From 7e6a00a5a2e03a0a7c2714bb3d4f2bf98976a9e7 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Fri, 31 May 2019 10:33:27 -0700 Subject: [PATCH] Attempting to add router's MAC address as a reference for packet direction in layer 2 matching. --- .../execute_layer2_unb_all_detection.sh | 28 +++++----- .../layer2/Layer2AbstractMatcher.java | 54 +++++++++++++++---- .../layer2/Layer2ClusterMatcher.java | 30 ++++++++--- .../detection/layer2/Layer2RangeMatcher.java | 6 ++- .../layer2/Layer2SequenceMatcher.java | 7 ++- .../layer2/Layer2SignatureDetector.java | 47 +++++++++++----- .../uci/iotproject/util/PcapPacketUtils.java | 14 +++++ 7 files changed, 136 insertions(+), 50 deletions(-) diff --git a/Code/Projects/PacketLevelSignatureExtractor/execute_layer2_unb_all_detection.sh b/Code/Projects/PacketLevelSignatureExtractor/execute_layer2_unb_all_detection.sh index 9186dd3..5fd18d0 100755 --- a/Code/Projects/PacketLevelSignatureExtractor/execute_layer2_unb_all_detection.sh +++ b/Code/Projects/PacketLevelSignatureExtractor/execute_layer2_unb_all_detection.sh @@ -52,7 +52,7 @@ ON_SKIPPED_PACKETS="-1" OFF_SKIPPED_PACKETS="-1" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # PHONE SIDE ON_ANALYSIS="$SIGNATURES_BASE_DIR/blossom-sprinkler/analyses/blossom-sprinkler-onClusters-phone-side.cls" @@ -89,7 +89,7 @@ ON_SKIPPED_PACKETS="-1" OFF_SKIPPED_PACKETS="-1" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # PHONE SIDE ON_ANALYSIS="$SIGNATURES_BASE_DIR/dlink-plug/analyses/dlink-plug-onClusters-phone-side.cls" @@ -106,7 +106,7 @@ ON_SKIPPED_PACKETS="-1" OFF_SKIPPED_PACKETS="-1" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # ====================================================================================================================== @@ -126,7 +126,7 @@ ON_SKIPPED_PACKETS="-1" OFF_SKIPPED_PACKETS="-1" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # ====================================================================================================================== @@ -193,7 +193,7 @@ ON_SKIPPED_PACKETS="-1" OFF_SKIPPED_PACKETS="-1" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # ====================================================================================================================== @@ -257,7 +257,7 @@ ON_SKIPPED_PACKETS="-1" OFF_SKIPPED_PACKETS="-1" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # DEVICE SIDE OUTBOUND (contains only those packets that go through the WAN port, i.e., only the 556, 1293 sequence) ON_ANALYSIS="$SIGNATURES_BASE_DIR/tplink-plug/analyses/tplink-plug-onClusters-device-side.cls" @@ -377,7 +377,7 @@ SIGNATURE_DURATION="1977" EPSILON="10.0" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # ====================================================================================================================== # ==================================================== AMAZON PLUG ===================================================== @@ -407,7 +407,7 @@ SIGNATURE_DURATION="10045" EPSILON="10.0" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # DEVICE SIDE @@ -435,7 +435,7 @@ SIGNATURE_DURATION="7888" EPSILON="10.0" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # DEVICE SIDE ON_ANALYSIS="$SIGNATURES_BASE_DIR/sengled-bulb-intensity/analyses/sengled-bulb-intensity-onClusters-device-side.cls" @@ -462,7 +462,7 @@ SIGNATURE_DURATION="733" EPSILON="10.0" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # ====================================================================================================================== @@ -478,7 +478,7 @@ SIGNATURE_DURATION="1953" EPSILON="10.0" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # ====================================================================================================================== @@ -494,7 +494,7 @@ SIGNATURE_DURATION="2695" EPSILON="10.0" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # ====================================================================================================================== # =============================================== RACHIO SPRINKLER STANDBY ============================================= @@ -509,7 +509,7 @@ SIGNATURE_DURATION="2791" EPSILON="10.0" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # ====================================================================================================================== # ================================================= ROOMBA VACUUM ROBOT ================================================ @@ -537,5 +537,5 @@ SIGNATURE_DURATION="665" EPSILON="10.0" PROGRAM_ARGS="'$PCAP_FILE' '$ON_ANALYSIS' '$OFF_ANALYSIS' '$ON_SIGNATURE' '$OFF_SIGNATURE' '$RESULTS_FILE' '$SIGNATURE_DURATION' '$EPSILON' '$ON_SKIPPED_PACKETS' '$OFF_SKIPPED_PACKETS'" -./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" +#./gradlew run -DmainClass=edu.uci.iotproject.detection.layer2.Layer2SignatureDetector --args="$PROGRAM_ARGS" # ====================================================================================================================== \ No newline at end of file diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2AbstractMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2AbstractMatcher.java index 1621c82..36f1d9d 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2AbstractMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2AbstractMatcher.java @@ -2,8 +2,13 @@ package edu.uci.iotproject.detection.layer2; import edu.uci.iotproject.util.PcapPacketUtils; import org.pcap4j.core.PcapPacket; +import org.pcap4j.util.MacAddress; +import javax.crypto.Mac; +import java.net.InetAddress; +import java.net.UnknownHostException; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; /** @@ -27,12 +32,26 @@ abstract public class Layer2AbstractMatcher { */ protected final boolean[] mPacketDirections; + /** + * Router's WLAN MAC. + */ + protected MacAddress mTrainingRouterWlanMac; + protected MacAddress mRouterWlanMac; + /** * Create a {@code Layer2AbstractMatcher}. * @param sequence The sequence of the signature. + * @param routerWlanMac The router's WLAN MAC (used for determining the direction of packets). */ - public Layer2AbstractMatcher(List sequence) { + public Layer2AbstractMatcher(List sequence, String trainingRouterWlanMac, String routerWlanMac) { mPacketDirections = new boolean[sequence.size()]; + if (mTrainingRouterWlanMac != null && mRouterWlanMac != null) { + mTrainingRouterWlanMac = MacAddress.getByName(trainingRouterWlanMac); + mRouterWlanMac = MacAddress.getByName(routerWlanMac); + } else { + mTrainingRouterWlanMac = null; + mRouterWlanMac = null; + } // Compute packet directions for sequence. for (int i = 0; i < sequence.size(); i++) { if (i == 0) { @@ -56,16 +75,31 @@ abstract public class Layer2AbstractMatcher { * @return The direction of {@code currPkt}. */ protected boolean getPacketDirection(PcapPacket prevPkt, boolean prevPktDirection, PcapPacket currPkt) { - if (prevPkt == null) { - // By definition, use true as direction marker for first packet - return true; - } - if (PcapPacketUtils.getEthSrcAddr(prevPkt).equals(PcapPacketUtils.getEthSrcAddr(currPkt))) { - // Current packet goes in same direction as previous packet. - return prevPktDirection; + + // No Router's WLAN MAC is given; no reference for direction + if (mTrainingRouterWlanMac == null && mRouterWlanMac == null) { + if (prevPkt == null) { + // By definition, use true as direction marker for first packet + return true; + } + + if (PcapPacketUtils.getEthSrcAddr(prevPkt).equals(PcapPacketUtils.getEthSrcAddr(currPkt))) { + // Current packet goes in same direction as previous packet. + return prevPktDirection; + } else { + // Current packet goes in opposite direction of previous packet. + return !prevPktDirection; + } } else { - // Current packet goes in opposite direction of previous packet. - return !prevPktDirection; + // If we determine direction based on Router's WLAN MAC (only for traffic with + // 1) We assign true for the packet if the source is router (meaning S->C direction). + // 2) We assign false for the packet if the source is device (meaning C->S direction). + if (PcapPacketUtils.getEthSrcAddr(currPkt).equals(mTrainingRouterWlanMac) || + PcapPacketUtils.getEthSrcAddr(currPkt).equals(mRouterWlanMac)) { + return true; + } else { + return false; + } } } diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java index 03733f4..0bfc6b2 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java @@ -52,19 +52,28 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye private int mLimitSkippedPackets; + /** + * Router's WLAN MAC. + */ + private String mTrainingRouterWlanMac; + private String mRouterWlanMac; + /** * Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members. * @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for. */ - public Layer2ClusterMatcher(List> cluster, int inclusionTimeMillis, + public Layer2ClusterMatcher(List> cluster, String trainingRouterWlanMac, String routerWlanMac, int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets) { // Consider all flows if no flow filter specified. - this(cluster, flow -> true, inclusionTimeMillis, isRangeBased, eps, limitSkippedPackets); + this(cluster, trainingRouterWlanMac, routerWlanMac, flow -> true, inclusionTimeMillis, isRangeBased, eps, + limitSkippedPackets); } /** * Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members. * @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for. + * @param trainingRouterWlanMac The training router's WLAN MAC (used for determining the direction of packets). + * @param routerWlanMac The target trace router's WLAN MAC (used for determining the direction of packets). * @param flowFilter A filter that defines what {@link Layer2Flow}s the new {@link Layer2ClusterMatcher} should * search for {@code cluster}'s members in. If {@code flowFilter} returns {@code true}, the flow * will be included (searched). Note that {@code flowFilter} is only queried once for each flow, @@ -75,10 +84,13 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye * @param isRangeBased The boolean that decides if it is range-based vs. strict matching. * @param eps The epsilon value used in the DBSCAN algorithm. */ - public Layer2ClusterMatcher(List> cluster, Function flowFilter, - int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets) { + public Layer2ClusterMatcher(List> cluster, String trainingRouterWlanMac, String routerWlanMac, + Function flowFilter, int inclusionTimeMillis, boolean isRangeBased, + double eps, int limitSkippedPackets) { super(cluster, isRangeBased); mFlowFilter = flowFilter; + mTrainingRouterWlanMac = trainingRouterWlanMac; + mRouterWlanMac = routerWlanMac; mRangeBased = isRangeBased; mEps = eps; mInclusionTimeMillis = @@ -108,7 +120,8 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye Layer2SequenceMatcher[][] matchers = new Layer2SequenceMatcher[mCluster.size()][mCluster.get(0).size()]; // Prepare a "state 0" sequence matcher for each sequence variation in the cluster. for (int i = 0; i < matchers.length; i++) { - matchers[i][0] = new Layer2SequenceMatcher(mCluster.get(i), mInclusionTimeMillis); + matchers[i][0] = new Layer2SequenceMatcher(mCluster.get(i), mInclusionTimeMillis, mTrainingRouterWlanMac, + mRouterWlanMac); } // Associate the new sequence matcher table with the new flow mPerFlowSeqMatchers.put(flow, matchers); @@ -152,7 +165,8 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye // We always want to have a sequence matcher in state 0, regardless of if the one that advanced // from state zero completed its matching or if it replaced a different one in state 1 or not. if (sm.getMatchedPacketsCount() == 1) { - matchers[i][j] = new Layer2SequenceMatcher(sm.getTargetSequence(), mInclusionTimeMillis); + matchers[i][j] = new Layer2SequenceMatcher(sm.getTargetSequence(), mInclusionTimeMillis, + mTrainingRouterWlanMac, mRouterWlanMac); } } } @@ -187,7 +201,7 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye List listMatchers = new ArrayList<>(); // Prepare a "state 0" sequence matcher. Layer2RangeMatcher matcher = new Layer2RangeMatcher(mCluster.get(0), mCluster.get(1), - mInclusionTimeMillis, mEps); + mInclusionTimeMillis, mEps, mTrainingRouterWlanMac, mRouterWlanMac); listMatchers.add(matcher); // Associate the new sequence matcher table with the new flow. mPerFlowRangeMatcher.put(flow, listMatchers); @@ -205,7 +219,7 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye // Add the new matcher into the list if (addOneArray) { Layer2RangeMatcher newMatcher = new Layer2RangeMatcher(mCluster.get(0), mCluster.get(1), - mInclusionTimeMillis, mEps); + mInclusionTimeMillis, mEps, mTrainingRouterWlanMac, mRouterWlanMac); listMatchers.add(newMatcher); } // Present packet to the sequence matchers. diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java index 97fa072..298a0ab 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2RangeMatcher.java @@ -31,12 +31,14 @@ public class Layer2RangeMatcher extends Layer2AbstractMatcher { * @param lowerBound The lower bound of the sequence to match against (search for). * @param upperBound The upper bound of the sequence to match against (search for). * @param eps The epsilon value used in the DBSCAN algorithm. + * @param trainingRouterWlanMac The training router's WLAN MAC (used for determining the direction of packets). + * @param routerWlanMac The target trace router's WLAN MAC (used for determining the direction of packets). */ public Layer2RangeMatcher(List lowerBound, List upperBound, - int inclusionTimeMillis, double eps) { + int inclusionTimeMillis, double eps, String trainingRouterWlanMac, String routerWlanMac) { // TODO: Just use the lower bound since both lower and upper bounds' packets essentially have the same direction // TODO: for the same position in the array. Both arrays also have the same length. - super(lowerBound); + super(lowerBound, trainingRouterWlanMac, routerWlanMac); mLowerBound = lowerBound; mUpperBound = upperBound; mEps = eps; diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java index 99aabf5..b5c3f66 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java @@ -28,9 +28,12 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher { /** * Create a {@code Layer2SequenceMatcher}. * @param sequence The sequence to match against (search for). + * @param trainingRouterWlanMac The training router's WLAN MAC (used for determining the direction of packets). + * @param routerWlanMac The target trace router's WLAN MAC (used for determining the direction of packets). */ - public Layer2SequenceMatcher(List sequence, int inclusionTimeMillis) { - super(sequence); + public Layer2SequenceMatcher(List sequence, int inclusionTimeMillis, String trainingRouterWlanMac, + String routerWlanMac) { + super(sequence, trainingRouterWlanMac, routerWlanMac); mSequence = sequence; // Compute packet directions for sequence. for (int i = 0; i < sequence.size(); i++) { diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java index e640fff..cc3a128 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java @@ -39,6 +39,17 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb */ private static boolean DUPLICATE_OUTPUT_TO_STD_OUT = true; + /** + * Router's MAC. + * This is only useful for the filter for direction when it is a WAN signature (Phone-Cloud or Device-Cloud). + * Phone-Device signatures do not have router MAC address in it. + */ + // TODO: MAKE THESE INPUT PARAMETERS + private static String TRAINING_ROUTER_WLAN_MAC = "b0:b9:8a:73:69:8e"; + private static String ROUTER_WLAN_MAC = "00:c1:b1:14:eb:31"; + //private static String TRAINING_ROUTER_WLAN_MAC = null; + //private static String ROUTER_WLAN_MAC = null; + private static List> parseSignatureMacFilters(String filtersString) { List> filters = new ArrayList<>(); String[] filterRegexes = filtersString.split(";"); @@ -151,13 +162,15 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb offSignature = PcapPacketUtils.useRangeBasedMatching(offSignature, offClusterAnalysis); } Layer2SignatureDetector onDetector = onSignatureMacFilters == null ? - new Layer2SignatureDetector(onSignature, signatureDuration, isRangeBasedForOn, eps, onMaxSkippedPackets) : - new Layer2SignatureDetector(onSignature, onSignatureMacFilters, signatureDuration, - isRangeBasedForOn, eps, onMaxSkippedPackets); + new Layer2SignatureDetector(onSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, signatureDuration, + isRangeBasedForOn, eps, onMaxSkippedPackets) : + new Layer2SignatureDetector(onSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, + onSignatureMacFilters, signatureDuration, isRangeBasedForOn, eps, onMaxSkippedPackets); Layer2SignatureDetector offDetector = offSignatureMacFilters == null ? - new Layer2SignatureDetector(offSignature, signatureDuration, isRangeBasedForOff, eps, offMaxSkippedPackets) : - new Layer2SignatureDetector(offSignature, offSignatureMacFilters, signatureDuration, - isRangeBasedForOff, eps, offMaxSkippedPackets); + new Layer2SignatureDetector(offSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, signatureDuration, + isRangeBasedForOff, eps, offMaxSkippedPackets) : + new Layer2SignatureDetector(offSignature, TRAINING_ROUTER_WLAN_MAC, ROUTER_WLAN_MAC, offSignatureMacFilters, + signatureDuration, isRangeBasedForOff, eps, offMaxSkippedPackets); final List detectedEvents = new ArrayList<>(); onDetector.addObserver((signature, match) -> { UserAction event = new UserAction(UserAction.Type.TOGGLE_ON, match.get(0).get(0).getTimestamp()); @@ -244,13 +257,18 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb private int mMaxSkippedPackets; private List mSkippedPackets; - public Layer2SignatureDetector(List>> searchedSignature, int signatureDuration, - boolean isRangeBased, double eps, int limitSkippedPackets) { - this(searchedSignature, null, signatureDuration, isRangeBased, eps, limitSkippedPackets); + + + public Layer2SignatureDetector(List>> searchedSignature, String trainingRouterWlanMac, + String routerWlanMac, int signatureDuration, boolean isRangeBased, double eps, + int limitSkippedPackets) { + this(searchedSignature, trainingRouterWlanMac, routerWlanMac, null, signatureDuration, isRangeBased, + eps, limitSkippedPackets); } - public Layer2SignatureDetector(List>> searchedSignature, List> flowFilters, int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets) { + public Layer2SignatureDetector(List>> searchedSignature, String trainingRouterWlanMac, + String routerWlanMac, List> flowFilters, + int inclusionTimeMillis, boolean isRangeBased, double eps, int limitSkippedPackets) { if (flowFilters != null && flowFilters.size() != searchedSignature.size()) { throw new IllegalArgumentException("If flow filters are used, there must be a flow filter for each cluster " + "of the signature."); @@ -260,9 +278,10 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb for (int i = 0; i < mSignature.size(); i++) { List> cluster = mSignature.get(i); Layer2ClusterMatcher clusterMatcher = flowFilters == null ? - new Layer2ClusterMatcher(cluster, inclusionTimeMillis, isRangeBased, eps, limitSkippedPackets) : - new Layer2ClusterMatcher(cluster, flowFilters.get(i), inclusionTimeMillis, isRangeBased, - eps, limitSkippedPackets); + new Layer2ClusterMatcher(cluster, trainingRouterWlanMac, routerWlanMac, inclusionTimeMillis, + isRangeBased, eps, limitSkippedPackets) : + new Layer2ClusterMatcher(cluster, trainingRouterWlanMac, routerWlanMac, flowFilters.get(i), + inclusionTimeMillis, isRangeBased, eps, limitSkippedPackets); clusterMatcher.addObserver(this); clusterMatchers.add(clusterMatcher); } diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/util/PcapPacketUtils.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/util/PcapPacketUtils.java index edfbb9c..68e7def 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/util/PcapPacketUtils.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/util/PcapPacketUtils.java @@ -13,6 +13,7 @@ import org.pcap4j.packet.TcpPacket; import org.pcap4j.util.MacAddress; import java.io.PrintWriter; +import java.math.BigInteger; import java.util.*; /** @@ -847,4 +848,17 @@ public final class PcapPacketUtils { // Sequence index starts from 0 signatures.remove(sequenceIndex); } + + /** + * Convert a String MAC address into a byte array. + * + * @param macAddress A String that contains a MAC address to be converted into byte array. + */ + public static byte[] stringToByteMacAddress(String macAddress) { + + BigInteger biMacAddress = new BigInteger(macAddress, 16); + byte[] byteMacAddress = biMacAddress.toByteArray(); + // Return from 1 to 6 since element 0 is 0 because of using BigInteger's method. + return Arrays.copyOfRange(byteMacAddress, 1, 7); + } } -- 2.34.1