|
@@ -278,6 +278,87 @@ void statistics::addConvStatStateless(std::string ipAddressSender,int sport,std:
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
|
|
+/**
|
|
|
|
+ * Adds the passed information to the relevant communication intervals of the respective conversation.
|
|
|
|
+ * If the time between the last message of the latest interval and the timestamp of the current message exceeds
|
|
|
|
+ * the threshold, a new interval is created.
|
|
|
|
+ * Note: here and within the function, conversation refers to a stateless conversation.
|
|
|
|
+ * @param ipAddressSender The sender IP address.
|
|
|
|
+ * @param sport The source port.
|
|
|
|
+ * @param ipAddressReceiver The receiver IP address.
|
|
|
|
+ * @param dport The destination port.
|
|
|
|
+ * @param timestamp The timestamp of the packet.
|
|
|
|
+ */
|
|
|
|
+void statistics::addCommInterval(std::string ipAddressSender,int sport,std::string ipAddressReceiver,int dport, std::chrono::microseconds timestamp){
|
|
|
|
+ conv f1 = {ipAddressReceiver, dport, ipAddressSender, sport};
|
|
|
|
+ conv f2 = {ipAddressSender, sport, ipAddressReceiver, dport};
|
|
|
|
+ conv f;
|
|
|
|
+
|
|
|
|
+ // if there already exists a communication interval for the specified conversation ...
|
|
|
|
+ if (comm_intervals.count(f1) > 0 || comm_intervals.count(f2) > 0){
|
|
|
|
+
|
|
|
|
+ // find out which direction of conversation is contained in comm_intervals
|
|
|
|
+ if (comm_intervals.count(f1) > 0)
|
|
|
|
+ f = f1;
|
|
|
|
+ else
|
|
|
|
+ f = f2;
|
|
|
|
+
|
|
|
|
+ // if the time difference is exceeded, create a new interval with this message
|
|
|
|
+ if (timestamp - comm_intervals[f].back().end > (std::chrono::microseconds) ((unsigned long) COMM_INTERVAL_THRESHOLD)) { // > or >= ?
|
|
|
|
+ commInterval new_interval = {timestamp, timestamp, 1};
|
|
|
|
+ comm_intervals[f].push_back(new_interval);
|
|
|
|
+ }
|
|
|
|
+ // otherwise, set the time of the last interval message to the current timestamp and increase interval packet count by 1
|
|
|
|
+ else{
|
|
|
|
+ comm_intervals[f].back().end = timestamp;
|
|
|
|
+ comm_intervals[f].back().pkts_count++;
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+ // if there does not exist a communication interval for the specified conversation ...
|
|
|
|
+ else{
|
|
|
|
+ // add initial interval for this conversation
|
|
|
|
+ commInterval initial_interval = {timestamp, timestamp, 1};
|
|
|
|
+
|
|
|
|
+ std::vector<commInterval> intervals;
|
|
|
|
+ intervals.push_back(initial_interval);
|
|
|
|
+ comm_intervals[f1] = intervals;
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+/**
|
|
|
|
+ * Aggregate the collected information about all communication intervals of every conversation.
|
|
|
|
+ * Do this by computing the average packet rate per interval and the average time between intervals.
|
|
|
|
+ * Note: here and within the function, conversation refers to a stateless conversation.
|
|
|
|
+ */
|
|
|
|
+void statistics::createCommIntervalStats(){
|
|
|
|
+ // iterate over all <conv, conv_intervals> pairs
|
|
|
|
+ for (auto &cur_elem : comm_intervals) {
|
|
|
|
+ conv cur_conv = cur_elem.first;
|
|
|
|
+ std::vector<commInterval> intervals = cur_elem.second;
|
|
|
|
+
|
|
|
|
+ // if there is only one interval, the time between intervals cannot be computed and is therefore set to 0
|
|
|
|
+ if (intervals.size() == 1){
|
|
|
|
+ entry_commIntervalStat e = {(double) intervals[0].pkts_count, (double) 0};
|
|
|
|
+ comm_interval_statistics[cur_conv] = e;
|
|
|
|
+ }
|
|
|
|
+ // If there is more than one interval, compute the specified averages
|
|
|
|
+ else if (intervals.size() > 1){
|
|
|
|
+ long summed_pkts_count = intervals[0].pkts_count;
|
|
|
|
+ std::chrono::microseconds time_between_ints_sum = (std::chrono::microseconds) 0;
|
|
|
|
+
|
|
|
|
+ for (int i = 1; i < intervals.size(); i++) {
|
|
|
|
+ summed_pkts_count += intervals[i].pkts_count;
|
|
|
|
+ time_between_ints_sum += intervals[i].start - intervals[i - 1].end;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ double avg_pkts_count = summed_pkts_count / ((double) intervals.size());
|
|
|
|
+ double avg_time_betw_ints = (time_between_ints_sum.count() / (double) (intervals.size() - 1)) / (double) 1e6;
|
|
|
|
+ entry_commIntervalStat e = {avg_pkts_count, avg_time_betw_ints};
|
|
|
|
+ comm_interval_statistics[cur_conv] = e;
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
/**
|
|
/**
|
|
* Increments the packet counter for the given IP address and MSS value.
|
|
* Increments the packet counter for the given IP address and MSS value.
|
|
* @param ipAddress The IP address whose MSS packet counter should be incremented.
|
|
* @param ipAddress The IP address whose MSS packet counter should be incremented.
|
|
@@ -634,6 +715,7 @@ void statistics::writeToDatabase(std::string database_path) {
|
|
db.writeStatisticsConv(conv_statistics);
|
|
db.writeStatisticsConv(conv_statistics);
|
|
db.writeStatisticsConvStateless(conv_statistics_stateless);
|
|
db.writeStatisticsConvStateless(conv_statistics_stateless);
|
|
db.writeStatisticsInterval(interval_statistics);
|
|
db.writeStatisticsInterval(interval_statistics);
|
|
|
|
+ db.writeCommIntervalStats(comm_interval_statistics);
|
|
}
|
|
}
|
|
else {
|
|
else {
|
|
// Tinslib failed to recognize the types of the packets in the input PCAP
|
|
// Tinslib failed to recognize the types of the packets in the input PCAP
|
|
@@ -641,42 +723,3 @@ void statistics::writeToDatabase(std::string database_path) {
|
|
return;
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|