public static void main(String[] args) throws PcapNativeException, NotOpenException, IOException {
if (args.length < 8) {
- String errMsg = String.format("Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
+ String errMsg = String.format("SPECTO version 1.0\n" +
+ "Copyright (C) 2018-2019 Janus Varmarken and Rahmadi Trimananda.\n" +
+ "University of California, Irvine.\n" +
+ "All rights reserved.\n\n" +
+ "Usage: %s inputPcapFile onAnalysisFile offAnalysisFile onSignatureFile offSignatureFile resultsFile" +
"\n inputPcapFile: the target of the detection" +
"\n onAnalysisFile: the file that contains the ON clusters analysis" +
"\n offAnalysisFile: the file that contains the OFF clusters analysis" +
final String onSignatureFile = args[3];
final String offSignatureFile = args[4];
final String resultsFile = args[5];
- final int signatureDuration = Integer.parseInt(args[6]);
+ // TODO: THIS IS TEMPORARILY SET TO DEFAULT SIGNATURE DURATION
+ // TODO: WE DO NOT WANT TO BE TOO STRICT AT THIS POINT SINCE LAYER 3 ALREADY APPLIES BACK-TO-BACK REQUIREMENT
+ // TODO: FOR PACKETS IN A SIGNATURE
+// final int signatureDuration = Integer.parseInt(args[6]);
+ final int signatureDuration = TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS;
final double eps = Double.parseDouble(args[7]);
// Prepare file outputter.
// Check if we should use range-based matching
boolean isRangeBasedForOn = PcapPacketUtils.isRangeBasedMatching(onSignature, eps, offSignature);
boolean isRangeBasedForOff = PcapPacketUtils.isRangeBasedMatching(offSignature, eps, onSignature);
-// boolean isRangeBasedForOn = false;
-// boolean isRangeBasedForOff = false;
// Update the signature with ranges if it is range-based
- if (isRangeBasedForOn && isRangeBasedForOff) {
+ if (isRangeBasedForOn) {
onSignature = PcapPacketUtils.useRangeBasedMatching(onSignature, onClusterAnalysis);
+ }
+ if (isRangeBasedForOff) {
offSignature = PcapPacketUtils.useRangeBasedMatching(offSignature, offClusterAnalysis);
}
// WAN
- double onEps = eps;
- double offEps = eps;
- // IFF the signature is just one pair of packets then we set EPS to 0 to make it tighter
- if (onSignature.size() == 1 && onSignature.get(0).size() == 2) {
- onEps = 0;
- }
- if (offSignature.size() == 1 && offSignature.get(0).size() == 2) {
- offEps = 0;
- }
Layer3SignatureDetector onDetector = new Layer3SignatureDetector(onSignature, ROUTER_WAN_IP,
- signatureDuration, isRangeBasedForOn, onEps);
+ signatureDuration, isRangeBasedForOn, eps);
Layer3SignatureDetector offDetector = new Layer3SignatureDetector(offSignature, ROUTER_WAN_IP,
- signatureDuration, isRangeBasedForOff, offEps);
+ signatureDuration, isRangeBasedForOff, eps);
final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofLocalizedDateTime(FormatStyle.MEDIUM).
withLocale(Locale.US).withZone(ZoneId.of("America/Los_Angeles"));
reader.readFromHandle();
// TODO: need a better way of triggering detection than this...
- if (isRangeBasedForOn && isRangeBasedForOff) {
+ if (isRangeBasedForOn) {
onDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
- offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
} else {
onDetector.mClusterMatchers.forEach(cm -> cm.performDetectionConservative());
+ }
+ if (isRangeBasedForOff) {
+ offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionRangeBased());
+ } else {
offDetector.mClusterMatchers.forEach(cm -> cm.performDetectionConservative());
}
// Output the detected events
detectedEvents.forEach(outputter);
- String resultOn = "Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
+ String resultOn = "# Number of detected events of type " + UserAction.Type.TOGGLE_ON + ": " +
detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count();
- String resultOff = "Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
+ String resultOff = "# Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " +
detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count();
PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT);
- System.out.println(resultOn);
- System.out.println(resultOff);
-
// Flush output to results file and close it.
resultsWriter.flush();
// Generate corresponding/appropriate ClusterMatchers based on the provided signature
List<Layer3ClusterMatcher> clusterMatchers = new ArrayList<>();
for (List<List<PcapPacket>> cluster : mSignature) {
- clusterMatchers.add(new Layer3ClusterMatcher(cluster, routerWanIp, isRangeBased, eps, this));
+ clusterMatchers.add(new Layer3ClusterMatcher(cluster, routerWanIp, inclusionTimeMillis,
+ isRangeBased, eps, this));
}
mClusterMatchers = Collections.unmodifiableList(clusterMatchers);
}
@Override
- public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match) {
+ public void onMatch(AbstractClusterMatcher clusterMatcher, List<PcapPacket> match, int maxSkippedPackets) {
// Add the match at the corresponding index
pendingMatches[mClusterMatcherIds.get(clusterMatcher)].add(match);
checkSignatureMatch();