From 3fd7f009b4c4ece87bb4312cf3784d746258b998 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Mon, 18 Mar 2019 17:03:39 -0700 Subject: [PATCH] Only do range-based matching when the packet length in the particular position exhibits range-based behavior. --- .../layer3/Layer3ClusterMatcher.java | 40 ++++++++++--------- .../layer3/Layer3SignatureDetector.java | 6 ++- 2 files changed, 27 insertions(+), 19 deletions(-) diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3ClusterMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3ClusterMatcher.java index d4b2a32..398ac1e 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3ClusterMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3ClusterMatcher.java @@ -132,12 +132,12 @@ public class Layer3ClusterMatcher extends AbstractClusterMatcher implements Pack isPresent()) { List matchSeq = match.get(); // Notify observers about the match. -// mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq)); - if (!matchSeq.get(matchSeq.size()-1).getTimestamp().isAfter(matchSeq.get(0).getTimestamp(). - plusMillis(mInclusionTimeMillis))) { - // Notify observers about the match. - mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq)); - } + mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq)); +// if (!matchSeq.get(matchSeq.size()-1).getTimestamp().isAfter(matchSeq.get(0).getTimestamp(). +// plusMillis(mInclusionTimeMillis))) { +// // Notify observers about the match. +// mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq)); +// } /* * Get the index in cPkts of the last packet in the sequence of packets that matches the searched * signature sequence. @@ -179,12 +179,12 @@ public class Layer3ClusterMatcher extends AbstractClusterMatcher implements Pack isPresent()) { List matchSeq = match.get(); // Notify observers about the match. -// mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq)); - if (!matchSeq.get(matchSeq.size()-1).getTimestamp().isAfter(matchSeq.get(0).getTimestamp(). - plusMillis(mInclusionTimeMillis))) { - // Notify observers about the match. - mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq)); - } + mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq)); +// if (!matchSeq.get(matchSeq.size()-1).getTimestamp().isAfter(matchSeq.get(0).getTimestamp(). +// plusMillis(mInclusionTimeMillis))) { +// // Notify observers about the match. +// mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq)); +// } /* * Get the index in cPkts of the last packet in the sequence of packets that matches the searched * signature sequence. @@ -358,12 +358,16 @@ public class Layer3ClusterMatcher extends AbstractClusterMatcher implements Pack PcapPacket seqPkt = sequence.get(seqIdx); // We only have a match if packet lengths and directions match. // The packet lengths have to be in the range of [lowerBound - eps, upperBound+eps] - // TODO: Maybe we could do better here for the double to integer conversion? - int epsLowerBound = lowBndPkt.length() - (int) mEps; - int epsUpperBound = upBndPkt.length() + (int) mEps; - // TODO: TEMPORARILY REMOVE EPS BOUNDS -// int epsLowerBound = lowBndPkt.length(); -// int epsUpperBound = upBndPkt.length(); + // We initialize the lower and upper bounds first + int epsLowerBound = lowBndPkt.length(); + int epsUpperBound = upBndPkt.length(); + // Do strict matching if the lower and upper bounds are the same length + // Do range matching with eps otherwise + if (epsLowerBound != epsUpperBound) { + // TODO: Maybe we could do better here for the double to integer conversion? + epsLowerBound = epsLowerBound - (int) mEps; + epsUpperBound = epsUpperBound + (int) mEps; + } if (epsLowerBound <= seqPkt.getOriginalLength() && seqPkt.getOriginalLength() <= epsUpperBound && subsequenceDirections[subseqIdx] == sequenceDirections[seqIdx]) { diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java index b11fef8..4afa216 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java @@ -66,7 +66,11 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb final String onSignatureFile = args[3]; final String offSignatureFile = args[4]; final String resultsFile = args[5]; - final int signatureDuration = Integer.parseInt(args[6]); + // TODO: THIS IS TEMPORARILY SET TO DEFAULT SIGNATURE DURATION + // TODO: WE DO NOT WANT TO BE TOO STRICT AT THIS POINT SINCE LAYER 3 ALREADY APPLIES BACK-TO-BACK REQUIREMENT + // TODO: FOR PACKETS IN A SIGNATURE +// final int signatureDuration = Integer.parseInt(args[6]); + final int signatureDuration = TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS; final double eps = Double.parseDouble(args[7]); // Prepare file outputter. -- 2.34.1