From 75e5953e085f30ee7c108d2a55d3d7dd181f828b Mon Sep 17 00:00:00 2001 From: rtrimana Date: Fri, 15 Mar 2019 11:40:37 -0700 Subject: [PATCH] Bringing down time constraint to packet level so that we will exclude those pairs/sequences that are longer than our signature duration. --- .../layer2/Layer2ClusterMatcher.java | 22 +++++++++++++------ .../detection/layer2/Layer2RangeMatcher.java | 10 +++++++-- .../layer2/Layer2SequenceMatcher.java | 10 +++++++-- .../layer2/Layer2SignatureDetector.java | 4 ++-- 4 files changed, 33 insertions(+), 13 deletions(-) diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java index e2a4aea..7fb571a 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java @@ -1,5 +1,6 @@ package edu.uci.iotproject.detection.layer2; +import edu.uci.iotproject.analysis.TriggerTrafficExtractor; import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassembler; import edu.uci.iotproject.trafficreassembly.layer2.Layer2Flow; import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassemblerObserver; @@ -41,13 +42,16 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye */ private final double mEps; + private int mInclusionTimeMillis; + /** * Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members. * @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for. */ - public Layer2ClusterMatcher(List> cluster, boolean isRangeBased, double eps) { + public Layer2ClusterMatcher(List> cluster, int inclusionTimeMillis, + boolean isRangeBased, double eps) { // Consider all flows if no flow filter specified. - this(cluster, flow -> true, isRangeBased, eps); + this(cluster, flow -> true, inclusionTimeMillis, isRangeBased, eps); } /** @@ -59,15 +63,18 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye * namely when the {@link Layer2FlowReassembler} notifies the {@link Layer2ClusterMatcher} about * the new flow. This functionality may for example come in handy when one only wants to search * for matches in the subset of flows that involves a specific (range of) MAC(s). + * @param inclusionTimeMillis Packet inclusion limit for matching. * @param isRangeBased The boolean that decides if it is range-based vs. strict matching. * @param eps The epsilon value used in the DBSCAN algorithm. */ public Layer2ClusterMatcher(List> cluster, Function flowFilter, - boolean isRangeBased, double eps) { + int inclusionTimeMillis, boolean isRangeBased, double eps) { super(cluster, isRangeBased); mFlowFilter = flowFilter; mRangeBased = isRangeBased; mEps = eps; + mInclusionTimeMillis = + inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis; } @Override @@ -89,7 +96,7 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye Layer2SequenceMatcher[][] matchers = new Layer2SequenceMatcher[mCluster.size()][mCluster.get(0).size()]; // Prepare a "state 0" sequence matcher for each sequence variation in the cluster. for (int i = 0; i < matchers.length; i++) { - matchers[i][0] = new Layer2SequenceMatcher(mCluster.get(i)); + matchers[i][0] = new Layer2SequenceMatcher(mCluster.get(i), mInclusionTimeMillis); } // Associate the new sequence matcher table with the new flow mPerFlowSeqMatchers.put(flow, matchers); @@ -129,7 +136,7 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye // We always want to have a sequence matcher in state 0, regardless of if the one that advanced // from state zero completed its matching or if it replaced a different one in state 1 or not. if (sm.getMatchedPacketsCount() == 1) { - matchers[i][j] = new Layer2SequenceMatcher(sm.getTargetSequence()); + matchers[i][j] = new Layer2SequenceMatcher(sm.getTargetSequence(), mInclusionTimeMillis); } } } @@ -146,7 +153,7 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye // around), so the length of the array is simply the sequence length. Layer2RangeMatcher[] matcher = new Layer2RangeMatcher[mCluster.get(0).size()]; // Prepare a "state 0" sequence matcher. - matcher[0] = new Layer2RangeMatcher(mCluster.get(0), mCluster.get(1), mEps); + matcher[0] = new Layer2RangeMatcher(mCluster.get(0), mCluster.get(1), mInclusionTimeMillis, mEps); // Associate the new sequence matcher table with the new flow. mPerFlowRangeMatcher.put(flow, matcher); } @@ -181,7 +188,8 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye // We always want to have a sequence matcher in state 0, regardless of if the one that advanced // from state zero completed its matching or if it replaced a different one in state 1 or not. if (sm.getMatchedPacketsCount() == 1) { - matcher[j] = new Layer2RangeMatcher(sm.getTargetLowerBound(), sm.getTargetUpperBound(), mEps); + matcher[j] = new Layer2RangeMatcher(sm.getTargetLowerBound(), sm.getTargetUpperBound(), + mInclusionTimeMillis, mEps); } } } diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java index cd19045..4005965 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java @@ -23,6 +23,7 @@ public class Layer2RangeMatcher extends Layer2AbstractMatcher { private final List mLowerBound; private final List mUpperBound; private final double mEps; + private int mInclusionTimeMillis; /** * Create a {@code Layer2RangeMatcher}. @@ -30,13 +31,16 @@ public class Layer2RangeMatcher extends Layer2AbstractMatcher { * @param upperBound The upper bound of the sequence to match against (search for). * @param eps The epsilon value used in the DBSCAN algorithm. */ - public Layer2RangeMatcher(List lowerBound, List upperBound, double eps) { + public Layer2RangeMatcher(List lowerBound, List upperBound, + int inclusionTimeMillis, double eps) { // TODO: Just use the lower bound since both lower and upper bounds' packets essentially have the same direction // TODO: for the same position in the array. Both arrays also have the same length. super(lowerBound); mLowerBound = lowerBound; mUpperBound = upperBound; mEps = eps; + mInclusionTimeMillis = + inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis; } /** @@ -92,8 +96,10 @@ public class Layer2RangeMatcher extends Layer2AbstractMatcher { if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) { return false; } +// if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp(). +// plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) { if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp(). - plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) { + plusMillis(mInclusionTimeMillis))) { return false; } // If we made it here, it means that this packet has the expected length, direction, and obeys the timing diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java index 2db2228..a9d6241 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java @@ -22,11 +22,13 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher { */ private final List mSequence; + private int mInclusionTimeMillis; + /** * Create a {@code Layer2SequenceMatcher}. * @param sequence The sequence to match against (search for). */ - public Layer2SequenceMatcher(List sequence) { + public Layer2SequenceMatcher(List sequence, int inclusionTimeMillis) { super(sequence); mSequence = sequence; // Compute packet directions for sequence. @@ -41,6 +43,8 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher { mPacketDirections[i] = getPacketDirection(prevPkt, prevPktDirection, sequence.get(i)); } } + mInclusionTimeMillis = + inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis; } /** @@ -94,8 +98,10 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher { if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) { return false; } +// if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp(). +// plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) { if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp(). - plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) { + plusMillis(mInclusionTimeMillis))) { return false; } // If we made it here, it means that this packet has the expected length, direction, and obeys the timing diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java index 995eb49..e083a2c 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java @@ -239,8 +239,8 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb for (int i = 0; i < mSignature.size(); i++) { List> cluster = mSignature.get(i); Layer2ClusterMatcher clusterMatcher = flowFilters == null ? - new Layer2ClusterMatcher(cluster, isRangeBased, eps) : - new Layer2ClusterMatcher(cluster, flowFilters.get(i), isRangeBased, eps); + new Layer2ClusterMatcher(cluster, inclusionTimeMillis, isRangeBased, eps) : + new Layer2ClusterMatcher(cluster, flowFilters.get(i), inclusionTimeMillis, isRangeBased, eps); clusterMatcher.addObserver(this); clusterMatchers.add(clusterMatcher); } -- 2.34.1