From 977a0a5efeea4a210e5d08c8aa7a43e474bba05e Mon Sep 17 00:00:00 2001 From: Janus Varmarken Date: Thu, 2 Aug 2018 16:37:29 -0700 Subject: [PATCH] TrafficLabeler.java: implemented support for exporting the labeled traffic in different representations (for example as reassembled TCP conversations). Main.java: invoke TrafficLabeler to get the set of TCP conversations per user action. TriggerTrafficExtractor.java: change inclusion interval to 10 seconds. --- .../main/java/edu/uci/iotproject/Main.java | 20 ++++--- .../iotproject/analysis/TrafficLabeler.java | 54 ++++++++++++++++++- .../analysis/TriggerTrafficExtractor.java | 2 +- 3 files changed, 66 insertions(+), 10 deletions(-) diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java index a687cac..f37719a 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java @@ -42,16 +42,16 @@ public class Main { // final String deviceIp = "192.168.1.246"; // .246 == phone; .199 == dlink plug? // TP-Link July 25 experiment -// final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink.wlan1.local.pcap"; -// final String outputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink-processed.pcap"; -// final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink-july-25-2018.timestamps"; -// final String deviceIp = "192.168.1.159"; + final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink.wlan1.local.pcap"; + final String outputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink-processed.pcap"; + final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/tplink/tplink-july-25-2018.timestamps"; + final String deviceIp = "192.168.1.159"; // Wemo July 30 experiment - final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemo/wemo.wlan1.local.pcap"; - final String outputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemo/wemo-processed.pcap"; - final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemo/wemo-july-30-2018.timestamps"; - final String deviceIp = "192.168.1.145"; +// final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemo/wemo.wlan1.local.pcap"; +// final String outputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemo/wemo-processed.pcap"; +// final String triggerTimesFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-07/wemo/wemo-july-30-2018.timestamps"; +// final String deviceIp = "192.168.1.145"; // TP-Link BULB August 1 experiment // final String inputPcapFile = "/Users/varmarken/temp/UCI IoT Project/experiments/2018-08/tplink-bulb/tplink-bulb.wlan1.local.pcap"; @@ -105,6 +105,10 @@ public class Main { final Map> pktPairFreqsByHostname = TcpConversationUtils.countPacketPairFrequenciesByHostname(allConversations, dnsMap); System.out.println("Counted frequencies of packet pairs per hostname"); + // For each user action, reassemble the set of TCP connections occurring shortly after + final Map> userActionToConversations = trafficLabeler.getLabeledReassembledTcpTraffic(); + System.out.println("Reassembled TCP conversations occurring shortly after each user event"); + // ------------------------------------------------------------------------------------------------------------- // ------------------------------------------------------------------------------------------------------------- } diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TrafficLabeler.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TrafficLabeler.java index 226f67f..2de59c3 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TrafficLabeler.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TrafficLabeler.java @@ -1,10 +1,13 @@ package edu.uci.iotproject.analysis; +import edu.uci.iotproject.Conversation; +import edu.uci.iotproject.TcpReassembler; import org.pcap4j.core.PacketListener; import org.pcap4j.core.PcapPacket; import java.time.Instant; import java.util.*; +import java.util.function.Function; /** * A {@link PacketListener} that marks network traffic as (potentially) related to a user's actions by comparing the @@ -66,10 +69,59 @@ public class TrafficLabeler implements PacketListener { /** * Get the total number of packets labeled by this {@code TrafficLabeler}. + * * @return the total number of packets labeled by this {@code TrafficLabeler}. */ public long getTotalPacketCount() { return mPackets; } -} + /** + * Get the labeled traffic. + * + * @return A {@link Map} in which a {@link UserAction} points to a {@link List} of {@link PcapPacket}s believed to + * be related (occurring as a result of) that {@code UserAction}. + */ + public Map> getLabeledTraffic() { + return Collections.unmodifiableMap(mActionToTrafficMap); + } + + /** + * Like {@link #getLabeledTraffic()}, but allows the caller to supply a mapping function that is applied to + * the traffic associated with each {@link UserAction} (the traffic label) before returning the labeled traffic. + * This may for example be useful for a caller who wishes to perform some postprocessing of labeled traffic, e.g., + * in order to perform additional filtering or to transform the representation of labeled traffic. + *

+ * An example usecase is provided in {@link #getLabeledReassembledTcpTraffic()} which uses this function to + * build a {@link Map} in which a {@link UserAction} points to the reassembled TCP connections believed to have + * occurred as a result of that {@code UserAction}. + *

+ * + * @param mappingFunction A mapping function that converts a {@link List} of {@link PcapPacket} into some other type + * {@code T}. + * @param The return type of {@code mappingFunction}. + * @return A {@link Map} in which a {@link UserAction} points to the result of applying {@code mappingFunction} to + * the set of packets believed to be related (occurring as a result of) that {@code UserAction}. + */ + public Map getLabeledTraffic(Function, T> mappingFunction) { + Map result = new HashMap<>(); + mActionToTrafficMap.forEach((ua, packets) -> result.put(ua, mappingFunction.apply(packets))); + return result; + } + + + /** + * Get the labeled traffic reassembled as TCP connections (note: discards all non-TCP traffic). + * + * @return A {@link Map} in which a {@link UserAction} points to a {@link List} of {@link Conversation}s believed to + * be related (occurring as a result of) that {@code UserAction}. + */ + public Map> getLabeledReassembledTcpTraffic() { + return getLabeledTraffic(packets -> { + TcpReassembler tcpReassembler = new TcpReassembler(); + packets.forEach(p -> tcpReassembler.gotPacket(p)); + return tcpReassembler.getTcpConversations(); + }); + } + +} \ No newline at end of file diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TriggerTrafficExtractor.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TriggerTrafficExtractor.java index 594fa2b..ab783a7 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TriggerTrafficExtractor.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/analysis/TriggerTrafficExtractor.java @@ -26,7 +26,7 @@ public class TriggerTrafficExtractor implements PcapPacketFilter { */ private long mIncludedPackets = 0; - public static final int INCLUSION_WINDOW_MILLIS = 20_000; + public static final int INCLUSION_WINDOW_MILLIS = 10_000; public TriggerTrafficExtractor(String pcapFilePath, List triggerTimes, String deviceIp) throws PcapNativeException, NotOpenException { mPcapFilePath = pcapFilePath; -- 2.34.1