From 5df1a62e9cf16380c79c87779067f3c630ca8578 Mon Sep 17 00:00:00 2001 From: Arash Habibi Lashkari Date: Sun, 6 Jun 2021 11:49:32 -0300 Subject: [PATCH 1/6] --- src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java index 79ac0055..f18471d4 100644 --- a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java +++ b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java @@ -346,7 +346,7 @@ void detectUpdateSubflows( BasicPacketInfo packet ){ sfAcHelper = packet.getTimeStamp(); } //System.out.print(" - "+(packet.timeStamp - sfLastPacketTS)); - if( (packet.getTimeStamp() - (sfLastPacketTS)/(double)1000000) > 1.0 ){ + if(((packet.getTimeStamp() - sfLastPacketTS)/(double)1000000) > 1.0){ sfCount ++ ; long lastSFduration = packet.getTimeStamp() - sfAcHelper; updateActiveIdleTime(packet.getTimeStamp(), this.activityTimeout); From 97d56406447c0fe4473a33ce54e2623be63f7adb Mon Sep 17 00:00:00 2001 From: Arash Habibi Lashkari Date: Mon, 7 Jun 2021 09:55:46 -0300 Subject: [PATCH 2/6] Update ReadMe.txt --- ReadMe.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ReadMe.txt b/ReadMe.txt index 399bd7bf..1fecdda8 100644 --- a/ReadMe.txt +++ b/ReadMe.txt @@ -66,7 +66,7 @@ ECE Flag Count Number of packets with ECE down/Up Ratio Download and upload ratio Average Packet Size Average size of packet Fwd Segment Size Avg Average size observed in the forward direction -Bwd Segment Size Avg Average number of bytes bulk rate in the backward direction +Bwd Segment Size Avg Average size observed in the backward direction Fwd Bytes/Bulk Avg Average number of bytes bulk rate in the forward direction Fwd Packet/Bulk Avg Average number of packets bulk rate in the forward direction Fwd Bulk Rate Avg Average number of bulk rate in the forward direction From dec65b9685c50c4c3fb5804ea356f5e32a839929 Mon Sep 17 00:00:00 2001 From: Arash Habibi Lashkari Date: Fri, 2 Jul 2021 22:43:59 -0300 Subject: [PATCH 3/6] --- .../cic/cs/unb/ca/jnetpcap/BasicFlow.java | 22 ++++ .../cic/cs/unb/ca/jnetpcap/FlowGenerator.java | 118 ++++++++++++++++-- 2 files changed, 129 insertions(+), 11 deletions(-) diff --git a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java index f18471d4..f7b1b4cc 100644 --- a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java +++ b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java @@ -28,6 +28,8 @@ public class BasicFlow { private int bPSH_cnt; private int fURG_cnt; private int bURG_cnt; + private int fFIN_cnt; + private int bFIN_cnt; private long Act_data_pkt_forward; private long min_seg_size_forward; @@ -108,6 +110,8 @@ public void initParameters(){ this.bPSH_cnt=0; this.fURG_cnt=0; this.bURG_cnt=0; + this.fFIN_cnt=0; + this.bFIN_cnt=0; this.fHeaderBytes=0L; this.bHeaderBytes=0L; @@ -975,6 +979,24 @@ public int getBwdURGFlags() { return bURG_cnt; } + public int getFwdFINFlags() { + return fFIN_cnt; + } + + public int getBwdFINFlags() { + return bFIN_cnt; + } + + public int setFwdFINFlags() { + fFIN_cnt++; + return fFIN_cnt; + } + + public int setBwdFINFlags() { + bFIN_cnt++; + return bFIN_cnt; + } + public long getFwdHeaderLength() { return fHeaderBytes; } diff --git a/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java b/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java index 60566578..6f546975 100644 --- a/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java +++ b/src/main/java/cic/cs/unb/ca/jnetpcap/FlowGenerator.java @@ -4,6 +4,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.Arrays; + import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -106,24 +108,118 @@ public void addPacket(BasicPacketInfo packet){ logger.debug("Timeout current has {} flow",cfsize); } - // Flow finished due FIN flag (tcp only): +// // Flow finished due FIN flag (tcp only): +// // 1.- we add the packet-in-process to the flow (it is the last packet) +// // 2.- we move the flow to finished flow list +// // 3.- we eliminate the flow from the current flow list +// }else if(packet.hasFlagFIN()){ +// logger.debug("FlagFIN current has {} flow",currentFlows.size()); +// flow.addPacket(packet); +// if (mListener != null) { +// mListener.onFlowGenerated(flow); +// } else { +// finishedFlows.put(getFlowCount(), flow); +// } +// currentFlows.remove(id); + }else if(packet.hasFlagFIN()){ + // + // Forward Flow + // + if (Arrays.equals(flow.getSrc(), packet.getSrc())) { + // How many forward FIN received? + if (flow.setFwdFINFlags() == 1) { + // Flow finished due FIN flag (tcp only)?: + // 1.- we add the packet-in-process to the flow (it is the last packet) + // 2.- we move the flow to finished flow list + // 3.- we eliminate the flow from the current flow list + if ((flow.getBwdFINFlags() + flow.getBwdFINFlags()) == 2) { + logger.debug("FlagFIN current has {} flow",currentFlows.size()); + flow.addPacket(packet); + if (mListener != null) { + mListener.onFlowGenerated(flow); + } else { + finishedFlows.put(getFlowCount(), flow); + } + currentFlows.remove(id); + // Forward Flow Finished. + } else { + logger.info("Forward flow closed due to FIN Flag"); + flow.updateActiveIdleTime(currentTimestamp,this.flowActivityTimeOut); + flow.addPacket(packet); + currentFlows.put(id,flow); + } + }else{ + // some error + // TODO: review what to do with the packet + logger.warn("Forward flow received {} FIN packets", flow.getFwdFINFlags()); + } + // + // Backward Flow + // + } else { + // How many backward FIN packets received? + if (flow.setBwdFINFlags() == 1) { + // Flow finished due FIN flag (tcp only)?: + // 1.- we add the packet-in-process to the flow (it is the last packet) + // 2.- we move the flow to finished flow list + // 3.- we eliminate the flow from the current flow list + if ((flow.getBwdFINFlags() + flow.getBwdFINFlags()) == 2) { + logger.debug("FlagFIN current has {} flow",currentFlows.size()); + flow.addPacket(packet); + if (mListener != null) { + mListener.onFlowGenerated(flow); + } else { + finishedFlows.put(getFlowCount(), flow); + } + currentFlows.remove(id); + // Backward Flow Finished. + } else { + logger.info("Backwards flow closed due to FIN Flag"); + flow.updateActiveIdleTime(currentTimestamp,this.flowActivityTimeOut); + flow.addPacket(packet); + currentFlows.put(id,flow); + } + }else{ + // some error + // TODO: review what to do with the packet + logger.warn("Backward flow received {} FIN packets", flow.getBwdFINFlags()); + } + } + // Flow finished due RST flag (tcp only): // 1.- we add the packet-in-process to the flow (it is the last packet) // 2.- we move the flow to finished flow list - // 3.- we eliminate the flow from the current flow list - }else if(packet.hasFlagFIN()){ - logger.debug("FlagFIN current has {} flow",currentFlows.size()); - flow.addPacket(packet); + // 3.- we eliminate the flow from the current flow list + }else if(packet.hasFlagRST()){ + logger.debug("FlagRST current has {} flow",currentFlows.size()); + flow.addPacket(packet); if (mListener != null) { mListener.onFlowGenerated(flow); - } - else { + } else { finishedFlows.put(getFlowCount(), flow); } - currentFlows.remove(id); + currentFlows.remove(id); }else{ - flow.updateActiveIdleTime(currentTimestamp,this.flowActivityTimeOut); - flow.addPacket(packet); - currentFlows.put(id,flow); + // + // Forward Flow and fwdFIN = 0 + // + if (Arrays.equals(flow.getSrc(), packet.getSrc()) && (flow.getFwdFINFlags() == 0)) { + flow.updateActiveIdleTime(currentTimestamp,this.flowActivityTimeOut); + flow.addPacket(packet); + currentFlows.put(id,flow); + // + // Backward Flow and bwdFIN = 0 + // + } else if (flow.getBwdFINFlags() == 0) { + flow.updateActiveIdleTime(currentTimestamp,this.flowActivityTimeOut); + flow.addPacket(packet); + currentFlows.put(id,flow); + // + // FLOW already closed!!! + // + } else { + logger.warn("FLOW already closed! fwdFIN {} bwdFIN {}", flow.getFwdFINFlags(), flow.getBwdFINFlags()); + // TODO: we just discard the packet? + } } }else{ currentFlows.put(packet.fwdFlowId(), new BasicFlow(bidirectional,packet, this.flowActivityTimeOut)); From d212d6c403934f1c721163a4c103171a1d2a3514 Mon Sep 17 00:00:00 2001 From: Arash Habibi Lashkari Date: Mon, 5 Jul 2021 12:41:05 -0300 Subject: [PATCH 4/6] --- src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java index f7b1b4cc..d8f05dee 100644 --- a/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java +++ b/src/main/java/cic/cs/unb/ca/jnetpcap/BasicFlow.java @@ -681,7 +681,7 @@ public String dumpFlowBasedFeatures(){ dump+=fAvgBytesPerBulk()+","; dump+=fAvgPacketsPerBulk()+","; dump+=fAvgBulkRate()+","; - dump+=fAvgBytesPerBulk()+","; + dump+=bAvgBytesPerBulk()+","; dump+=bAvgPacketsPerBulk()+","; dump+=bAvgBulkRate()+","; From e2c2ff25ea17444449b1380a1d1c8bf8f647103f Mon Sep 17 00:00:00 2001 From: Arash Habibi Lashkari Date: Wed, 5 Jan 2022 10:39:20 -0500 Subject: [PATCH 5/6] Update LICENSE.txt --- LICENSE.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE.txt b/LICENSE.txt index befceff6..44631c14 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -13,6 +13,6 @@ Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy # Contributors: -Arash Habibi Lashkari: Researcher and Developer (Founder) +* [**Arash Habibi Lashkari:**](http://ahlashkari.com/index.asp): Researcher and Developer (Founder) Gerard Drapper: Researcher and Developer (Co-funder) muhammad saiful islam: Researcher and Developer (Co-funder) From 98a5ebad0df579cc8b43eedd3421b3ae87699901 Mon Sep 17 00:00:00 2001 From: Arash Habibi Lashkari Date: Wed, 5 Jan 2022 10:41:44 -0500 Subject: [PATCH 6/6] Update LICENSE.txt --- LICENSE.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE.txt b/LICENSE.txt index 44631c14..befceff6 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -13,6 +13,6 @@ Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy # Contributors: -* [**Arash Habibi Lashkari:**](http://ahlashkari.com/index.asp): Researcher and Developer (Founder) +Arash Habibi Lashkari: Researcher and Developer (Founder) Gerard Drapper: Researcher and Developer (Co-funder) muhammad saiful islam: Researcher and Developer (Co-funder)