mConversations.remove(conversation);
// Create comparison task and send to executor service.
PatternComparisonTask<CompleteMatchPatternComparisonResult> comparisonTask =
- new PatternComparisonTask<>(conversation, mPattern, ComparisonFunctions.COMPLETE_MATCH);
+ new PatternComparisonTask<>(conversation, mPattern, ComparisonFunctions.SUB_SEQUENCE_COMPLETE_MATCH);
mPendingComparisons.add(EXECUTOR_SERVICE.submit(comparisonTask));
// Increment hostIndex to find the next
public static void main(String[] args) throws PcapNativeException, NotOpenException, EOFException, TimeoutException, UnknownHostException {
final String fileName = args.length > 0 ? args[0] : "/home/rtrimana/pcap_processing/smart_home_traffic/Code/Projects/SmartPlugDetector/pcap/wlan1.local.remote.dns.pcap";
- final String trainingFileName = "./pcap/TP_LINK_LOCAL_ON.pcap";
+ final String trainingFileName = "./pcap/TP_LINK_LOCAL_ON_SUBSET.pcap";
//final String trainingFileName = "./pcap/TP_LINK_REMOTE_ON.pcap";
// ====== Debug code ======
return new CompleteMatchPatternComparisonResult(conversation, flowPattern, true);
};
-}
+ /**
+ * Comparison function that searches a {@link Conversation} looking for the presence of a complete match of a {@link FlowPattern}.
+ * Unlike {@link #COMPLETE_MATCH}, which searches for a 1:1 match between the {@code Conversation} and the {@code FlowPattern},
+ * this function targets cases where the {@code Conversation} is longer than the {@code FlowPattern}.
+ * In other words, this function searches for a complete match of a sub sequence of packets in the {@code Conversation}.
+ * Note: this is a slow, brute force search.
+ */
+ public static final BiFunction<Conversation, FlowPattern, CompleteMatchPatternComparisonResult> SUB_SEQUENCE_COMPLETE_MATCH = new BiFunction<Conversation, FlowPattern, CompleteMatchPatternComparisonResult>() {
+ // TODO needs review; I was tired when I wrote this :).
+ private boolean find(Conversation conversation, FlowPattern flowPattern, int nextIndex, int matchedIndices) {
+ if (matchedIndices == flowPattern.getLength()) {
+ // Found a full sub sequence.
+ return true;
+ }
+ List<PcapPacket> convPackets = conversation.getPackets();
+ if (nextIndex >= convPackets.size()) {
+ // Reached end of list without finding a match.
+ return false;
+ }
+ if (convPackets.get(nextIndex).get(TcpPacket.class).getPayload().length() == flowPattern.getPacketOrder().get(matchedIndices)) {
+ // So far, so good. Still need to check if the remainder of the sub sequence is present.
+ return find(conversation, flowPattern, ++nextIndex, ++matchedIndices);
+ } else {
+ // Miss; trace back and retry the search starting at the index immediately after the index from the
+ // recursive calls potentially started matching some of the sub sequence.
+ return find(conversation, flowPattern, nextIndex-matchedIndices+1, 0);
+ }
+ }
+
+ @Override
+ public CompleteMatchPatternComparisonResult apply(Conversation conversation, FlowPattern flowPattern) {
+ return new CompleteMatchPatternComparisonResult(conversation, flowPattern, find(conversation, flowPattern, 0, 0));
+ }
+
+ };
+
+}
\ No newline at end of file
projects / pingpong.git / commitdiff