From d6811300bb7298aba58367896c46fab5a4a1482d Mon Sep 17 00:00:00 2001 From: Janus Varmarken Date: Thu, 10 May 2018 22:12:13 -0700 Subject: [PATCH] Added sub sequence search function, and put this into effect; seems to work just fine. Added subset pcap trace of TP_LINK_LOCAL_ON. --- .../pcap/TP_LINK_LOCAL_ON_SUBSET.pcap | Bin 0 -> 1705 bytes .../edu/uci/iotproject/FlowPatternFinder.java | 2 +- .../main/java/edu/uci/iotproject/Main.java | 2 +- .../comparison/ComparisonFunctions.java | 38 +++++++++++++++++- 4 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_ON_SUBSET.pcap diff --git a/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_ON_SUBSET.pcap b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_ON_SUBSET.pcap new file mode 100644 index 0000000000000000000000000000000000000000..209bfbff203c566c5e64ee0d562afaed6495bbb6 GIT binary patch literal 1705 zcmV;a23Gmh!?K|Q00aO4000000000000aO50002JT7y~_fC2z40ssIk0ssK8xr%dX zj!?(HGam^E07U=-9{t)t06+%cXuzlepUwNrQ@Ni3yJ;2Wjz7?iq<|PA2)W?^0099A z3IG8gKZ0KAOBVwJ0p(4j0AC`XzB2^QA7AS7l<(J&!lMOatrEY46tU=EP|9npibs4$ z%!*frFf+HNwC2hTq)Vj@n;95USz#r?uE|m7mUqEMXBx-2ncucbfGpMHPOZhXs>ROO z`m>-M=zQ3)@k&%y|hj9Dcwq*P^+yA|c49=zVYecfsFe@P`n|+cokENZPsQnMpFhxzq-hoBcz_rHewB3q0099A z3W8qgS^xnbKNkZ71O6GIFv2iL1t?fAdf+TJ&+%lPMvFz%SgVBn0eplw~w z1hFaPm#R*3#W9jJg)y?{wtg1rzzL1HN|~d|dsxXtNbkG!IWKAj`_r= z3FnL=Ki`dY7@QEE*wM_YsBJG{njfJ>;U-SP1@RG8%}3gDsFK63@sZN*QsuD534Vqw zAPc=|vCvZQK-E&@BTFlNG&DiOVnt8ikfL`;vqcN9+|_20j7J11SmO-e8&w+E${JGC z)P7B9{%y}PdDIVM*#Xl!fP(Y%qpnhtyWbsJb9h3*+dVeRM-=w30kF*34+EoxBVgGU zncH9F^VKCK2pw~w*xZ;S5++BSZ&~-k6eX-IqOJyNnh%QNZucBCUK|Jo@<65%>Zt!O zAGeE)sxI^Mzoqw@5YO_tJi`5K^~W3@dm5N)^$O*YycF$u3|!sf(OLj}wlcBsagPx_jTwm?bHH${!SSzEq8=>Vg&-=lk9f!vKd#ld>dH|ifv104w|d5VyJqc` zZdX(w8w662wW<}vlUud-dR;Rz_P>aT@=Rpv zMORTis5P#-!mn^1Y0O|dlecP+(gF?^^~}0$@>+IV%)cOio>dScO{jS<_9Bv@p^K1n z6^!JThFV|@;NnN4ck^1Im0GNOD&**mr*`SqcGrciLd`waF`YIxz5pF~<1!NEzjsd* z2?ntH;xFPXXK3B3-NZhYP<#9Q35_jN{_Z@|tDaJ#N-PA&Pihbd(GR3q7QtmyB7zzu zg833~-1zq=+l|z z_9F7y?&*Fre%K5*yG%iG)5Wb#K`TI#&*t8M0de-${n?3S@RyVwJ1|KdzM=_mj= z-VMR>H|S}r_t|%NkK-E*+9vi|+)J5r8qA@EcLJRmuaYOW+mbo50f$BCNiEQZ38<`W z(papLq!3RUXnrEl{(b;mRV}(UddU6woudA7fePi3)%{m@?Jd^sE$^mRPzkN5Bu0De zc comparisonTask = - new PatternComparisonTask<>(conversation, mPattern, ComparisonFunctions.COMPLETE_MATCH); + new PatternComparisonTask<>(conversation, mPattern, ComparisonFunctions.SUB_SEQUENCE_COMPLETE_MATCH); mPendingComparisons.add(EXECUTOR_SERVICE.submit(comparisonTask)); // Increment hostIndex to find the next diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java index b828323..624136f 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java @@ -22,7 +22,7 @@ public class Main { public static void main(String[] args) throws PcapNativeException, NotOpenException, EOFException, TimeoutException, UnknownHostException { final String fileName = args.length > 0 ? args[0] : "/home/rtrimana/pcap_processing/smart_home_traffic/Code/Projects/SmartPlugDetector/pcap/wlan1.local.remote.dns.pcap"; - final String trainingFileName = "./pcap/TP_LINK_LOCAL_ON.pcap"; + final String trainingFileName = "./pcap/TP_LINK_LOCAL_ON_SUBSET.pcap"; //final String trainingFileName = "./pcap/TP_LINK_REMOTE_ON.pcap"; // ====== Debug code ====== diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/comparison/ComparisonFunctions.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/comparison/ComparisonFunctions.java index 2f44f3b..15eda20 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/comparison/ComparisonFunctions.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/comparison/ComparisonFunctions.java @@ -38,4 +38,40 @@ public class ComparisonFunctions { return new CompleteMatchPatternComparisonResult(conversation, flowPattern, true); }; -} + /** + * Comparison function that searches a {@link Conversation} looking for the presence of a complete match of a {@link FlowPattern}. + * Unlike {@link #COMPLETE_MATCH}, which searches for a 1:1 match between the {@code Conversation} and the {@code FlowPattern}, + * this function targets cases where the {@code Conversation} is longer than the {@code FlowPattern}. + * In other words, this function searches for a complete match of a sub sequence of packets in the {@code Conversation}. + * Note: this is a slow, brute force search. + */ + public static final BiFunction SUB_SEQUENCE_COMPLETE_MATCH = new BiFunction() { + // TODO needs review; I was tired when I wrote this :). + private boolean find(Conversation conversation, FlowPattern flowPattern, int nextIndex, int matchedIndices) { + if (matchedIndices == flowPattern.getLength()) { + // Found a full sub sequence. + return true; + } + List convPackets = conversation.getPackets(); + if (nextIndex >= convPackets.size()) { + // Reached end of list without finding a match. + return false; + } + if (convPackets.get(nextIndex).get(TcpPacket.class).getPayload().length() == flowPattern.getPacketOrder().get(matchedIndices)) { + // So far, so good. Still need to check if the remainder of the sub sequence is present. + return find(conversation, flowPattern, ++nextIndex, ++matchedIndices); + } else { + // Miss; trace back and retry the search starting at the index immediately after the index from the + // recursive calls potentially started matching some of the sub sequence. + return find(conversation, flowPattern, nextIndex-matchedIndices+1, 0); + } + } + + @Override + public CompleteMatchPatternComparisonResult apply(Conversation conversation, FlowPattern flowPattern) { + return new CompleteMatchPatternComparisonResult(conversation, flowPattern, find(conversation, flowPattern, 0, 0)); + } + + }; + +} \ No newline at end of file -- 2.34.1