calculate time interval entropy for source and destination IPs

code_boost/src/cxx/pcap_processor.cpp

@@ -113,19 +113,39 @@ void pcap_processor::collect_statistics() {
         // Save timestamp of first packet
         stats.setTimestampFirstPacket(i->timestamp());
     
+        // Aidmar
         int counter=0;
+        int timeIntervalNum = 1;
+        std::chrono::duration<int, std::micro> timeInterval(10000000); // 10 sec
+        std::chrono::microseconds intervalStartTimestamp = stats.getTimestampFirstPacket();
+        std::chrono::microseconds firstTimestamp = stats.getTimestampFirstPacket();
+        int pktsInterval = 1000;
+        
         // Iterate over all packets and collect statistics
         for (; i != sniffer.end(); i++) {
             
             // Aidmar
-            if(counter%1000==0){
-                stats.addIPEntropy();
+            if(counter%pktsInterval==0){
+                stats.addIPEntropy(filePath);
             }
-                        
+            
+            // Aidmar            
+            std::chrono::microseconds lastPktTimestamp = i->timestamp();
+            //Tins::Timestamp tt = i->timestamp();
+            
+            std::chrono::microseconds currentCaptureDuration = lastPktTimestamp - firstTimestamp;
+            std::chrono::microseconds barrier =  timeIntervalNum*timeInterval;
+            if(currentCaptureDuration>barrier){
+                //std::cout<<"LastpkstTimstamp:" << lastPktTimestamp.count() << ", currentCaptureDuration:"<< currentCaptureDuration.count() << ", barrier:" <<barrier.count()<<", interval:" << timeIntervalNum << ", interval time:"<<timeInterval.count()<<"\n";
+                
+                stats.calculateLastIntervalIPsEntropy(filePath, intervalStartTimestamp);
+                timeIntervalNum++;   
+                intervalStartTimestamp = lastPktTimestamp;
+            }
+            
             stats.incrementPacketCount();
             this->process_packets(*i);
-            lastProcessedPacket = i->timestamp();
-            
+            lastProcessedPacket = i->timestamp();            
             counter++;
         }
         // Save timestamp of last packet into statistics
@@ -165,7 +185,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
         ipAddressReceiver = ipLayer.dst_addr().to_string();
 
         // IP distribution
-        stats.addIpStat_packetSent(ipAddressSender, ipLayer.dst_addr().to_string(), sizeCurrentPacket);
+        stats.addIpStat_packetSent(filePath, ipAddressSender, ipLayer.dst_addr().to_string(), sizeCurrentPacket, pkt.timestamp());
 
         // TTL distribution
         stats.incrementTTLcount(ipAddressSender, ipLayer.ttl());      
@@ -184,7 +204,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
         ipAddressReceiver = ipLayer.dst_addr().to_string();
 
         // IP distribution
-        stats.addIpStat_packetSent(ipAddressSender, ipLayer.dst_addr().to_string(), sizeCurrentPacket);
+        stats.addIpStat_packetSent(filePath, ipAddressSender, ipLayer.dst_addr().to_string(), sizeCurrentPacket, pkt.timestamp());
 
         // TTL distribution
         stats.incrementTTLcount(ipAddressSender, ipLayer.hop_limit());

code_boost/src/cxx/statistics.cpp

@@ -3,14 +3,144 @@
 #include <fstream>
 #include <vector>
 #include <math.h> 
+#include <algorithm>
 
 #include "statistics.h"
 #include <sstream>
 #include <SQLiteCpp/SQLiteCpp.h>
 #include "statistics_db.h"
 
+
+// Aidmar
+/**
+ * Get closest index for element in vector.
+ * @param v vector
+ * @param refElem element that we search for or for closest element
+ */
+int getClosestIndex(std::vector<std::chrono::microseconds> v, std::chrono::microseconds refElem)
+{
+    auto i = min_element(begin(v), end(v), [=] (std::chrono::microseconds x, std::chrono::microseconds y)
+    {
+        return std::abs((x - refElem).count()) < std::abs((y - refElem).count());
+    });
+    return std::distance(begin(v), i);
+}
+
+
+// Aidmar
+/**
+ * Calculate entropy of source and destination IPs for last time interval and write results to a ip_entropy_interval.csv file.
+ * @param intervalStartTimestamp The timstamp where the interval starts.
+ */
+
+void statistics::calculateLastIntervalIPsEntropy(std::string filePath, std::chrono::microseconds intervalStartTimestamp){
+        std::vector <int> IPsSrcPktsCounts; 
+        std::vector <int> IPsDstPktsCounts; 
+        
+        std::vector <float> IPsSrcProb; 
+        std::vector <float> IPsDstProb;
+    
+        int pktsSent = 0, pktsReceived = 0;
+        
+        for (auto i = ip_statistics.begin(); i != ip_statistics.end(); i++) {
+            int indexStartSent = getClosestIndex(i->second.pktsSentTimestamp, intervalStartTimestamp);                         
+            int IPsSrcPktsCount = i->second.pktsSentTimestamp.size() - indexStartSent;
+            IPsSrcPktsCounts.push_back(IPsSrcPktsCount);
+            pktsSent += IPsSrcPktsCount;
+            //std::cout<<"IP:"<<i->first<<", indexStartSent:"<<indexStartSent<<", value:"<<i->second.pktsSentTimestamp[indexStartSent].count()<<", IPsSrcPktsCount:"<<IPsSrcPktsCount<<", total_pktsSent:"<<pktsSent<<"\n";
+                        
+            int indexStartReceived = getClosestIndex(i->second.pktsReceivedTimestamp, intervalStartTimestamp);   
+            int IPsDstPktsCount = i->second.pktsReceivedTimestamp.size() - indexStartReceived;       
+            IPsDstPktsCounts.push_back(IPsDstPktsCount);
+            pktsReceived += IPsDstPktsCount;
+        }  
+       
+         for (auto i = IPsSrcPktsCounts.begin(); i != IPsSrcPktsCounts.end(); i++) {
+                IPsSrcProb.push_back((float)*i/pktsSent);
+                //std::cout<<"IpSrcProb:"<<(float)*i/pktsSent<<"\n";
+         }
+         for (auto i = IPsDstPktsCounts.begin(); i != IPsDstPktsCounts.end(); i++) {
+                IPsDstProb.push_back((float)*i/pktsReceived);
+                //std::cout<<"IpDstProb:"<<(float)*i/pktsReceived<<"\n";
+         }
+         
+         // Calculate IP source entropy 
+        float IPsSrcEntropy = 0;
+        for(unsigned i=0; i < IPsSrcProb.size();i++){
+            if (IPsSrcProb[i] > 0)
+                IPsSrcEntropy += - IPsSrcProb[i]*log2(IPsSrcProb[i]);
+        }
+        // Calculate IP destination entropy
+        float IPsDstEntropy = 0;
+        for(unsigned i=0; i < IPsDstProb.size();i++){
+            if (IPsDstProb[i] > 0)
+                IPsDstEntropy += - IPsDstProb[i]*log2(IPsDstProb[i]);
+        }
+        
+        // Replace pcap filename with 'filename_ip_entropy'
+        std::string new_filepath = filePath;
+        const std::string &newExt = "_ip_entropy_interval.csv";
+        std::string::size_type h = new_filepath.rfind('.', new_filepath.length());
+        if (h != std::string::npos) {
+            new_filepath.replace(h, newExt.length(), newExt);
+        } else {
+            new_filepath.append(newExt);
+        }
+    
+        // Write stats to file
+      std::ofstream file;
+      file.open (new_filepath,std::ios_base::app);
+      file << intervalStartTimestamp.count() << "," << IPsSrcEntropy << "," << IPsDstEntropy << "\n";
+      file.close();         
+}
+
+
+// Aidmar - incomplete
+/**
+ * Calculate entropy for time intervals. After finishing statistics collecting, this method goes through
+ * all stored timestamps and calculate entropy of IP source and destination. 
+ * Big time overhead!! better to calculate it on fly, while we are processing packets.
+ * @param 
+ */
+/*
+void statistics::calculateIntervalIPsEntropy(std::chrono::microseconds interval){
+        std::vector <std::string> IPsSrc; 
+        std::vector <std::string> IPsDst; 
+        std::vector <int> pkts_sent;
+        std::vector <int> pkts_received;
+        
+        std::vector <float> IPsSrcProb; 
+        std::vector <float> IPsDstProb;
+        
+    time_t t = (timestamp_lastPacket.seconds() - timestamp_firstPacket.seconds());
+    time_t ms = (timestamp_lastPacket.microseconds() - timestamp_firstPacket.microseconds());
+    
+    intervalNum = t/interval;
+    
+     for(int j=0;j<intervalNum;j++){
+        intStart = j*interval;
+        intEnd = intStart + interval;             
+        for (auto i = ip_statistics.begin(); i != ip_statistics.end(); i++) {
+            for(int x = 0; x<i->second.pktsSentTimestamp.size();x++){ // could have a prob loop on pktsSent, and inside we have pktsReceived..
+                if(i->second.pktsSentTimestamp[x]>intStart && i->second.pktsSentTimestamp[x]<intEnd){
+                     IPsSrc.push_back(i->first);   
+                }
+                if(i->second.pktsReceivedTimestamp[x]>intStart && i->second.pktsReceivedTimestamp[x]<intEnd){
+                     IPsDst.push_back(i->first);   
+                }
+            }                           
+        }        
+        //IPsSrcProb.push_back((float)i->second.pkts_sent/packetCount);
+        //IPsDstProb.push_back((float)i->second.pkts_received/packetCount);
+    }      
+}*/
+
+
 // Aidmar
-void statistics::addIPEntropy(){
+/**
+ * Calculate cumulative entropy of source and destination IPs; the entropy for packets from the beginning of the pcap file. 
+ */
+void statistics::addIPEntropy(std::string filePath){
     std::vector <std::string> IPs; 
     std::vector <float> IPsSrcProb; 
     std::vector <float> IPsDstProb;
@@ -39,63 +169,22 @@ void statistics::addIPEntropy(){
             IPsDstEntropy += - IPsDstProb[i]*log2(IPsDstProb[i]);
     }
     std::cout << packetCount << ": DstEnt: " << IPsDstEntropy << "\n";
-    
-    /*
-    // Calculate IP source tn/r anomaly score
-     float ipSrc_Mahoney_score = 0;
-    // The number of IP sources (the different values)
-    int s_r = 0;
-    for (auto i = ip_statistics.begin(); i != ip_statistics.end(); i++) {
-            if (i->second.pkts_sent > 0)
-                s_r++;
-        }
-    if(s_r > 0){
-        // The number of the total instances
-        int n = packetCount;
-        // The packet count when the last novel IP was added as a sender
-        int pktCntNvlSndr = 0;
-        for (auto i = ip_statistics.begin(); i != ip_statistics.end(); i++) {
-            if (pktCntNvlSndr < i->second.firstAppearAsSenderPktCount)
-                pktCntNvlSndr = i->second.firstAppearAsSenderPktCount;
-        }
-        // The "time" since last anomalous (novel) IP was appeared
-        int s_t = packetCount - pktCntNvlSndr + 1;
-        
-        ipSrc_Mahoney_score = (float)s_t*n/s_r;
-        
-        std::cout << s_t << ":" << n << ":" << s_r << "\n";
-        std::cout << packetCount << ": Mahoney score: " << ipSrc_Mahoney_score << "\n";
-    }
-    
-    // Calculate IP destination tn/r anomaly score
-    float ipDst_Mahoney_score = 0;
-    // The number of IP sources (the different values)
-    int d_r = 0;
-    for (auto i = ip_statistics.begin(); i != ip_statistics.end(); i++) {
-            if (i->second.pkts_received > 0)
-                d_r++;
-        }
-    if(d_r > 0){
-        // The number of the total instances
-        int n = packetCount;
-        // The packet count when the last novel IP was added as a sender
-        int pktCntNvlRcvr = 0;
-        for (auto i = ip_statistics.begin(); i != ip_statistics.end(); i++) {
-            if (pktCntNvlRcvr < i->second.firstAppearAsReceiverPktCount)
-                pktCntNvlRcvr = i->second.firstAppearAsReceiverPktCount;
-        }
-        // The "time" since last anomalous (novel) IP was appeared
-        int d_t = packetCount - pktCntNvlRcvr + 1;
-        
-        ipDst_Mahoney_score = (float)d_t*n/d_r;
-        
-        std::cout << d_t << ":" << n << ":" << d_r << "\n";
-        std::cout << packetCount << ": Anomaly score: " << ipDst_Mahoney_score << "\n";
-    }
-        */    
+       
     // Write stats to file
       std::ofstream file;
-      file.open ("ip_entropy.csv",std::ios_base::app);
+      
+     // Replace pcap filename with 'filename_ip_entropy'
+    std::string new_filepath = filePath;
+    const std::string &newExt = "_ip_entropy.csv";
+    std::string::size_type h = new_filepath.rfind('.', new_filepath.length());
+    if (h != std::string::npos) {
+        new_filepath.replace(h, newExt.length(), newExt);
+    } else {
+        new_filepath.append(newExt);
+    }
+    
+    
+      file.open (new_filepath,std::ios_base::app);
       file << packetCount << "," << IPsSrcEntropy << "," << IPsDstEntropy << "\n";
       file.close();    
 }
@@ -111,6 +200,7 @@ void statistics::addIPEntropy(){
  */
 void statistics::addFlowStat(std::string ipAddressSender,int sport,std::string ipAddressReceiver,int dport, std::chrono::microseconds timestamp){   
     
+    
     flow f1 = {ipAddressReceiver, dport, ipAddressSender, sport};
     flow f2 = {ipAddressSender, sport, ipAddressReceiver, dport};
     
@@ -122,9 +212,9 @@ void statistics::addFlowStat(std::string ipAddressSender,int sport,std::string i
             flow_statistics[f1].pkts_delay.push_back(std::chrono::duration_cast<std::chrono::microseconds> (timestamp - flow_statistics[f1].pkts_A_B_timestamp[flow_statistics[f1].pkts_A_B_timestamp.size()-1]));
         }
         
-        std::cout<<timestamp.count()<<"::"<<ipAddressReceiver<<":"<<dport<<","<<ipAddressSender<<":"<<sport<<"\n"; 
-        std::cout<<flow_statistics[f1].pkts_A_B<<"\n";
-        std::cout<<flow_statistics[f1].pkts_B_A<<"\n";
+        //std::cout<<timestamp.count()<<"::"<<ipAddressReceiver<<":"<<dport<<","<<ipAddressSender<<":"<<sport<<"\n"; 
+        //std::cout<<flow_statistics[f1].pkts_A_B<<"\n";
+        //std::cout<<flow_statistics[f1].pkts_B_A<<"\n";
     }
     else{
         flow_statistics[f2].pkts_A_B++;
@@ -132,11 +222,10 @@ void statistics::addFlowStat(std::string ipAddressSender,int sport,std::string i
          if(flow_statistics[f2].pkts_B_A_timestamp.size()>0){
             flow_statistics[f2].pkts_delay.push_back(std::chrono::duration_cast<std::chrono::microseconds> (timestamp - flow_statistics[f2].pkts_B_A_timestamp[flow_statistics[f2].pkts_B_A_timestamp.size()-1]));
         }
-        std::cout<<timestamp.count()<<"::"<<ipAddressSender<<":"<<sport<<","<<ipAddressReceiver<<":"<<dport<<"\n"; 
-        std::cout<<flow_statistics[f2].pkts_A_B<<"\n";
-        std::cout<<flow_statistics[f2].pkts_B_A<<"\n";
-    }    
-    
+        //std::cout<<timestamp.count()<<"::"<<ipAddressSender<<":"<<sport<<","<<ipAddressReceiver<<":"<<dport<<"\n"; 
+        //std::cout<<flow_statistics[f2].pkts_A_B<<"\n";
+        //std::cout<<flow_statistics[f2].pkts_B_A<<"\n";
+    }        
 }
     
     
@@ -225,7 +314,7 @@ void statistics::assignMacAddress(std::string ipAddress, std::string macAddress)
  * @param ipAddressReceiver The IP address of the packet receiver.
  * @param bytesSent The packet's size.
  */
-void statistics::addIpStat_packetSent(std::string ipAddressSender, std::string ipAddressReceiver, long bytesSent) {
+void statistics::addIpStat_packetSent(std::string filePath, std::string ipAddressSender, std::string ipAddressReceiver, long bytesSent, std::chrono::microseconds timestamp) {
     // Aidmar - Adding IP as a sender for first time
     if(ip_statistics[ipAddressSender].pkts_sent==0){  
         // Caculate Mahoney anomaly score for ip.src
@@ -233,8 +322,7 @@ void statistics::addIpStat_packetSent(std::string ipAddressSender, std::string i
         // s_r: The number of IP sources (the different values)
         // n: The number of the total instances
         // s_t: The "time" since last anomalous (novel) IP was appeared
-        int s_t = 0, n = 0, s_r = 0;
-        
+        int s_t = 0, n = 0, s_r = 0;        
         for (auto i = ip_statistics.begin(); i != ip_statistics.end(); i++) {
                 if (i->second.pkts_sent > 0)
                     s_r++;
@@ -254,16 +342,25 @@ void statistics::addIpStat_packetSent(std::string ipAddressSender, std::string i
             ipSrc_Mahoney_score = (float)s_t*n/s_r;
         }
         
+            // Replace pcap filename with 'filename_ip_entropy'
+        std::string new_filepath = filePath;
+        const std::string &newExt = "_ip_src_anomaly_score.csv";
+        std::string::size_type h = new_filepath.rfind('.', new_filepath.length());
+        if (h != std::string::npos) {
+            new_filepath.replace(h, newExt.length(), newExt);
+        } else {
+            new_filepath.append(newExt);
+        }
+        
     // Write stats to file
     std::ofstream file;
-    file.open ("ip_src_anomaly_score.csv",std::ios_base::app);
+    file.open (new_filepath,std::ios_base::app);
     file << ipAddressSender << ","<< s_t << "," << n << "," << s_r << "," << ipSrc_Mahoney_score << "\n";
-    file.close();
-    
+    file.close();    
     ip_statistics[ipAddressSender].firstAppearAsSenderPktCount = packetCount;  
-    ip_statistics[ipAddressSender].sourceAnomalyScore = ipSrc_Mahoney_score;
-    
+    ip_statistics[ipAddressSender].sourceAnomalyScore = ipSrc_Mahoney_score;    
     }
+    
     // Aidmar - Adding IP as a receiver for first time
     if(ip_statistics[ipAddressReceiver].pkts_received==0){
         // Caculate Mahoney anomaly score for ip.dst
@@ -271,8 +368,7 @@ void statistics::addIpStat_packetSent(std::string ipAddressSender, std::string i
         // s_r: The number of IP sources (the different values)
         // n: The number of the total instances
         // s_t: The "time" since last anomalous (novel) IP was appeared
-        int s_t = 0, n = 0, s_r = 0;
-        
+        int s_t = 0, n = 0, s_r = 0;        
         for (auto i = ip_statistics.begin(); i != ip_statistics.end(); i++) {
                 if (i->second.pkts_received > 0)
                     s_r++;
@@ -292,12 +388,21 @@ void statistics::addIpStat_packetSent(std::string ipAddressSender, std::string i
             ipDst_Mahoney_score = (float)s_t*n/s_r;
         }
         
+        // Replace pcap filename with 'filename_ip_entropy'
+        std::string new_filepath = filePath;
+        const std::string &newExt = "_ip_dst_anomaly_score.csv";
+        std::string::size_type h = new_filepath.rfind('.', new_filepath.length());
+        if (h != std::string::npos) {
+            new_filepath.replace(h, newExt.length(), newExt);
+        } else {
+            new_filepath.append(newExt);
+        }
+        
     // Write stats to file
     std::ofstream file;
-    file.open ("ip_dst_anomaly_score.csv",std::ios_base::app);
+    file.open (new_filepath,std::ios_base::app);
     file << ipAddressReceiver << ","<< s_t << "," << n << "," << s_r << "," << ipDst_Mahoney_score << "\n";
-    file.close();
-        
+    file.close();        
     ip_statistics[ipAddressReceiver].firstAppearAsReceiverPktCount = packetCount;
     ip_statistics[ipAddressReceiver].destinationAnomalyScore = ipDst_Mahoney_score;
     }
@@ -305,9 +410,14 @@ void statistics::addIpStat_packetSent(std::string ipAddressSender, std::string i
     // Update stats for packet sender
     ip_statistics[ipAddressSender].kbytes_sent += (float(bytesSent) / 1024);
     ip_statistics[ipAddressSender].pkts_sent++;
+    // Aidmar
+    ip_statistics[ipAddressSender].pktsSentTimestamp.push_back(timestamp);
+    
     // Update stats for packet receiver
     ip_statistics[ipAddressReceiver].kbytes_received += (float(bytesSent) / 1024);
-    ip_statistics[ipAddressReceiver].pkts_received++;        
+    ip_statistics[ipAddressReceiver].pkts_received++;  
+     // Aidmar
+    ip_statistics[ipAddressReceiver].pktsReceivedTimestamp.push_back(timestamp);
 }
 
 /**
@@ -335,6 +445,21 @@ void statistics::setTimestampLastPacket(Tins::Timestamp ts) {
     timestamp_lastPacket = ts;
 }
 
+// Aidmar
+/**
+ * Getter for the timestamp_firstPacket field.
+ */
+Tins::Timestamp statistics::getTimestampFirstPacket() {
+    return timestamp_firstPacket;
+}
+/**
+ * Getter for the timestamp_lastPacket field.
+ */
+Tins::Timestamp statistics::getTimestampLastPacket() {
+    return timestamp_lastPacket;
+}
+
+
 /**
  * Calculates the capture duration.
  * @return a formatted string HH:MM:SS.mmmmmm with

code_boost/src/cxx/statistics.h

@@ -138,11 +138,14 @@ struct entry_ipStat {
     long pkts_sent;
     float kbytes_received;
     float kbytes_sent;
-    // Aidmar - to calculate tn/r score
+    // Aidmar - to calculate Mahoney anomaly score
     long firstAppearAsSenderPktCount;
     long firstAppearAsReceiverPktCount;
     long sourceAnomalyScore;
     long destinationAnomalyScore;
+    // Aidmar- To collect statstics over time interval
+    std::vector<std::chrono::microseconds> pktsSentTimestamp;
+    std::vector<std::chrono::microseconds> pktsReceivedTimestamp;
 
     bool operator==(const entry_ipStat &other) const {
         return pkts_received == other.pkts_received
@@ -153,7 +156,9 @@ struct entry_ipStat {
                && firstAppearAsSenderPktCount == other.firstAppearAsSenderPktCount
                && firstAppearAsReceiverPktCount == other.firstAppearAsReceiverPktCount
                && sourceAnomalyScore == other.sourceAnomalyScore
-               && destinationAnomalyScore == other.destinationAnomalyScore;
+               && destinationAnomalyScore == other.destinationAnomalyScore
+               && pktsSentTimestamp == other.pktsSentTimestamp
+               && pktsReceivedTimestamp == other.pktsReceivedTimestamp;
     }
 };
 
@@ -297,9 +302,9 @@ public:
     // Adimar
     void incrementMSScount(std::string ipAddress, int mssValue);
     void incrementWinCount(std::string ipAddress, int winSize);
-    void addIPEntropy();
+    void addIPEntropy(std::string filePath);
     void addFlowStat(std::string ipAddressSender,int sport,std::string ipAddressReceiver,int dport, std::chrono::microseconds timestamp);
-    
+    void calculateLastIntervalIPsEntropy(std::string filePath, std::chrono::microseconds intervalStartTimestamp);
 
     void incrementTTLcount(std::string ipAddress, int ttlValue);
 
@@ -313,10 +318,15 @@ public:
     void setTimestampFirstPacket(Tins::Timestamp ts);
 
     void setTimestampLastPacket(Tins::Timestamp ts);
+    
+    // Aidmar
+    Tins::Timestamp getTimestampFirstPacket();
+    Tins::Timestamp getTimestampLastPacket();
 
     void assignMacAddress(std::string ipAddress, std::string macAddress);
-
-    void addIpStat_packetSent(std::string ipAddressSender, std::string ipAddressReceiver, long bytesSent);
+    
+    // Aidmar
+    void addIpStat_packetSent(std::string filePath, std::string ipAddressSender, std::string ipAddressReceiver, long bytesSent, std::chrono::microseconds timestamp);
 
     void addMSS(std::string ipAddress, int MSSvalue);
 

code_boost/src/cxx/statistics_db.cpp

@@ -310,7 +310,6 @@ void statistics_db::writeStatisticsWin(std::unordered_map<ipAddress_win, int> wi
  * @param flowStatistics The flow from class statistics.
  */
 void statistics_db::writeStatisticsFlow(std::unordered_map<flow, entry_flowStat> flowStatistics){          
-    std::cout<<"write to DB"<<"\n";
     try {
         db->exec("DROP TABLE IF EXISTS flow_statistics");
         SQLite::Transaction transaction(*db);