diff --git a/.bumpversion.cfg b/.bumpversion.cfg
deleted file mode 100644
index cb8dd72..0000000
--- a/.bumpversion.cfg
+++ /dev/null
@@ -1,6 +0,0 @@
-[bumpversion]
-current_version = 0.2.9
-commit = True
-tag = True
-
-[bumpversion:file:setup.py]
\ No newline at end of file
diff --git a/CITATION.cff b/CITATION.cff
deleted file mode 100644
index 34a5c3a..0000000
--- a/CITATION.cff
+++ /dev/null
@@ -1,13 +0,0 @@
-cff-version: 1.1.0
-message: "If you use this software, please cite it as below."
-authors:
- - family-names: Machmeier
- given-names: Stefan
- orcid: "https://orcid.org/0000-0002-7028-1755"
- - family-names: Heuveline
- given-names: Vincent
- orcid: "https://orcid.org/0000-0002-2217-7558"
-title: "heiFIP: A network traffic image converter"
-doi: "10.5281/zenodo.8348868"
-version: v1.1.1
-date-released: 2023-09-15
\ No newline at end of file
diff --git a/LICENSE b/LICENSE
deleted file mode 100644
index 6d8cea4..0000000
--- a/LICENSE
+++ /dev/null
@@ -1,190 +0,0 @@
-EUROPEAN UNION PUBLIC LICENCE v. 1.2
-EUPL © the European Union 2007, 2016
-
-This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined below) which is provided under the
-terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such
-use is covered by a right of the copyright holder of the Work).
-The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following
-notice immediately following the copyright notice for the Work:
- Licensed under the EUPL
-or has expressed by any other means his willingness to license under the EUPL.
-
-1.Definitions
-In this Licence, the following terms have the following meaning:
-— ‘The Licence’:this Licence.
-— ‘The Original Work’:the work or software distributed or communicated by the Licensor under this Licence, available
-as Source Code and also as Executable Code as the case may be.
-— ‘Derivative Works’:the works or software that could be created by the Licensee, based upon the Original Work or
-modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work
-required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in
-the country mentioned in Article 15.
-— ‘The Work’:the Original Work or its Derivative Works.
-— ‘The Source Code’:the human-readable form of the Work which is the most convenient for people to study and
-modify.
-— ‘The Executable Code’:any code which has generally been compiled and which is meant to be interpreted by
-a computer as a program.
-— ‘The Licensor’:the natural or legal person that distributes or communicates the Work under the Licence.
-— ‘Contributor(s)’:any natural or legal person who modifies the Work under the Licence, or otherwise contributes to
-the creation of a Derivative Work.
-— ‘The Licensee’ or ‘You’:any natural or legal person who makes any usage of the Work under the terms of the
-Licence.
-— ‘Distribution’ or ‘Communication’:any act of selling, giving, lending, renting, distributing, communicating,
-transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential
-functionalities at the disposal of any other natural or legal person.
-
-2.Scope of the rights granted by the Licence
-The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for
-the duration of copyright vested in the Original Work:
-— use the Work in any circumstance and for all usage,
-— reproduce the Work,
-— modify the Work, and make Derivative Works based upon the Work,
-— communicate to the public, including the right to make available or display the Work or copies thereof to the public
-and perform publicly, as the case may be, the Work,
-— distribute the Work or copies thereof,
-— lend and rent the Work or copies thereof,
-— sublicense rights in the Work or copies thereof.
-Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the
-applicable law permits so.
-In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed
-by law in order to make effective the licence of the economic rights here above listed.
-The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the
-extent necessary to make use of the rights granted on the Work under this Licence.
-
-3.Communication of the Source Code
-The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as
-Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with
-each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to
-the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to
-distribute or communicate the Work.
-
-4.Limitations on copyright
-Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the
-exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations
-thereto.
-
-5.Obligations of the Licensee
-The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those
-obligations are the following:
-
-Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to
-the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the
-Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work
-to carry prominent notices stating that the Work has been modified and the date of modification.
-
-Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this
-Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless
-the Original Work is expressly distributed only under this version of the Licence — for example by communicating
-‘EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the
-Work or Derivative Work that alter or restrict the terms of the Licence.
-
-Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both
-the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done
-under the terms of this Compatible Licence. For the sake of this clause, ‘Compatible Licence’ refers to the licences listed
-in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with
-his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail.
-
-Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide
-a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available
-for as long as the Licensee continues to distribute or communicate the Work.
-Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names
-of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
-reproducing the content of the copyright notice.
-
-6.Chain of Authorship
-The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or
-licensed to him/her and that he/she has the power and authority to grant the Licence.
-Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or
-licensed to him/her and that he/she has the power and authority to grant the Licence.
-Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions
-to the Work, under the terms of this Licence.
-
-7.Disclaimer of Warranty
-The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work
-and may therefore contain defects or ‘bugs’ inherent to this type of development.
-For the above reason, the Work is provided under the Licence on an ‘as is’ basis and without warranties of any kind
-concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or
-errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this
-Licence.
-This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work.
-
-8.Disclaimer of Liability
-Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be
-liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the
-Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss
-of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However,
-the Licensor will be liable under statutory product liability laws as far such laws apply to the Work.
-
-9.Additional agreements
-While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services
-consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole
-responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify,
-defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by
-the fact You have accepted any warranty or additional liability.
-
-10.Acceptance of the Licence
-The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ placed under the bottom of a window
-displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of
-applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms
-and conditions.
-Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You
-by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution
-or Communication by You of the Work or copies thereof.
-
-11.Information to the public
-In case of any Distribution or Communication of the Work by means of electronic communication by You (for example,
-by offering to download the Work from a remote location) the distribution channel or media (for example, a website)
-must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence
-and the way it may be accessible, concluded, stored and reproduced by the Licensee.
-
-12.Termination of the Licence
-The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms
-of the Licence.
-Such a termination will not terminate the licences of any person who has received the Work from the Licensee under
-the Licence, provided such persons remain in full compliance with the Licence.
-
-13.Miscellaneous
-Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the
-Work.
-If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or
-enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid
-and enforceable.
-The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of
-the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence.
-New versions of the Licence will be published with a unique version number.
-All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take
-advantage of the linguistic version of their choice.
-
-14.Jurisdiction
-Without prejudice to specific agreement between parties,
-— any litigation resulting from the interpretation of this License, arising between the European Union institutions,
-bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice
-of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union,
-— any litigation arising between other parties and resulting from the interpretation of this License, will be subject to
-the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business.
-
-15.Applicable Law
-Without prejudice to specific agreement between parties,
-— this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat,
-resides or has his registered office,
-— this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside
-a European Union Member State.
-
-
- Appendix
-
-‘Compatible Licences’ according to Article 5 EUPL are:
-— GNU General Public License (GPL) v. 2, v. 3
-— GNU Affero General Public License (AGPL) v. 3
-— Open Software License (OSL) v. 2.1, v. 3.0
-— Eclipse Public License (EPL) v. 1.0
-— CeCILL v. 2.0, v. 2.1
-— Mozilla Public Licence (MPL) v. 2
-— GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
-— Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software
-— European Union Public Licence (EUPL) v. 1.1, v. 1.2
-— Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+).
-
-The European Commission may update this Appendix to later versions of the above licences without producing
-a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the
-covered Source Code from exclusive appropriation.
-All other changes or additions to this Appendix require the production of a new EUPL version.
diff --git a/README.md b/README.md
index 4d4ce4a..187f4fd 100644
--- a/README.md
+++ b/README.md
@@ -1,222 +1,117 @@
-
-
-
---------------------------------------------------------------------------------
-
-**heiFIP** stands for Heidelberg Flow Image Processor.
-It is a tool designed to extract essential parts of packets and convert them into images for deep learning purposes.
-heiFIP supports different formats and orientations.
-Currently, we only support **offline** network data analysis.
-However, we plan to adapt our library to support **online** network data too to enable live-probing of models.
-
-
-
- | Live Notebook |
-
-
- 
-
- |
-
-
- | Latest Release |
-
-
- 
-
- |
-
-
-
- | Supported Versions |
-
-
- 
-
-
- 
-
- |
-
-
- | Project License |
-
-
- 
-
- |
-
-
- | Citation |
-
-
- 
-
- |
-
-
- | Continuous Integration |
-
-
- 
-
-
- 
-
-
- 
-
- |
-
-
-
-## Table of Contents
-
-- [**Main Features**](#main-features)
-- [**Motivation**](#motivation)
-- [**Examples**](#examples)
-- [**Getting Started**](#getting-started)
- - [**Building from source**](#building-from-source)
-- [**Citation**](#citation)
- - [**Credits**](#credits)
- - [**Authors**](#authors)
-- [**License**](#license)
-
-## Motivation
-
-The idea to create heiFIP came from working with Deep Learning approaches to classify malware traffic on images. Many papers use image representation of network traffic, but reproducing their results was quite cumbersome. As a result, we found that there is currently no official library that supports reproducible images of network traffic. For this reason, we developed heiFIP to easily create images of network traffic and reproduce ML/DL results. Researchers can use this library as a baseline for their work to enable other researchers to easily recreate their findings.
-
-## Main Features
-
-- **Different Images**: Currently, we support plain packet to byte representation, and flow to byte representation with one channel each. An image is created with same width and height for a quadratic representation.
- - **Flow Images** converts a set of packets into an image. It supports the following modifications:
- - **Max images dimension** allows you to specify the maximum image dimension. If the packet is larger than the specified size, it will cut the remaining pixel.
- - **Min image dimesion** allows you to specify the minimum image dimension. If the packet is smaller than the specified size, it fills the remaining pixel with 0.
- - **Remove duplicates** allows you to automatically remove same traffic.
- - **Append** each flow to each other or write each packet to a new row.
- - **Tiled** each flow is tiled into a square image representation.
- - **Min packets per flow** allows you to specify the minimum number of packets per flow. If the total number of packets is too small, no image will be created.
- - **Max packets per flow** allows you to specify the maximum number of packets per flow. If the total number of packets is too great, the remaining images are discarded.
- - **Packet Image** converts a single packet into an image.
- - **Markov Transition Matrix Image**: converts a packet or a flow into a Markov representation.
-- **Header** processing allows you to customize header fields of different protocols. It aims to remove biasing fields. For more details look into [header.py](https://github.com/stefanDeveloper/heiFIP/blob/main/heifip/plugins/header.py)
-- **Remove Payload** options allows you to only work on header data.
-- **Fast and flexible**: We rely on [Scapy](https://github.com/secdev/scapy) for our sniffing and header processing. Image preparation is based on raw bytes.
-- **Machine learning orientation**: heiFIP aims to make Deep Learning approaches using network data as images reproducible and deployable. Using heiFIP as a common framework enables researches to test and verify their models.
-
-## Examples
-
-| Image Type | Description | Example |
-|------------|-------------|---------|
-| Packet | Converts a single packet into a square image. Size depends on the total length |  |
-| Flow | Converts a flow packet into a square image |  |
-| Markov Transition Matrix Packet | Converts a packet into a Markov Transition Matrix. Size is fixed to 16x16. |  |
-| Markov Transition Matrix Flow | Converts a flow into a Markov Transition Matrix. It squares the image based on the number of packets |  |
-
-## Getting Started
-
-Install our package using PyPi
-
-```sh
-pip install heifip
-```
-Now, you can use the integrate CLI:
+# heiFIPCpp
-```sh
-> fip
-Usage: fip [OPTIONS] COMMAND [ARGS]...
+**Flow & Packet Imaging and Matrix Extraction from PCAP**
-Options:
- --version Show the version and exit.
- -h, --help Show this message and exit.
+A C++ command‑line tool to process network capture files (PCAP), generate various image representations (packet‑level, flow‑level, tiled, Markov transition matrices), and save outputs for further analysis or machine learning.
-Commands:
- extract
-```
+---
-To extract images from PCAPs, we currently split the command into flow and packet:
-
-```sh
-> fip extract
-Starting FlowImageProcessor CLI
-Usage: fip extract [OPTIONS] COMMAND [ARGS]...
-
-Options:
- -h, --help Show this message and exit.
-
-Commands:
- flow
- packet
-
-# Show help information
-> fip extract [flow/packet]-h
-Starting FlowImageProcessor CLI
-Usage: fip extract flow [OPTIONS]
-
-Options:
- -w, --write PATH Destination file path, stores result [required]
- -r, --read PATH [required]
- -t, --threads INTEGER Number of parallel threads that can be used
- [default: 4]
- --preprocess [NONE|HEADER] Applies a preprocessing to the input data: none:
- No preprocessing payload: Only payload data is
- used header: Preprocesses headers
- (DNS,HTTP,IP,IPv6,TCP,UDP supported) to remove
- some biasing data [default: NONE]
- --min_im_dim INTEGER Minimum dim ouput images need to have, 0=No
- minimum dim [default: 0]
- --max_im_dim INTEGER Maximum dim ouput images can have, 0=No maximum
- dim [default: 0]
- --remove_duplicates Within a single output folder belonging to a
- single input folder no duplicate images will be
- produced if two inputs lead to the same image
- --min_packets INTEGER Minimum packets that a FlowImage needs to have,
- 0=No minimum packets per flow [default: 0]
- --max_packets INTEGER Minimum packets that a FlowImage needs to have,
- 0=No minimum packets per flow [default: 0]
- --append
- --tiled
- --width INTEGER [default: 128]
- -h, --help Show this message and exit.
-
-> fip extract flow -r /PATH/PCAPs -w /PATH/IMAGES
-```
+## Features
-Import FIPExtractor to run it inside your program:
+* **Packet Imaging**: Convert individual packets into grayscale images.
+* **Flow Imaging**: Aggregate flows into images, with fixed or auto‑tiled layouts.
+* **Markov Transition Matrices**: Compute byte‑level transition matrices at packet or flow granularity.
+* **Custom Preprocessing**: Strip or transform headers before imaging.
+* **Multi‑threaded**: Parallel processing across multiple CPU cores.
+* **Extensible Architecture**: Add new image types or preprocessing pipelines via C++ classes.
-```python
-extractor = FIPExtractor()
-img = extractor.create_image('./test/pcaps/dns/dns-binds.pcap')
-extractor.save_image(img, './test/pcaps/dns/dns-binds.pcap')
-```
+---
-### Building from source
+## Requirements
-Simply run:
+* **C++ Compiler**: GCC ≥ 9.0, Clang ≥ 10, or MSVC 2019 with C++17 support.
+* **CMake**: Version ≥ 3.15
+* **PcapPlusPlus**: Installed system‑wide or built locally. ([https://github.com/seladb/PcapPlusPlus](https://github.com/seladb/PcapPlusPlus))
+* **OpenSSL**: For MD5 hashing (libcrypto).
+* **pthread**: POSIX threads (Linux/macOS). Windows users require linking against `-lws2_32` and `-lIPHLPAPI`.
-```
-pip install .
-```
+Optional:
-### Publications that use heiFIP
+* **getopt\_long**: For CLI parsing (provided by libc on Linux/macOS). Windows may need `getopt` replacement.
-- [A Generalizable Approach for Network Flow Image Representation for Deep Learning] - CSNet 23
-- [Explainable artificial intelligence for improving a session-based malware traffic classification with deep learning] - SSCI 23
+---
+## Building
-## Credits
+```bash
+# Clone this repo
+git clone https://github.com/yourusername/heiFIPCpp.git
+cd heiFIPCpp
-[NFStream](https://github.com/nfstream/nfstream) for the inspiration of the `README.md` and workflow testing.
+# Create build directory
+mkdir build && cd build
-### Authors
+# Configure (point at PcapPlusPlus if not in default locations)
+cmake .. \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DCMAKE_PREFIX_PATH=/opt/PcapPlusPlus
-The following people contributed to heiFIP:
+# Compile
+make -j$(nproc)
-- [Stefan Machmeier](https://github.com/stefanDeveloper): Creator
-- [Manuel Trageser](https://github.com/maxi99manuel99): Header extraction and customization.
+# The executable 'heiFIPCpp' will be produced in build/
+```
+
+---
+
+## Usage
+
+```bash
+./heiFIPCpp \
+ --input /path/to/capture.pcap \
+ --output /path/to/outdir \
+ --threads 4 \
+ --processor HEADER \
+ --mode FlowImageTiledAuto \
+ --dim 16 \
+ --apppend \
+ --fill 0 \
+ --min-dim 10 \
+ --max-dim 2000 \
+ --min-pkts 10 \
+ --max-pkts 100 \
+ --remove-dup
+```
+
+### Options
+|-------------------- | -------------------------------------------------------------- |
+| Flag | Description |
+| ------------------- | -------------------------------------------------------------- |
+| `-i`, `--input` | Input PCAP file path |
+| `-o`, `--output` | Output directory |
+| `-t`, `--threads` | Number of worker threads (default: 1) |
+| `-p`, `--processor` | Preprocessing: `NONE` or `HEADER` |
+| `-m`, `--mode` | Image type: `PacketImage`, `FlowImage`, `FlowImageTiledFixed`, |
+| | `FlowImageTiledAuto`, `MarkovTransitionMatrixFlow`, |
+| | `MarkovTransitionMatrixPacket` |
+| `--dim` | Base dimension for image (e.g. width/height in pixels) |
+| `--fill` | Fill or padding value (0–255) |
+| `--cols` | Number of columns (for tiled/fixed or Markov flow) |
+| `--auto-dim` | Enable auto‑dimension selection (bool) |
+| `--append` | Enable auto‑dimension selection (bool) |
+| `--min-dim` | Minimum allowed image dimension |
+| `--max-dim` | Maximum allowed image dimension |
+| `--min-pkts` | Minimum packets per flow (for tiled/flow modes) |
+| `--max-pkts` | Maximum packets per flow |
+| `--remove-dup` | Remove duplicate flows/packets by hash |
+| `-h`, `--help` | Show this help message |
+| ___________________ | ______________________________________________________________ |
+
+## Extending
+
+To add a new image type:
+
+1. Define a new `ImageArgs` struct in `extractor.cpp`.
+2. Extend the `ImageType` enum.
+3. Implement the conversion in `PacketProcessor::createImageFromPacket()`.
+4. Update the CLI `--mode` parser to include your new type.
+
+---
## License
-This project is licensed under the EUPL-1.2 [**License**](license) - see the License file for details
+This project is licensed under the EUPL-1.2 License - see the License file for details
+
+---
-[license]: https://github.com/stefanDeveloper/heiFIP/blob/main/LICENSE
\ No newline at end of file
+*Happy packet‑to‑image transformations!*
diff --git a/assets/heiFIP.svg b/assets/heiFIP.svg
deleted file mode 100644
index 49ae99d..0000000
--- a/assets/heiFIP.svg
+++ /dev/null
@@ -1,81 +0,0 @@
-
-
-
-
diff --git a/assets/heiFIP_logo.png b/assets/heiFIP_logo.png
deleted file mode 100644
index 4b4495a..0000000
Binary files a/assets/heiFIP_logo.png and /dev/null differ
diff --git a/assets/heiFIP_logo.svg b/assets/heiFIP_logo.svg
deleted file mode 100644
index 2700e66..0000000
--- a/assets/heiFIP_logo.svg
+++ /dev/null
@@ -1,81 +0,0 @@
-
-
-
-
diff --git a/examples/flow-tiled.png b/examples/flow-tiled.png
deleted file mode 100644
index 8eacaf5..0000000
Binary files a/examples/flow-tiled.png and /dev/null differ
diff --git a/examples/markov-flow.png b/examples/markov-flow.png
deleted file mode 100644
index f6d4667..0000000
Binary files a/examples/markov-flow.png and /dev/null differ
diff --git a/examples/markov-packet.png b/examples/markov-packet.png
deleted file mode 100644
index 63f6c67..0000000
Binary files a/examples/markov-packet.png and /dev/null differ
diff --git a/examples/packet.png b/examples/packet.png
deleted file mode 100644
index d08f7b5..0000000
Binary files a/examples/packet.png and /dev/null differ
diff --git a/heiFIP/CMakeLists.txt b/heiFIP/CMakeLists.txt
new file mode 100644
index 0000000..e0e6073
--- /dev/null
+++ b/heiFIP/CMakeLists.txt
@@ -0,0 +1,56 @@
+cmake_minimum_required(VERSION 3.10)
+project(heiFIP)
+
+set(CMAKE_CXX_STANDARD 17)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+
+include_directories(/usr/local/include)
+
+set(CMAKE_BUILD_TYPE Debug)
+set(CMAKE_CXX_FLAGS_DEBUG "-g")
+set(CMAKE_C_FLAGS_DEBUG "-g")
+
+add_compile_options(-Wno-deprecated-declarations)
+
+if (EXISTS "/opt/homebrew")
+ set(HOMEBREW_PREFIX "/opt/homebrew") # Apple Silicon
+else()
+ set(HOMEBREW_PREFIX "/usr/local") # Intel
+endif()
+
+link_directories(${HOMEBREW_PREFIX}/lib ${OPENSSL_LIBRARIES})
+link_directories(/usr/local/lib)
+include_directories(${CMAKE_SOURCE_DIR}/assets)
+include_directories(${CMAKE_SOURCE_DIR}/plugins)
+include_directories(${CMAKE_SOURCE_DIR}/images)
+include_directories(${CMAKE_SOURCE_DIR}/layers)
+include_directories(
+ ${HOMEBREW_PREFIX}/include
+ ${HOMEBREW_PREFIX}/include/pcapplusplus
+ ${OPENSSL_INCLUDE_DIR}
+)
+
+set(OPENSSL_ROOT_DIR "${HOMEBREW_PREFIX}/opt/openssl")
+set(OPENSSL_INCLUDE_DIR "${OPENSSL_ROOT_DIR}/include")
+set(OPENSSL_LIBRARIES "${OPENSSL_ROOT_DIR}/lib")
+
+add_library(heiFIBPacketImage STATIC assets/heiFIBPacketImage.cpp)
+target_include_directories(heiFIBPacketImage PUBLIC ${CMAKE_SOURCE_DIR})
+
+find_package(OpenSSL REQUIRED)
+
+find_package(OpenCV REQUIRED
+ COMPONENTS core imgcodecs
+)
+
+add_executable(heiFIP cli.cpp)
+
+target_include_directories(heiFIP PRIVATE ${OpenCV_INCLUDE_DIRS})
+target_link_libraries(heiFIP
+ Pcap++
+ Packet++
+ Common++
+ pcap
+ ${OPENSSL_LIBRARIES}
+ ${OpenCV_LIBS}
+)
\ No newline at end of file
diff --git a/heiFIP/assets/PcapHeaders.h b/heiFIP/assets/PcapHeaders.h
new file mode 100644
index 0000000..be510ce
--- /dev/null
+++ b/heiFIP/assets/PcapHeaders.h
@@ -0,0 +1,22 @@
+#pragma once
+
+#include
+
+// PCAP Global Header Structure (24 bytes)
+struct PcapGlobalHeader {
+ uint32_t magic_number; // File format identifier
+ uint16_t version_major; // Major version number
+ uint16_t version_minor; // Minor version number
+ int32_t thiszone; // Time zone offset
+ uint32_t sigfigs; // Timestamp accuracy
+ uint32_t snaplen; // Max packet size
+ uint32_t network; // Data link type
+};
+
+// PCAP Packet Header Structure (16 bytes)
+struct PcapPacketHeader {
+ uint32_t ts_sec; // Timestamp seconds
+ uint32_t ts_usec; // Timestamp microseconds
+ uint32_t caplen; // Captured packet length
+ uint32_t len; // Original packet length
+};
\ No newline at end of file
diff --git a/heiFIP/assets/heiFIBPacketImage.cpp b/heiFIP/assets/heiFIBPacketImage.cpp
new file mode 100644
index 0000000..a0deb47
--- /dev/null
+++ b/heiFIP/assets/heiFIBPacketImage.cpp
@@ -0,0 +1,136 @@
+#pragma once
+
+#include
+#include "PcapHeaders.h"
+#include
+#include
+#include
+#include
+#include
+
+class heiFIBPacketImage {
+ public:
+ heiFIBPacketImage(std::vector data, uint32_t cap_length) : _data(data), _cap_length(cap_length) {}
+
+ heiFIBPacketImage(std::vector data) : _data(data) {
+ PcapPacketHeader packetHeader;
+ _cap_length = packetHeader.caplen;
+ }
+
+ heiFIBPacketImage(std::vector data, int dim, int fill, bool auto_dim) : _data(data) {
+ PcapPacketHeader packetHeader;
+ _cap_length = packetHeader.caplen;
+ std::pair>, std::vector>> result = heiFIBPacketImage::get_matrix_tiled(fill, dim, auto_dim);
+ heiFIBPacketImage::matrix = result.first;
+ heiFIBPacketImage::binaries = result.second;
+ }
+
+ ~heiFIBPacketImage() {}
+
+ void printHexData() const {
+ std::cout << std::dec << "Packet has size" << " (Size: " << get_cap_length() << " bytes):\n";
+ for (size_t i = 0; i < _data.size(); i++) {
+ std::cout << std::hex << std::setw(2) << std::setfill('0') << static_cast(_data[i]) << " ";
+ }
+ std::cout << std::endl;
+ }
+
+ std::vector getHexData() const {
+ std::vector hexData;
+ size_t packetSize = _data.size();
+ for (size_t i = 0; i < packetSize; ++i) {
+ hexData.push_back(static_cast(_data[i]));
+ }
+ return hexData;
+ }
+
+ std::vector bit_array() const {
+
+ // Use copy of packet to avoid modification
+ std::vector data;
+ // Push each byte individually into the vector
+ for (uint8_t bit: _data) {
+ data.push_back(static_cast(bit));
+ }
+ std::string bytes_as_bits;
+ for (unsigned char byte : data) {
+ bytes_as_bits += std::bitset<8>(byte).to_string();
+ }
+
+ std::vector transition;
+ for (size_t i = 0; i < bytes_as_bits.length(); i += 4) {
+ transition.push_back(std::stoi(bytes_as_bits.substr(i, 4), nullptr, 2));
+ }
+ return transition;
+ }
+
+ std::pair>, std::vector>> get_matrix_tiled(int fill, int dim, bool auto_dim) {
+ std::vector> binaries;
+
+ std::vector hexData = (*this).getHexData();
+ binaries.push_back(hexData);
+
+ size_t length = 0;
+ for (const std::vector& b : binaries) {
+ length = std::max(length, b.size());
+ }
+
+ if (auto_dim) {
+ dim = static_cast(std::ceil(std::sqrt(length)));
+ }
+
+ int total = dim * dim;
+ std::vector flat;
+ flat.reserve(total);
+
+ // 1) Flatten the double-vector
+ for (const auto& row : binaries) {
+ flat.insert(flat.end(), row.begin(), row.end());
+ }
+
+ // 2) Pad with `fill` if too short
+ if (flat.size() < total) {
+ flat.insert(flat.end(), total - flat.size(), fill);
+ }
+ // 3) Or truncate if too long
+ else if (flat.size() > total) {
+ flat.resize(total);
+ }
+
+ // 4) Reshape into dim × dim
+ std::vector> result(dim, std::vector(dim));
+ for (size_t idx = 0; idx < total; ++idx) {
+ size_t i = idx / dim;
+ size_t j = idx % dim;
+ result[i][j] = flat[idx];
+ }
+
+ return {result, binaries};
+ }
+
+ std::vector get_data() const {
+ return _data;
+ }
+
+ void set_data(std::vector data) {
+ _data = data;
+ }
+
+ uint32_t get_cap_length() const {
+ return _cap_length;
+ }
+
+ void set_cap_length(uint32_t cap_length) {
+ _cap_length = cap_length;
+ }
+
+ std::vector>& get_matrix() {
+ return matrix;
+ }
+
+ private:
+ std::vector _data;
+ uint32_t _cap_length;
+ std::vector> binaries;
+ std::vector> matrix;
+};
\ No newline at end of file
diff --git a/heiFIP/assets/packetHelper.cpp b/heiFIP/assets/packetHelper.cpp
new file mode 100644
index 0000000..2ed6cb4
--- /dev/null
+++ b/heiFIP/assets/packetHelper.cpp
@@ -0,0 +1,32 @@
+#pragma once
+
+#include
+#include "heiFIBPacketImage.cpp"
+
+std::vector> read_pcap(const std::string& filename) {
+ std::ifstream file(filename, std::ios::binary);
+ std::vector> packets;
+ if (!file.is_open()) {
+ std::cerr << "Error: Could not open file " << filename << std::endl;
+ return packets;
+ }
+
+ PcapGlobalHeader globalHeader;
+ file.read(reinterpret_cast(&globalHeader), sizeof(globalHeader));
+
+ while (file.peek() != EOF) {
+ PcapPacketHeader packetHeader;
+ file.read(reinterpret_cast(&packetHeader), sizeof(packetHeader));
+
+ if (file.eof()) break;
+
+ std::vector packet_data(packetHeader.caplen);
+ file.read(reinterpret_cast(packet_data.data()), packetHeader.caplen);
+
+
+ heiFIBPacketImage packet = heiFIBPacketImage(packet_data, packetHeader.caplen );
+ packets.push_back(std::make_shared(packet));
+ }
+ file.close();
+ return packets;
+}
\ No newline at end of file
diff --git a/heiFIP/cli.cpp b/heiFIP/cli.cpp
new file mode 100644
index 0000000..c498a30
--- /dev/null
+++ b/heiFIP/cli.cpp
@@ -0,0 +1,153 @@
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "extractor.cpp"
+#include "runner.cpp"
+
+void print_usage(const char* progName) {
+ std::cout << "Usage: " << progName << " [options]\n"
+ << " -i, --input FILE input pcap file path\n"
+ << " -o, --output DIR output directory\n"
+ << " -t, --threads N number of threads (default 1)\n"
+ << " -p, --processor TYPE preprocessing type: NONE or HEADER\n"
+ << " -m, --mode MODE image type: FlowImage, FlowImageTiledFixed, FlowImageTiledAuto, MarkovTransitionMatrixFlow, MarkovTransitionMatrixPacket, PacketImage\n"
+ << " --dim N dimension (size_t)\n"
+ << " --fill N fill value (size_t)\n"
+ << " --cols N number of columns (size_t)\n"
+ << " --auto-dim auto-dimension flag (bool)\n"
+ << " --append append mode image (bool)\n"
+ << " --max-dim M minimum dimension (size_t)\n"
+ << " --max-dim N maximum dimension (size_t)\n"
+ << " --min-pkts N minimum packets per flow (size_t)\n"
+ << " --max-pkts N maximum packets per flow (size_t)\n"
+ << " --remove-dup remove duplicate flows/packets\n"
+ << " -h, --help display this help and exit\n";
+}
+
+int main(int argc, char* argv[]) {
+ std::string input_file;
+ std::string output_dir;
+ int thread_count = 1;
+ PacketProcessorType proc_type = PacketProcessorType::NONE;
+ ImageType img_type = ImageType::PacketImage;
+ size_t dim = 0;
+ size_t fill = 0;
+ size_t cols = 0;
+ bool auto_dim = false;
+ bool append = false;
+ size_t min_dim = 0;
+ size_t max_dim = 0;
+ size_t min_pkts = 0;
+ size_t max_pkts = 0;
+ bool remove_dup = false;
+
+ static struct option long_opts[] = {
+ {"input", required_argument, 0, 'i'},
+ {"output", required_argument, 0, 'o'},
+ {"threads", required_argument, 0, 't'},
+ {"processor", required_argument, 0, 'p'},
+ {"mode", required_argument, 0, 'm'},
+ {"dim", required_argument, 0, 0 },
+ {"fill", required_argument, 0, 0 },
+ {"cols", required_argument, 0, 0 },
+ {"auto-dim", no_argument, 0, 0 },
+ {"append", no_argument, 0, 0 },
+ {"min-dim", required_argument, 0, 0 },
+ {"max-dim", required_argument, 0, 0 },
+ {"min-pkts", required_argument, 0, 0 },
+ {"max-pkts", required_argument, 0, 0 },
+ {"remove-dup", no_argument, 0, 0 },
+ {"help", no_argument, 0, 'h'},
+ {0,0,0,0}
+ };
+
+ int opt;
+ int long_index = 0;
+ while ((opt = getopt_long(argc, argv, "i:o:t:p:m:h", long_opts, &long_index)) != -1) {
+ switch (opt) {
+ case 'i': input_file = optarg; break;
+ case 'o': output_dir = optarg; break;
+ case 't': thread_count = std::stoi(optarg); break;
+ case 'p':
+ if (std::string(optarg) == "NONE") proc_type = PacketProcessorType::NONE;
+ else if (std::string(optarg) == "HEADER") proc_type = PacketProcessorType::HEADER;
+ else { std::cerr << "Unknown processor type\n"; return 1; }
+ break;
+ case 'm':
+ if (std::string(optarg) == "PacketImage") img_type = ImageType::PacketImage;
+ else if (std::string(optarg) == "FlowImage") img_type = ImageType::FlowImage;
+ else if (std::string(optarg) == "FlowImageTiledFixed") img_type = ImageType::FlowImageTiledFixed;
+ else if (std::string(optarg) == "FlowImageTiledAuto") img_type = ImageType::FlowImageTiledAuto;
+ else if (std::string(optarg) == "MarkovFlow") img_type = ImageType::MarkovTransitionMatrixFlow;
+ else if (std::string(optarg) == "MarkovPacket") img_type = ImageType::MarkovTransitionMatrixPacket;
+ else { std::cerr << "Unknown mode\n"; return 1; }
+ break;
+ case 0:
+ if (strcmp(long_opts[long_index].name, "dim") == 0) dim = std::stoi(optarg);
+ else if (strcmp(long_opts[long_index].name, "fill") == 0) fill = std::stoi(optarg);
+ else if (strcmp(long_opts[long_index].name, "cols") == 0) cols = std::stoi(optarg);
+ else if (strcmp(long_opts[long_index].name, "auto-dim") == 0) auto_dim = true;
+ else if (strcmp(long_opts[long_index].name, "max-dim") == 0) max_dim = std::stoi(optarg);
+ else if (strcmp(long_opts[long_index].name, "min-pkts") == 0) min_pkts = std::stoi(optarg);
+ else if (strcmp(long_opts[long_index].name, "max-pkts") == 0) max_pkts = std::stoi(optarg);
+ else if (strcmp(long_opts[long_index].name, "remove-dup") == 0) remove_dup = true;
+ break;
+ case 'h': print_usage(argv[0]); return 0;
+ default: print_usage(argv[0]); return 1;
+ }
+ }
+
+ if (input_file.empty() || output_dir.empty()) {
+ print_usage(argv[0]);
+ return 1;
+ }
+
+ std::atomic pbar{0};
+ Runner runner(thread_count);
+
+ ImageArgsVariant args;
+ switch (img_type) {
+ case ImageType::FlowImage:
+ args = FlowImageArgs{dim, append, fill};
+ break;
+ case ImageType::FlowImageTiledFixed:
+ args = FlowImageTiledFixedArgs{dim, fill, cols};
+ break;
+ case ImageType::FlowImageTiledAuto:
+ args = FlowImageTiledAutoArgs{dim, fill, auto_dim};
+ break;
+ case ImageType::MarkovTransitionMatrixFlow:
+ args = MarkovTransitionMatrixFlowArgs{cols};
+ break;
+ case ImageType::MarkovTransitionMatrixPacket:
+ args = MarkovTransitionMatrixPacketArgs{};
+ break;
+ case ImageType::PacketImage:
+ args = PacketImageArgs{dim, auto_dim, fill};
+ break;
+ }
+
+ runner.create_image(
+ input_file,
+ output_dir,
+ args,
+ pbar,
+ proc_type,
+ img_type,
+ dim,
+ max_dim,
+ min_pkts,
+ max_pkts,
+ remove_dup
+ );
+
+ std::cout << "Progress: " << pbar.load() << std::endl;
+ return 0;
+}
diff --git a/heiFIP/extractor.cpp b/heiFIP/extractor.cpp
new file mode 100644
index 0000000..7dc5db1
--- /dev/null
+++ b/heiFIP/extractor.cpp
@@ -0,0 +1,341 @@
+#pragma once
+
+#include "init.cpp"
+#include "NetworkTrafficImage.hpp"
+#include "flow.cpp"
+#include "flow_tiled_auto.cpp"
+#include "flow_tiled_fixed.cpp"
+#include "markov_chain.cpp"
+#include "heiFIBPacketImage.cpp"
+#include
+#include
+#include
+#include
+
+struct FlowImageArgs {
+ size_t dim;
+ bool append;
+ size_t fill;
+};
+
+struct FlowImageTiledFixedArgs {
+ size_t dim;
+ size_t fill;
+ size_t cols;
+};
+
+struct FlowImageTiledAutoArgs {
+ size_t dim;
+ size_t fill;
+ bool auto_dim;
+};
+
+struct PacketImageArgs {
+ size_t dim;
+ bool auto_dim;
+ size_t fill;
+};
+
+struct MarkovTransitionMatrixFlowArgs {
+ size_t cols;
+};
+
+struct MarkovTransitionMatrixPacketArgs {
+};
+
+using ImageArgsVariant = std::variant<
+ std::monostate,
+ FlowImageArgs,
+ FlowImageTiledFixedArgs,
+ FlowImageTiledAutoArgs,
+ PacketImageArgs,
+ MarkovTransitionMatrixFlowArgs,
+ MarkovTransitionMatrixPacketArgs
+>;
+
+using UInt8Matrix = std::vector>>;
+using DoubleMatrix = std::vector>>;
+
+using MatrixVariant = std::variant;
+
+enum class ImageType {
+ FlowImage,
+ FlowImageTiledFixed,
+ FlowImageTiledAuto,
+ PacketImage,
+ MarkovTransitionMatrixFlow,
+ MarkovTransitionMatrixPacket
+};
+
+/**
+ * FIPExtractor orchestrates packet processing and image generation.
+ */
+class FIPExtractor {
+ public:
+ /**
+ * Verify generated image dimensions and optional duplicate removal.
+ * ImgType must provide getHeight(), getWidth(), data(), dataSize().
+ */
+ template
+ bool verify(const ImgType& image, size_t minImageDim, size_t maxImageDim, bool removeDuplicates) {
+ size_t height = image.size();
+ size_t width = image[0].size();
+ if (height < minImageDim || width < minImageDim)
+ return false;
+ if (maxImageDim != 0 && (height > maxImageDim || width > maxImageDim))
+ return false;
+ // if (removeDuplicates) {
+ // std::string raw(reinterpret_cast(image.data()), image.dataSize());
+ // if (imagesCreatedSet.count(raw))
+ // return false;
+ // imagesCreatedSet.insert(raw);
+ // }
+ return true;
+ }
+ public:
+ FIPExtractor()
+ : processor() {}
+
+ MatrixVariant createImageFromFile(
+ const std::string& input_file,
+ const ImageArgsVariant& args,
+ PacketProcessorType preprocessing_type = PacketProcessorType::NONE,
+ ImageType image_type = ImageType::PacketImage,
+ int min_image_dim = 0,
+ int max_image_dim = 0,
+ int min_packets_per_flow = 0,
+ int max_packets_per_flow = 0,
+ bool remove_duplicates = false
+ ) {
+ if (!std::filesystem::exists(input_file)) {
+ throw std::runtime_error("Input file does not exist");
+ }
+
+ std::vector> processed_packets = processor.readPacketsFile(input_file, preprocessing_type);
+ return createMatrix(
+ processed_packets,
+ preprocessing_type,
+ image_type,
+ min_image_dim,
+ max_image_dim,
+ min_packets_per_flow,
+ max_packets_per_flow,
+ remove_duplicates,
+ args
+ );
+ }
+
+ MatrixVariant createImageFromPacket(
+ const std::vector>& packets,
+ const ImageArgsVariant& args,
+ PacketProcessorType preprocessing_type = PacketProcessorType::NONE,
+ ImageType image_type = ImageType::PacketImage,
+ size_t min_image_dim = 0,
+ size_t max_image_dim = 0,
+ size_t min_packets_per_flow = 0,
+ size_t max_packets_per_flow = 0,
+ bool remove_duplicates = false
+ ) {
+
+ // Process packets using the PacketProcessor
+ std::vector> processed_packets = processor.readPacketsList(packets, preprocessing_type);
+ // Create images using the __create_matrix method
+ return createMatrix(
+ processed_packets,
+ preprocessing_type,
+ image_type,
+ min_image_dim,
+ max_image_dim,
+ min_packets_per_flow,
+ max_packets_per_flow,
+ remove_duplicates,
+ args
+ );
+ }
+
+ /**
+ * Create image matrices from FIPPacket flows or packets.
+ * Template on ImgType: one of FlowImage, FlowImageTiledFixed, FlowImageTiledAuto,
+ * PacketImage, MarkovTransitionMatrixFlow, MarkovTransitionMatrixPacket.
+ */
+ // Instead of a single variadic template, provide overloads for each image type
+ // FlowImage: takes packets and a flow-specific parameter, e.g., time window
+ MatrixVariant createMatrix(
+ std::vector>& packets,
+ PacketProcessorType preprocessing_type,
+ ImageType image_type,
+ size_t min_image_dim,
+ size_t max_image_dim,
+ size_t min_packets_per_flow,
+ size_t max_packets_per_flow,
+ bool remove_duplicates,
+ const ImageArgsVariant& args
+ ) {
+ if (std::holds_alternative(args)) {
+ throw std::runtime_error("Image arguments not initialized.");
+ }
+
+ if (max_packets_per_flow && packets.size() > static_cast(max_packets_per_flow)) {
+ packets.resize(max_packets_per_flow);
+ }
+
+ std::vector packets_copy;
+ for (const std::unique_ptr& packet: packets) {
+ const uint8_t* packetData = packet->getRawPacket()->getRawData();
+ size_t packetLen = packet->getRawPacket()->getRawDataLen();
+ std::vector rawData;
+ for (size_t i = 0; i < packetLen; ++i) {
+ rawData.push_back(packetData[i]); // Add each element to the vector
+ }
+ packets_copy.push_back(heiFIBPacketImage(rawData));
+ }
+
+ switch (image_type) {
+ case ImageType::FlowImage: {
+ if (packets.size() < static_cast(min_packets_per_flow)) {
+ return {};
+ }
+
+ UInt8Matrix images;
+ auto actualArgs = std::get(args);
+ FlowImage image(packets_copy, actualArgs.dim, actualArgs.fill, actualArgs.append);
+ if (verify(image.get_matrix(), min_image_dim, max_image_dim, remove_duplicates)) {
+ images.push_back(image.get_matrix());
+ }
+ return images;
+ }
+
+ case ImageType::FlowImageTiledFixed: {
+ if (packets.size() < static_cast(min_packets_per_flow)) {
+ return {};
+ }
+
+ UInt8Matrix images;
+ auto actualArgs = std::get(args);
+ FlowImageTiledFixed image(packets_copy, actualArgs.dim, actualArgs.fill, actualArgs.cols);
+
+ if (verify(image.get_matrix(), min_image_dim, max_image_dim, remove_duplicates)) {
+ images.push_back(image.get_matrix());
+ }
+ return images;
+ }
+
+ case ImageType::FlowImageTiledAuto: {
+ if (packets.size() < static_cast(min_packets_per_flow)) {
+ return {};
+ }
+
+ UInt8Matrix images;
+ auto actualArgs = std::get(args);
+ FlowImageTiledAuto image(packets_copy, actualArgs.dim, actualArgs.fill, actualArgs.auto_dim);
+
+ if (verify(image.get_matrix(), min_image_dim, max_image_dim, remove_duplicates)) {
+ images.push_back(image.get_matrix());
+ }
+ return images;
+ }
+
+ case ImageType::PacketImage: {
+
+ auto actualArgs = std::get(args);
+ std::vector>> images;
+
+ for (const std::unique_ptr& pkt : packets) {
+ const uint8_t* packetData = pkt->getRawPacket()->getRawData();
+ int packetLen = pkt->getRawPacket()->getRawDataLen();
+ std::vector rawData;
+
+ for (size_t i = 0; i < packetLen; ++i) {
+ rawData.push_back(packetData[i]); // Add each element to the vector
+ }
+
+ heiFIBPacketImage image = heiFIBPacketImage(rawData, actualArgs.dim, actualArgs.fill, actualArgs.auto_dim);
+ std::vector> matrix = image.get_matrix();
+ if (verify(matrix, min_image_dim, max_image_dim, remove_duplicates))
+ images.push_back(matrix);
+ }
+ return images;
+ }
+
+ case ImageType::MarkovTransitionMatrixFlow: {
+
+ if (packets.size() < static_cast(min_packets_per_flow)) {
+ return {};
+ }
+
+ DoubleMatrix images;
+ auto actualArgs = std::get(args);
+ MarkovTransitionMatrixFlow image(packets_copy, actualArgs.cols);
+
+ if (verify(image.get_matrix(), min_image_dim, max_image_dim, remove_duplicates)) {
+ images.push_back(image.get_matrix());
+ }
+ return images;
+ }
+
+ case ImageType::MarkovTransitionMatrixPacket: {
+
+ auto actualArgs = std::get(args);
+ std::vector>>images;
+ const uint8_t* packetData;
+ std::vector rawData;
+ int packetLen;
+
+ for (const std::unique_ptr& pkt : packets) {
+ packetData = pkt->getRawPacket()->getRawData();
+ packetLen = pkt->getRawPacket()->getRawDataLen();
+ for (size_t i = 0; i < packetLen; ++i) {
+ rawData.push_back(packetData[i]); // Add each element to the vector
+ }
+ heiFIBPacketImage rawImage = heiFIBPacketImage(rawData);
+ MarkovTransitionMatrixPacket image = MarkovTransitionMatrixPacket(rawImage);
+ std::vector> matrix = image.get_matrix();
+ if (verify(matrix, min_image_dim, max_image_dim, remove_duplicates))
+ images.push_back(matrix);
+ }
+ return images;
+ }
+
+ default:
+ throw std::runtime_error("Wrong Parameter passed");
+ }
+
+ return {}; // Empty
+ }
+
+ void save_image(const MatrixVariant& img_variant, const std::string& output_path_base) {
+ std::visit([&](const auto& img) {
+ if (img.empty() || img[0].empty() || img[0][0].empty()) {
+ std::cerr << "Empty image, cannot save." << std::endl;
+ return;
+ }
+
+ // Expecting shape: [1][height][width]
+ const auto& grayscale_image = img[0]; // Only the first 2D slice
+
+ int height = static_cast(grayscale_image.size());
+ int width = static_cast(grayscale_image[0].size());
+
+ cv::Mat mat(height, width, CV_8UC1);
+
+ for (size_t i = 0; i < height; ++i) {
+ uint8_t* row_ptr = mat.ptr(i);
+ for (size_t j = 0; j < width; ++j) {
+ if constexpr (std::is_same_v, UInt8Matrix>) {
+ row_ptr[j] = grayscale_image[i][j];
+ } else {
+ double v = grayscale_image[i][j] * 255.0;
+ row_ptr[j] = static_cast(std::clamp(v, 0.0, 255.0));
+ }
+ }
+ }
+
+ std::filesystem::path outp(output_path_base + "_processed.png");
+ std::filesystem::create_directories(outp.parent_path());
+ cv::imwrite(outp.string(), mat);
+ }, img_variant);
+ }
+
+ private:
+ PacketProcessor processor;
+};
\ No newline at end of file
diff --git a/tests/pcaps/rdp/rdpeudp2-handshake-success.pcap b/heiFIP/images/.DS_Store
similarity index 55%
rename from tests/pcaps/rdp/rdpeudp2-handshake-success.pcap
rename to heiFIP/images/.DS_Store
index 76bcd4a..0677ee3 100644
Binary files a/tests/pcaps/rdp/rdpeudp2-handshake-success.pcap and b/heiFIP/images/.DS_Store differ
diff --git a/heiFIP/images/NetworkTrafficImage.hpp b/heiFIP/images/NetworkTrafficImage.hpp
new file mode 100644
index 0000000..662413d
--- /dev/null
+++ b/heiFIP/images/NetworkTrafficImage.hpp
@@ -0,0 +1,10 @@
+#pragma once
+
+class NetworkTrafficImage {
+ private:
+ int _fill;
+ int _dim;
+
+ public:
+ NetworkTrafficImage(int fill = 0, int dim = 8) : _fill(fill), _dim(dim) {};
+};
\ No newline at end of file
diff --git a/heiFIP/images/flow.cpp b/heiFIP/images/flow.cpp
new file mode 100644
index 0000000..09760b9
--- /dev/null
+++ b/heiFIP/images/flow.cpp
@@ -0,0 +1,73 @@
+#include "NetworkTrafficImage.hpp"
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include "heiFIBPacketImage.cpp"
+#include "packetHelper.cpp"
+
+class FlowImage : public NetworkTrafficImage {
+public:
+ FlowImage(std::vector packets, int dim = 16, int fill = 0, bool append = false)
+ : NetworkTrafficImage(fill, dim), packets(packets), append(append) {
+ auto result = getMatrix(dim, append, fill, packets);
+ matrix = result.first;
+ binaries = result.second;
+ }
+
+ std::vector>& get_binaries() {
+ return binaries;
+ }
+
+ std::vector>& get_matrix() {
+ return matrix;
+ }
+
+private:
+ std::vector packets;
+ bool append;
+ std::vector> matrix;
+ std::vector> binaries;
+
+ std::pair>, std::vector>> getMatrix(int dim, bool append, int fill, const std::vector& packets) {
+ std::vector> binaries;
+
+ for (heiFIBPacketImage packet : packets) {
+ std::vector hexData = packet.getHexData();
+ binaries.push_back(hexData);
+ }
+
+ std::vector fh;
+ if (append) {
+ for (const auto& binary : binaries) {
+ fh.insert(fh.end(), binary.begin(), binary.end());
+ }
+ int rn = fh.size() / dim + (fh.size() % dim > 0);
+ fh.resize(rn * dim, static_cast(0));
+ std::vector> reshaped(rn, std::vector(dim));
+ for (int i = 0; i < rn; ++i) {
+ std::copy(fh.begin() + i * dim, fh.begin() + (i + 1) * dim, reshaped[i].begin());
+ }
+ return {reshaped, binaries};
+ } else {
+ size_t length = 0;
+ for (const auto& binary : binaries) {
+ length = std::max(length, binary.size());
+ }
+ std::vector> reshaped;
+ for (const auto& binary : binaries) {
+ std::vector row = binary;
+ row.resize(length, static_cast(fill));
+ reshaped.push_back(row);
+ }
+ return {reshaped, binaries};
+ }
+ }
+};
\ No newline at end of file
diff --git a/heiFIP/images/flow_tiled_auto.cpp b/heiFIP/images/flow_tiled_auto.cpp
new file mode 100644
index 0000000..74f9e19
--- /dev/null
+++ b/heiFIP/images/flow_tiled_auto.cpp
@@ -0,0 +1,124 @@
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include "heiFIBPacketImage.cpp"
+#include "packetHelper.cpp"
+#include "NetworkTrafficImage.hpp"
+
+class FlowImageTiledAuto : public NetworkTrafficImage {
+
+public:
+ FlowImageTiledAuto(const std::vector& packets, int dim = 16, int fill = 0, bool auto_dim = false)
+ : NetworkTrafficImage(fill, dim), packets(packets), auto_dim(auto_dim) {
+ std::pair>, std::vector>> result = get_matrix_tiled(fill, dim, auto_dim, packets);
+ matrix = result.first;
+ binaries = result.second; }
+
+ std::vector>& get_matrix() {
+ return matrix;
+ }
+
+ std::vector>& get_binaries() {
+ return binaries;
+ }
+private:
+ std::vector packets;
+ bool auto_dim;
+ std::vector> matrix;
+ std::vector> binaries;
+
+ std::pair>, std::vector>> get_matrix_tiled(int fill, int dim, bool auto_dim, const std::vector& packets) {
+ std::vector> binaries;
+
+ for (const heiFIBPacketImage& packet : packets) {
+ std::vector hexData = packet.getHexData();
+ binaries.push_back(hexData);
+ }
+
+ size_t length = 0;
+ for (const std::vector& b : binaries) {
+ length = std::max(length, b.size());
+ }
+
+ if (auto_dim) {
+ dim = static_cast(std::ceil(std::sqrt(length)));
+ }
+ std::vector>> result;
+ for (const std::vector& x : binaries) {
+ std::vector> reshaped(dim, std::vector(dim, fill));
+ size_t k = 0;
+ for(int i = 0; dim > i && k < x.size(); ++i) {
+ for(int j = 0; dim > j && k < x.size(); ++j) {
+ reshaped[i][j] = x[k];
+ ++k;
+ }
+ }
+ result.push_back(reshaped);
+ }
+
+ size_t length_total = result.size();
+ uint dim_total = static_cast(std::ceil(std::sqrt(length_total)));
+
+ std::vector> fh = tile_images(result, dim_total, dim);
+ return {fh, binaries};
+ }
+
+ std::vector> npzero(size_t dim) {
+ return std::vector>(dim, std::vector(dim, 0));
+ }
+
+ std::vector> npconcatenate(const std::vector>& img1, const std::vector>& img2) {
+ if (img1.empty()) return img2;
+ if (img2.empty()) return img1;
+
+ if (img1.size() != img2.size()) {
+ throw std::invalid_argument("Images must have the same number of rows to concatenate horizontally.");
+ }
+
+ std::vector> result = img1;
+ for (size_t i = 0; i < result.size(); ++i) {
+ result[i].insert(result[i].end(), img2[i].begin(), img2[i].end());
+ }
+ return result;
+ }
+
+ std::vector> tile_images(const std::vector>>& images, const uint cols, const uint dim) {
+
+ std::vector> > rows;
+ size_t k = 0; // Index to track current image
+ for (size_t i = 0; i < cols; ++i) {
+ std::vector> row;
+ for (size_t j = 0; j < cols; ++j) {
+ std::vector> im;
+ if (k < images.size()) {
+ im = images[k];
+ } else {
+ im = npzero(dim);
+ }
+
+ if (row.empty()) {
+ row = im;
+ } else {
+ row = npconcatenate(row, im);
+ }
+ ++k;
+ }
+ rows.push_back(row);
+ }
+
+ std::vector> tiled = rows[0];
+
+ for (size_t i = 1; i < rows.size(); ++i) {
+ tiled.insert(tiled.end(), rows[i].begin(), rows[i].end());
+ }
+ return tiled;
+ }
+};
\ No newline at end of file
diff --git a/heiFIP/images/flow_tiled_fixed.cpp b/heiFIP/images/flow_tiled_fixed.cpp
new file mode 100644
index 0000000..c64a251
--- /dev/null
+++ b/heiFIP/images/flow_tiled_fixed.cpp
@@ -0,0 +1,135 @@
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include "heiFIBPacketImage.cpp"
+#include "packetHelper.cpp"
+#include "NetworkTrafficImage.hpp"
+
+class FlowImageTiledFixed : public NetworkTrafficImage {
+
+public:
+ FlowImageTiledFixed(const std::vector& packets, int dim = 16, int fill = 0, int cols = 3)
+ : NetworkTrafficImage(fill, dim), packets(packets), cols(cols) {
+ std::pair>, std::vector>> result = get_matrix_tiled(fill, dim, packets);
+ matrix = result.first;
+ binaries = result.second; }
+
+ std::vector>& get_matrix() {
+ return matrix;
+ }
+
+ std::vector>& get_binaries() {
+ return binaries;
+ }
+private:
+ std::vector packets;
+ int cols;
+ std::vector> matrix;
+ std::vector> binaries;
+
+ std::pair>, std::vector>> get_matrix_tiled(int fill, int dim, const std::vector& packets) {
+ std::vector> binaries;
+
+ for (const heiFIBPacketImage& packet : packets) {
+ std::vector hexData = packet.getHexData();
+ binaries.push_back(hexData);
+ }
+
+ std::vector>> result;
+ for (const std::vector& x : binaries) {
+ std::vector> reshaped(dim, std::vector(dim, fill));
+ size_t k = 0;
+ for(size_t i = 0; dim > i && k < x.size(); ++i) {
+ for(size_t j = 0; dim > j && k < x.size(); ++j) {
+ reshaped[i][j] = x[k];
+ ++k;
+ }
+ }
+ result.push_back(reshaped);
+ }
+
+ std::vector> fh = tile_images(result, cols, dim);
+ return {fh, binaries};
+ }
+
+ std::vector> npzero(size_t dim) {
+ return std::vector>(dim, std::vector(dim, 0));
+ }
+
+ std::vector> npconcatenate(const std::vector>& img1, const std::vector>& img2) {
+ if (img1.empty()) return img2;
+ if (img2.empty()) return img1;
+
+ if (img1.size() != img2.size()) {
+ throw std::invalid_argument("Images must have the same number of rows to concatenate horizontally.");
+ }
+
+ std::vector> result = img1;
+ for (size_t i = 0; i < result.size(); ++i) {
+ result[i].insert(result[i].end(), img2[i].begin(), img2[i].end());
+ }
+ return result;
+ }
+
+ std::vector> tile_images(const std::vector>>& images, const uint cols, const uint dim) {
+
+ std::vector>> rows;
+ size_t k = 0; // Index to track current image
+ for (size_t i = 0; i < cols; ++i) {
+ std::vector> row;
+ for (size_t j = 0; j < cols; ++j) {
+ std::vector> im;
+ if (k < images.size()) {
+ im = images[k];
+ } else {
+ im = npzero(dim);
+ }
+
+ if (row.empty()) {
+ row = im;
+ } else {
+ row = npconcatenate(row, im);
+ }
+ ++k;
+ }
+ rows.push_back(row);
+ }
+
+ std::vector> tiled = rows[0];
+
+ for (size_t i = 1; i < rows.size(); ++i) {
+ tiled.insert(tiled.end(), rows[i].begin(), rows[i].end());
+ }
+ return tiled;
+ }
+
+ std::vector hexlify(const Crafter::Packet& packet) {
+
+ // Create a vector to store the bytes as decimal integers
+ std::vector hex_data;
+
+ // Use copy of packet to avoid modification
+ Crafter::Packet copied_packet = packet;
+
+ // Access the raw bytes of the crafted packet
+ const uint8_t* raw_bytes = copied_packet.GetRawPtr();
+ size_t packet_size = copied_packet.GetSize();
+
+ // Push each byte individually into the vector
+ for (size_t i = 0; i < packet_size; ++i) {
+ hex_data.push_back(static_cast(raw_bytes[i]));
+ }
+
+ return hex_data;
+ }
+
+};
\ No newline at end of file
diff --git a/heiFIP/images/markov_chain.cpp b/heiFIP/images/markov_chain.cpp
new file mode 100644
index 0000000..8b2defb
--- /dev/null
+++ b/heiFIP/images/markov_chain.cpp
@@ -0,0 +1,136 @@
+#include
+#include
+#include
+#include
+
+#include "heiFIBPacketImage.cpp"
+#include "packetHelper.cpp"
+
+#include "NetworkTrafficImage.hpp"
+
+class MarkovTransitionMatrix : public NetworkTrafficImage {
+
+public:
+ MarkovTransitionMatrix(): NetworkTrafficImage(){}
+
+ std::vector> transition_matrix(const std::vector& transitions) {
+ size_t n = 16;
+ std::vector> M(n, std::vector(n, 0));
+
+ for (size_t k = 0; k < transitions.size() - 1; ++k) {
+ size_t i = transitions[k];
+ size_t j = transitions[k + 1];
+ M[i][j] += 1;
+ }
+
+ for (std::vector& row : M) {
+ double sum = 0;
+ for (double value : row) {
+ sum += value;
+ }
+ if (sum > 0) {
+ for (double& value : row) {
+ value /= sum;
+ }
+ }
+ }
+ return M;
+ }
+};
+
+class MarkovTransitionMatrixFlow : public MarkovTransitionMatrix {
+ public:
+ MarkovTransitionMatrixFlow(const std::vector& packets, uint cols = 4) : packets(packets), cols(cols) {
+
+ std::vector>> result;
+ transitionMatrix = MarkovTransitionMatrix();
+
+ for (heiFIBPacketImage packet: packets) {
+ std::vector transition = packet.bit_array();
+ std::vector> m = transition_matrix(transition);
+ result.push_back(m);
+ }
+
+ matrix = tile_images(result, cols, 16);
+
+ }
+
+ std::vector packets;
+ uint cols;
+ MarkovTransitionMatrix transitionMatrix;
+
+ std::vector> npzero(size_t dim) {
+ return std::vector>(dim, std::vector(dim, 0));
+ }
+
+ std::vector> npconcatenate(const std::vector>& img1, const std::vector>& img2) {
+ if (img1.empty()) return img2;
+ if (img2.empty()) return img1;
+
+ if (img1.size() != img2.size()) {
+ throw std::invalid_argument("Images must have the same number of rows to concatenate horizontally.");
+ }
+
+ std::vector> result = img1;
+ for (size_t i = 0; i < result.size(); ++i) {
+ result[i].insert(result[i].end(), img2[i].begin(), img2[i].end());
+ }
+ return result;
+ }
+
+ std::vector> tile_images(const std::vector>>& images, const uint cols, const uint dim) {
+
+ std::vector>> rows;
+ size_t k = 0; // Index to track current image
+ for (size_t i = 0; i < cols; ++i) {
+ std::vector> row;
+ for (size_t j = 0; j < cols; ++j) {
+ std::vector> im;
+ if (k < images.size()) {
+ im = images[k];
+ } else {
+ im = npzero(dim);
+ }
+
+ if (row.empty()) {
+ row = im;
+ } else {
+ row = npconcatenate(row, im);
+ }
+ ++k;
+ }
+ rows.push_back(row);
+ }
+
+ std::vector> tiled = rows[0];
+
+ for (size_t i = 1; i < rows.size(); ++i) {
+ tiled.insert(tiled.end(), rows[i].begin(), rows[i].end());
+ }
+ return tiled;
+ }
+
+ std::vector>& get_matrix() {
+ return matrix;
+ }
+
+ private:
+
+ std::vector> matrix;
+};
+
+class MarkovTransitionMatrixPacket: public MarkovTransitionMatrix {
+public:
+ MarkovTransitionMatrixPacket(const heiFIBPacketImage packet) : packet(packet) {
+ std::vector transition = packet.bit_array();
+ matrix = transition_matrix(transition);
+ }
+
+ std::vector>& get_matrix() {
+ return matrix;
+ }
+
+private:
+ heiFIBPacketImage packet;
+ std::vector> matrix;
+};
\ No newline at end of file
diff --git a/heiFIP/layers/dns.cpp b/heiFIP/layers/dns.cpp
new file mode 100644
index 0000000..b2166a5
--- /dev/null
+++ b/heiFIP/layers/dns.cpp
@@ -0,0 +1,134 @@
+#pragma once
+
+#include "transport.cpp"
+#include