X-Git-Url: http://demsky.eecs.uci.edu/git/?a=blobdiff_plain;f=Code%2FProjects%2FPacketLevelSignatureExtractor%2Fsrc%2Fmain%2Fjava%2Fedu%2Fuci%2Fiotproject%2FSignatureGenerator.java;h=57e0a0e9ca2d4c5a07f6c49519d114837ddf16a2;hb=0e1a130642de8343806aa43e4cfc132ca2ae2a45;hp=3629e8086836ce5f8342c86341aff5a2268860ac;hpb=dd0d2642de5bc58bb3f928a5fb8acae90dc7e502;p=pingpong.git diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/SignatureGenerator.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/SignatureGenerator.java index 3629e80..57e0a0e 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/SignatureGenerator.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/SignatureGenerator.java @@ -53,7 +53,11 @@ public class SignatureGenerator { // ------------------------------------------------------------------------------------------------------------- // ------------ # Code for extracting traffic generated by a device within x seconds of a trigger # ------------ if (args.length < 11) { - String errMsg = String.format("Usage: %s inputPcapFile outputPcapFile triggerTimesFile deviceIp" + + String errMsg = String.format("SPECTO version 1.0\n" + + "Copyright (C) 2018-2019 Janus Varmarken and Rahmadi Trimananda.\n" + + "University of California, Irvine.\n" + + "All rights reserved.\n\n" + + "Usage: %s inputPcapFile outputPcapFile triggerTimesFile deviceIp" + " onSignatureFile offSignatureFile onClusterAnalysisFile offClusterAnalysisFile epsilon" + " deletedSequencesOn deletedSequencesOff" + "\n inputPcapFile: the target of the detection" + @@ -212,6 +216,8 @@ public class SignatureGenerator { int numberOfEventsPerType = triggerTimes.size() / 2; int lowerBound = numberOfEventsPerType - (int)(numberOfEventsPerType * 0.1); int upperBound = numberOfEventsPerType + (int)(numberOfEventsPerType * 0.1); + //int lowerBound = numberOfEventsPerType - (int)(numberOfEventsPerType * 0.5); + //int upperBound = numberOfEventsPerType + (int)(numberOfEventsPerType * 0.5); int minPts = lowerBound; DBSCANClusterer onClusterer = new DBSCANClusterer<>(eps, minPts); List> onClusters = onClusterer.cluster(onPairs); @@ -278,7 +284,15 @@ public class SignatureGenerator { } PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOn, sequenceToDelete); } + PrintWriterUtils.println("ON Sequences: ", resultsWriter, + DUPLICATE_OUTPUT_TO_STD_OUT); + for(List> listOfList : ppListOfListListOn) { + PrintWriterUtils.println(listOfList.get(0).get(0).length() + "...", resultsWriter, + DUPLICATE_OUTPUT_TO_STD_OUT); + } ppListOfListListOn = PcapPacketUtils.sortSequences(ppListOfListListOn); + PrintWriterUtils.println("Concatenated and sorted ON signature sequences...", resultsWriter, + DUPLICATE_OUTPUT_TO_STD_OUT); // Concatenate ppListOfListListOff = PcapPacketUtils.concatSequences(ppListOfListListOff, sortedAllConversation); @@ -291,7 +305,16 @@ public class SignatureGenerator { } PcapPacketUtils.removeSequenceFromSignature(ppListOfListListOff, sequenceToDelete); } + PrintWriterUtils.println("OFF Sequences: ", resultsWriter, + DUPLICATE_OUTPUT_TO_STD_OUT); + for(List> listOfList : ppListOfListListOff) { + PrintWriterUtils.println(listOfList.get(0).get(0).length() + "...", resultsWriter, + DUPLICATE_OUTPUT_TO_STD_OUT); + } ppListOfListListOff = PcapPacketUtils.sortSequences(ppListOfListListOff); + PrintWriterUtils.println("Concatenated and sorted OFF signature sequences...", resultsWriter, + DUPLICATE_OUTPUT_TO_STD_OUT); + // Write the signatures into the screen PrintWriterUtils.println("========================================", resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT); @@ -307,6 +330,9 @@ public class SignatureGenerator { PrintWriterUtils.println("========================================", resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT); PcapPacketUtils.printSignatures(ppListOfListListOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT); + // Clean signatures from null elements + PcapPacketUtils.cleanSignature(ppListOfListListOn); + PcapPacketUtils.cleanSignature(ppListOfListListOff); // Printing signatures into files PrintUtils.serializeIntoFile(onSignatureFile, ppListOfListListOn); PrintUtils.serializeIntoFile(offSignatureFile, ppListOfListListOff); @@ -314,7 +340,7 @@ public class SignatureGenerator { PrintUtils.serializeIntoFile(onClusterAnalysisFile, corePointRangeSignatureOn); PrintUtils.serializeIntoFile(offClusterAnalysisFile, corePointRangeSignatureOff); - // =========================================== SIGNATURE DURATION =========================================== + // =========================================== SIGNATURE DURATIONS ============================================= List firstSignatureTimestamps = new ArrayList<>(); List lastSignatureTimestamps = new ArrayList<>(); if (!ppListOfListListOn.isEmpty()) { @@ -332,7 +358,7 @@ public class SignatureGenerator { } } - if (!ppListOfListListOn.isEmpty()) { + if (!ppListOfListListOff.isEmpty()) { List> firstListOffSign = ppListOfListListOff.get(0); List> lastListOffSign = ppListOfListListOff.get(ppListOfListListOff.size() - 1); // Load OFF signature first and last packet's timestamps @@ -347,13 +373,8 @@ public class SignatureGenerator { } } // Sort the timestamps - firstSignatureTimestamps.sort((p1, p2) -> { - return p1.compareTo(p2); - }); - // Sort the timestamps - lastSignatureTimestamps.sort((p1, p2) -> { - return p1.compareTo(p2); - }); + firstSignatureTimestamps.sort(Comparator.comparing(Instant::toEpochMilli)); + lastSignatureTimestamps.sort(Comparator.comparing(Instant::toEpochMilli)); Iterator iterFirst = firstSignatureTimestamps.iterator(); Iterator iterLast = lastSignatureTimestamps.iterator(); @@ -366,22 +387,22 @@ public class SignatureGenerator { PrintWriterUtils.println("========================================", resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT); while (iterFirst.hasNext() && iterLast.hasNext()) { - Instant firstInst = (Instant) iterFirst.next(); - Instant lastInst = (Instant) iterLast.next(); + Instant firstInst = iterFirst.next(); + Instant lastInst = iterLast.next(); Duration dur = Duration.between(firstInst, lastInst); duration = dur.toMillis(); // Check duration --- should be below 15 seconds if (duration > TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS) { while (duration > TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS && iterFirst.hasNext()) { // that means we have to move to the next trigger - firstInst = (Instant) iterFirst.next(); + firstInst = iterFirst.next(); dur = Duration.between(firstInst, lastInst); duration = dur.toMillis(); } } else { // Below 0/Negative --- that means we have to move to the next signature while (duration < 0 && iterLast.hasNext()) { // that means we have to move to the next trigger - lastInst = (Instant) iterLast.next(); + lastInst = iterLast.next(); dur = Duration.between(firstInst, lastInst); duration = dur.toMillis(); }