Bringing down time constraint to packet level so that we will exclude those pairs...

author rtrimana <rtrimana@uci.edu>

Fri, 15 Mar 2019 18:40:37 +0000 (11:40 -0700)

committer rtrimana <rtrimana@uci.edu>

Fri, 15 Mar 2019 18:40:37 +0000 (11:40 -0700)
author rtrimana <rtrimana@uci.edu>
Fri, 15 Mar 2019 18:40:37 +0000 (11:40 -0700)
committer rtrimana <rtrimana@uci.edu>
Fri, 15 Mar 2019 18:40:37 +0000 (11:40 -0700)
diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java

index e2a4aeab6f2db7f6f09ff83f1b65a692bb1f0db7..7fb571a587621b51f56ff3312c0edfb63a04cdaa 100644 (file)
--- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java
+++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java
@@ -1,5 +1,6 @@
  package edu.uci.iotproject.detection.layer2;
  
+import edu.uci.iotproject.analysis.TriggerTrafficExtractor;
  import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassembler;
  import edu.uci.iotproject.trafficreassembly.layer2.Layer2Flow;
  import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassemblerObserver;
@@ -41,13 +42,16 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
       */
      private final double mEps;
  
+    private int mInclusionTimeMillis;
+
      /**
       * Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members.
       * @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for.
       */
-    public Layer2ClusterMatcher(List<List<PcapPacket>> cluster, boolean isRangeBased, double eps) {
+    public Layer2ClusterMatcher(List<List<PcapPacket>> cluster, int inclusionTimeMillis,
+                                boolean isRangeBased, double eps) {
          // Consider all flows if no flow filter specified.
-        this(cluster, flow -> true, isRangeBased, eps);
+        this(cluster, flow -> true, inclusionTimeMillis, isRangeBased, eps);
      }
  
      /**
@@ -59,15 +63,18 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
       *                   namely when the {@link Layer2FlowReassembler} notifies the {@link Layer2ClusterMatcher} about
       *                   the new flow. This functionality may for example come in handy when one only wants to search
       *                   for matches in the subset of flows that involves a specific (range of) MAC(s).
+     * @param inclusionTimeMillis Packet inclusion limit for matching.
       * @param isRangeBased The boolean that decides if it is range-based vs. strict matching.
       * @param eps The epsilon value used in the DBSCAN algorithm.
       */
      public Layer2ClusterMatcher(List<List<PcapPacket>> cluster, Function<Layer2Flow, Boolean> flowFilter,
-                                boolean isRangeBased, double eps) {
+                                int inclusionTimeMillis, boolean isRangeBased, double eps) {
          super(cluster, isRangeBased);
          mFlowFilter = flowFilter;
          mRangeBased = isRangeBased;
          mEps = eps;
+        mInclusionTimeMillis =
+                inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
      }
  
      @Override
@@ -89,7 +96,7 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
              Layer2SequenceMatcher[][] matchers = new Layer2SequenceMatcher[mCluster.size()][mCluster.get(0).size()];
              // Prepare a "state 0" sequence matcher for each sequence variation in the cluster.
              for (int i = 0; i < matchers.length; i++) {
-                matchers[i][0] = new Layer2SequenceMatcher(mCluster.get(i));
+                matchers[i][0] = new Layer2SequenceMatcher(mCluster.get(i), mInclusionTimeMillis);
              }
              // Associate the new sequence matcher table with the new flow
              mPerFlowSeqMatchers.put(flow, matchers);
@@ -129,7 +136,7 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
                      // We always want to have a sequence matcher in state 0, regardless of if the one that advanced
                      // from state zero completed its matching or if it replaced a different one in state 1 or not.
                      if (sm.getMatchedPacketsCount() == 1) {
-                        matchers[i][j] = new Layer2SequenceMatcher(sm.getTargetSequence());
+                        matchers[i][j] = new Layer2SequenceMatcher(sm.getTargetSequence(), mInclusionTimeMillis);
                      }
                  }
              }
@@ -146,7 +153,7 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
              // around), so the length of the array is simply the sequence length.
              Layer2RangeMatcher[] matcher = new Layer2RangeMatcher[mCluster.get(0).size()];
              // Prepare a "state 0" sequence matcher.
-            matcher[0] = new Layer2RangeMatcher(mCluster.get(0), mCluster.get(1), mEps);
+            matcher[0] = new Layer2RangeMatcher(mCluster.get(0), mCluster.get(1), mInclusionTimeMillis, mEps);
              // Associate the new sequence matcher table with the new flow.
              mPerFlowRangeMatcher.put(flow, matcher);
          }
@@ -181,7 +188,8 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye
                  // We always want to have a sequence matcher in state 0, regardless of if the one that advanced
                  // from state zero completed its matching or if it replaced a different one in state 1 or not.
                  if (sm.getMatchedPacketsCount() == 1) {
-                    matcher[j] = new Layer2RangeMatcher(sm.getTargetLowerBound(), sm.getTargetUpperBound(), mEps);
+                    matcher[j] = new Layer2RangeMatcher(sm.getTargetLowerBound(), sm.getTargetUpperBound(),
+                            mInclusionTimeMillis, mEps);
                  }
              }
          }
diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java

index cd19045613695eff7d9953ac58c1c703bd944cf6..40059657d1a94b6b2ec17467fc042cfd78d091aa 100644 (file)
--- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java
+++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java
@@ -23,6 +23,7 @@ public class Layer2RangeMatcher extends Layer2AbstractMatcher {
      private final List<PcapPacket> mLowerBound;
      private final List<PcapPacket> mUpperBound;
      private final double mEps;
+    private int mInclusionTimeMillis;
  
      /**
       * Create a {@code Layer2RangeMatcher}.
@@ -30,13 +31,16 @@ public class Layer2RangeMatcher extends Layer2AbstractMatcher {
       * @param upperBound The upper bound of the sequence to match against (search for).
       * @param eps The epsilon value used in the DBSCAN algorithm.
       */
-    public Layer2RangeMatcher(List<PcapPacket> lowerBound, List<PcapPacket> upperBound, double eps) {
+    public Layer2RangeMatcher(List<PcapPacket> lowerBound, List<PcapPacket> upperBound,
+                              int inclusionTimeMillis, double eps) {
          // TODO: Just use the lower bound since both lower and upper bounds' packets essentially have the same direction
          // TODO: for the same position in the array. Both arrays also have the same length.
          super(lowerBound);
          mLowerBound = lowerBound;
          mUpperBound = upperBound;
          mEps = eps;
+        mInclusionTimeMillis =
+                inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
      }
  
      /**
@@ -92,8 +96,10 @@ public class Layer2RangeMatcher extends Layer2AbstractMatcher {
              if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) {
                  return false;
              }
+//            if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
+//                    plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) {
              if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
-                    plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) {
+                    plusMillis(mInclusionTimeMillis))) {
                  return false;
              }
              // If we made it here, it means that this packet has the expected length, direction, and obeys the timing
diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java

index 2db22287210d412f97b0ccf6783e7b79401c4a25..a9d6241e59fc704363b2cbc7a9249183ea6ceae9 100644 (file)
--- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java
+++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java
@@ -22,11 +22,13 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher {
       */
      private final List<PcapPacket> mSequence;
  
+    private int mInclusionTimeMillis;
+
      /**
       * Create a {@code Layer2SequenceMatcher}.
       * @param sequence The sequence to match against (search for).
       */
-    public Layer2SequenceMatcher(List<PcapPacket> sequence) {
+    public Layer2SequenceMatcher(List<PcapPacket> sequence, int inclusionTimeMillis) {
          super(sequence);
          mSequence = sequence;
          // Compute packet directions for sequence.
@@ -41,6 +43,8 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher {
                  mPacketDirections[i] = getPacketDirection(prevPkt, prevPktDirection, sequence.get(i));
              }
          }
+        mInclusionTimeMillis =
+                inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis;
      }
  
      /**
@@ -94,8 +98,10 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher {
              if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) {
                  return false;
              }
+//            if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
+//                            plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) {
              if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp().
-                            plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) {
+                plusMillis(mInclusionTimeMillis))) {
                  return false;
              }
              // If we made it here, it means that this packet has the expected length, direction, and obeys the timing
diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java

index 995eb497b3ddeeb8ccbdb4fb6ba44c9456bae69c..e083a2cc395d6f72da7c9b4e7800da1edbb543b1 100644 (file)
--- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java
+++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java
@@ -239,8 +239,8 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb
          for (int i = 0; i < mSignature.size(); i++) {
              List<List<PcapPacket>> cluster = mSignature.get(i);
              Layer2ClusterMatcher clusterMatcher = flowFilters == null ?
-                    new Layer2ClusterMatcher(cluster, isRangeBased, eps) :
-                    new Layer2ClusterMatcher(cluster, flowFilters.get(i), isRangeBased, eps);
+                    new Layer2ClusterMatcher(cluster, inclusionTimeMillis, isRangeBased, eps) :
+                    new Layer2ClusterMatcher(cluster, flowFilters.get(i), inclusionTimeMillis, isRangeBased, eps);
              clusterMatcher.addObserver(this);
              clusterMatchers.add(clusterMatcher);
          }
author	rtrimana <rtrimana@uci.edu>
	Fri, 15 Mar 2019 18:40:37 +0000 (11:40 -0700)
committer	rtrimana <rtrimana@uci.edu>
	Fri, 15 Mar 2019 18:40:37 +0000 (11:40 -0700)
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java		patch \| blob \| history
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java		patch \| blob \| history
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java		patch \| blob \| history
Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java		patch \| blob \| history