add flow_statistics table to DB (incomplete)

.gitignore

@@ -21,3 +21,4 @@ code_boost/src/SQLiteCpp
 code_boost/src/SQLiteCpp/*
 test.py
 dbs/
+*.csv

code_boost/src/cxx/pcap_processor.cpp

@@ -175,7 +175,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
 
         // Assign IP Address to MAC Address
         stats.assignMacAddress(ipAddressSender, macAddressSender);
-        stats.assignMacAddress(ipAddressReceiver, macAddressReceiver);
+        stats.assignMacAddress(ipAddressReceiver, macAddressReceiver);        
 
     } // PDU is IPv6
     else if (pdu_l3_type == PDU::PDUType::IPv6) {
@@ -219,7 +219,11 @@ void pcap_processor::process_packets(const Packet &pkt) {
                  if(tcpPkt.get_flag(TCP::SYN)) {
                     int win = tcpPkt.window();
                     stats.incrementWinCount(ipAddressSender, win);
-                    }
+                }
+                    
+                // Aidmar
+                // Flow statistics
+                stats.addFlowStat(ipAddressSender, tcpPkt.sport(), ipAddressReceiver, tcpPkt.dport());
 
             } catch (Tins::option_not_found) {
                 // Ignore MSS if option not set

code_boost/src/cxx/statistics.cpp

@@ -100,6 +100,26 @@ void statistics::addIPEntropy(){
       file.close();    
 }
 
+// Aidmar
+void statistics::addFlowStat(std::string ipAddressSender,int sport,std::string ipAddressReceiver,int dport){
+    std::cout<<ipAddressSender<<":"<<sport<<","<<ipAddressReceiver<<":"<<dport<<"\n";
+    
+    // if already exist A(ipAddressReceiver, dport), B(ipAddressSender, sport)
+    /*if (flow_statistics.count({ipAddressReceiver, dport, ipAddressSender, sport})>0){
+        flow_statistics[{ipAddressReceiver, dport, ipAddressSender, sport}].pkts_B_A++;
+        std::cout<<flow_statistics[{ipAddressReceiver, dport, ipAddressSender, sport}].pkts_A_B<<"\n";
+        std::cout<<flow_statistics[{ipAddressReceiver, dport, ipAddressSender, sport}].pkts_B_A<<"\n";
+    }
+    else{*/
+    std::cout<<flow_statistics[{ipAddressSender, sport, ipAddressReceiver, dport}].pkts_A_B<<"\n";
+        flow_statistics[{ipAddressSender, sport, ipAddressReceiver, dport}].pkts_A_B++;
+        std::cout<<flow_statistics[{ipAddressSender, sport, ipAddressReceiver, dport}].pkts_A_B<<"\n";
+        std::cout<<flow_statistics[{ipAddressSender, sport, ipAddressReceiver, dport}].pkts_B_A<<"\n";
+    //}      
+    
+}
+    
+    
 // Aidmar
 /**
  * Increments the packet counter for the given IP address and MSS value.
@@ -257,11 +277,9 @@ void statistics::addIpStat_packetSent(std::string ipAddressSender, std::string i
     file.open ("ip_dst_anomaly_score.csv",std::ios_base::app);
     file << ipAddressReceiver << ","<< s_t << "," << n << "," << s_r << "," << ipDst_Mahoney_score << "\n";
     file.close();
-    
-    
+        
     ip_statistics[ipAddressReceiver].firstAppearAsReceiverPktCount = packetCount;
     ip_statistics[ipAddressReceiver].destinationAnomalyScore = ipDst_Mahoney_score;
-
     }
     
     // Update stats for packet sender
@@ -269,9 +287,7 @@ void statistics::addIpStat_packetSent(std::string ipAddressSender, std::string i
     ip_statistics[ipAddressSender].pkts_sent++;
     // Update stats for packet receiver
     ip_statistics[ipAddressReceiver].kbytes_received += (float(bytesSent) / 1024);
-    ip_statistics[ipAddressReceiver].pkts_received++;
-    
-    
+    ip_statistics[ipAddressReceiver].pkts_received++;        
 }
 
 /**
@@ -456,6 +472,7 @@ void statistics::writeToDatabase(std::string database_path) {
     // Aidmar
     db.writeStatisticsMss_dist(mss_distribution);
     db.writeStatisticsWin(win_distribution);
+    db.writeStatisticsFlow(flow_statistics);
 }
 
 /**

code_boost/src/cxx/statistics.h

@@ -11,10 +11,12 @@
 #include <tins/timestamp.h>
 #include <tins/ip_address.h>
 
+
 /*
  * Definition of structs used in unordered_map fields
  */
 
+
 /*
  * Struct used as data structure for method get_stats_for_ip, represents:
  * - Incoming bandwidth in KBits
@@ -35,6 +37,29 @@ struct ip_stats {
     long AvgMaxSegmentSizeTCP;
 };
 
+// Aidmar
+/*
+ * Struct used to represent a flow by:
+ * - IP address A
+ * - Port A
+ * - IP address B
+ * - Port B
+ */
+struct flow{
+    std::string ipAddressA;
+    int portA;
+    std::string ipAddressB;
+    int portB;
+
+    bool operator==(const flow &other) const {
+        return ipAddressA == other.ipAddressA
+               && portA == other.portA
+               &&ipAddressB == other.ipAddressB
+               && portB == other.portB;
+    }    
+}; 
+
+
 // Aidmar
 /*
  * Struct used to represent:
@@ -83,6 +108,7 @@ struct ipAddress_ttl {
     }
 };
 
+
 /*
  * Struct used to represent:
  * - IP address (IPv4 or IPv6)
@@ -129,6 +155,22 @@ struct entry_ipStat {
     }
 };
 
+// Aidmar
+/*
+ * Struct used to represent:
+ * - Number of packets from A to B
+ * - Number of packets from B to A
+ */
+struct entry_flowStat {
+    long pkts_A_B;
+    long pkts_B_A;
+
+    bool operator==(const entry_flowStat &other) const {
+        return pkts_A_B == other.pkts_A_B
+               && pkts_B_A == other.pkts_B_A;
+    }
+};
+
 /*
  * Struct used to represent:
  * - IP address (IPv4 or IPv6)
@@ -186,7 +228,21 @@ namespace std {
                      ^ (hash<int>()(k.winSize) << 1)) >> 1);
         }
     };
-
+    
+    // Aidmar: TO-DO:??
+    template<>
+    struct hash<flow> {
+        std::size_t operator()(const flow &k) const {
+            using std::size_t;
+            using std::hash;
+            using std::string;
+            return ((hash<string>()(k.ipAddressA)
+                    ^ (hash<int>()(k.portA) << 1)) >> 1)
+                    ^ ((hash<string>()(k.ipAddressB)
+                    ^ (hash<int>()(k.portB) << 1)) >> 1);
+        }
+    };
+    
     template<>
     struct hash<ipAddress_protocol> {
         std::size_t operator()(const ipAddress_protocol &k) const {
@@ -232,6 +288,8 @@ public:
     void incrementMSScount(std::string ipAddress, int mssValue);
     void incrementWinCount(std::string ipAddress, int winSize);
     void addIPEntropy();
+    void addFlowStat(std::string ipAddressSender,int sport,std::string ipAddressReceiver,int dport);
+    
 
     void incrementTTLcount(std::string ipAddress, int ttlValue);
 
@@ -290,7 +348,9 @@ private:
     std::unordered_map<ipAddress_mss, int> mss_distribution;
     // {IP Address, Win size, count}
     std::unordered_map<ipAddress_win, int> win_distribution;
-
+    // {IP Address A, Port A, IP Address B, Port B,   #packets_A_B, #packets_B_A}
+    std::unordered_map<flow, entry_flowStat> flow_statistics;
+    
     // {IP Address, Protocol, count}
     std::unordered_map<ipAddress_protocol, int> protocol_distribution;
 

code_boost/src/cxx/statistics_db.cpp

@@ -301,3 +301,42 @@ void statistics_db::writeStatisticsWin(std::unordered_map<ipAddress_win, int> wi
         std::cout << "Exception in statistics_db: " << e.what() << std::endl;
     }
 }
+
+// Aidamr
+/**
+ * Writes the flow statistics into the database.
+ * @param flowStatistics The flow from class statistics.
+ */
+void statistics_db::writeStatisticsFlow(std::unordered_map<flow, entry_flowStat> flowStatistics){
+    std::cout<<"write to DB"<<"\n";
+    try {
+        db->exec("DROP TABLE IF EXISTS flow_statistics");
+        SQLite::Transaction transaction(*db);
+        const char *createTable = "CREATE TABLE flow_statistics ("
+                "ipAddressA TEXT,"
+                "portA INTEGER,"
+                "ipAddressB TEXT,"              
+                "portB INTEGER,"
+                "pkts_A_B INTEGER,"
+                "pkts_B_A INTEGER,"
+                "PRIMARY KEY(ipAddressA,portA,ipAddressB,portB));";
+        db->exec(createTable);
+        SQLite::Statement query(*db, "INSERT INTO flow_statistics VALUES (?, ?, ?, ?, ?, ?)");
+        for (auto it = flowStatistics.begin(); it != flowStatistics.end(); ++it) {
+            flow f = it->first;
+            entry_flowStat e = it->second;
+            query.bind(1, f.ipAddressA);
+            query.bind(2, f.portA);
+            query.bind(3, f.ipAddressB);
+            query.bind(4, f.portB);
+            query.bind(5, (int) e.pkts_A_B);
+            query.bind(6, (int) e.pkts_B_A);
+            query.exec();
+            query.reset();
+        }
+        transaction.commit();
+    }
+    catch (std::exception &e) {
+        std::cout << "Exception in statistics_db: " << e.what() << std::endl;
+    }
+}

code_boost/src/cxx/statistics_db.h

@@ -42,7 +42,7 @@ public:
     // Aidmar
     void writeStatisticsMss_dist(std::unordered_map<ipAddress_mss, int> mssDistribution);
     void writeStatisticsWin(std::unordered_map<ipAddress_win, int> winDistribution);
-    
+    void writeStatisticsFlow(std::unordered_map<flow, entry_flowStat> flowStatistics);
 
 private:
     // Pointer to the SQLite database