delete anomaly score from ip_statistics

code_boost/src/cxx/statistics_db.cpp

@@ -33,11 +33,9 @@ void statistics_db::writeStatisticsIP(std::unordered_map<std::string, entry_ipSt
                 "maxPktRate REAL,"
                 "minPktRate REAL,"
                 "ipClass TEXT, "
-                "srcAnomalyScore REAL, "
-                "dstAnomalyScore REAL, "
                 "PRIMARY KEY(ipAddress));";
         db->exec(createTable);
-        SQLite::Statement query(*db, "INSERT INTO ip_statistics VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
+        SQLite::Statement query(*db, "INSERT INTO ip_statistics VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
         for (auto it = ipStatistics.begin(); it != ipStatistics.end(); ++it) {
             entry_ipStat e = it->second;
             query.bind(1, it->first);
@@ -49,8 +47,6 @@ void statistics_db::writeStatisticsIP(std::unordered_map<std::string, entry_ipSt
             query.bind(6, e.max_pkt_rate);
             query.bind(7, e.min_pkt_rate);
             query.bind(8, e.ip_class);
-            query.bind(9, e.sourceAnomalyScore);
-            query.bind(10, e.destinationAnomalyScore);
             query.exec();
             query.reset();
         }
@@ -361,43 +357,62 @@ void statistics_db::writeStatisticsConv(std::unordered_map<conv, entry_convStat>
                 "portA INTEGER,"
                 "ipAddressB TEXT,"              
                 "portB INTEGER,"
-                "pkts_A_B INTEGER,"
-                "pkts_B_A INTEGER,"
+                "pktsCount INTEGER,"
+                "avgPktRate REAL,"
                 "avgDelay INTEGER,"
+                "standardDeviationDelay INTEGER,"
                 "minDelay INTEGER,"
                 "maxDelay INTEGER,"
                 "PRIMARY KEY(ipAddressA,portA,ipAddressB,portB));";
         db->exec(createTable);
-        SQLite::Statement query(*db, "INSERT INTO conv_statistics VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
+        SQLite::Statement query(*db, "INSERT INTO conv_statistics VALUES (?, ?, ?, ?, ?,  ?, ?, ?, ?, ?)");
 
         for (auto it = convStatistics.begin(); it != convStatistics.end(); ++it) {
             conv f = it->first;
             entry_convStat e = it->second;
-            int sumDelay = 0;
-            int minDelay = -1;
-            int maxDelay = -1;
-            for(int i=0; (unsigned)i<e.pkts_delay.size();i++){
-                sumDelay += e.pkts_delay[i].count();
-                if(maxDelay<e.pkts_delay[i].count())
-                    maxDelay = e.pkts_delay[i].count();
-                if(minDelay>e.pkts_delay[i].count()||minDelay==-1)
-                    minDelay = e.pkts_delay[i].count();
-            }
-            if(e.pkts_delay.size()>0)
-                e.avg_delay = (std::chrono::microseconds)sumDelay/e.pkts_delay.size(); // average
-            else e.avg_delay = (std::chrono::microseconds)0;
+            if (e.pkts_count > 1){
+                int sumDelay = 0;
+                int minDelay = -1;
+                int maxDelay = -1;
+                for (int i = 0; (unsigned) i < e.pkts_delay.size(); i++) {
+                    sumDelay += e.pkts_delay[i].count();
+                    if (maxDelay < e.pkts_delay[i].count())
+                        maxDelay = e.pkts_delay[i].count();
+                    if (minDelay > e.pkts_delay[i].count() || minDelay == -1)
+                        minDelay = e.pkts_delay[i].count();
+                }
+                if (e.pkts_delay.size() > 0)
+                    e.avg_delay = (std::chrono::microseconds) sumDelay / e.pkts_delay.size(); // average
+                else e.avg_delay = (std::chrono::microseconds) 0;
 
-            query.bind(1, f.ipAddressA);
-            query.bind(2, f.portA);
-            query.bind(3, f.ipAddressB);
-            query.bind(4, f.portB);
-            query.bind(5, (int) e.pkts_A_B);
-            query.bind(6, (int) e.pkts_B_A);
-            query.bind(7, (int) e.avg_delay.count());
-            query.bind(8, minDelay);
-            query.bind(9, maxDelay);
-            query.exec();
-            query.reset();
+                // Calculate the variance
+                long temp = 0;
+                for (int i = 0; (unsigned) i < e.pkts_delay.size(); i++) {
+                    long del = e.pkts_delay[i].count();
+                    long avg = e.avg_delay.count();
+                    temp += (del - avg) * (del - avg);
+                }
+                long standardDeviation = sqrt(temp / e.pkts_delay.size());
+                e.standardDeviation_delay = (std::chrono::microseconds) standardDeviation;
+
+                std::chrono::microseconds start_timesttamp = e.pkts_timestamp[0];
+                std::chrono::microseconds end_timesttamp = e.pkts_timestamp.back();
+                std::chrono::microseconds conn_duration = end_timesttamp - start_timesttamp;
+                e.avg_pkt_rate = (float) e.pkts_count * 1000000 / conn_duration.count(); // pkt per sec
+
+                query.bind(1, f.ipAddressA);
+                query.bind(2, f.portA);
+                query.bind(3, f.ipAddressB);
+                query.bind(4, f.portB);
+                query.bind(5, (int) e.pkts_count);
+                query.bind(6, (float) e.avg_pkt_rate);
+                query.bind(7, (int) e.avg_delay.count());
+                query.bind(8, (int) e.standardDeviation_delay.count());
+                query.bind(9, minDelay);
+                query.bind(10, maxDelay);
+                query.exec();
+                query.reset();
+            }
         }
         transaction.commit();
     }