fix tables names

code/Attack/DDoSAttack.py

@@ -218,7 +218,7 @@ class DDoSAttack(BaseAttack.BaseAttack):
         attack_duration = self.get_param_value(Param.ATTACK_DURATION)
         pkts_num = int(pps * attack_duration)
         win_sizes = self.statistics.process_db_query(
-            "SELECT winSize FROM tcp_syn_win ORDER BY RANDOM() LIMIT "+str(pkts_num)+";")
+            "SELECT winSize FROM tcp_win ORDER BY RANDOM() LIMIT "+str(pkts_num)+";")
 
         # MSS that was used by IP destination in background traffic
         mss_dst = self.statistics.get_most_used_mss(ip_destination)

code/Attack/SQLiAttack.py

@@ -27,7 +27,6 @@ logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
 # noinspection PyPep8
 from scapy.utils import RawPcapReader
 from scapy.layers.inet import IP, Ether, TCP, RandShort
-#from scapy.all import *
 
 
 class SQLiAttack(BaseAttack.BaseAttack):

code/ID2TLib/Statistics.py

@@ -177,16 +177,22 @@ class Statistics:
         ####### Payload Tests #######
         sumPayloadCount = self.stats_db._process_user_defined_query("SELECT sum(payloadCount) FROM interval_statistics")
         pktCount = self.stats_db._process_user_defined_query("SELECT packetCount FROM file_statistics")
-        payloadRatio=0
-        if(pktCount[0][0]!=0):
-            payloadRatio = float(sumPayloadCount[0][0] / pktCount[0][0] * 100)
+        if sumPayloadCount and pktCount:
+            payloadRatio=0
+            if(pktCount[0][0]!=0):
+                payloadRatio = float(sumPayloadCount[0][0] / pktCount[0][0] * 100)
+        else:
+            payloadRatio = -1
 
         ####### TCP checksum Tests #######
         incorrectChecksumCount = self.stats_db._process_user_defined_query("SELECT sum(incorrectTCPChecksumCount) FROM interval_statistics")
         correctChecksumCount = self.stats_db._process_user_defined_query("SELECT avg(correctTCPChecksumCount) FROM interval_statistics")
-        incorrectChecksumRatio=0
-        if(incorrectChecksumCount[0][0] + correctChecksumCount[0][0])!=0:
-            incorrectChecksumRatio = float(incorrectChecksumCount[0][0]  / (incorrectChecksumCount[0][0] + correctChecksumCount[0][0] ) * 100)
+        if incorrectChecksumCount and correctChecksumCount:
+            incorrectChecksumRatio=0
+            if(incorrectChecksumCount[0][0] + correctChecksumCount[0][0])!=0:
+                incorrectChecksumRatio = float(incorrectChecksumCount[0][0]  / (incorrectChecksumCount[0][0] + correctChecksumCount[0][0] ) * 100)
+        else:
+            incorrectChecksumRatio = -1
 
         ####### IP Tests #######
         newIPCount = self.stats_db._process_user_defined_query("SELECT newIPCount FROM interval_statistics")
@@ -215,7 +221,7 @@ class Statistics:
         else:
             reservedPortCount = reservedPortCount[0][0]
         totalPortCount = self.stats_db._process_user_defined_query("SELECT SUM(portCount) FROM ip_ports")
-        reservedPortRatio = (reservedPortCount/ totalPortCount[0][0]) * 100
+        reservedPortRatio = float(reservedPortCount/ totalPortCount[0][0]) * 100
 
         ####### TTL Tests #######
         newTTLCount = self.stats_db._process_user_defined_query("SELECT newTTLCount FROM interval_statistics")
@@ -229,7 +235,7 @@ class Statistics:
 
         ####### Window Size Tests #######
         newWinSizeCount = self.stats_db._process_user_defined_query("SELECT newWinSizeCount FROM interval_statistics")
-        result = self.stats_db._process_user_defined_query("SELECT winSize,SUM(winCount) FROM tcp_syn_win GROUP BY winSize")
+        result = self.stats_db._process_user_defined_query("SELECT winSize,SUM(winCount) FROM tcp_win GROUP BY winSize")
         data, frequency = [], []
         for row in result:
             frequency.append(row[1])
@@ -251,7 +257,7 @@ class Statistics:
         ####### MSS Tests #######
         newMSSCount = self.stats_db._process_user_defined_query("SELECT newMSSCount FROM interval_statistics")
         result = self.stats_db._process_user_defined_query(
-            "SELECT mssValue,SUM(mssCount) FROM tcp_mss_dist GROUP BY mssValue")
+            "SELECT mssValue,SUM(mssCount) FROM tcp_mss GROUP BY mssValue")
         data, frequency = [], []
         for row in result:
             frequency.append(row[1])
@@ -259,7 +265,7 @@ class Statistics:
         mssNovelsPerInterval, mssNovelsPerIntervalFrequency = count_frequncy(newMSSCount)
         mssNovelityDistEntropy = self.calculate_entropy(mssNovelsPerIntervalFrequency)
 
-        result = self.stats_db._process_user_defined_query("SELECT SUM(mssCount) FROM tcp_mss_dist WHERE mssValue > 536 AND mssValue < 1460")
+        result = self.stats_db._process_user_defined_query("SELECT SUM(mssCount) FROM tcp_mss WHERE mssValue > 536 AND mssValue < 1460")
         # The most used range of MSS: 536 < MSS < 1460. Calculate the ratio of the values in this range to total values.
         if not result[0][0]:
             result = 0
@@ -380,13 +386,13 @@ class Statistics:
 
     # Aidmar
     def get_mss_distribution(self, ipAddress: str):
-        result = self.process_db_query('SELECT mssValue, mssCount from tcp_mss_dist WHERE ipAddress="' + ipAddress + '"')
+        result = self.process_db_query('SELECT mssValue, mssCount from tcp_mss WHERE ipAddress="' + ipAddress + '"')
         result_dict = {key: value for (key, value) in result}
         return result_dict
 
     # Aidmar
     def get_win_distribution(self, ipAddress: str):
-        result = self.process_db_query('SELECT winSize, winCount from tcp_syn_win WHERE ipAddress="' + ipAddress + '"')
+        result = self.process_db_query('SELECT winSize, winCount from tcp_win WHERE ipAddress="' + ipAddress + '"')
         result_dict = {key: value for (key, value) in result}
         return result_dict
 
@@ -423,7 +429,7 @@ class Statistics:
         :return: The TCP MSS value used by the IP address, or if the IP addresses never specified a MSS,
         then None is returned
         """
-        mss_value = self.process_db_query('SELECT mssValue from tcp_mss_dist WHERE ipAddress="' + ipAddress + '" ORDER BY mssCount DESC LIMIT 1')
+        mss_value = self.process_db_query('SELECT mssValue from tcp_mss WHERE ipAddress="' + ipAddress + '" ORDER BY mssCount DESC LIMIT 1')
         if isinstance(mss_value, int):
             return mss_value
         else:
@@ -475,8 +481,8 @@ class Statistics:
         #print('The differences are {}.'.format(differences))
         #print('The sum of squared differences is {}.'.format(ssd))
         #print('The variance is {}.'.format(variance))
-        print('The standard deviation is {}.'.format(sd))
-        print('--------------------------')
+        #print('The standard deviation is {}.'.format(sd))
+        #print('--------------------------')
         return sd
 
 
@@ -510,7 +516,7 @@ class Statistics:
         def plot_mss(file_ending: str):
             plt.gcf().clear()
             result = self.stats_db._process_user_defined_query(
-                "SELECT mssValue, SUM(mssCount) FROM tcp_mss_dist GROUP BY mssValue")
+                "SELECT mssValue, SUM(mssCount) FROM tcp_mss GROUP BY mssValue")
             if(result):
                 graphx, graphy = [], []
                 for row in result:
@@ -534,7 +540,7 @@ class Statistics:
         def plot_win(file_ending: str):
             plt.gcf().clear()
             result = self.stats_db._process_user_defined_query(
-                "SELECT winSize, SUM(winCount) FROM tcp_syn_win GROUP BY winSize")
+                "SELECT winSize, SUM(winCount) FROM tcp_win GROUP BY winSize")
             if (result):
                 graphx, graphy = [], []
                 for row in result:
@@ -853,8 +859,8 @@ class Statistics:
             out = self.pcap_filepath.replace('.pcap', '_plot-interval-novel-ip-dist' + file_ending)
             plt.savefig(out, dpi=500)
 
-            print("IP Standard Deviation:")
-            self.calculate_standard_deviation(graphy)
+            #print("IP Standard Deviation:")
+            #self.calculate_standard_deviation(graphy)
             return out
 
         # Aidmar
@@ -889,8 +895,8 @@ class Statistics:
                 out = self.pcap_filepath.replace('.pcap', '_plot-interval-novel-ttl-dist' + file_ending)
                 plt.savefig(out, dpi=500)
 
-                print("TTL Standard Deviation:")
-                self.calculate_standard_deviation(graphy)
+                #print("TTL Standard Deviation:")
+                #self.calculate_standard_deviation(graphy)
                 return out
             else:
                 print("Error plot TTL: No TTL values found!")
@@ -926,8 +932,8 @@ class Statistics:
             out = self.pcap_filepath.replace('.pcap', '_plot-interval-novel-tos-dist' + file_ending)
             plt.savefig(out, dpi=500)
 
-            print("ToS Standard Deviation:")
-            self.calculate_standard_deviation(graphy)
+            #print("ToS Standard Deviation:")
+            #self.calculate_standard_deviation(graphy)
 
             return out
 
@@ -964,8 +970,8 @@ class Statistics:
                 plt.savefig(out, dpi=500)
 
                 # Calculate Standart Deviation
-                print("Window Size Standard Deviation:")
-                self.calculate_standard_deviation(graphy)
+                #print("Window Size Standard Deviation:")
+                #self.calculate_standard_deviation(graphy)
                 return out
             else:
                 print("Error plot new values WinSize: No WinSize values found!")
@@ -1004,8 +1010,8 @@ class Statistics:
                 plt.savefig(out, dpi=500)
 
                 # Calculate Standart Deviation
-                print("MSS Standard Deviation:")
-                self.calculate_standard_deviation(graphy)
+                #print("MSS Standard Deviation:")
+                #self.calculate_standard_deviation(graphy)
                 return out
             else:
                 print("Error plot new values MSS: No MSS values found!")

code/ID2TLib/StatsDatabase.py

@@ -174,10 +174,9 @@ class StatsDatabase:
             "most_used.portnumber": "SELECT portNumber, COUNT(portNumber) as cntPort FROM ip_ports GROUP BY portNumber HAVING cntPort=(SELECT MAX(cntPort) from (SELECT portNumber, COUNT(portNumber) as cntPort FROM ip_ports GROUP BY portNumber))",
             "most_used.protocolname": "SELECT protocolName, COUNT(protocolCount) as countProtocols FROM ip_protocols GROUP BY protocolName HAVING countProtocols=(SELECT COUNT(protocolCount) as cnt FROM ip_protocols GROUP BY protocolName ORDER BY cnt DESC LIMIT 1)",
             # Aidmar
-            #"most_used.ttlvalue": "SELECT ttlValue FROM ip_ttl WHERE ttlCount == (SELECT MAX(ttlCount) FROM ip_ttl)",
             "most_used.ttlvalue": "SELECT ttlValue FROM ip_ttl GROUP BY ttlValue ORDER BY SUM(ttlCount) DESC LIMIT 1",
-            "most_used.mssvalue": "SELECT mssValue FROM tcp_mss_dist GROUP BY mssValue ORDER BY SUM(mssCount) DESC LIMIT 1",
-            "most_used.winsize": "SELECT winSize FROM tcp_syn_win GROUP BY winSize ORDER BY SUM(winCount) DESC LIMIT 1",
+            "most_used.mssvalue": "SELECT mssValue FROM tcp_mss GROUP BY mssValue ORDER BY SUM(mssCount) DESC LIMIT 1",
+            "most_used.winsize": "SELECT winSize FROM tcp_win GROUP BY winSize ORDER BY SUM(winCount) DESC LIMIT 1",
             "most_used.ipclass": "SELECT ipClass FROM ip_statistics GROUP BY ipClass ORDER BY COUNT(*) DESC LIMIT 1",
 
             "least_used.ipaddress": "SELECT ipAddress FROM ip_statistics WHERE (pktsSent+pktsReceived) == (SELECT MIN(pktsSent+pktsReceived) from ip_statistics)",
@@ -190,10 +189,10 @@ class StatsDatabase:
             "avg.kbytesreceived": "SELECT avg(kbytesReceived) from ip_statistics",
             "avg.kbytessent": "SELECT avg(kbytesSent) from ip_statistics",
             "avg.ttlvalue": "SELECT avg(ttlValue) from ip_ttl",
-            #"avg.mss": "SELECT avg(mss) from tcp_mss_dist",
+            "avg.mss": "SELECT avg(mssValue) from tcp_mss",
             "all.ipaddress": "SELECT ipAddress from ip_statistics",
             "all.ttlvalue": "SELECT DISTINCT ttlValue from ip_ttl",
-            #"all.mss": "SELECT DISTINCT mss from tcp_mss",
+            "all.mss": "SELECT DISTINCT mssValue from tcp_mss",
             "all.macaddress": "SELECT DISTINCT macAddress from ip_mac",
             "all.portnumber": "SELECT DISTINCT portNumber from ip_ports",
             "all.protocolname": "SELECT DISTINCT protocolName from ip_protocols"}

code_boost/src/cxx/pcap_processor.cpp

@@ -125,11 +125,11 @@ void pcap_processor::collect_statistics() {
         int timeIntervalsNum = 100;
         std::chrono::microseconds intervalStartTimestamp = stats.getTimestampFirstPacket();
         std::chrono::microseconds firstTimestamp = stats.getTimestampFirstPacket(); 
-        std::chrono::high_resolution_clock::time_point t1 = std::chrono::high_resolution_clock::now();    
+        //std::chrono::high_resolution_clock::time_point t1 = std::chrono::high_resolution_clock::now();
         SnifferIterator lastpkt; 
         for (SnifferIterator j = snifferOverview.begin(); j != snifferOverview.end();  snifferIteratorIncrement(j)) {lastpkt = j;}          
-        std::chrono::high_resolution_clock::time_point t2 = std::chrono::high_resolution_clock::now();
-        auto duration = std::chrono::duration_cast<std::chrono::microseconds>( t2 - t1 ).count()*1e-6;
+        //std::chrono::high_resolution_clock::time_point t2 = std::chrono::high_resolution_clock::now();
+        //auto duration = std::chrono::duration_cast<std::chrono::microseconds>( t2 - t1 ).count()*1e-6;
         //std::cout<< "empty loop: " << duration << " sec" << std::endl;
         std::chrono::microseconds lastTimestamp = lastpkt->timestamp();                  
         std::chrono::microseconds captureDuration = lastTimestamp - firstTimestamp;
@@ -262,11 +262,9 @@ void pcap_processor::process_packets(const Packet &pkt) {
             stats.addConvStat(ipAddressSender, tcpPkt.sport(), ipAddressReceiver, tcpPkt.dport(), pkt.timestamp());
             
             // Aidmar
-            // Check window size for SYN noly
-            //if(tcpPkt.get_flag(TCP::SYN)) {
-                int win = tcpPkt.window();
-                stats.incrementWinCount(ipAddressSender, win);
-            //}
+            // Window Size distribution
+            int win = tcpPkt.window();
+            stats.incrementWinCount(ipAddressSender, win);
 
             try {                                                                
                 int val = tcpPkt.mss();

code_boost/src/cxx/statistics_db.cpp

@@ -231,15 +231,15 @@ void statistics_db::writeStatisticsFile(int packetCount, float captureDuration,
  */
 void statistics_db::writeStatisticsMss_dist(std::unordered_map<ipAddress_mss, int> mssDistribution) {
     try {
-        db->exec("DROP TABLE IF EXISTS tcp_mss_dist");
+        db->exec("DROP TABLE IF EXISTS tcp_mss");
         SQLite::Transaction transaction(*db);
-        const char *createTable = "CREATE TABLE tcp_mss_dist ("
+        const char *createTable = "CREATE TABLE tcp_mss ("
                 "ipAddress TEXT,"
                 "mssValue INTEGER,"
                 "mssCount INTEGER,"
                 "PRIMARY KEY(ipAddress,mssValue));";
         db->exec(createTable);
-        SQLite::Statement query(*db, "INSERT INTO tcp_mss_dist VALUES (?, ?, ?)");
+        SQLite::Statement query(*db, "INSERT INTO tcp_mss VALUES (?, ?, ?)");
         for (auto it = mssDistribution.begin(); it != mssDistribution.end(); ++it) {
             ipAddress_mss e = it->first;
             query.bind(1, e.ipAddress);
@@ -293,15 +293,15 @@ void statistics_db::writeStatisticsTos_dist(std::unordered_map<ipAddress_tos, in
  */
 void statistics_db::writeStatisticsWin(std::unordered_map<ipAddress_win, int> winDistribution) {
     try {
-        db->exec("DROP TABLE IF EXISTS tcp_syn_win");
+        db->exec("DROP TABLE IF EXISTS tcp_win");
         SQLite::Transaction transaction(*db);
-        const char *createTable = "CREATE TABLE tcp_syn_win ("
+        const char *createTable = "CREATE TABLE tcp_win ("
                 "ipAddress TEXT,"
                 "winSize INTEGER,"
                 "winCount INTEGER,"
                 "PRIMARY KEY(ipAddress,winSize));";
         db->exec(createTable);
-        SQLite::Statement query(*db, "INSERT INTO tcp_syn_win VALUES (?, ?, ?)");
+        SQLite::Statement query(*db, "INSERT INTO tcp_win VALUES (?, ?, ?)");
         for (auto it = winDistribution.begin(); it != winDistribution.end(); ++it) {
             ipAddress_win e = it->first;
             query.bind(1, e.ipAddress);