// -------------------------------------------------------------------------------------------------------------
// ------------ # Code for extracting traffic generated by a device within x seconds of a trigger # ------------
if (args.length < 11) {
- String errMsg = String.format("Usage: %s inputPcapFile outputPcapFile triggerTimesFile deviceIp" +
+ String errMsg = String.format("SPECTO version 1.0\n" +
+ "Copyright (C) 2018-2019 Janus Varmarken and Rahmadi Trimananda.\n" +
+ "University of California, Irvine.\n" +
+ "All rights reserved.\n\n" +
+ "Usage: %s inputPcapFile outputPcapFile triggerTimesFile deviceIp" +
" onSignatureFile offSignatureFile onClusterAnalysisFile offClusterAnalysisFile epsilon" +
" deletedSequencesOn deletedSequencesOff" +
"\n inputPcapFile: the target of the detection" +
// Perform clustering on conversation logged as part of all ON events.
// Calculate number of events per type (only ON/only OFF), which means half of the number of all timestamps.
int numberOfEventsPerType = triggerTimes.size() / 2;
- int lowerBound = numberOfEventsPerType - (int)(numberOfEventsPerType * 0.1);
- int upperBound = numberOfEventsPerType + (int)(numberOfEventsPerType * 0.1);
+// int lowerBound = numberOfEventsPerType - (int)(numberOfEventsPerType * 0.1);
+// int upperBound = numberOfEventsPerType + (int)(numberOfEventsPerType * 0.1);
+ int lowerBound = numberOfEventsPerType - (int)(numberOfEventsPerType * 0.2);
+ int upperBound = numberOfEventsPerType + (int)(numberOfEventsPerType * 0.2);
int minPts = lowerBound;
DBSCANClusterer<PcapPacketPair> onClusterer = new DBSCANClusterer<>(eps, minPts);
List<Cluster<PcapPacketPair>> onClusters = onClusterer.cluster(onPairs);
}
PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOn, sequenceToDelete);
}
+ PrintWriterUtils.println("ON Sequences: ", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ for(List<List<PcapPacket>> listOfList : ppListOfListListOn) {
+ PrintWriterUtils.println(listOfList.get(0).get(0).length() + "...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ }
ppListOfListListOn = PcapPacketUtils.sortSequences(ppListOfListListOn);
+ PrintWriterUtils.println("Concatenated and sorted ON signature sequences...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
// Concatenate
ppListOfListListOff = PcapPacketUtils.concatSequences(ppListOfListListOff, sortedAllConversation);
}
PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOff, sequenceToDelete);
}
+ PrintWriterUtils.println("OFF Sequences: ", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ for(List<List<PcapPacket>> listOfList : ppListOfListListOff) {
+ PrintWriterUtils.println(listOfList.get(0).get(0).length() + "...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ }
ppListOfListListOff = PcapPacketUtils.sortSequences(ppListOfListListOff);
+ PrintWriterUtils.println("Concatenated and sorted OFF signature sequences...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+
// Write the signatures into the screen
PrintWriterUtils.println("========================================", resultsWriter,
DUPLICATE_OUTPUT_TO_STD_OUT);
PrintWriterUtils.println("========================================", resultsWriter,
DUPLICATE_OUTPUT_TO_STD_OUT);
PcapPacketUtils.printSignatures(ppListOfListListOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ // Clean signatures from null elements
+ PcapPacketUtils.cleanSignature(ppListOfListListOn);
+ PcapPacketUtils.cleanSignature(ppListOfListListOff);
// Printing signatures into files
PrintUtils.serializeIntoFile(onSignatureFile, ppListOfListListOn);
PrintUtils.serializeIntoFile(offSignatureFile, ppListOfListListOff);
PrintUtils.serializeIntoFile(onClusterAnalysisFile, corePointRangeSignatureOn);
PrintUtils.serializeIntoFile(offClusterAnalysisFile, corePointRangeSignatureOff);
- // =========================================== SIGNATURE DURATION ===========================================
+ // =========================================== SIGNATURE DURATIONS =============================================
List<Instant> firstSignatureTimestamps = new ArrayList<>();
List<Instant> lastSignatureTimestamps = new ArrayList<>();
if (!ppListOfListListOn.isEmpty()) {
}
}
- if (!ppListOfListListOn.isEmpty()) {
+ if (!ppListOfListListOff.isEmpty()) {
List<List<PcapPacket>> firstListOffSign = ppListOfListListOff.get(0);
List<List<PcapPacket>> lastListOffSign = ppListOfListListOff.get(ppListOfListListOff.size() - 1);
// Load OFF signature first and last packet's timestamps