// -------------------------------------------------------------------------------------------------------------
// ------------ # Code for extracting traffic generated by a device within x seconds of a trigger # ------------
if (args.length < 11) {
- String errMsg = String.format("Usage: %s inputPcapFile outputPcapFile triggerTimesFile deviceIp" +
+ String errMsg = String.format("SPECTO version 1.0\n" +
+ "Copyright (C) 2018-2019 Janus Varmarken and Rahmadi Trimananda.\n" +
+ "University of California, Irvine.\n" +
+ "All rights reserved.\n\n" +
+ "Usage: %s inputPcapFile outputPcapFile triggerTimesFile deviceIp" +
" onSignatureFile offSignatureFile onClusterAnalysisFile offClusterAnalysisFile epsilon" +
" deletedSequencesOn deletedSequencesOff" +
"\n inputPcapFile: the target of the detection" +
int numberOfEventsPerType = triggerTimes.size() / 2;
int lowerBound = numberOfEventsPerType - (int)(numberOfEventsPerType * 0.1);
int upperBound = numberOfEventsPerType + (int)(numberOfEventsPerType * 0.1);
+ //int lowerBound = numberOfEventsPerType - (int)(numberOfEventsPerType * 0.5);
+ //int upperBound = numberOfEventsPerType + (int)(numberOfEventsPerType * 0.5);
int minPts = lowerBound;
DBSCANClusterer<PcapPacketPair> onClusterer = new DBSCANClusterer<>(eps, minPts);
List<Cluster<PcapPacketPair>> onClusters = onClusterer.cluster(onPairs);
}
PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOn, sequenceToDelete);
}
+ PrintWriterUtils.println("ON Sequences: ", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ for(List<List<PcapPacket>> listOfList : ppListOfListListOn) {
+ PrintWriterUtils.println(listOfList.get(0).get(0).length() + "...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ }
ppListOfListListOn = PcapPacketUtils.sortSequences(ppListOfListListOn);
+ PrintWriterUtils.println("Concatenated and sorted ON signature sequences...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
// Concatenate
ppListOfListListOff = PcapPacketUtils.concatSequences(ppListOfListListOff, sortedAllConversation);
}
PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOff, sequenceToDelete);
}
+ PrintWriterUtils.println("OFF Sequences: ", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ for(List<List<PcapPacket>> listOfList : ppListOfListListOff) {
+ PrintWriterUtils.println(listOfList.get(0).get(0).length() + "...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ }
ppListOfListListOff = PcapPacketUtils.sortSequences(ppListOfListListOff);
+ PrintWriterUtils.println("Concatenated and sorted OFF signature sequences...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+
// Write the signatures into the screen
PrintWriterUtils.println("========================================", resultsWriter,
DUPLICATE_OUTPUT_TO_STD_OUT);
PrintWriterUtils.println("========================================", resultsWriter,
DUPLICATE_OUTPUT_TO_STD_OUT);
PcapPacketUtils.printSignatures(ppListOfListListOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ // Clean signatures from null elements
+ PcapPacketUtils.cleanSignature(ppListOfListListOn);
+ PcapPacketUtils.cleanSignature(ppListOfListListOff);
// Printing signatures into files
PrintUtils.serializeIntoFile(onSignatureFile, ppListOfListListOn);
PrintUtils.serializeIntoFile(offSignatureFile, ppListOfListListOff);
PrintUtils.serializeIntoFile(onClusterAnalysisFile, corePointRangeSignatureOn);
PrintUtils.serializeIntoFile(offClusterAnalysisFile, corePointRangeSignatureOff);
- // =========================================== SIGNATURE DURATION ===========================================
+ // =========================================== SIGNATURE DURATIONS =============================================
List<Instant> firstSignatureTimestamps = new ArrayList<>();
List<Instant> lastSignatureTimestamps = new ArrayList<>();
if (!ppListOfListListOn.isEmpty()) {
}
}
- if (!ppListOfListListOn.isEmpty()) {
+ if (!ppListOfListListOff.isEmpty()) {
List<List<PcapPacket>> firstListOffSign = ppListOfListListOff.get(0);
List<List<PcapPacket>> lastListOffSign = ppListOfListListOff.get(ppListOfListListOff.size() - 1);
// Load OFF signature first and last packet's timestamps
}
}
// Sort the timestamps
- firstSignatureTimestamps.sort((p1, p2) -> {
- return p1.compareTo(p2);
- });
- // Sort the timestamps
- lastSignatureTimestamps.sort((p1, p2) -> {
- return p1.compareTo(p2);
- });
+ firstSignatureTimestamps.sort(Comparator.comparing(Instant::toEpochMilli));
+ lastSignatureTimestamps.sort(Comparator.comparing(Instant::toEpochMilli));
Iterator<Instant> iterFirst = firstSignatureTimestamps.iterator();
Iterator<Instant> iterLast = lastSignatureTimestamps.iterator();
PrintWriterUtils.println("========================================", resultsWriter,
DUPLICATE_OUTPUT_TO_STD_OUT);
while (iterFirst.hasNext() && iterLast.hasNext()) {
- Instant firstInst = (Instant) iterFirst.next();
- Instant lastInst = (Instant) iterLast.next();
+ Instant firstInst = iterFirst.next();
+ Instant lastInst = iterLast.next();
Duration dur = Duration.between(firstInst, lastInst);
duration = dur.toMillis();
// Check duration --- should be below 15 seconds
if (duration > TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS) {
while (duration > TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS && iterFirst.hasNext()) {
// that means we have to move to the next trigger
- firstInst = (Instant) iterFirst.next();
+ firstInst = iterFirst.next();
dur = Duration.between(firstInst, lastInst);
duration = dur.toMillis();
}
} else { // Below 0/Negative --- that means we have to move to the next signature
while (duration < 0 && iterLast.hasNext()) {
// that means we have to move to the next trigger
- lastInst = (Instant) iterLast.next();
+ lastInst = iterLast.next();
dur = Duration.between(firstInst, lastInst);
duration = dur.toMillis();
}