From: rtrimana Date: Fri, 4 May 2018 00:02:16 +0000 (-0700) Subject: Adding pre-processing for training set---we take packet lengths directly from a train... X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=9090e55e333dc790a12346485c7448b7d22ae3c7;p=pingpong.git Adding pre-processing for training set---we take packet lengths directly from a training set pcap file for FlowPattern. --- diff --git a/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_OFF.pcap b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_OFF.pcap new file mode 100644 index 0000000..b30fad9 Binary files /dev/null and b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_OFF.pcap differ diff --git a/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_ON.pcap b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_ON.pcap new file mode 100644 index 0000000..a85b153 Binary files /dev/null and b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_ON.pcap differ diff --git a/Code/Projects/SmartPlugDetector/pcap/TP_LINK_REMOTE_CHARGING_ON.pcap b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_REMOTE_CHARGING_ON.pcap new file mode 100644 index 0000000..73a92d4 Binary files /dev/null and b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_REMOTE_CHARGING_ON.pcap differ diff --git a/Code/Projects/SmartPlugDetector/pcap/TP_LINK_REMOTE_ON.pcap b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_REMOTE_ON.pcap new file mode 100644 index 0000000..d53625e Binary files /dev/null and b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_REMOTE_ON.pcap differ diff --git a/Code/Projects/SmartPlugDetector/pcap/local.on.pcap b/Code/Projects/SmartPlugDetector/pcap/local.on.pcap deleted file mode 100644 index a85b153..0000000 Binary files a/Code/Projects/SmartPlugDetector/pcap/local.on.pcap and /dev/null differ diff --git a/Code/Projects/SmartPlugDetector/pcap/remote.on.charging.pcap b/Code/Projects/SmartPlugDetector/pcap/remote.on.charging.pcap deleted file mode 100644 index 73a92d4..0000000 Binary files a/Code/Projects/SmartPlugDetector/pcap/remote.on.charging.pcap and /dev/null differ diff --git a/Code/Projects/SmartPlugDetector/pcap/remote.on.pcap b/Code/Projects/SmartPlugDetector/pcap/remote.on.pcap deleted file mode 100644 index d53625e..0000000 Binary files a/Code/Projects/SmartPlugDetector/pcap/remote.on.pcap and /dev/null differ diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPattern.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPattern.java index a083e49..fb0433c 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPattern.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPattern.java @@ -1,10 +1,20 @@ package edu.uci.iotproject; +import org.pcap4j.core.*; +import org.pcap4j.packet.*; +import org.pcap4j.packet.DnsPacket; +import org.pcap4j.packet.namednumber.DnsResourceRecordType; + import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; +import java.io.EOFException; +import java.net.UnknownHostException; +import java.util.concurrent.TimeoutException; /** * TODO add class documentation. @@ -25,24 +35,95 @@ public class FlowPattern { public static final FlowPattern TP_LINK_LOCAL_ON; + /** + * Class properties + */ private final String patternId; /** * The hostname that this {@code FlowPattern} is associated with. */ - private final String hostname; + private final String hostname; // The hostname that this {@code FlowPattern} is associated with. /** * The order of packet lengths that defines this {@link FlowPattern} * TODO: this is a simplified representation, we should also include information about direction of each packet. */ private final List flowPacketOrder; + + private final Map> hostnameToPacketOrderMap; + private final PcapHandle pcap; + + /** + * Class constants + */ + + /** + * Constructor #1 + */ + public FlowPattern(String patternId, String hostname, PcapHandle pcap) { + this.patternId = patternId; + this.hostname = hostname; + this.pcap = pcap; + this.hostnameToPacketOrderMap = null; + this.flowPacketOrder = new ArrayList(); + processPcap(); + } + + /** + * Process the PcapHandle to strip off unnecessary packets and just get the integer array of packet lengths + */ + private void processPcap() { + + PcapPacket packet; + try { + while ((packet = pcap.getNextPacketEx()) != null) { + // For now, we only work support pattern search in TCP over IPv4. + IpV4Packet ipPacket = packet.get(IpV4Packet.class); + TcpPacket tcpPacket = packet.get(TcpPacket.class); + if (ipPacket == null || tcpPacket == null) + continue; + if (tcpPacket.getPayload() == null) // We skip non-payload control packets as these are less predictable + continue; + int packetLength = tcpPacket.getPayload().length(); + flowPacketOrder.add(packetLength); + } + } catch (EOFException eofe) { + System.out.println("[ FlowPattern ] Finished processing a training PCAP stream!"); + System.out.println("[ FlowPattern ] Pattern for " + patternId + ": " + Arrays.toString(flowPacketOrder.toArray())); + } catch (PcapNativeException | + TimeoutException | + NotOpenException ex) { + ex.printStackTrace(); + } + } + + /** + * Constructor #2 + * + * @param patternId Label for this pattern + * @param hostname Hostname associated with this pattern + * @param flowPacketOrder List of packets in order + */ public FlowPattern(String patternId, String hostname, List flowPacketOrder) { this.patternId = patternId; this.hostname = hostname; + this.hostnameToPacketOrderMap = null; + this.pcap = null; this.flowPacketOrder = Collections.unmodifiableList(flowPacketOrder); } + + /** + * Constructor #3 + */ + public FlowPattern(String patternId, String hostname, Map> hostnameToPacketOrderMap) { + this.patternId = patternId; + this.hostname = hostname; + this.pcap = null; + this.flowPacketOrder = null; + this.hostnameToPacketOrderMap = Collections.unmodifiableMap(hostnameToPacketOrderMap); + } public String getPatternId() { return patternId; diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java index aff4534..8f52077 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java @@ -36,7 +36,7 @@ public class FlowPatternFinder { private PcapHandle pcap; private FlowPattern pattern; private AtomicBoolean isEoF; - + /* Constructor */ public FlowPatternFinder(PcapHandle _pcap, FlowPattern _pattern) { @@ -217,5 +217,4 @@ public class FlowPatternFinder { return String.format("%s:%d %s:%d", clientIp, clientPort, serverIp, serverPort); } } - } diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java index d727683..94d957d 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java @@ -27,15 +27,22 @@ public class Main { public static void main(String[] args) throws PcapNativeException, NotOpenException, EOFException, TimeoutException, UnknownHostException { //final String fileName = "/users/varmarken/Desktop/wlan1.local.dns.pcap"; final String fileName = "/home/rtrimana/pcap_processing/smart_home_traffic/Code/Projects/SmartPlugDetector/pcap/wlan1.local.remote.dns.pcap"; + final String trainingFileName = "/home/rtrimana/pcap_processing/smart_home_traffic/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_OFF.pcap"; // ====== Debug code ====== PcapHandle handle; + PcapHandle trainingPcap; try { handle = Pcaps.openOffline(fileName, PcapHandle.TimestampPrecision.NANO); + trainingPcap = Pcaps.openOffline(trainingFileName, PcapHandle.TimestampPrecision.NANO); } catch (PcapNativeException pne) { handle = Pcaps.openOffline(fileName); + trainingPcap = Pcaps.openOffline(trainingFileName); } - FlowPatternFinder fpf = new FlowPatternFinder(handle, FlowPattern.TP_LINK_LOCAL_ON); + FlowPattern fp = new FlowPattern("TP_LINK_LOCAL_OFF", "events.tplinkra.com", trainingPcap); + + //FlowPatternFinder fpf = new FlowPatternFinder(handle, FlowPattern.TP_LINK_LOCAL_ON); + FlowPatternFinder fpf = new FlowPatternFinder(handle, fp); fpf.start(); // ========================