From 987ea910fed24a1f3f51ded41b6aa98c4e2618ae Mon Sep 17 00:00:00 2001 From: rtrimana Date: Tue, 9 Apr 2019 11:17:10 -0700 Subject: [PATCH] Changing the mechanism to count and correlate skipped packets. --- .../detection/ClusterMatcherObserver.java | 3 +- .../layer2/Layer2AbstractMatcher.java | 12 ----- .../layer2/Layer2ClusterMatcher.java | 44 +++++++++++++++++-- .../layer2/Layer2SequenceMatcher.java | 7 --- .../layer2/Layer2SignatureDetector.java | 38 +++++++++++----- .../layer3/Layer3ClusterMatcher.java | 4 +- .../layer3/Layer3SignatureDetector.java | 2 +- 7 files changed, 70 insertions(+), 40 deletions(-) diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/ClusterMatcherObserver.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/ClusterMatcherObserver.java index 9108858..d67c520 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/ClusterMatcherObserver.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/ClusterMatcherObserver.java @@ -20,8 +20,7 @@ public interface ClusterMatcherObserver { * @param clusterMatcher The {@link AbstractClusterMatcher} that detected a match (i.e., classified traffic as * pertaining to its associated cluster). * @param match The traffic that was deemed to match the cluster associated with {@code clusterMatcher}. - * @param maxSkippedPackets Maximum number of skipped packets. */ - void onMatch(AbstractClusterMatcher clusterMatcher, List match, int maxSkippedPackets); + void onMatch(AbstractClusterMatcher clusterMatcher, List match); } diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2AbstractMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2AbstractMatcher.java index 6a7de57..1621c82 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2AbstractMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2AbstractMatcher.java @@ -27,12 +27,6 @@ abstract public class Layer2AbstractMatcher { */ protected final boolean[] mPacketDirections; - /** - * Keep track of the numbers of skipped packets - */ - protected int mSkippedPackets; - protected int mMaxSkippedPackets; - /** * Create a {@code Layer2AbstractMatcher}. * @param sequence The sequence of the signature. @@ -51,8 +45,6 @@ abstract public class Layer2AbstractMatcher { mPacketDirections[i] = getPacketDirection(prevPkt, prevPktDirection, sequence.get(i)); } } - mSkippedPackets = 0; - mMaxSkippedPackets = 0; } /** @@ -99,10 +91,6 @@ abstract public class Layer2AbstractMatcher { return mMatchedPackets; } - public int getMaxSkippedPackets() { - return mMaxSkippedPackets; - } - /** * Utility for {@code getMatchedPackets().get(getMatchedPackets().size()-1)}. * @return The last matched packet, or {@code null} if no packets have been matched yet. diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java index 159146e..7b576be 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2ClusterMatcher.java @@ -6,6 +6,7 @@ import edu.uci.iotproject.trafficreassembly.layer2.Layer2Flow; import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowReassemblerObserver; import edu.uci.iotproject.detection.AbstractClusterMatcher; import edu.uci.iotproject.trafficreassembly.layer2.Layer2FlowObserver; +import org.jetbrains.annotations.NotNull; import org.pcap4j.core.*; import java.util.ArrayList; @@ -46,6 +47,12 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye private int mInclusionTimeMillis; + /** + * Keeping track of maximum number of skipped packets + */ + //private int mMaxSkippedPackets; + private List mMaxSkippedPackets; + /** * Create a new {@link Layer2ClusterMatcher} that attempts to find occurrences of {@code cluster}'s members. * @param cluster The sequence mutations that the new {@link Layer2ClusterMatcher} should search for. @@ -77,6 +84,8 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye mEps = eps; mInclusionTimeMillis = inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis; + //mMaxSkippedPackets = 0; + mMaxSkippedPackets = new ArrayList<>(); } @Override @@ -119,9 +128,10 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye boolean matched = sm.matchPacket(newPacket); if (matched) { if (sm.getMatchedPacketsCount() == sm.getTargetSequencePacketCount()) { + // Update maximum skipped packets + updateMaxSkippedPackets(flow.getPackets(), sm.getMatchedPackets()); // Sequence matcher has a match. Report it to observers. - mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets(), - sm.getMaxSkippedPackets())); + mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets())); // Remove the now terminated sequence matcher. matchers[i][j] = null; } else { @@ -146,6 +156,21 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye } } + // Update the maximum number of skipped packets + private void updateMaxSkippedPackets(List flowPackets, List matchedPackets) { + // Count number of skipped packets by looking into + // the difference of indices of two matched packets + for(int i = 1; i < matchedPackets.size(); ++i) { + int currIndex = flowPackets.indexOf(matchedPackets.get(i-1)); + int nextIndex = flowPackets.indexOf(matchedPackets.get(i)); + int skippedPackets = nextIndex - currIndex; +// if (mMaxSkippedPackets < skippedPackets) { +// mMaxSkippedPackets = skippedPackets; +// } + mMaxSkippedPackets.add(skippedPackets); + } + } + private void rangeBasedMatching(Layer2Flow flow, PcapPacket newPacket) { // TODO: For range-based matching, we need to create a new matcher every time we see the first element of // the sequence (between lower and upper bounds). @@ -192,9 +217,10 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye boolean matched = sm.matchPacket(newPacket); if (matched) { if (sm.getMatchedPacketsCount() == sm.getTargetSequencePacketCount()) { + // Update maximum skipped packets + updateMaxSkippedPackets(flow.getPackets(), sm.getMatchedPackets()); // Sequence matcher has a match. Report it to observers. - mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets(), - sm.getMaxSkippedPackets())); + mObservers.forEach(o -> o.onMatch(this, sm.getMatchedPackets())); // Terminate sequence matcher since matching is complete. listMatchers.remove(matcher); } @@ -240,4 +266,14 @@ public class Layer2ClusterMatcher extends AbstractClusterMatcher implements Laye System.out.println(">>> IGNORING FLOW: " + newFlow + " <<<"); } } + + /** + * Return the maximum number of skipped packets. + */ +// public int getMaxSkippedPackets() { +// return mMaxSkippedPackets; +// } + public List getMaxSkippedPackets() { + return mMaxSkippedPackets; + } } diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java index 49951f0..99aabf5 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SequenceMatcher.java @@ -91,29 +91,22 @@ public class Layer2SequenceMatcher extends Layer2AbstractMatcher { mPacketDirections[getMatchedPacketsCount()-1], packet); boolean expectedDirection = mPacketDirections[getMatchedPacketsCount()]; if (actualDirection != expectedDirection) { - mSkippedPackets++; return false; } // Next apply timing constraints: // 1: to be a match, the packet must have a later timestamp than any other packet currently matched // 2: does adding the packet cause the max allowed time between first packet and last packet to be exceeded? if (!packet.getTimestamp().isAfter(mMatchedPackets.get(getMatchedPacketsCount()-1).getTimestamp())) { - mSkippedPackets++; return false; } // if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp(). // plusMillis(TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS))) { if (packet.getTimestamp().isAfter(mMatchedPackets.get(0).getTimestamp(). plusMillis(mInclusionTimeMillis))) { - mSkippedPackets++; return false; } // If we made it here, it means that this packet has the expected length, direction, and obeys the timing // constraints, so we store it and advance. - if (mMaxSkippedPackets < mSkippedPackets) { - mMaxSkippedPackets = mSkippedPackets; - mSkippedPackets = 0; - } mMatchedPackets.add(packet); if (mMatchedPackets.size() == mSequence.size()) { // TODO report (to observers?) that we are done? diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java index 51883c0..8627aa2 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer2/Layer2SignatureDetector.java @@ -178,10 +178,18 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_ON).count(); String resultOff = "# Number of detected events of type " + UserAction.Type.TOGGLE_OFF + ": " + detectedEvents.stream().filter(ua -> ua.getType() == UserAction.Type.TOGGLE_OFF).count(); - String onMaxSkippedPackets = "# Number of skipped packets in ON signature " + - Integer.toString(onDetector.getMaxSkippedPackets()); - String offMaxSkippedPackets = "# Number of skipped packets in OFF signature " + - Integer.toString(offDetector.getMaxSkippedPackets()); +// String onMaxSkippedPackets = "# Number of skipped packets in ON signature " + +// Integer.toString(onDetector.getMaxSkippedPackets()); + String onMaxSkippedPackets = "# Number of skipped packets in ON signature: "; + for(Integer skippedPackets : onDetector.getMaxSkippedPackets()) { + System.out.println(skippedPackets); + } +// String offMaxSkippedPackets = "# Number of skipped packets in OFF signature " + +// Integer.toString(offDetector.getMaxSkippedPackets()); + String offMaxSkippedPackets = "# Number of skipped packets in OFF signature: "; + for(Integer skippedPackets : offDetector.getMaxSkippedPackets()) { + System.out.println(skippedPackets); + } PrintWriterUtils.println(resultOn, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT); PrintWriterUtils.println(resultOff, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT); PrintWriterUtils.println(onMaxSkippedPackets, resultsWriter, DUPLICATE_OUTPUT_TO_STD_OUT); @@ -225,7 +233,8 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb private int mInclusionTimeMillis; - private int mMaxSkippedPackets; + //private int mMaxSkippedPackets; + private List mMaxSkippedPackets; public Layer2SignatureDetector(List>> searchedSignature, int signatureDuration, boolean isRangeBased, double eps) { this(searchedSignature, null, signatureDuration, isRangeBased, eps); @@ -261,10 +270,14 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb mClusterMatchers.forEach(cm -> mFlowReassembler.addObserver(cm)); mInclusionTimeMillis = inclusionTimeMillis == 0 ? TriggerTrafficExtractor.INCLUSION_WINDOW_MILLIS : inclusionTimeMillis; - mMaxSkippedPackets = 0; + //mMaxSkippedPackets = 0; + mMaxSkippedPackets = new ArrayList<>(); } - public int getMaxSkippedPackets() { +// public int getMaxSkippedPackets() { +// return mMaxSkippedPackets; +// } + public List getMaxSkippedPackets() { return mMaxSkippedPackets; } @@ -275,16 +288,17 @@ public class Layer2SignatureDetector implements PacketListener, ClusterMatcherOb } @Override - public void onMatch(AbstractClusterMatcher clusterMatcher, List match, int maxSkippedPackets) { - // Update the number of skipped packets - if (mMaxSkippedPackets < maxSkippedPackets) { - mMaxSkippedPackets = maxSkippedPackets; - } + public void onMatch(AbstractClusterMatcher clusterMatcher, List match) { // TODO: a cluster matcher found a match if (clusterMatcher instanceof Layer2ClusterMatcher) { // Add the match at the corresponding index mPendingMatches[mClusterMatcherIds.get(clusterMatcher)].add(match); checkSignatureMatch(); + // Update maximum number of skipped packets + //if (mMaxSkippedPackets < ((Layer2ClusterMatcher) clusterMatcher).getMaxSkippedPackets()) { + // mMaxSkippedPackets = ((Layer2ClusterMatcher) clusterMatcher).getMaxSkippedPackets(); + //} + mMaxSkippedPackets = ((Layer2ClusterMatcher) clusterMatcher).getMaxSkippedPackets(); } } diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3ClusterMatcher.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3ClusterMatcher.java index 56b4b0a..165cdb3 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3ClusterMatcher.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3ClusterMatcher.java @@ -133,7 +133,7 @@ public class Layer3ClusterMatcher extends AbstractClusterMatcher implements Pack List matchSeq = match.get(); // Notify observers about the match. // Max number of skipped packets in layer 3 is 0 (no skipped packets) - mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq, 0)); + mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq)); /* * Get the index in cPkts of the last packet in the sequence of packets that matches the searched * signature sequence. @@ -176,7 +176,7 @@ public class Layer3ClusterMatcher extends AbstractClusterMatcher implements Pack List matchSeq = match.get(); // Notify observers about the match. // Max number of skipped packets in layer 3 is 0 (no skipped packets) - mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq, 0)); + mObservers.forEach(o -> o.onMatch(Layer3ClusterMatcher.this, matchSeq)); /* * Get the index in cPkts of the last packet in the sequence of packets that matches the searched * signature sequence. diff --git a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java index dbd9046..03e4bd1 100644 --- a/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java +++ b/Code/Projects/PacketLevelSignatureExtractor/src/main/java/edu/uci/iotproject/detection/layer3/Layer3SignatureDetector.java @@ -290,7 +290,7 @@ public class Layer3SignatureDetector implements PacketListener, ClusterMatcherOb } @Override - public void onMatch(AbstractClusterMatcher clusterMatcher, List match, int maxSkippedPackets) { + public void onMatch(AbstractClusterMatcher clusterMatcher, List match) { // Add the match at the corresponding index pendingMatches[mClusterMatcherIds.get(clusterMatcher)].add(match); checkSignatureMatch(); -- 2.34.1