|
|
@@ -28,7 +28,7 @@ class Sample:
|
|
|
def set_activity_thresholds(lower_bound: float, upper_bound: float,
|
|
|
lookback: float):
|
|
|
assert(lower_bound < upper_bound)
|
|
|
- assert(0 < lower_bound)
|
|
|
+ assert(lookback <= lower_bound)
|
|
|
assert(0 < lookback)
|
|
|
Sample.high_act_threshold = upper_bound
|
|
|
Sample.low_act_threshold = lower_bound
|
|
|
@@ -90,32 +90,41 @@ class Sample:
|
|
|
}
|
|
|
|
|
|
def __count_activity_stats(arr):
|
|
|
- (time_spent, iat) = Sample.__get_time_spent(arr)
|
|
|
+ (time_spent, iat, burst_count) = Sample.__get_time_spent(arr)
|
|
|
return {
|
|
|
"total_packets": len(arr),
|
|
|
"time_spent": time_spent,
|
|
|
- "average_iat": iat
|
|
|
+ "average_iat": iat,
|
|
|
+ "burst_count": burst_count,
|
|
|
+ "avg_burst_size": burst_count/len(arr)
|
|
|
}
|
|
|
|
|
|
def __is_continuous(p1, p2):
|
|
|
return int(p1.index) + 1 == int(p2.index)
|
|
|
|
|
|
+ def __time_since_last_packet(p):
|
|
|
+ return Sample.__packet_time(p) - min(p.delta, Sample.lookback)
|
|
|
+
|
|
|
def __get_time_spent(arr):
|
|
|
if not arr:
|
|
|
return (0.0, 0.0)
|
|
|
else:
|
|
|
time_spent = 0.0
|
|
|
p_in_seg = 0
|
|
|
- start = Sample.__packet_time(arr[0]) - min(arr[0].delta, Sample.lookback)
|
|
|
+ burst_count = 1
|
|
|
+ start = Sample.__time_since_last_packet(arr[0])
|
|
|
for prev, cur in window(arr):
|
|
|
if not Sample.__is_continuous(prev, cur):
|
|
|
time_spent += Sample.__packet_time(prev) - start
|
|
|
- start = Sample.__packet_time(cur) - min(cur.delta, Sample.lookback)
|
|
|
+ start = Sample.__time_since_last_packet(cur)
|
|
|
+ burst_count += 1
|
|
|
else:
|
|
|
# Helps deal with "Lone Wolf" packets
|
|
|
p_in_seg += 1
|
|
|
time_spent += Sample.__packet_time(arr[-1]) - start
|
|
|
- return (time_spent, p_in_seg / time_spent if time_spent != 0 else 0)
|
|
|
+ return (time_spent,
|
|
|
+ p_in_seg / time_spent if time_spent != 0 else 0,
|
|
|
+ burst_count)
|
|
|
|
|
|
def __extract_time_stats(self, pcap):
|
|
|
start = Sample.__packet_time(pcap[0])
|
Thomas Flucke