1 package edu.uci.iotproject.comparison.seqalignment;
3 import edu.uci.iotproject.trafficreassembly.layer3.Conversation;
4 import edu.uci.iotproject.analysis.TcpConversationUtils;
8 import java.util.stream.Collectors;
11 * TODO add class documentation.
13 * @author Janus Varmarken
15 public class SequenceExtraction {
18 private final SequenceAlignment<Integer> mAlignmentAlg;
21 public SequenceExtraction() {
22 mAlignmentAlg = new SequenceAlignment<>(new AlignmentPricer<>((i1,i2) -> Math.abs(i1-i2), i -> 10));
26 public SequenceExtraction(SequenceAlignment<Integer> alignmentAlgorithm) {
27 mAlignmentAlg = alignmentAlgorithm;
31 * Gets the {@link SequenceAlignment} used to perform the sequence extraction.
32 * @return the {@link SequenceAlignment} used to perform the sequence extraction.
34 public SequenceAlignment<Integer> getAlignmentAlgorithm() {
41 // * @param convsForAction A set of {@link Conversation}s known to be associated with a single type of user action.
43 // public void extract(List<Conversation> convsForAction) {
44 // int maxDifference = 0;
46 // for (int i = 0; i < convsForAction.size(); i++) {
47 // for (int j = i+1; j < convsForAction.size(); i++) {
48 // Integer[] sequence1 = getPacketLengthSequence(convsForAction.get(i));
49 // Integer[] sequence2 = getPacketLengthSequence(convsForAction.get(j));
50 // int alignmentCost = mAlignmentAlg.calculateAlignment(sequence1, sequence2);
51 // if (alignmentCost > maxDifference) {
52 // maxDifference = alignmentCost;
60 // public void extract(Map<String, List<Conversation>> hostnameToConvs) {
61 // int maxDifference = 0;
63 // for (int i = 0; i < convsForAction.size(); i++) {
64 // for (int j = i+1; j < convsForAction.size(); i++) {
65 // Integer[] sequence1 = getPacketLengthSequence(convsForAction.get(i));
66 // Integer[] sequence2 = getPacketLengthSequence(convsForAction.get(j));
67 // int alignmentCost = mAlignmentAlg.calculateAlignment(sequence1, sequence2);
68 // if (alignmentCost > maxDifference) {
69 // maxDifference = alignmentCost;
76 // Building signature from entire sequence
77 public ExtractedSequence extract(List<Conversation> convsForActionForHostname) {
78 // First group conversations by packet sequences.
79 // TODO: the introduction of SYN/SYNACK, FIN/FINACK and RST as part of the sequence ID may be undesirable here
80 // as it can potentially result in sequences that are equal in terms of payload packets to be considered
81 // different due to differences in how they are terminated.
82 Map<String, List<Conversation>> groupedBySequence =
83 TcpConversationUtils.groupConversationsByPacketSequence(convsForActionForHostname, false);
85 // Then get a hold of one of the conversations that gave rise to the most frequent sequence.
86 Conversation mostFrequentConv = null;
88 for (Map.Entry<String, List<Conversation>> seqMapEntry : groupedBySequence.entrySet()) {
89 if (seqMapEntry.getValue().size() > maxFrequency) {
90 // Found a more frequent sequence
91 maxFrequency = seqMapEntry.getValue().size();
92 // We just pick the first conversation as the representative conversation for this sequence type.
93 mostFrequentConv = seqMapEntry.getValue().get(0);
94 } else if (seqMapEntry.getValue().size() == maxFrequency) {
95 // This sequence has the same frequency as the max frequency seen so far.
96 // Break ties by choosing the longest sequence.
97 // First get an arbitrary representative of currently examined sequence; we just pick the first.
98 Conversation c = seqMapEntry.getValue().get(0);
99 mostFrequentConv = c.getPackets().size() > mostFrequentConv.getPackets().size() ? c : mostFrequentConv;
102 // Now find the maximum cost of aligning the most frequent (or, alternatively longest) conversation with the
103 // each of the rest of the conversations also associated with this action and hostname.
105 final Integer[] mostFrequentConvSeq = TcpConversationUtils.getPacketLengthSequence(mostFrequentConv);
106 for (Conversation c : convsForActionForHostname) {
107 if (c == mostFrequentConv) {
108 // Don't compute distance to self.
111 Integer[] cSeq = TcpConversationUtils.getPacketLengthSequence(c);
112 int alignmentCost = mAlignmentAlg.calculateAlignment(mostFrequentConvSeq, cSeq);
113 if (alignmentCost > maxCost) {
114 maxCost = alignmentCost;
117 return new ExtractedSequence(mostFrequentConv, maxCost, false);
120 // Building signature from only TLS Application Data packets
121 public ExtractedSequence extractByTlsAppData(List<Conversation> convsForActionForHostname) {
122 // TODO: temporary hack to avoid 97-only conversations for dlink plug. We need some preprocessing/data cleaning.
123 convsForActionForHostname = convsForActionForHostname.stream().filter(c -> c.getTlsApplicationDataPackets().size() > 1).collect(Collectors.toList());
125 Map<String, List<Conversation>> groupedByTlsAppDataSequence =
126 TcpConversationUtils.groupConversationsByTlsApplicationDataPacketSequence(convsForActionForHostname);
127 // Get a Conversation representing the most frequent TLS application data sequence.
128 Conversation mostFrequentConv = groupedByTlsAppDataSequence.values().stream().max((l1, l2) -> {
129 // The frequency of a conversation with a specific packet sequence is the list size as that represents how
130 // many conversations exhibit that packet sequence.
131 // Hence, the difference between the list sizes can be used directly as the return value of the Comparator.
132 // Note: we break ties by choosing the one with the most TLS application data packets (i.e., the longest
133 // sequence) in case the frequencies are equal.
134 int diff = l1.size() - l2.size();
135 return diff != 0 ? diff : l1.get(0).getTlsApplicationDataPackets().size() - l2.get(0).getTlsApplicationDataPackets().size();
136 }).get().get(0); // Just pick the first as a representative of the most frequent sequence.
137 // Lengths of TLS Application Data packets in the most frequent (or most frequent and longest) conversation.
138 Integer[] mostFreqSeq = TcpConversationUtils.getPacketLengthSequenceTlsAppDataOnly(mostFrequentConv);
139 // Now find the maximum cost of aligning the most frequent (or, alternatively longest) conversation with the
140 // each of the rest of the conversations also associated with this action and hostname.
142 for (Conversation c : convsForActionForHostname) {
143 if (c == mostFrequentConv) continue;
144 int cost = mAlignmentAlg.calculateAlignment(mostFreqSeq, TcpConversationUtils.getPacketLengthSequenceTlsAppDataOnly(c));
145 maxCost = cost > maxCost ? cost : maxCost;
147 return new ExtractedSequence(mostFrequentConv, maxCost, true);
148 // Now find the maximum cost of aligning the most frequent (or, alternatively longest) conversation with the
149 // each of the rest of the conversations also associated with this action and hostname.