From 00ee9d53efe3437eccc75ba423567466be4998fb Mon Sep 17 00:00:00 2001 From: Janus Varmarken Date: Fri, 3 Aug 2018 14:35:27 -0700 Subject: [PATCH] TrafficLabeler.java: provide functionality for extracting labeled traffic grouped by hostname. Main.java: add + update filepaths; add code for grouping ONs and OFFs sequence counts. TriggerTrafficExtractor.java: change inclusion window to 20 seconds. UserAction.java: overwrite toString() for debugging purposes. --- .../main/java/edu/uci/iotproject/Main.java | 59 ++++++++++++++++--- .../iotproject/analysis/TrafficLabeler.java | 19 ++++++ .../analysis/TriggerTrafficExtractor.java | 2 +- .../uci/iotproject/analysis/UserAction.java | 5 ++ 4 files changed, 76 insertions(+), 9 deletions(-) diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java index f37719a..7d95895 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java @@ -42,10 +42,16 @@ public class Main { // final String deviceIp = "192.168.1.246"; // .246 == phone; .199 == dlink plug? // TP-Link July 25 experiment - final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink.wlan1.local.pcap"; - final String outputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink-processed.pcap"; - final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink-july-25-2018.timestamps"; - final String deviceIp = "192.168.1.159"; +// final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink.wlan1.local.pcap"; +// final String outputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink-processed.pcap"; +// final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink-july-25-2018.timestamps"; +// final String deviceIp = "192.168.1.159"; + + // SmartThings Plug July 25 experiment +// final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/stplug/stplug.wlan1.local.pcap"; +// final String outputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/stplug/stplug-processed.pcap"; +// final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/stplug/smartthings-july-25-2018.timestamps"; +// final String deviceIp = "192.168.1.246"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!) // Wemo July 30 experiment // final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemo/wemo.wlan1.local.pcap"; @@ -53,11 +59,17 @@ public class Main { // final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemo/wemo-july-30-2018.timestamps"; // final String deviceIp = "192.168.1.145"; + // Wemo Insight July 31 experiment +// final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemoinsight/wemoinsight.wlan1.local.pcap"; +// final String outputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemoinsight/wemoinsight-processed.pcap"; +// final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemoinsight/wemo-insight-july-31-2018.timestamps"; +// final String deviceIp = "192.168.1.135"; + // TP-Link BULB August 1 experiment -// final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-08/tplink-bulb/tplink-bulb.wlan1.local.pcap"; -// final String outputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-08/tplink-bulb/tplink-bulb-processed.pcap"; -// final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-08/tplink-bulb/tplink-bulb-aug-1-2018.timestamps"; -// final String deviceIp = "192.168.1.140"; + final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-08/tplink-bulb/tplinkbulb.wlan1.local.pcap"; + final String outputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-08/tplink-bulb/tplinkbulb-processed.pcap"; + final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-08/tplink-bulb/tplink-bulb-aug-3-2018.timestamps"; + final String deviceIp = "192.168.1.140"; TriggerTimesFileReader ttfr = new TriggerTimesFileReader(); List triggerTimes = ttfr.readTriggerTimes(triggerTimesFile, false); @@ -107,8 +119,39 @@ public class Main { System.out.println("Counted frequencies of packet pairs per hostname"); // For each user action, reassemble the set of TCP connections occurring shortly after final Map> userActionToConversations = trafficLabeler.getLabeledReassembledTcpTraffic(); + final Map>> userActionsToConvsByHostname = trafficLabeler.getLabeledReassembledTcpTraffic(dnsMap); System.out.println("Reassembled TCP conversations occurring shortly after each user event"); + + + + // ons + Map> ons = new HashMap<>(); + Map> offs = new HashMap<>(); + + userActionsToConvsByHostname.forEach((ua, hostnameToConvs) -> { + Map> outer = ua.getType() == Type.TOGGLE_ON ? ons : offs; + hostnameToConvs.forEach((host, convs) -> { + Map sequenceCounts = TcpConversationUtils.countPacketSequenceFrequencies(convs); + outer.merge(host, sequenceCounts, (existingMap, newMap) -> { + newMap.forEach((sequence, count) -> existingMap.merge(sequence, count, (i1, i2) -> i1+i2)); + return existingMap; + }); + }); + }); + + +// for (Map.Entry newMapEntry : newMap.entrySet()) { +// if (existingMap.get(newMapEntry.getKey()) != null) { +// existingMap.put(newMapEntry.getKey(), existingMap.get(newMapEntry.getKey()) + newMapEntry.getValue()); +// } else { +// existingMap.put(newMapEntry.getKey(), newMapEntry.getValue()); +// } +// } +// return existingMap; + + System.out.println(""); + // ------------------------------------------------------------------------------------------------------------- // ------------------------------------------------------------------------------------------------------------- } diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TrafficLabeler.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TrafficLabeler.java index 2de59c3..ebc87b1 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TrafficLabeler.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TrafficLabeler.java @@ -1,6 +1,7 @@ package edu.uci.iotproject.analysis; import edu.uci.iotproject.Conversation; +import edu.uci.iotproject.DnsMap; import edu.uci.iotproject.TcpReassembler; import org.pcap4j.core.PacketListener; import org.pcap4j.core.PcapPacket; @@ -124,4 +125,22 @@ public class TrafficLabeler implements PacketListener { }); } + /** + * Like {@link #getLabeledReassembledTcpTraffic()}, but uses the provided {@code ipHostnameMappings} to group + * {@link Conversation}s by hostname. + * + * @param ipHostnameMappings A {@link DnsMap} with IP to hostname mappings used for reverse DNS lookup. + * @return A {@link Map} in which a {@link UserAction} points to the set of {@link Conversation}s believed to be + * related (occurring as a result of) that {@code UserAction}. More precisely, each {@code UserAction} in + * the returned {@code Map} points to another {@code Map} in which a hostname points to the set of + * {@code Conversation}s involving that hostname. + */ + public Map>> getLabeledReassembledTcpTraffic(DnsMap ipHostnameMappings) { + return getLabeledTraffic(packets -> { + TcpReassembler tcpReassembler = new TcpReassembler(); + packets.forEach(p -> tcpReassembler.gotPacket(p)); + return TcpConversationUtils.groupConversationsByHostname(tcpReassembler.getTcpConversations(), ipHostnameMappings); + }); + } + } \ No newline at end of file diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TriggerTrafficExtractor.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TriggerTrafficExtractor.java index ab783a7..594fa2b 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TriggerTrafficExtractor.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TriggerTrafficExtractor.java @@ -26,7 +26,7 @@ public class TriggerTrafficExtractor implements PcapPacketFilter { */ private long mIncludedPackets = 0; - public static final int INCLUSION_WINDOW_MILLIS = 10_000; + public static final int INCLUSION_WINDOW_MILLIS = 20_000; public TriggerTrafficExtractor(String pcapFilePath, List triggerTimes, String deviceIp) throws PcapNativeException, NotOpenException { mPcapFilePath = pcapFilePath; diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/UserAction.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/UserAction.java index ef339a9..807ea78 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/UserAction.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/UserAction.java @@ -69,4 +69,9 @@ public class UserAction { hashCode = prime * hashCode + mTimestamp.hashCode(); return hashCode; } + + @Override + public String toString() { + return String.format("[ %s @ %s ]", mType.name(), mTimestamp.toString()); + } } -- 2.34.1