Bug Fixes For Processing Existing Data

consuelita · consuelita · commit 512a903c8178 · 2018-03-23T21:36:14.000-05:00
diff --git a/AdversaryLabSwift.xcodeproj/project.xcworkspace/xcuserdata/Lita.xcuserdatad/UserInterfaceState.xcuserstate b/AdversaryLabSwift.xcodeproj/project.xcworkspace/xcuserdata/Lita.xcuserdatad/UserInterfaceState.xcuserstate
diff --git a/AdversaryLabSwift.xcodeproj/xcuserdata/Lita.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist b/AdversaryLabSwift.xcodeproj/xcuserdata/Lita.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist
@@ -21,21 +21,5 @@
             continueAfterRunningActions = "No">
          </BreakpointContent>
       </BreakpointProxy>
-      <BreakpointProxy
-         BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
-         <BreakpointContent
-            shouldBeEnabled = "No"
-            ignoreCount = "0"
-            continueAfterRunningActions = "No"
-            filePath = "AdversaryLabSwift/Features/Timing.swift"
-            timestampString = "543459914.6254441"
-            startingColumnNumber = "9223372036854775807"
-            endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "33"
-            endingLineNumber = "33"
-            landmarkName = "processTiming(forConnection:)"
-            landmarkType = "9">
-         </BreakpointContent>
-      </BreakpointProxy>
    </Breakpoints>
 </Bucket>
diff --git a/AdversaryLabSwift/Controllers/ConnectionInspector.swift b/AdversaryLabSwift/Controllers/ConnectionInspector.swift
@@ -16,7 +16,8 @@ class ConnectionInspector
         analysisQueue.async
         {
             // Allowed Connections
-            if removePackets {
+            if removePackets
+            {
                 NSLog("Analyzed packets and removing")
                 let allowedConnectionList: RList<String> = RList(key: allowedConnectionsKey)
                 while allowedConnectionList.count != 0
@@ -63,13 +64,95 @@ class ConnectionInspector
                     
                     self.analyze(connection: blockedConnection, enableSequenceAnalysis: enableSequenceAnalysis, enableTLSAnalysis: enableTLSAnalysis)
                 }
-            } else {
+            }
+            else
+            {
                 NSLog("Analyzed packets and retaining")
                 let packetsAnalyzedDictionary: RMap<String, Int> = RMap(key: packetStatsKey)
-                packetsAnalyzedDictionary[allowedPacketsAnalyzedKey]=0
-                packetsAnalyzedDictionary[blockedPacketsAnalyzedKey]=0
+                packetsAnalyzedDictionary[allowedPacketsAnalyzedKey] = 0
+                packetsAnalyzedDictionary[blockedPacketsAnalyzedKey] = 0
+                
+                // Delete all current scores
+                let incomingRequiredLengths: RSortedSet<Int> = RSortedSet(key: incomingRequiredLengthsKey)
+                incomingRequiredLengths.delete()
+                let incomingForbiddenLengths: RSortedSet<Int> = RSortedSet(key: incomingForbiddenLengthsKey)
+                incomingForbiddenLengths.delete()
+                let outgoingRequiredLengths: RSortedSet<Int> = RSortedSet(key: outgoingRequiredLengthsKey)
+                outgoingRequiredLengths.delete()
+                let outgoingForbiddenLengths: RSortedSet<Int> = RSortedSet(key: outgoingForbiddenLengthsKey)
+                outgoingForbiddenLengths.delete()
+                let allowedOutLengthsSet: RSortedSet<Int> = RSortedSet(key: allowedOutgoingLengthsKey)
+                allowedOutLengthsSet.delete()
+                let allowedInLengthsSet: RSortedSet<Int> = RSortedSet(key: allowedIncomingLengthsKey)
+                allowedInLengthsSet.delete()
+                let blockedOutLengthsSet: RSortedSet<Int> = RSortedSet(key: blockedOutgoingLengthsKey)
+                blockedOutLengthsSet.delete()
+                let blockedInLengthsSet: RSortedSet<Int> = RSortedSet(key: blockedIncomingLengthsKey)
+                blockedInLengthsSet.delete()
+                
+                let incomingRequiredSequences: RSortedSet<Data> = RSortedSet(key: incomingRequiredSequencesKey)
+                incomingRequiredSequences.delete()
+                let incomingForbiddenSequences: RSortedSet<Data> = RSortedSet(key: incomingForbiddenSequencesKey)
+                incomingForbiddenSequences.delete()
+                let outgoingRequiredSequences: RSortedSet<Data> = RSortedSet(key: outgoingRequiredSequencesKey)
+                outgoingRequiredSequences.delete()
+                let outgoingForbiddenSequences: RSortedSet<Data> = RSortedSet(key: outgoingForbiddenSequencesKey)
+                outgoingForbiddenSequences.delete()
+                let allowedInSequencesSet: RSortedSet<Data> = RSortedSet(key: allowedIncomingFloatingSequencesKey)
+                allowedInSequencesSet.delete()
+                let blockedInSequencesSet: RSortedSet<Data> = RSortedSet(key: blockedIncomingFloatingSequencesKey)
+                blockedInSequencesSet.delete()
+                let allowedOutSequencesSet: RSortedSet<Data> = RSortedSet(key: allowedOutgoingFloatingSequencesKey)
+                allowedOutSequencesSet.delete()
+                let blockedOutSequencesSet: RSortedSet<Data> = RSortedSet(key: blockedOutgoingFloatingSequencesKey)
+                blockedOutSequencesSet.delete()
+                
+                let incomingRequiredEntropy: RSortedSet<Int> = RSortedSet(key: incomingRequiredEntropyKey)
+                incomingRequiredEntropy.delete()
+                let incomingForbiddenEntropy: RSortedSet<Int> = RSortedSet(key: incomingForbiddenEntropyKey)
+                incomingForbiddenEntropy.delete()
+                let outgoingRequiredEntropy: RSortedSet<Int> = RSortedSet(key: outgoingRequiredEntropyKey)
+                outgoingRequiredEntropy.delete()
+                let outgoingForbiddenEntropy: RSortedSet<Int> = RSortedSet(key: outgoingForbiddenEntropyKey)
+                outgoingForbiddenEntropy.delete()
+                let allowedInEntropyList: RList<Double> = RList(key: allowedIncomingEntropyKey)
+                allowedInEntropyList.delete()
+                let allowedOutEntropyList: RList<Double> = RList(key: allowedOutgoingEntropyKey)
+                allowedOutEntropyList.delete()
+                let blockedInEntropyList: RList<Double> = RList(key: blockedIncomingEntropyKey)
+                blockedInEntropyList.delete()
+                let blockedOutEntropyList: RList<Double> = RList(key: blockedOutgoingEntropyKey)
+                blockedOutEntropyList.delete()
+                let allowedInEntropyBinsRSet: RSortedSet<Int> = RSortedSet(key: allowedIncomingEntropyBinsKey)
+                allowedInEntropyBinsRSet.delete()
+                let allowedOutEntropyBinsRSet: RSortedSet<Int> = RSortedSet(key: allowedOutgoingEntropyBinsKey)
+                allowedOutEntropyBinsRSet.delete()
+                let blockedInEntropyBinsRSet: RSortedSet<Int> = RSortedSet(key: blockedIncomingEntropyBinsKey)
+                blockedInEntropyBinsRSet.delete()
+                let blockedOutEntropyBinsRSet: RSortedSet<Int> = RSortedSet(key: blockedOutgoingEntropyBinsKey)
+                blockedOutEntropyBinsRSet.delete()
+                
+                let requiredTimeDiff: RSortedSet<Int> = RSortedSet(key: requiredTimeDiffKey)
+                requiredTimeDiff.delete()
+                let forbiddenTimeDiff: RSortedSet<Int> = RSortedSet(key: forbiddenTimeDiffKey)
+                forbiddenTimeDiff.delete()
+                let allowedTimeDifferenceList: RList<Double> = RList(key: allowedConnectionsTimeDiffKey)
+                allowedTimeDifferenceList.delete()
+                let blockedTimeDifferenceList: RList<Double> = RList(key: blockedConnectionsTimeDiffKey)
+                blockedTimeDifferenceList.delete()
+                let allowedTimeDifferenceBinsRSet: RSortedSet<Int> = RSortedSet(key: allowedConnectionsTimeDiffBinsKey)
+                allowedTimeDifferenceBinsRSet.delete()
+                let blockedTimeDifferenceBinsRSet: RSortedSet<Int> = RSortedSet(key: blockedConnectionsTimeDiffBinsKey)
+                blockedTimeDifferenceBinsRSet.delete()
+                
+                let allowedTlsCommonNames: RSortedSet<String> = RSortedSet(key: allowedTlsCommonNameKey)
+                allowedTlsCommonNames.delete()
+                let blockedTlsCommonNames: RSortedSet<String> = RSortedSet(key: blockedTlsCommonNameKey)
+                blockedTlsCommonNames.delete()
+                
                 NotificationCenter.default.post(name: .updateStats, object: nil)
 
+                // Allowed Connections
                 let allowedConnectionList: RList<String> = RList(key: allowedConnectionsKey)
                 print("Analyzing allowed connections \(allowedConnectionList.count)")
                 for index in 0..<allowedConnectionList.count
@@ -99,7 +182,7 @@ class ConnectionInspector
                 print("Analyzing blocked connections \(blockedConnectionList.count)")
                 for index in 0..<blockedConnectionList.count
                 {
-                    print("Analyzing a blocked connection async. \(index)/\(allowedConnectionList.count)")
+                    print("Analyzing a blocked connection async. \(index)/\(blockedConnectionList.count)")
                     // Get the first connection ID from the list
                     guard let blockedConnectionID = blockedConnectionList[index]
                         else
diff --git a/AdversaryLabSwift/Features/Entropy.swift b/AdversaryLabSwift/Features/Entropy.swift
@@ -108,7 +108,7 @@ func scoreEntropy(allowedEntropyKey: String, allowedEntropyBinsKey: String, bloc
     /// A is the sorted set of Entropy for the Allowed traffic
     let allowedEntropyList: RList<Double> = RList(key: allowedEntropyKey)
     let allowedEntropyBinsRSet: RSortedSet<Int> = RSortedSet(key: allowedEntropyBinsKey)
-    //let allowedEntropySet = newDoubletSet(from: [allowedEntropyRSet])
+    
     //Sort into bins
     for entropyIndex in 0 ..< allowedEntropyList.count
     {
@@ -139,7 +139,7 @@ func scoreEntropy(allowedEntropyKey: String, allowedEntropyBinsKey: String, bloc
     /// B is the sorted set of Entropy for the Blocked traffic
     let blockedEntropyList: RList<Double> = RList(key: blockedEntropyKey)
     let blockedEntropyBinsRSet: RSortedSet<Int> = RSortedSet(key: blockedEntropyBinsKey)
-    //let blockedEntropySet = newDoubletSet(from: [blockedEntropyRSet])
+    
     //Sort into bins
     for entropyIndex in 0 ..< blockedEntropyList.count
     {
diff --git a/AdversaryLabSwift/ViewController.swift b/AdversaryLabSwift/ViewController.swift
@@ -172,25 +172,25 @@ class ViewController: NSViewController
             let packetStatsDict: RMap<String, Int> = RMap(key: packetStatsKey)
             
             // Allowed Packets Seen
-            if let allowedPacketsSeenValue: Int = packetStatsDict[allowedPacketsSeenKey], allowedPacketsSeenValue != 0
+            if let allowedPacketsSeenValue: Int = packetStatsDict[allowedPacketsSeenKey]
             {
                 self.allowedPacketsSeen = "\(allowedPacketsSeenValue)"
             }
             
             // Allowed Packets Analyzed
-            if let allowedPacketsAnalyzedValue: Int = packetStatsDict[allowedPacketsAnalyzedKey], allowedPacketsAnalyzedValue != 0
+            if let allowedPacketsAnalyzedValue: Int = packetStatsDict[allowedPacketsAnalyzedKey]
             {
                 self.allowedPacketsAnalyzed = "\(allowedPacketsAnalyzedValue)"
             }
             
             // Blocked Packets Seen
-            if let blockedPacketsSeenValue: Int = packetStatsDict[blockedPacketsSeenKey], blockedPacketsSeenValue != 0
+            if let blockedPacketsSeenValue: Int = packetStatsDict[blockedPacketsSeenKey]
             {
                 self.blockedPacketsSeen = "\(blockedPacketsSeenValue)"
             }
             
             // Blocked Packets Analyzed
-            if let blockedPacketsAnalyzedValue: Int = packetStatsDict[blockedPacketsAnalyzedKey], blockedPacketsAnalyzedValue != 0
+            if let blockedPacketsAnalyzedValue: Int = packetStatsDict[blockedPacketsAnalyzedKey]
             {
                 self.blockedPacketsAnalyzed = "\(blockedPacketsAnalyzedValue)"
             }
@@ -204,13 +204,23 @@ class ViewController: NSViewController
                 self.requiredTiming = "\(rtMember) ms"
                 self.requiredTimeAcc = "\(rtScore)"
             }
+            else
+            {
+                self.requiredTiming = "--"
+                self.requiredTimeAcc = "--"
+            }
             
             let forbiddenTimingSet: RSortedSet<Int> = RSortedSet(key: forbiddenTimeDiffKey)
             if let (ftMember, ftScore) = forbiddenTimingSet.last
             {
                 self.forbiddenTiming = "\(ftMember) ms"
                 self.forbiddenTimingAcc = "\(ftScore)"
             }
+            else
+            {
+                self.forbiddenTiming = "--"
+                self.forbiddenTimingAcc = "--"
+            }
             
             // TLS Common Names
             
@@ -220,13 +230,23 @@ class ViewController: NSViewController
                 self.requiredTLSName = rTLSMember
                 self.requiredTLSNameAcc = "\(rTLSScore)"
             }
+            else
+            {
+                self.requiredTLSName = "--"
+                self.requiredTLSNameAcc = "--"
+            }
             
             let forbiddenTLSNamesSet: RSortedSet<String> = RSortedSet(key: blockedTlsCommonNameKey)
             if let (fTLSMember, fTLSScore) = forbiddenTLSNamesSet.last
             {
                 self.forbiddenTLSName = fTLSMember
                 self.forbiddenTLSNameAcc = "\(fTLSScore)"
             }
+            else
+            {
+                self.forbiddenTLSName = "--"
+                self.forbiddenTLSNameAcc = "--"
+            }
             
             // Lengths
             let requiredOutLengthSet: RSortedSet<Int> = RSortedSet(key: outgoingRequiredLengthsKey)
@@ -235,27 +255,47 @@ class ViewController: NSViewController
                 self.requiredOutLength = "\(rolMember)"
                 self.requiredOutLengthAcc = "\(rolScore)"
             }
+            else
+            {
+                self.requiredOutLength = "--"
+                self.requiredOutLengthAcc = "--"
+            }
             
             let forbiddenOutLengthSet: RSortedSet<Int> = RSortedSet(key: outgoingForbiddenLengthsKey)
             if let (folMember, folScore) = forbiddenOutLengthSet.last
             {
                 self.forbiddenOutLength = "\(folMember)"
                 self.forbiddenOutLengthAcc = "\(folScore)"
             }
+            else
+            {
+                self.forbiddenOutLength = "--"
+                self.forbiddenOutLengthAcc = "--"
+            }
             
             let requiredInLengthSet: RSortedSet<Int> = RSortedSet(key: incomingRequiredLengthsKey)
             if let (rilMember, rilScore) = requiredInLengthSet.last
             {
                 self.requiredInLength = "\(rilMember)"
                 self.requiredInLengthAcc = "\(rilScore)"
             }
+            else
+            {
+                self.requiredInLength = "--"
+                self.requiredInLengthAcc = "--"
+            }
             
             let forbiddenInLengthSet: RSortedSet<Int> = RSortedSet(key: incomingForbiddenLengthsKey)
             if let (filMember, filScore) = forbiddenInLengthSet.last
             {
                 self.forbiddenInLength = "\(filMember)"
                 self.forbiddenInLengthAcc = "\(filScore)"
             }
+            else
+            {
+                self.forbiddenInLength = "--"
+                self.forbiddenInLengthAcc = "--"
+            }
             
             // Entropy
             let requiredOutEntropySet: RSortedSet<Int> = RSortedSet(key: outgoingRequiredEntropyKey)
@@ -264,27 +304,47 @@ class ViewController: NSViewController
                 self.requiredOutEntropy = "\(roeMember)"
                 self.requiredOutEntropyAcc = "\(roeScore)"
             }
+            else
+            {
+                self.requiredOutEntropy = "--"
+                self.requiredOutEntropyAcc = "--"
+            }
             
             let forbiddenOutEntropySet: RSortedSet<Int> = RSortedSet(key: outgoingForbiddenEntropyKey)
             if let (foeMember, foeScore) = forbiddenOutEntropySet.last
             {
                 self.forbiddenOutEntropy = "\(foeMember)"
                 self.forbiddenOutEntropyAcc = "\(foeScore)"
             }
+            else
+            {
+                self.forbiddenOutEntropy = "--"
+                self.forbiddenOutEntropyAcc = "--"
+            }
             
             let requiredInEntropySet: RSortedSet<Int> = RSortedSet(key: incomingRequiredEntropyKey)
             if let (rieMember, rieScore) = requiredInEntropySet.last
             {
                 self.requiredInEntropy = "\(rieMember)"
                 self.requiredInEntropyAcc = "\(rieScore)"
             }
+            else
+            {
+                self.requiredInEntropy = "--"
+                self.requiredInEntropyAcc = "--"
+            }
             
             let forbiddenInEntropySet: RSortedSet<Int> = RSortedSet(key: incomingForbiddenEntropyKey)
             if let (fieMember, fieScore) = forbiddenInEntropySet.last
             {
                 self.forbiddenInEntropy = "\(fieMember)"
                 self.forbiddenInEntropyAcc = "\(fieScore)"
             }
+            else
+            {
+                self.forbiddenInEntropy = "--"
+                self.forbiddenInEntropyAcc = "--"
+            }
             
             // Subsequences
             let requiredOutSequenceSet: RSortedSet<Data> = RSortedSet(key: outgoingRequiredSequencesKey)
@@ -294,6 +354,12 @@ class ViewController: NSViewController
                 self.requiredOutSequenceCount = "\(rosMember)"
                 self.requiredOutSequenceAcc = "\(rosScore)"
             }
+            else
+            {
+                self.requiredOutSequence = "--"
+                self.requiredOutSequenceCount = "--"
+                self.requiredOutSequenceAcc = "--"
+            }
             
             let forbiddenOutSequenceSet: RSortedSet<Data> = RSortedSet(key: outgoingForbiddenSequencesKey)
             if let (fosMember, fosScore) = forbiddenOutSequenceSet.last
@@ -302,6 +368,12 @@ class ViewController: NSViewController
                 self.forbiddenOutSequenceCount = "\(fosMember)"
                 self.forbiddenOutSequenceAcc = "\(fosScore)"
             }
+            else
+            {
+                self.forbiddenOutSequence = "--"
+                self.forbiddenOutSequenceCount = "--"
+                self.forbiddenOutSequenceAcc = "--"
+            }
             
             let requiredInSequenceSet: RSortedSet<Data> = RSortedSet(key: incomingRequiredSequencesKey)
             if let (risMemeber, risScore) = requiredInSequenceSet.last
@@ -310,6 +382,12 @@ class ViewController: NSViewController
                 self.requiredInSequenceCount = "\(risMemeber)"
                 self.requiredInSequenceAcc = "\(risScore)"
             }
+            else
+            {
+                self.requiredInSequence = "--"
+                self.requiredInSequenceCount = "--"
+                self.requiredInSequenceAcc = "--"
+            }
             
             let forbiddenInSequenceSet: RSortedSet<Data> = RSortedSet(key: incomingForbiddenSequencesKey)
             if let (fisMember, fisScore) = forbiddenInSequenceSet.last
@@ -318,6 +396,12 @@ class ViewController: NSViewController
                 self.forbiddenInSequenceCount = "\(fisMember)"
                 self.forbiddenInSequenceAcc = "\(fisScore)"
             }
+            else
+            {
+                self.forbiddenInSequence = "--"
+                self.forbiddenInSequenceCount = "--"
+                self.forbiddenInSequenceAcc = "--"
+            }
             
         }
     }
