From 441aec67c407125cd7b08f7d233fc731598bbc82 Mon Sep 17 00:00:00 2001 From: Janus Varmarken Date: Thu, 26 Jul 2018 13:43:51 -0700 Subject: [PATCH] TcpConversationUtils.java: add some utility functions for counting frequencies (of packet lengths) --- .../analysis/TcpConversationUtils.java | 63 +++++++++++++++++-- 1 file changed, 59 insertions(+), 4 deletions(-) diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TcpConversationUtils.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TcpConversationUtils.java index 77c7743..ff7b4ad 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TcpConversationUtils.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TcpConversationUtils.java @@ -62,15 +62,14 @@ public class TcpConversationUtils { // TODO: what if there is long time between response and reply packet? Should we add a threshold and exclude those cases? } - /** - * Given a list of TCP conversations and associated DNS mappings, groups the conversations by hostname. - * @param tcpConversations The list of TCP conversations. + * Given a collection of TCP conversations and associated DNS mappings, groups the conversations by hostname. + * @param tcpConversations The collection of TCP conversations. * @param ipHostnameMappings The associated DNS mappings. * @return A map where each key is a hostname and its associated value is a list of conversations where one of the * two communicating hosts is that hostname (i.e. its IP maps to the hostname). */ - public static Map> groupConversationsByHostname(List tcpConversations, DnsMap ipHostnameMappings) { + public static Map> groupConversationsByHostname(Collection tcpConversations, DnsMap ipHostnameMappings) { HashMap> result = new HashMap<>(); for (Conversation c : tcpConversations) { if (c.getPackets().size() == 0) { @@ -117,5 +116,61 @@ public class TcpConversationUtils { return result; } + public static Map countPacketSequenceFrequencies(Collection conversations) { + Map result = new HashMap<>(); + for (Conversation conv : conversations) { + if (conv.getPackets().size() == 0) { + // Skip conversations with no payload packets. + continue; + } + StringBuilder sb = new StringBuilder(); + for (PcapPacket pp : conv.getPackets()) { + sb.append(pp.length() + " "); + } + result.merge(sb.toString(), 1, (i1, i2) -> i1+i2); + } + return result; + } + + /** + * Given a {@link Conversation}, counts the frequencies of each unique packet length seen as part of the + * {@code Conversation}. + * @param c The {@code Conversation} for which unique packet length frequencies are to be determined. + * @return A mapping from packet length to its frequency. + */ + public static Map countPacketLengthFrequencies(Conversation c) { + Map result = new HashMap<>(); + for (PcapPacket packet : c.getPackets()) { + result.merge(packet.length(), 1, (i1, i2) -> i1 + i2); + } + return result; + } + + /** + * Like {@link #countPacketLengthFrequencies(Conversation)}, but counts packet length frequencies for a collection + * of {@code Conversation}s, i.e., the frequency of a packet length becomes the total number of packets with that + * length across all {@code Conversation}s in {@code conversations}. + * @param conversations The collection of {@code Conversation}s for which packet length frequencies are to be + * counted. + * @return A mapping from packet length to its frequency. + */ + public static Map countPacketLengthFrequencies(Collection conversations) { + Map result = new HashMap<>(); + for (Conversation c : conversations) { + Map intermediateResult = countPacketLengthFrequencies(c); + for (Map.Entry entry : intermediateResult.entrySet()) { + result.merge(entry.getKey(), entry.getValue(), (i1, i2) -> i1 + i2); + } + } + return result; + } + + public static Map countPacketPairFrequencies(Collection pairs) { + Map result = new HashMap<>(); + for (PcapPacketPair ppp : pairs) { + result.merge(ppp.toString(), 1, (i1, i2) -> i1 + i2); + } + return result; + } } -- 2.34.1