : pointFreq.entrySet()) { + System.out.println(entry.getKey() + " - " + entry.getValue()); + } + } + /** * Close the PrintWriter object. */ diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java index 4e3bc1a..f592212 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java @@ -11,8 +11,11 @@ import org.pcap4j.packet.DnsPacket; import org.pcap4j.packet.IpV4Packet; import org.pcap4j.packet.TcpPacket; -import java.io.EOFException; +import java.io.*; import java.net.UnknownHostException; +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.time.temporal.ChronoField; import java.util.*; import java.util.concurrent.*; @@ -56,11 +59,19 @@ public class FlowPatternFinder { */ private final Map mConversations; + /** + * Holds a list of trigger times. + */ + private final List mTriggerTimes; + private static int triggerListCounter; + private final DnsMap mDnsMap; private final PcapHandle mPcap; private final FlowPattern mPattern; private final ConversationPair mConvPair; - private final String FILE = "./datapoints.csv"; + private final String FILE = "./devices/tplink_switch/datapoints.csv"; + //private final String REF_FILE = "./devices/tplink_switch/tplink-june-14-2018.timestamps"; + private final String REF_FILE = "./devices/tplink_switch/tplink-feb-13-2018.timestamps"; private final List> mPendingComparisons = new ArrayList<>(); /* End instance properties */ @@ -72,6 +83,8 @@ public class FlowPatternFinder { */ public FlowPatternFinder(PcapHandle pcap, FlowPattern pattern) { this.mConversations = new HashMap<>(); + this.mTriggerTimes = readTriggerTimes(REF_FILE); + triggerListCounter = 0; this.mDnsMap = new DnsMap(); this.mPcap = Objects.requireNonNull(pcap, String.format("Argument of type '%s' cannot be null", PcapHandle.class.getSimpleName())); @@ -80,11 +93,32 @@ public class FlowPatternFinder { this.mConvPair = new ConversationPair(FILE, ConversationPair.Direction.DEVICE_TO_SERVER); } + + private List readTriggerTimes(String refFileName) { + + List listTriggerTimes = new ArrayList<>(); + try { + File file = new File(refFileName); + BufferedReader br = new BufferedReader(new FileReader(file)); + String s; + while ((s = br.readLine()) != null) { + listTriggerTimes.add(timeToMillis(s, false)); + } + } catch (IOException e) { + e.printStackTrace(); + } + System.out.println("List has: " + listTriggerTimes.size()); + + return listTriggerTimes; + } + /** * Starts the pattern search. */ public void start() { - findFlowPattern(); + + //findFlowPattern(); + findSignatureBasedOnTimestamp(); } /** @@ -143,10 +177,6 @@ public class FlowPatternFinder { } // Note: does not make sense to call attemptAcknowledgementOfFin here as the new packet has no FINs // in its list, so if this packet is an ACK, it would not be added anyway. - // Record the conversation pairs - if (tcpPacket.getPayload() != null) { - mConvPair.writeConversationPair(packet, fromClient, fromServer); - } // Need to retain a final reference to get access to the packet in the lambda below. final PcapPacket finalPacket = packet; // Add the new conversation to the map if an equal entry is not already present. @@ -181,8 +211,6 @@ public class FlowPatternFinder { } } } catch (EOFException eofe) { - mConvPair.close(); - System.out.println("[ findFlowPattern ] ConversationPair writer closed!"); // TODO should check for leftover conversations in map here and fire tasks for those. // TODO [cont'd] such tasks may be present if connections did not terminate gracefully or if there are longlived connections. System.out.println("[ findFlowPattern ] Finished processing entire PCAP stream!"); @@ -207,4 +235,113 @@ public class FlowPatternFinder { } } + /** + * Find patterns based on the FlowPattern object (run by a thread) + */ + private void findSignatureBasedOnTimestamp() { + try { + PcapPacket packet; +// TODO: The new comparison method is pending +// TODO: For now, just compare using one hostname and one list per FlowPattern + while ((packet = mPcap.getNextPacketEx()) != null) { + // Let DnsMap handle DNS packets. + if (packet.get(DnsPacket.class) != null) { + // Check if this is a valid DNS packet + mDnsMap.validateAndAddNewEntry(packet); + continue; + } + // For now, we only work support pattern search in TCP over IPv4. + final IpV4Packet ipPacket = packet.get(IpV4Packet.class); + final TcpPacket tcpPacket = packet.get(TcpPacket.class); + if (ipPacket == null || tcpPacket == null) { + continue; + } + + String srcAddress = ipPacket.getHeader().getSrcAddr().getHostAddress(); + String dstAddress = ipPacket.getHeader().getDstAddr().getHostAddress(); + int srcPort = tcpPacket.getHeader().getSrcPort().valueAsInt(); + int dstPort = tcpPacket.getHeader().getDstPort().valueAsInt(); + // Is this packet related to the pattern; i.e. is it going to (or coming from) the cloud server? + boolean fromServer = mDnsMap.isRelatedToCloudServer(srcAddress, mPattern.getHostname()); + boolean fromClient = mDnsMap.isRelatedToCloudServer(dstAddress, mPattern.getHostname()); + if (!fromServer && !fromClient) { + // Packet not related to pattern, skip it. + continue; + } + // Record the conversation pairs + if (tcpPacket.getPayload() != null && checkTimeStamp(packet)) { + mConvPair.writeConversationPair(packet, fromClient, fromServer); + } + } + } catch (EOFException eofe) { + triggerListCounter = 0; + mConvPair.close(); + System.out.println("[ findFlowPattern ] ConversationPair writer closed!"); + System.out.println("[ findFlowPattern ] Frequencies of data points:"); + mConvPair.printListFrequency(); + } catch (UnknownHostException | + PcapNativeException | + NotOpenException | + TimeoutException ex) { + ex.printStackTrace(); + } + } + + private boolean checkTimeStamp(PcapPacket packet) { + + // Extract time from the packet's timestamp + String timeStamp = packet.getTimestamp().toString(); + String timeString = timeStamp.substring(timeStamp.indexOf("T") + 1, timeStamp.indexOf(".")); + long time = timeToMillis(timeString, true); + + // We accept packets that are at most 3 seconds away from the trigger time + if ((mTriggerTimes.get(triggerListCounter) <= time) && + (time <= mTriggerTimes.get(triggerListCounter) + 3000)) { + //System.out.println("Gets here 1: " + timeString + " index: " + triggerListCounter); + return true; + } else { + // Handle the case that the timestamp is > 3000, but < next timestamp + // in the list. We ignore these packets. + if (time < mTriggerTimes.get(triggerListCounter)) { + // Timestamp is smaller than trigger, ignore! + //System.out.println("Gets here 2: " + timeString + " index: " + triggerListCounter); + return false; + } else { // Timestamp is greater than trigger, increment! + triggerListCounter = triggerListCounter + 1; + //System.out.println("Gets here 3: " + timeString + " index: " + triggerListCounter); + //return false; + return checkTimeStamp(packet); + } + } + + //System.out.println("Timestamp: " + timeToMillis(time, true)); + //String time2 = "21:38:08"; + //System.out.println("Timestamp: " + timeToMillis(time2, true)); + } + + /** + * A private function that returns time in milliseconds. + * @param time The time in the form of String. + * @param is24Hr If true, then this is in 24-hour format. + */ + private long timeToMillis(String time, boolean is24Hr) { + + String format = null; + if (is24Hr) { + format = "hh:mm:ss"; + } else { // 12 Hr format + format = "hh:mm:ss aa"; + } + DateFormat sdf = new SimpleDateFormat(format); + Date date = null; + try { + date = sdf.parse(time); + } catch(Exception e) { + e.printStackTrace(); + } + if (date == null) + return 0; + return date.getTime(); + } + } diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java index c94f335..225f08a 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java @@ -39,6 +39,7 @@ public class Main { // ------------------------------------------------------------------------------------------------------------- final String fileName = args.length > 0 ? args[0] : "/home/rtrimana/pcap_processing/smart_home_traffic/Code/Projects/SmartPlugDetector/pcap/wlan1.local.dns.pcap"; + //final String fileName = args.length > 0 ? args[0] : "/scratch/June-2018/TPLink/wlan1/tplink.wlan1.local.pcap"; final String trainingFileName = "./pcap/TP_LINK_LOCAL_ON_SUBSET.pcap"; // final String trainingFileName = "./pcap/TP_LINK_LOCAL_ON.pcap"; //