From 36741790f65056a81f26fe697da398d66d71cbcf Mon Sep 17 00:00:00 2001 From: rtrimana Date: Mon, 27 Aug 2018 11:43:19 -0700 Subject: [PATCH] Adding a boolean variable to choose between the verbose or the concise version of the packet lengths string. --- .../main/java/edu/uci/iotproject/Main.java | 71 ++++++++++++------- .../analysis/TcpConversationUtils.java | 46 +++++++++++- 2 files changed, 89 insertions(+), 28 deletions(-) diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java index ed8c1bd..1addfb3 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java @@ -37,14 +37,15 @@ public class Main { // ------------ # Code for extracting traffic generated by a device within x seconds of a trigger # ------------ // Paths to input and output files (consider supplying these as arguments instead) and IP of the device for // which traffic is to be extracted: -// String path = "/scratch/July-2018"; // Rahmadi - String path = "/Users/varmarken/temp/UCI IoT Project/experiments"; // Janus + String path = "/scratch/July-2018"; // Rahmadi +// String path = "/Users/varmarken/temp/UCI IoT Project/experiments"; // Janus + boolean verbose = true; // 1) D-Link July 26 experiment - final String inputPcapFile = path + "/2018-07/dlink/dlink.wlan1.local.pcap"; - final String outputPcapFile = path + "/2018-07/dlink/dlink-processed.pcap"; - final String triggerTimesFile = path + "/2018-07/dlink/dlink-july-26-2018.timestamps"; - final String deviceIp = "192.168.1.246"; // .246 == phone; .199 == dlink plug? +// final String inputPcapFile = path + "/2018-07/dlink/dlink.wlan1.local.pcap"; +// final String outputPcapFile = path + "/2018-07/dlink/dlink-processed.pcap"; +// final String triggerTimesFile = path + "/2018-07/dlink/dlink-july-26-2018.timestamps"; +// final String deviceIp = "192.168.1.246"; // .246 == phone; .199 == dlink plug? // 2) TP-Link July 25 experiment // final String inputPcapFile = path + "/2018-07/tplink/tplink.wlan1.local.pcap"; @@ -55,10 +56,10 @@ public class Main { // 2b) TP-Link July 25 experiment TRUNCATED: // Only contains "true local" events, i.e., before the behavior changes to remote-like behavior. // Last included event is at July 25 10:38:11; file filtered to only include packets with arrival time <= 10:38:27. - final String inputPcapFile = path + "/2018-07/tplink/tplink.wlan1.local.truncated.pcap"; - final String outputPcapFile = path + "/2018-07/tplink/tplink-processed.truncated.pcap"; - final String triggerTimesFile = path + "/2018-07/tplink/tplink-july-25-2018.truncated.timestamps"; - final String deviceIp = "192.168.1.159"; +// final String inputPcapFile = path + "/2018-07/tplink/tplink.wlan1.local.truncated.pcap"; +// final String outputPcapFile = path + "/2018-07/tplink/tplink-processed.truncated.pcap"; +// final String triggerTimesFile = path + "/2018-07/tplink/tplink-july-25-2018.truncated.timestamps"; +// final String deviceIp = "192.168.1.159"; // 3) SmartThings Plug July 25 experiment // final String inputPcapFile = path + "/2018-07/stplug/stplug.wlan1.local.pcap"; @@ -67,10 +68,10 @@ public class Main { // final String deviceIp = "192.168.1.246"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!) // 4) Wemo July 30 experiment -// final String inputPcapFile = path + "/2018-07/wemo/wemo.wlan1.local.pcap"; -// final String outputPcapFile = path + "/2018-07/wemo/wemo-processed.pcap"; -// final String triggerTimesFile = path + "/2018-07/wemo/wemo-july-30-2018.timestamps"; -// final String deviceIp = "192.168.1.145"; + final String inputPcapFile = path + "/2018-07/wemo/wemo.wlan1.local.pcap"; + final String outputPcapFile = path + "/2018-07/wemo/wemo-processed.pcap"; + final String triggerTimesFile = path + "/2018-07/wemo/wemo-july-30-2018.timestamps"; + final String deviceIp = "192.168.1.145"; // 5) Wemo Insight July 31 experiment // final String inputPcapFile = path + "/2018-07/wemoinsight/wemoinsight.wlan1.local.pcap"; @@ -200,20 +201,38 @@ public class Main { Map>> ons = new HashMap<>(); // Contains all OFF events: hostname -> sequence identifier -> list of conversations with that sequence Map>> offs = new HashMap<>(); - userActionsToConvsByHostname.forEach((ua, hostnameToConvs) -> { - Map>> outer = ua.getType() == Type.TOGGLE_ON ? ons : offs; - hostnameToConvs.forEach((host, convs) -> { - Map> seqsToConvs = TcpConversationUtils. - groupConversationsByPacketSequence(convs); - outer.merge(host, seqsToConvs, (oldMap, newMap) -> { - newMap.forEach((sequence, cs) -> oldMap.merge(sequence, cs, (list1, list2) -> { - list1.addAll(list2); - return list1; - })); - return oldMap; + + if (verbose) { + userActionsToConvsByHostname.forEach((ua, hostnameToConvs) -> { + Map>> outer = ua.getType() == Type.TOGGLE_ON ? ons : offs; + hostnameToConvs.forEach((host, convs) -> { + Map> seqsToConvs = TcpConversationUtils. + groupConversationsByPacketSequenceVerbose(convs); + outer.merge(host, seqsToConvs, (oldMap, newMap) -> { + newMap.forEach((sequence, cs) -> oldMap.merge(sequence, cs, (list1, list2) -> { + list1.addAll(list2); + return list1; + })); + return oldMap; + }); }); }); - }); + } else { + userActionsToConvsByHostname.forEach((ua, hostnameToConvs) -> { + Map>> outer = ua.getType() == Type.TOGGLE_ON ? ons : offs; + hostnameToConvs.forEach((host, convs) -> { + Map> seqsToConvs = TcpConversationUtils. + groupConversationsByPacketSequence(convs); + outer.merge(host, seqsToConvs, (oldMap, newMap) -> { + newMap.forEach((sequence, cs) -> oldMap.merge(sequence, cs, (list1, list2) -> { + list1.addAll(list2); + return list1; + })); + return oldMap; + }); + }); + }); + } // ================================================================================================ // <<< Some work-in-progress/explorative code that extracts a "representative" sequence >>> diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TcpConversationUtils.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TcpConversationUtils.java index 2b172bc..f43077d 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TcpConversationUtils.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TcpConversationUtils.java @@ -141,7 +141,8 @@ public class TcpConversationUtils { * these payload packets are identical across all {@code Conversation}s in {@code convs} in terms of packet * length and packet order. For example, if the key is "152 440 550", this means that every individual * {@code Conversation} in the list of {@code Conversation}s pointed to by that key contain exactly three payload - * packet of lengths 152, 440, and 550, and these three packets are ordered the in the order prescribed by the key. + * packet of lengths 152, 440, and 550, and these three packets are ordered in the order prescribed by the key. + * This verbose version prints out the SYNACK, SYN, FINACK, FIN, RST, etc. packets. * * @param conversations The collection of {@code Conversation}s to group by packet sequence. * @return a {@link Map} from {@link String} to {@link List} of {@link Conversation}s such that each key is the @@ -149,7 +150,7 @@ public class TcpConversationUtils { * {@link Conversation#getPackets()}) separated by a delimiter of any {@link Conversation} pointed to * by that key. */ - public static Map> groupConversationsByPacketSequence(Collection conversations) { + public static Map> groupConversationsByPacketSequenceVerbose(Collection conversations) { Map> result = new HashMap<>(); for (Conversation conv : conversations) { if (conv.getPackets().size() == 0) { @@ -200,6 +201,47 @@ public class TcpConversationUtils { return result; } + /** + * Given a {@link Collection} of {@link Conversation}s, builds a {@link Map} from {@link String} to {@link List} + * of {@link Conversation}s such that each key is the concatenation of the packet lengths of all payload packets + * (i.e., the set of packets returned by {@link Conversation#getPackets()}) separated by a delimiter of any + * {@link Conversation} pointed to by that key. In other words, what the {@link Conversation}s {@code cs} pointed to + * by the key {@code s} have in common is that they all contain exactly the same number of payload packets and + * these payload packets are identical across all {@code Conversation}s in {@code convs} in terms of packet + * length and packet order. For example, if the key is "152 440 550", this means that every individual + * {@code Conversation} in the list of {@code Conversation}s pointed to by that key contain exactly three payload + * packet of lengths 152, 440, and 550, and these three packets are ordered in the order prescribed by the key. + * + * @param conversations The collection of {@code Conversation}s to group by packet sequence. + * @return a {@link Map} from {@link String} to {@link List} of {@link Conversation}s such that each key is the + * concatenation of the packet lengths of all payload packets (i.e., the set of packets returned by + * {@link Conversation#getPackets()}) separated by a delimiter of any {@link Conversation} pointed to + * by that key. + */ + public static Map> groupConversationsByPacketSequence(Collection conversations) { + Map> result = new HashMap<>(); + for (Conversation conv : conversations) { + if (conv.getPackets().size() == 0) { + // Skip conversations with no payload packets. + continue; + } + StringBuilder sb = new StringBuilder(); + // Then append the length of all application data packets. + for (PcapPacket pp : conv.getPackets()) { + // Only append a space if there's preceding content. + appendSpaceIfNotEmpty(sb); + sb.append(pp.length()); + } + List oneItemList = new ArrayList<>(); + oneItemList.add(conv); + result.merge(sb.toString(), oneItemList, (oldList, newList) -> { + oldList.addAll(newList); + return oldList; + }); + } + return result; + } + /** * Given a {@link Conversation}, counts the frequencies of each unique packet length seen as part of the * {@code Conversation}. -- 2.34.1