Init

2023-06-18 14:03:27 +05:30
commit 3f83936e6e
21 changed files with 33255 additions and 0 deletions
--- a/pkg/common/common.go
+++ b/pkg/common/common.go
@@ -0,0 +1,122 @@
+package common
+
+import (
+	"math"
+	"time"
+)
+
+// Min or max (time.Duration datatype.)
+func MinMaxTimeDuration(array []time.Duration) (time.Duration, time.Duration) {
+	if len(array) == 0 {
+		return 0 * time.Microsecond, 0 * time.Microsecond
+	} else {
+		var max time.Duration = array[0]
+		var min time.Duration = array[0]
+
+		for j := 1; j < len(array); j++ {
+			value := array[j]
+			if max < value {
+				max = value
+			}
+			if min > value {
+				min = value
+			}
+		}
+		return min, max
+	}
+}
+
+// Sum (time.Duration datatype.)
+func SumTimeDuration(array []time.Duration) time.Duration {
+	var result time.Duration = 0 * time.Microsecond
+	for _, v := range array {
+		result += v
+	}
+
+	return result
+}
+
+// Mean (time.Duration datatype.)
+func MeanTimeDuration(array []time.Duration) time.Duration {
+	sumArr := float64(SumTimeDuration(array)/time.Microsecond) / float64(len(array))
+
+	return time.Duration(sumArr) * time.Microsecond
+}
+
+// stdDev (time.Duration datatype.)
+func StdDevTimeDuration(array []time.Duration) time.Duration {
+
+	square := float64(0)
+
+	for j := 1; j < len(array); j++ {
+		square += float64((array[j]-MeanTimeDuration(array))/time.Microsecond) * float64((array[j]-MeanTimeDuration(array))/time.Microsecond)
+	}
+
+	return time.Duration(math.Sqrt(square/float64(len(array)))) * time.Microsecond
+}
+
+// Min or max function (int datatype.)
+func MinMax(array []int) (int, int) {
+	if len(array) == 0 {
+		return 0, 0
+	} else {
+		var max int = array[0]
+		var min int = array[0]
+		for _, value := range array {
+			if max < value {
+				max = value
+			}
+			if min > value {
+				min = value
+			}
+		}
+		return min, max
+	}
+}
+
+// Sum (int datatype.)
+func Sum(array []int) int {
+	var result int = 0
+	for _, v := range array {
+		result += v
+	}
+
+	return result
+}
+
+// Mean (float64 datatype.)
+func Mean(array []int) float64 {
+	if len(array) == 0 {
+		return 0.0
+	} else {
+		sumArr := float64(Sum(array)) / float64(len(array))
+
+		return float64(sumArr)
+	}
+}
+
+// stdDev (float64 datatype.)
+func StdDev(array []int) float64 {
+	if len(array) == 0 {
+		return 0.0
+	} else {
+		square := float64(0)
+
+		for _, v := range array {
+			square += (float64(v) - Mean(array)) * (float64(v) - Mean(array))
+		}
+
+		return math.Sqrt(square / float64(len(array)))
+	}
+}
+
+// Takes a slice and looks for an element in it. If found it will
+// return it's key, otherwise it will return -1 and a bool of false.
+func IfPresentInSlice(slice []int, val int) (int, bool) {
+	for i, item := range slice {
+		if item == val {
+			return i, true
+		}
+	}
+	return -1, false
+}
--- a/pkg/common/flowFields.go
+++ b/pkg/common/flowFields.go
@@ -0,0 +1,106 @@
+package common
+
+import (
+	"time"
+
+	"github.com/deepfence/FlowMeter/pkg/constants"
+)
+
+type FlowFeatures struct {
+	SrcIP                     interface{}
+	DstIP                     interface{}
+	Protocol                  interface{}
+	SrcPort                   interface{}
+	DstPort                   interface{}
+	FlowDuration              float64
+	FlowLength                float64
+	FwdFlowLength             float64
+	BwdFlowLength             float64
+	PacketSizeTotal           float64
+	PacketSizeMean            float64
+	PacketSizeStd             float64
+	PacketSizeMin             float64
+	PacketSizeMax             float64
+	FwdPacketSizeTotal        float64
+	BwdPacketSizeTotal        float64
+	FwdPacketSizeMean         float64
+	BwdPacketSizeMean         float64
+	FwdPacketSizeStd          float64
+	BwdPacketSizeStd          float64
+	FwdPacketSizeMin          float64
+	BwdPacketSizeMin          float64
+	FwdPacketSizeMax          float64
+	BwdPacketSizeMax          float64
+	IATMean                   float64
+	IATStd                    float64
+	IATMin                    float64
+	IATMax                    float64
+	FwdIATTotal               float64
+	BwdIATTotal               float64
+	FwdIATMean                float64
+	BwdIATMean                float64
+	FwdIATStd                 float64
+	BwdIATStd                 float64
+	FwdIATMin                 float64
+	BwdIATMin                 float64
+	FwdIATMax                 float64
+	BwdIATMax                 float64
+	FlowLengthPerTime         float64
+	FwdFlowLengthPerTime      float64
+	BwdFlowLengthPerTime      float64
+	PacketSizeTotalPerTime    float64
+	FwdPacketSizeTotalPerTime float64
+	BwdPacketSizeTotalPerTime float64
+}
+
+// Create feature struct with appropriate datatypes for features.
+func FlowData(values []interface{}) FlowFeatures {
+	flow := FlowFeatures{
+		SrcIP:                     values[constants.MapKeys["srcIP"]],
+		DstIP:                     values[constants.MapKeys["dstIP"]],
+		Protocol:                  values[constants.MapKeys["protocol"]],
+		SrcPort:                   values[constants.MapKeys["srcPort"]],
+		DstPort:                   values[constants.MapKeys["dstPort"]],
+		FlowDuration:              float64(values[constants.MapKeys["flowDuration"]].(time.Duration) / time.Nanosecond),
+		FlowLength:                float64(values[constants.MapKeys["flowLength"]].(int)),
+		FwdFlowLength:             float64(values[constants.MapKeys["fwdFlowLength"]].(int)),
+		BwdFlowLength:             float64(values[constants.MapKeys["bwdFlowLength"]].(int)),
+		PacketSizeTotal:           float64(values[constants.MapKeys["packetSizeTotal"]].(int)),
+		PacketSizeMean:            values[constants.MapKeys["packetSizeMean"]].(float64),
+		PacketSizeStd:             values[constants.MapKeys["packetSizeStd"]].(float64),
+		PacketSizeMin:             float64(values[constants.MapKeys["packetSizeMin"]].(int)),
+		PacketSizeMax:             float64(values[constants.MapKeys["packetSizeMax"]].(int)),
+		FwdPacketSizeTotal:        float64(values[constants.MapKeys["fwdPacketSizeTotal"]].(int)),
+		BwdPacketSizeTotal:        float64(values[constants.MapKeys["bwdPacketSizeTotal"]].(int)),
+		FwdPacketSizeMean:         values[constants.MapKeys["fwdPacketSizeMean"]].(float64),
+		BwdPacketSizeMean:         values[constants.MapKeys["bwdPacketSizeMean"]].(float64),
+		FwdPacketSizeStd:          values[constants.MapKeys["fwdPacketSizeStd"]].(float64),
+		BwdPacketSizeStd:          values[constants.MapKeys["bwdPacketSizeStd"]].(float64),
+		FwdPacketSizeMin:          float64(values[constants.MapKeys["fwdPacketSizeMin"]].(int)),
+		BwdPacketSizeMin:          float64(values[constants.MapKeys["bwdPacketSizeMin"]].(int)),
+		FwdPacketSizeMax:          float64(values[constants.MapKeys["fwdPacketSizeMax"]].(int)),
+		BwdPacketSizeMax:          float64(values[constants.MapKeys["bwdPacketSizeMax"]].(int)),
+		IATMean:                   float64(values[constants.MapKeys["IATMean"]].(time.Duration) / time.Nanosecond),
+		IATStd:                    float64(values[constants.MapKeys["IATStd"]].(time.Duration) / time.Nanosecond),
+		IATMin:                    float64(values[constants.MapKeys["IATMin"]].(time.Duration) / time.Nanosecond),
+		IATMax:                    float64(values[constants.MapKeys["IATMax"]].(time.Duration) / time.Nanosecond),
+		FwdIATTotal:               float64(values[constants.MapKeys["fwdIATTotal"]].(time.Duration) / time.Nanosecond),
+		BwdIATTotal:               float64(values[constants.MapKeys["bwdIATTotal"]].(time.Duration) / time.Nanosecond),
+		FwdIATMean:                float64(values[constants.MapKeys["fwdIATMean"]].(time.Duration) / time.Nanosecond),
+		BwdIATMean:                float64(values[constants.MapKeys["bwdIATMean"]].(time.Duration) / time.Nanosecond),
+		FwdIATStd:                 float64(values[constants.MapKeys["fwdIATStd"]].(time.Duration) / time.Nanosecond),
+		BwdIATStd:                 float64(values[constants.MapKeys["bwdIATStd"]].(time.Duration) / time.Nanosecond),
+		FwdIATMin:                 float64(values[constants.MapKeys["fwdIATMin"]].(time.Duration) / time.Nanosecond),
+		BwdIATMin:                 float64(values[constants.MapKeys["bwdIATMin"]].(time.Duration) / time.Nanosecond),
+		FwdIATMax:                 float64(values[constants.MapKeys["fwdIATMax"]].(time.Duration) / time.Nanosecond),
+		BwdIATMax:                 float64(values[constants.MapKeys["bwdIATMax"]].(time.Duration) / time.Nanosecond),
+		FlowLengthPerTime:         float64(values[constants.MapKeys["flowLength"]].(int)) / float64(values[constants.MapKeys["flowDuration"]].(time.Duration)/time.Nanosecond),
+		FwdFlowLengthPerTime:      float64(values[constants.MapKeys["fwdFlowLength"]].(int)) / float64(values[constants.MapKeys["flowDuration"]].(time.Duration)/time.Nanosecond),
+		BwdFlowLengthPerTime:      float64(values[constants.MapKeys["bwdFlowLength"]].(int)) / float64(values[constants.MapKeys["flowDuration"]].(time.Duration)/time.Nanosecond),
+		PacketSizeTotalPerTime:    float64(values[constants.MapKeys["packetSizeTotal"]].(int)) / float64(values[constants.MapKeys["flowDuration"]].(time.Duration)/time.Nanosecond),
+		FwdPacketSizeTotalPerTime: float64(values[constants.MapKeys["fwdPacketSizeTotal"]].(int)) / float64(values[constants.MapKeys["flowDuration"]].(time.Duration)/time.Nanosecond),
+		BwdPacketSizeTotalPerTime: float64(values[constants.MapKeys["bwdPacketSizeTotal"]].(int)) / float64(values[constants.MapKeys["flowDuration"]].(time.Duration)/time.Nanosecond),
+	}
+
+	return flow
+}