// -------------------------------------------------------------------------------------------------------------
// ------------ # Code for extracting traffic generated by a device within x seconds of a trigger # ------------
if (args.length < 11) {
- String errMsg = String.format("Usage: %s inputPcapFile outputPcapFile triggerTimesFile deviceIp" +
+ String errMsg = String.format("SPECTO version 1.0\n" +
+ "Copyright (C) 2018-2019 Janus Varmarken and Rahmadi Trimananda.\n" +
+ "University of California, Irvine.\n" +
+ "All rights reserved.\n\n" +
+ "Usage: %s inputPcapFile outputPcapFile triggerTimesFile deviceIp" +
" onSignatureFile offSignatureFile onClusterAnalysisFile offClusterAnalysisFile epsilon" +
" deletedSequencesOn deletedSequencesOff" +
"\n inputPcapFile: the target of the detection" +
}
PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOn, sequenceToDelete);
}
+ PrintWriterUtils.println("ON Sequences: ", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ for(List<List<PcapPacket>> listOfList : ppListOfListListOn) {
+ PrintWriterUtils.println(listOfList.get(0).get(0).length() + "...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ }
ppListOfListListOn = PcapPacketUtils.sortSequences(ppListOfListListOn);
+ PrintWriterUtils.println("Concatenated and sorted ON signature sequences...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
// Concatenate
ppListOfListListOff = PcapPacketUtils.concatSequences(ppListOfListListOff, sortedAllConversation);
}
PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOff, sequenceToDelete);
}
+ PrintWriterUtils.println("OFF Sequences: ", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ for(List<List<PcapPacket>> listOfList : ppListOfListListOff) {
+ PrintWriterUtils.println(listOfList.get(0).get(0).length() + "...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+ }
ppListOfListListOff = PcapPacketUtils.sortSequences(ppListOfListListOff);
+ PrintWriterUtils.println("Concatenated and sorted OFF signature sequences...", resultsWriter,
+ DUPLICATE_OUTPUT_TO_STD_OUT);
+
// Write the signatures into the screen
PrintWriterUtils.println("========================================", resultsWriter,
DUPLICATE_OUTPUT_TO_STD_OUT);
PrintWriterUtils.println("========================================", resultsWriter,
DUPLICATE_OUTPUT_TO_STD_OUT);
PcapPacketUtils.printSignatures(ppListOfListListOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
+ // Clean signatures from null elements
+ PcapPacketUtils.cleanSignature(ppListOfListListOn);
+ PcapPacketUtils.cleanSignature(ppListOfListListOff);
// Printing signatures into files
PrintUtils.serializeIntoFile(onSignatureFile, ppListOfListListOn);
PrintUtils.serializeIntoFile(offSignatureFile, ppListOfListListOff);
PrintUtils.serializeIntoFile(onClusterAnalysisFile, corePointRangeSignatureOn);
PrintUtils.serializeIntoFile(offClusterAnalysisFile, corePointRangeSignatureOff);
- // =========================================== SIGNATURE DURATION ===========================================
+ // =========================================== SIGNATURE DURATIONS =============================================
List<Instant> firstSignatureTimestamps = new ArrayList<>();
List<Instant> lastSignatureTimestamps = new ArrayList<>();
if (!ppListOfListListOn.isEmpty()) {
}
}
- if (!ppListOfListListOn.isEmpty()) {
+ if (!ppListOfListListOff.isEmpty()) {
List<List<PcapPacket>> firstListOffSign = ppListOfListListOff.get(0);
List<List<PcapPacket>> lastListOffSign = ppListOfListListOff.get(ppListOfListListOff.size() - 1);
// Load OFF signature first and last packet's timestamps
}
}
// Sort the timestamps
- firstSignatureTimestamps.sort((p1, p2) -> {
- return p1.compareTo(p2);
- });
- // Sort the timestamps
- lastSignatureTimestamps.sort((p1, p2) -> {
- return p1.compareTo(p2);
- });
+ firstSignatureTimestamps.sort(Comparator.comparing(Instant::toEpochMilli));
+ lastSignatureTimestamps.sort(Comparator.comparing(Instant::toEpochMilli));
Iterator<Instant> iterFirst = firstSignatureTimestamps.iterator();
Iterator<Instant> iterLast = lastSignatureTimestamps.iterator();
PrintWriterUtils.println("========================================", resultsWriter,
DUPLICATE_OUTPUT_TO_STD_OUT);
while (iterFirst.hasNext() && iterLast.hasNext()) {
- Instant firstInst = (Instant) iterFirst.next();
- Instant lastInst = (Instant) iterLast.next();
+ Instant firstInst = iterFirst.next();
+ Instant lastInst = iterLast.next();
Duration dur = Duration.between(firstInst, lastInst);
duration = dur.toMillis();
// Check duration --- should be below 15 seconds
if (duration > TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS) {
while (duration > TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS && iterFirst.hasNext()) {
// that means we have to move to the next trigger
- firstInst = (Instant) iterFirst.next();
+ firstInst = iterFirst.next();
+ dur = Duration.between(firstInst, lastInst);
+ duration = dur.toMillis();
}
- dur = Duration.between(firstInst, lastInst);
- duration = dur.toMillis();
} else { // Below 0/Negative --- that means we have to move to the next signature
- while (duration < 0 && iterLast.hasNext()) { // that means we have to move to the next trigger
- lastInst = (Instant) iterLast.next();
+ while (duration < 0 && iterLast.hasNext()) {
+ // that means we have to move to the next trigger
+ lastInst = iterLast.next();
+ dur = Duration.between(firstInst, lastInst);
+ duration = dur.toMillis();
}
- dur = Duration.between(firstInst, lastInst);
- duration = dur.toMillis();
}
PrintWriterUtils.println(duration, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
// Update duration if this bigger than the max value and still less than the window inclusion time