From 9090e55e333dc790a12346485c7448b7d22ae3c7 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Thu, 3 May 2018 17:02:16 -0700 Subject: [PATCH] Adding pre-processing for training set---we take packet lengths directly from a training set pcap file for FlowPattern. --- .../pcap/TP_LINK_LOCAL_OFF.pcap | Bin 0 -> 9599 bytes .../{local.on.pcap => TP_LINK_LOCAL_ON.pcap} | Bin ...g.pcap => TP_LINK_REMOTE_CHARGING_ON.pcap} | Bin ...{remote.on.pcap => TP_LINK_REMOTE_ON.pcap} | Bin .../java/edu/uci/iotproject/FlowPattern.java | 83 +++++++++++++++++- .../edu/uci/iotproject/FlowPatternFinder.java | 3 +- .../main/java/edu/uci/iotproject/Main.java | 9 +- 7 files changed, 91 insertions(+), 4 deletions(-) create mode 100644 Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_OFF.pcap rename Code/Projects/SmartPlugDetector/pcap/{local.on.pcap => TP_LINK_LOCAL_ON.pcap} (100%) rename Code/Projects/SmartPlugDetector/pcap/{remote.on.charging.pcap => TP_LINK_REMOTE_CHARGING_ON.pcap} (100%) rename Code/Projects/SmartPlugDetector/pcap/{remote.on.pcap => TP_LINK_REMOTE_ON.pcap} (100%) diff --git a/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_OFF.pcap b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_OFF.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b30fad96ad9c15b50e728ec16e74e37299adb9e7 GIT binary patch literal 9599 zcmds-2|QHa|M2gfg)#PB*0IZa2Za!_Wyum*lAY}PmXe*cC`E)YmMkedsn8TkC21!V zQdx?mP{jY7y7NBU=e*Ck=k&0>t`G%afS*4Y0E90Vb|&n6 zxsx6+gg+yx=Hj6cucKx+t|$o5-~e3!P_vrU1T?8qLdoS|!JVbs+>dU8mr2|V(Floz z;^TzJb#kEGQaY_k^w*y_&_D)fKU-Sc=^%Ie4{5v zV0sLRC5WI&_(_gC?5={)VKNRO8~V`$Ti~3K^hcQ$t)?ht-uGLXV_#S2pJ*rWzqxsD1efFC!$oW-XO%}u)h+yXgxc9eh^O~L=H5Ff*TlIMx!UhP{wy$ zJ)!;khsUS$a!#?ea>u-T!q%d4JJ+5jhRYQI_K+d6G+BZyLS`f5fnuNl@BzF56+jtC z0S=Jm$+BcgvKX0>j0N%lbzlRKNR}f@k;TcvWL7c_Pz2-y9&l4C0P;W%kPUa54w*=n zA+INkk{QSt;548H$N`yv7C=pAA>#lJfR#*7Mgw?Y6)vD1+<;v0J%H6c+}%GkL^d?g z*UR50*jd&!zz?7WFlYd-2_8^{=?nlpunxXQ2Y-VGzQ+M@0yuyQpa$3gb~w1O01Lnh z*BS+&0Y-ocV1}P30Q^)S6^aUt1+geB8Utcb7&to6C^Q-cqEIO0Nf1;Bg^R%s^uT}r zfAoWdRcXo3K>cF~D2~=3Ltty;Z$luJ#Lbi#%LIfErG5=7IHWeg;eQGtVw&iINi0A~ zzZ0>8qqPW8o9;g&hIjlRsv<-VG#W63!(I=KCMT+e-(5Nm29j^h<=&~_?z1P<%~nXc zzCM{4QpRbr1d!zbfFJ1}ByfQ5!2$Oj4bC$(G*FHxON4POBwB#wG{BM#U=^WwECj`4 zxJZ=FrU7~nZGNEB?^O)ZQ_)B!Z%tmH2SHja0L3*BX(1Xa^bQOaD{6-YkqKfzE^w^W zTESj>1N@zdtPnGDhnf{{;TjMc8sg^c>rUi`xR9H8R%ZPG9cMSUNF->b2?qYIvP2n3 z3i%x^s|ZrIO>%Os?!j<)djzNWDQjVwq5s}BytdjZx1PY5_;qDq1 z>`u^zzvs2v%hfs5ouCyK>KPF16&gv9A?V9P{G9YeB}f5MkXMk0AZRBiJ^arG1>(0$ zNR22634ARDmrj76vzI?XJHS6QIKY=+a|2ZerZClCvu z<3UCMzK=)6gCNk#)jY5=Eh0BN=6ExMe%Z2l(O$H3CZt4^ncn8@o4L7NWy}t5 z%Iw7qN>0jdd_v{OEG?n%xSYLDq*$%fC$`bMQ19g#wbyRLih>LJOE+#NM%jF{ds)m) z6igq<8eIq}I$eM6@v#@_Iu2ASY_kIg91TB{sSnFMpSlhF|)<4j6N zSQ)AAleXb4KAuI9%`(ItWoDC$UEv%3avq<(p5?SR;U&kM*R#~mp7v(jyU)kfWZmS_ zT~Rn{vuhzz-u-3P3(Zfp12_wt{HoC_;@-POC!jd2*POLR+b5oszeL$zS|HYEBSRfuY~BMu8ks-+4cS=|7D{2uDTb5l082Kq&k> z0t7MMkS8Sa{Tc$3xxOI-Ttfoalo8VW@f0dq@xPHVrE+k!LMcJZCye2OIAYl}ueFLF z?N&^HiWHtK`PRQ{kdEzv#F2V4V+as`{BL0!PxtE#^0gxvFdP`Rqz{fj;?x7hs1>`n zy9qnh*N=^#`Zc~`55Vya0`?4#?}f#lowZfkH+_yPa*rgFZ^pJ8FYICjV{}wx+7WL#HZ7;7z%?yu}_SETOI-%7*20>o4JWR@l(oOvzz^(fV zOV5m8&x`s*mWP|(vEOWHa*&%859U6EU9k;^gb=?_+ z5!It1n&B7x=YzJrbr*~>lWfKh%1&qBz#WUez9RCv_M+c;PI?1}ds0`2(nPO6-@;7D zT$ZKbYdiR5>GmR!P4L1{Fe)WGge;vjAv}?^jwBh?) zvY@%v{A&fA@PAyuL`V(}64lE>+!mpSAuTB&HO5_)Z zZ!h~;2O#hg&zQsK~zJ?crz@+ZE)|R0DvjM=sz#V8)q^YB^{vzLu-L;N9 zC)L_I?c;qV3MP~FkHt;Tiyk_2{llZ)(yCCbn{`T~&W?vNlAAU!Hn&d5<53xI9UPm? zW(})eM=Dg)5vXIvpJP<6d7*q=w||bf%F`8kpzC5fmzm`TBQKK{)dvQ$0)toYZ(sT@ za&B1U91tU-7K+HR5E@qWT3LfszbNIeYCXY z{H{k>suGace^II%5Uc8AK65hy1Jc$=^hYi}p=t>QZjbtVlCjEp#-+%=m6TokDff>{w~Yf;Ew+ ztz}GZVDZueyWxh{uOeL-=!%|ryM_=OKbCJTQN_s=*{3~eh!Qnrwt_mEbn^B|=e=}z zHAClo_R5$f&vasbbHe_s+C4gDtbz2$1wM4Ko=m<^_^Pr)3U6y=!Z(TyVx|ffoCVki4+Ko> zWlEec6x)xdDU-z%r?xD%U?32{#KEH64~x?Mt0>Vtui1ZVD9ClK*S@XC@T^>xp6-Mn zV$u%|2n+nSaQx;i+F!h-?du#8LXiJOU0wnHKNo|Pb)X_dg#Y~NEd}V?B^39+u`6PJ zuYWdwJ;nU^wdNlk`fmQ({cFwt_XYF+z}NpuY*&I@aI>Fn6&HAJauqMc8rVz-C9sxu z60||p#MxI#1_k1i^NBnrq=tdOQ#a(nTI^zj?|&sw--#M#`e(go~HCDAt))Jg?6U!^K+Zx zav0Wk@>WdP^Ec(^LwJ>**_7BNBl~XoH%TtqqKYUhaqxJ9YM`Wsf9?3`6mWmR!%qVi zeolE;q+i=qHaqGq_jK@})o7*+h`YS>>WB5ei;WW&8|!~ZY=8CEuVTC3QFH(JLu2Nk zdgt5fg)2kl-Va~=55*?`RcunwdPtlkN)k>M{Jv!TtJwZ;Tg{f%qV+^FbD7A#w|2z4 zd;-3Koz4DjCYR^ivdl)Hm`f77Tr#e`h*nrw+7g~LaFX|kkWCm3U5dMh3Z8?elcbzg z(kYy-(ZE#-Qt2FjQRXGyuv0W<(*^lELy4=B%Ig(MhCJ$$Rti%Hyk-Zx1|{dWpp}eY zr96LBE%Ls${dsreo8fGS3kH@1wG1x08@$`O3`+b)>TPIm_Pyz^;*~!t5lBC}Qp%a1 z$k=KfSif^ZfRt=;c_wPri*|Tx`-ODcF1%&OIeRt_CEr_Tv;F}`T5?CN?M33M zv$9Snp7%YcWW0OM`8YFStPLvITe6;}W<=4^ErLta{P_{6v>L!*V5`Azd8qMk%Rk^( zr(xl@<$sscAVp}SybAn=yHTF97W?(`-&2Tqknn5ezrF&~Bd@?X$}8}*yeE^^Tn2@9 zQ%@YXCQr5vt&Yuj@P2UjthWv#IYeB3n`f6diCUGadkN;V4z#GdrY%vW$;5D4CAQp%~} ze(J=4q`!U9O3E?2dRH$56SC)|6I9qxlps@);f-rx~>_A5c=te)|~ms zQ!TaB9!2c*i22iD^Jk+0O8R}b2Yq<70WrVs&b8(rPokKg3kc5}UTgj#lFfCUefZ5T z5{{R&s4Z;nGDj#wqjOZ~deic5mx;$zwV z_DrEiiTl4LPU1n}+xtJ}+nVv0{UvzBP~I!$jppiZZ9cxta=noH$k7Or0u|e?G=8oH zT&X&K-KPVw%>G_unVit7;&Int<>_u-u$V7HqJ%iVx5M(u{7a$@x~RLyWgtU0r16UG zO_9b&@u>5{kzT3IP1}0z8sAb79_LLtn|D~tpW`Os<-zsNiFS1TMhE_&tN9pjr&+$Fz5P=M)K!OD`LW&&#(U4rPTXfOi{L)> zgqaF{Q>SuEH*eHfZryPqx2orwY2}37zHRY>?Tc|tuTNRnysgqmeUK9?dvl6Tvwn28 zKR%3WLn?6D==>>{BLEc_1QqC$B4nCMoT8G&cD@(CMNcby&? zoda98=pSWxkavtW&d8sR~@izhBexGfL6i=?|fWJ}49Q=qA2Of6-mDmi45F-hBd zQji$%XlU?Q_(2!Nr&4|+CA3&!*>ottMrlXZRa92?)9u;J2O{RV&)WqNc}KUfpRJrT zqp89z^4_TIv7WZ==`Falal!QI=s3w(PU-gJwytyisEI)-)FYG3%+5{UgGK`sACoTd=>{7D=gie=(xzP#`!G3%d+GZbRPpTzN`SSDVlnzBEME&oh> zMomEq>J>J z;Bz7^%oA~wqxcMzts>N0vTPPOdQr*_r3=8J&h zPDa0B1y7_9-rQf$+P1)j_@h@8t=?1m`L{DdX6<~VH;hO>m!A01D~(7&5Te$40FZ(E z8cDwsQ36(T2r)TjZ9jh_!u@PC{)5h^H5o+VxCI7trNPxC^^IX!hFsq(PUTq-HlI_ z4_m}kez0!%GWy74_o_!_neEnXQPoy@_;*(_=14F0ERH#Hhw)5Uh*0m!mMQTUdA_~q zRE*tibIXovAt6{)`Qw@c=M_k-m~i$lH+d0`xB*Yr6m7e1NXDX z(wf*<@cYxLldSnkH!%*OW!B!gpPX4A(qJ26cJq8O;k;7ReYSrY|5)Qo1o!rl!VlfT zQ&C~*I#+J9-RL&zrrToIuzH4sx2h=|wZ8p%F;zZi@M!Iug|J>J)mLQ2FNV!`c2R^8vFfAIyhmfpL6+<^)tR0b4)gx%&yIwZN6yZW!>{%FK91d= za3@M&hB0kFbrWE!b@x6u+QOyvUFseSDzfbfNu?VBb8!UKyxNXvpMwPh7tXQ@dKMN& z*eZ?Fcpr0g=ndbOyD5A#+5Zz#~(!rUcJ96)LobS7 zYm3H!k`3{!`xbgsuG8JB@oIZ`o+NF`wFa7q6LE_U2)6jw? zuZJ(Y_1ISgjm0s7EEQN`^0Q2JQobp}M@c4D$NyN~z;pSFxC9fwCIzD6n9eH6x!EjrVwn@(suNx8 zx1-iPk!HPLN92SQdwdbmIETj6O}DMTC|YqF|A~|Lq!SKvct5f-wq7kv9S>|aRe7H2 zI^#EFrXNYo&~x2$466|yeWAHIq21`iCr3W%_oB1!8di@e=htq|+g5OX#U)5*>Einx z2L{~?h29qj*|+oao4rxUwf}?^R7ccNFPwmyNVq_qMM3EjgK|Y4-E0 zLg~jB)*ny2k#ucZlUyIjs!%O>Ja)7Db>liFbn7ZzN@qyt4HFBetFLmaBfBrgujUW( z^O8B{gq7naCr?bs2y{R#yp8oKkrQ$sorl_a#!4kPoa%?tHw|T3vF~9sk#Fk)X}0mQ zWNsmB$Rnkm*k{ealPpul*(KYUJ45#}$yIa7RhZlOfs%~tS=k0|53i@$`B8w+jJEOM zsxf-JrxAOOxV=`;(_n z8uC@OaSZI<(h(%^X&5rQSZ;tGF)F~2HuS6E=5-fS>)}mKaX^?nHhc0!m4Kv*MvZze zVIuB@dg8u&)mc|YqH02Q?O%X1Kti;Yx`5v84l&WYS8ddoVwiVK)e|fZj+SdMg0>4^ zWNxuf8!GON%A$R&7_n3r;jbp2eabu~FZn_Ix#$9_v*GRXGeKe*Q408qH&G@oDBM({$tEXN`^tdWw?!! zA+r#Ur1~SnaU?^87!Lg;{%%GK*B?KZ@FEVyzyrl|7d1Kt9eST1AnWv30!M-WO+hTSyStsNExpy|0MpU)|V({ Uto*Hv>~O73D79{1Q^xWC0H#3KjQ{`u literal 0 HcmV?d00001 diff --git a/Code/Projects/SmartPlugDetector/pcap/local.on.pcap b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_ON.pcap similarity index 100% rename from Code/Projects/SmartPlugDetector/pcap/local.on.pcap rename to Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_ON.pcap diff --git a/Code/Projects/SmartPlugDetector/pcap/remote.on.charging.pcap b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_REMOTE_CHARGING_ON.pcap similarity index 100% rename from Code/Projects/SmartPlugDetector/pcap/remote.on.charging.pcap rename to Code/Projects/SmartPlugDetector/pcap/TP_LINK_REMOTE_CHARGING_ON.pcap diff --git a/Code/Projects/SmartPlugDetector/pcap/remote.on.pcap b/Code/Projects/SmartPlugDetector/pcap/TP_LINK_REMOTE_ON.pcap similarity index 100% rename from Code/Projects/SmartPlugDetector/pcap/remote.on.pcap rename to Code/Projects/SmartPlugDetector/pcap/TP_LINK_REMOTE_ON.pcap diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPattern.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPattern.java index a083e49..fb0433c 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPattern.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPattern.java @@ -1,10 +1,20 @@ package edu.uci.iotproject; +import org.pcap4j.core.*; +import org.pcap4j.packet.*; +import org.pcap4j.packet.DnsPacket; +import org.pcap4j.packet.namednumber.DnsResourceRecordType; + import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; +import java.io.EOFException; +import java.net.UnknownHostException; +import java.util.concurrent.TimeoutException; /** * TODO add class documentation. @@ -25,24 +35,95 @@ public class FlowPattern { public static final FlowPattern TP_LINK_LOCAL_ON; + /** + * Class properties + */ private final String patternId; /** * The hostname that this {@code FlowPattern} is associated with. */ - private final String hostname; + private final String hostname; // The hostname that this {@code FlowPattern} is associated with. /** * The order of packet lengths that defines this {@link FlowPattern} * TODO: this is a simplified representation, we should also include information about direction of each packet. */ private final List flowPacketOrder; + + private final Map> hostnameToPacketOrderMap; + private final PcapHandle pcap; + + /** + * Class constants + */ + + /** + * Constructor #1 + */ + public FlowPattern(String patternId, String hostname, PcapHandle pcap) { + this.patternId = patternId; + this.hostname = hostname; + this.pcap = pcap; + this.hostnameToPacketOrderMap = null; + this.flowPacketOrder = new ArrayList(); + processPcap(); + } + + /** + * Process the PcapHandle to strip off unnecessary packets and just get the integer array of packet lengths + */ + private void processPcap() { + + PcapPacket packet; + try { + while ((packet = pcap.getNextPacketEx()) != null) { + // For now, we only work support pattern search in TCP over IPv4. + IpV4Packet ipPacket = packet.get(IpV4Packet.class); + TcpPacket tcpPacket = packet.get(TcpPacket.class); + if (ipPacket == null || tcpPacket == null) + continue; + if (tcpPacket.getPayload() == null) // We skip non-payload control packets as these are less predictable + continue; + int packetLength = tcpPacket.getPayload().length(); + flowPacketOrder.add(packetLength); + } + } catch (EOFException eofe) { + System.out.println("[ FlowPattern ] Finished processing a training PCAP stream!"); + System.out.println("[ FlowPattern ] Pattern for " + patternId + ": " + Arrays.toString(flowPacketOrder.toArray())); + } catch (PcapNativeException | + TimeoutException | + NotOpenException ex) { + ex.printStackTrace(); + } + } + + /** + * Constructor #2 + * + * @param patternId Label for this pattern + * @param hostname Hostname associated with this pattern + * @param flowPacketOrder List of packets in order + */ public FlowPattern(String patternId, String hostname, List flowPacketOrder) { this.patternId = patternId; this.hostname = hostname; + this.hostnameToPacketOrderMap = null; + this.pcap = null; this.flowPacketOrder = Collections.unmodifiableList(flowPacketOrder); } + + /** + * Constructor #3 + */ + public FlowPattern(String patternId, String hostname, Map> hostnameToPacketOrderMap) { + this.patternId = patternId; + this.hostname = hostname; + this.pcap = null; + this.flowPacketOrder = null; + this.hostnameToPacketOrderMap = Collections.unmodifiableMap(hostnameToPacketOrderMap); + } public String getPatternId() { return patternId; diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java index aff4534..8f52077 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java @@ -36,7 +36,7 @@ public class FlowPatternFinder { private PcapHandle pcap; private FlowPattern pattern; private AtomicBoolean isEoF; - + /* Constructor */ public FlowPatternFinder(PcapHandle _pcap, FlowPattern _pattern) { @@ -217,5 +217,4 @@ public class FlowPatternFinder { return String.format("%s:%d %s:%d", clientIp, clientPort, serverIp, serverPort); } } - } diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java index d727683..94d957d 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java @@ -27,15 +27,22 @@ public class Main { public static void main(String[] args) throws PcapNativeException, NotOpenException, EOFException, TimeoutException, UnknownHostException { //final String fileName = "/users/varmarken/Desktop/wlan1.local.dns.pcap"; final String fileName = "/home/rtrimana/pcap_processing/smart_home_traffic/Code/Projects/SmartPlugDetector/pcap/wlan1.local.remote.dns.pcap"; + final String trainingFileName = "/home/rtrimana/pcap_processing/smart_home_traffic/Code/Projects/SmartPlugDetector/pcap/TP_LINK_LOCAL_OFF.pcap"; // ====== Debug code ====== PcapHandle handle; + PcapHandle trainingPcap; try { handle = Pcaps.openOffline(fileName, PcapHandle.TimestampPrecision.NANO); + trainingPcap = Pcaps.openOffline(trainingFileName, PcapHandle.TimestampPrecision.NANO); } catch (PcapNativeException pne) { handle = Pcaps.openOffline(fileName); + trainingPcap = Pcaps.openOffline(trainingFileName); } - FlowPatternFinder fpf = new FlowPatternFinder(handle, FlowPattern.TP_LINK_LOCAL_ON); + FlowPattern fp = new FlowPattern("TP_LINK_LOCAL_OFF", "events.tplinkra.com", trainingPcap); + + //FlowPatternFinder fpf = new FlowPatternFinder(handle, FlowPattern.TP_LINK_LOCAL_ON); + FlowPatternFinder fpf = new FlowPatternFinder(handle, fp); fpf.start(); // ======================== -- 2.34.1