def create_abnormal_IPs_dict(graphs,IPs_list):
abnormal_IPs_detail={}
abnormal_IPs_detail_dict={}
mode = 0
for IP in IPs_list:
IPs = graphs.degree(mode)
for IP_degree in IPs:
if operator.eq(IP, IP_degree[0]) == True:
abnormal_IPs_detail["degree"]=IP_degree[1]
break
IPs = graphs.betweeness(mode)
for IP_betweeness in IPs:
if operator.eq(IP, IP_betweeness[0]) == True:
abnormal_IPs_detail["betweeness"]=round(IP_betweeness[1], 5)
break
IPs = graphs.degree_centrality(mode)
for IP_centrality in IPs:
if operator.eq(IP, IP_centrality[0]) == True:
abnormal_IPs_detail["centrality"]=round(IP_centrality[1], 5)
break
IP_list = []
IP_list.append(IP)
abnormal_IPs_detail["link"]=Analyser.Node_Links_Analyse(IP_list)[0][1]
abnormal_IPs_detail["length_prop"]=round(Analyser.Node_Length_Analyse(IP_list)[0][1], 5)
sql = "select has_dga,Necurs_FlawedAmy from abnormal_list where IP='" + IP + "'"
results = Analyser.get_data(sql)
if results[0][0] == 'YES':
abnormal_IPs_detail["dga"] = 'Yes'
else:
abnormal_IPs_detail["dga"] = 'No'
abnormal_IPs_detail["flawedAmy"]=results[0][1]
abnormal_IPs_detail["suspicious_degree"]=Analyser.read_abnormal_IP_dict()[IP]
abnormal_IPs_detail_dict[IP]=abnormal_IPs_detail.copy()
return abnormal_IPs_detail_dict
def radCall():
radSelect = self.radVar.get()
if self.menu_special == 0 and self.menu_deepth != 0:
if radSelect == 0:
#self.control_title.config(text="度排序")
self.control_tip.config(
text="IP节点 点的度")
IPs = list(Draw_Graph.degree(0))
self.Rank(IPs)
elif radSelect == 1:
self.control_tip.config(
text="IP节点 介数中心性")
IPs = list(Draw_Graph.betweeness(0))
self.Rank(Draw_Graph.betweeness(0))
elif radSelect == 2:
self.control_tip.config(
text="IP节点 点度中心性")
IPs = list(Draw_Graph.degree_centrality(0))
self.Rank(Draw_Graph.degree_centrality(0))
elif radSelect == 3:
self.control_tip.config(
text="IP节点 连接数")
IPs = Draw_Graph.transfer_nodes()
self.Rank(Analyser.Node_Links_Analyse(IPs))
elif radSelect == 4:
self.control_tip.config(
text="IP节点 小包占比")
IPs = Draw_Graph.transfer_nodes()
self.Rank(Analyser.Node_Length_Analyse(IPs))
def IP_details(self, IP):
#print(IP+"*")
mode = 0
if self.Section_for_Analyse == 1:
mode = 0
else:
mode = 1
IPs = Draw_Graph.degree(mode)
for IP_degree in IPs:
if operator.eq(IP, IP_degree[0]) == True:
self.inform_Text0.config(text="度")
self.inform_Text1.config(text=IP_degree[1])
break
IPs = Draw_Graph.betweeness(mode)
for IP_betweeness in IPs:
if operator.eq(IP, IP_betweeness[0]) == True:
self.inform_Text2.config(text="介数中心性")
self.inform_Text3.config(text=round(IP_betweeness[1], 5))
break
IPs = Draw_Graph.degree_centrality(mode)
for IP_centrality in IPs:
if operator.eq(IP, IP_centrality[0]) == True:
self.inform_Text4.config(text="点度中心性")
self.inform_Text5.config(text=round(IP_centrality[1], 5))
break
IP_list = []
IP_list.append(IP)
self.inform_Text6.config(text="连接数")
self.inform_Text8.config(text="小包占比")
self.inform_Text7.config(
text=Analyser.Node_Links_Analyse(IP_list)[0][1])
self.inform_Text9.config(
text=round(Analyser.Node_Length_Analyse(IP_list)[0][1], 5))
def radCall(self):
radSelect = self.radVar.get()
if flag_for_section != 2:
if radSelect == 0:
self.control_tip.config(
text="IP节点 点的度")
IPs = list(Draw_Graph.degree(flag_for_section))
print(IPs)
self.Rank(IPs)
elif radSelect == 1:
self.control_tip.config(
text="IP节点 介数中心性")
IPs = list(Draw_Graph.betweeness(flag_for_section))
self.Rank(IPs)
elif radSelect == 2:
self.control_tip.config(
text="IP节点 点度中心性")
IPs = list(Draw_Graph.degree_centrality(flag_for_section))
self.Rank(IPs)
elif radSelect == 3:
self.control_tip.config(
text="IP节点 连接数")
IPs = Draw_Graph.transfer_nodes()
self.Rank(Analyser.Node_Links_Analyse(IPs))
elif radSelect == 4:
self.control_tip.config(
text="IP节点 小包占比")
IPs = Draw_Graph.transfer_nodes()
self.Rank(Analyser.Node_Length_Analyse(IPs))
elif flag_for_section == 2:
if radSelect == 0:
self.control_tip.config(
text="IP节点 点的度")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "degree"))
elif radSelect == 1:
self.control_tip.config(
text="IP节点 介数中心性")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "betweeness"))
elif radSelect == 2:
self.control_tip.config(
text="IP节点 点度中心性")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "centrality"))
elif radSelect == 3:
self.control_tip.config(
text="IP节点 连接数")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "link"))
elif radSelect == 4:
self.control_tip.config(
text="IP节点 小包占比")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "length_prop"))
def IP_details(self, IP):
mode = 0
IPs = self.graphs.degree(mode)
for IP_degree in IPs:
if operator.eq(IP, IP_degree[0]) == True:
self.inform_Text0.config(text="度")
self.inform_Text1.config(text=IP_degree[1])
break
IPs = self.graphs.betweeness(mode)
for IP_betweeness in IPs:
if operator.eq(IP, IP_betweeness[0]) == True:
self.inform_Text2.config(text="介数中心性")
self.inform_Text3.config(text=round(IP_betweeness[1], 5))
break
IPs = self.graphs.degree_centrality(mode)
for IP_centrality in IPs:
if operator.eq(IP, IP_centrality[0]) == True:
self.inform_Text4.config(text="点度中心性")
self.inform_Text5.config(text=round(IP_centrality[1], 5))
break
IP_list = []
IP_list.append(IP)
self.inform_Text6.config(text="连接数")
self.inform_Text8.config(text="小包占比")
self.inform_Text7.config(
text=Analyser.Node_Links_Analyse(IP_list)[0][1])
self.inform_Text9.config(
text=round(Analyser.Node_Length_Analyse(IP_list)[0][1], 5))
if IP in abnormal_IPs_detail_dict.keys():
self.inform_Text11.config(text=abnormal_IPs_detail_dict[IP]['dga'])
self.inform_Text13.config(
text=abnormal_IPs_detail_dict[IP]['flawedAmy'])
else:
self.inform_Text11.config(text="No")
self.inform_Text13.config(text="Null")
def Func_One_Select():
if var.get()==1:
label_textbox.config(text="IP节点 点的度")
Rank(Draw_Graph.degree())
elif var.get()==2:
label_textbox.config(text="IP节点 介数中心性")
Rank(Draw_Graph.betweeness())
elif var.get()==3:
label_textbox.config(text="IP节点 点度中心性")
Rank(Draw_Graph.degree_centrality())
elif var.get()==4:
label_textbox.config(text="IP节点 连接数")
Rank(Analyser.Node_Links_Analyse(IPs))
elif var.get()==5:
label_textbox.config(text="IP节点 小包占比")
Rank(Analyser.Node_Length_Analyse(IPs))
def IP_details(self, IP):
mode = 0 #nx的相关指标在全图或连通图内才有意义,暂设为全图下的统计.该参数使IP对指标的分析不受当前显示的图的影响.总基于全图.
IPs = self.graphs.degree(
mode) #由于nx无法分析单个指定IP,因此先拉出所有点的相关信息,再从相应的元组列表中找到该IP及对应数据
for IP_degree in IPs:
if operator.eq(
IP, IP_degree[0]
) == True: #字符串相等,似乎可以直接用'==',IP_degree是元组(IP,data),下同
self.inform_Text0.config(text="度")
self.inform_Text1.config(text=IP_degree[1])
break
IPs = self.graphs.betweeness(mode)
for IP_betweeness in IPs:
if operator.eq(IP, IP_betweeness[0]) == True:
self.inform_Text2.config(text="介数中心性")
self.inform_Text3.config(text=round(IP_betweeness[1], 5))
break
IPs = self.graphs.degree_centrality(mode)
for IP_centrality in IPs:
if operator.eq(IP, IP_centrality[0]) == True:
self.inform_Text4.config(text="点度中心性")
self.inform_Text5.config(text=round(IP_centrality[1], 5))
break
IP_list = [] #由于Analyser的两个函数为了支持批量处理,输入IP都是以列表的方式,因此构造一个仅一项的列表,便于调用函数
IP_list.append(IP)
self.inform_Text6.config(text="连接数")
self.inform_Text8.config(text="小包占比")
self.inform_Text7.config(text=Analyser.Node_Links_Analyse(IP_list)[0]
[1]) #具体详见Analyser中的函数注释
self.inform_Text9.config(text=round(
Analyser.Node_Length_Analyse(IP_list)[0][1], 5)) #round函数控制小数点位数
#异常属性判断
if IP in abnormal_IPs_detail_dict.keys(
): #其实这里用abnormal_list来判断更简洁,因为dict的keys就是前者,懒得改了
#分别取IP的各类异常状态
self.inform_Text11.config(text=abnormal_IPs_detail_dict[IP]['dga'])
self.inform_Text13.config(
text=abnormal_IPs_detail_dict[IP]['flawedAmy'])
else:
#正常的IP一定没有异常属性
self.inform_Text11.config(text="No")
self.inform_Text13.config(text="Null")
def create_abnormal_IPs_dict(graphs, IPs_list):
abnormal_IPs_detail = {} #单个IP的字典
abnormal_IPs_detail_dict = {} #字典的字典
mode = 0 #nx三大指标基于G
for IP in IPs_list:
IPs = graphs.degree(mode)
for IP_degree in IPs:
if operator.eq(IP, IP_degree[0]) == True:
abnormal_IPs_detail["degree"] = IP_degree[1]
break
IPs = graphs.betweeness(mode)
for IP_betweeness in IPs:
if operator.eq(IP, IP_betweeness[0]) == True:
abnormal_IPs_detail["betweeness"] = round(IP_betweeness[1], 5)
break
IPs = graphs.degree_centrality(mode)
for IP_centrality in IPs:
if operator.eq(IP, IP_centrality[0]) == True:
abnormal_IPs_detail["centrality"] = round(IP_centrality[1], 5)
break
IP_list = []
IP_list.append(IP)
#写两个统计分析数据,由于Analyser相关函数需要输入列表,因此以IP_list输入
abnormal_IPs_detail["link"] = Analyser.Node_Links_Analyse(
IP_list)[0][1]
abnormal_IPs_detail["length_prop"] = round(
Analyser.Node_Length_Analyse(IP_list)[0][1], 5)
#查询异常IP在数据库中相关特征的记录,并填充字典
sql = "select has_dga,Necurs_FlawedAmy from abnormal_list where IP='" + IP + "'"
results = Analyser.get_data(sql)
if results[0][0] == 'YES':
abnormal_IPs_detail["dga"] = 'Yes'
else:
abnormal_IPs_detail["dga"] = 'No'
abnormal_IPs_detail["flawedAmy"] = results[0][1]
#读取异常IP怀疑度
abnormal_IPs_detail[
"suspicious_degree"] = Analyser.read_abnormal_IP_dict()[IP]
#创建字典的字典,key是IP,value是字典
abnormal_IPs_detail_dict[IP] = abnormal_IPs_detail.copy()
return abnormal_IPs_detail_dict
def radCall(self):
radSelect = self.radVar.get()
if self.flag_for_section != 4:
if self.flag_for_section == 2:
self.graphs.J = self.A.copy()
self.graphs.L = self.B.copy()
if radSelect == 0:
self.control_tip.config(
text="IP节点 点的度")
IPs_to_show = list(self.graphs.degree(self.flag_for_section))
self.Rank(IPs_to_show)
elif radSelect == 1:
self.control_tip.config(
text="IP节点 介数中心性")
IPs_to_show = list(
self.graphs.betweeness(self.flag_for_section))
self.Rank(IPs_to_show)
elif radSelect == 2:
self.control_tip.config(
text="IP节点 点度中心性")
IPs_to_show = list(
self.graphs.degree_centrality(self.flag_for_section))
self.Rank(IPs_to_show)
elif radSelect == 3:
self.control_tip.config(
text="IP节点 连接数")
IPs_to_show = self.graphs.transfer_nodes()
self.Rank(Analyser.Node_Links_Analyse(IPs_to_show))
elif radSelect == 4:
self.control_tip.config(
text="IP节点 小包占比")
IPs_to_show = self.graphs.transfer_nodes()
self.Rank(Analyser.Node_Length_Analyse(IPs_to_show))
elif radSelect == 5:
self.control_tip.config(
text="IP节点 怀疑度")
if self.flag_for_section == 0:
IPs_suspicious_degree = instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "suspicious_degree")
IPs = self.graphs.transfer_all_nodes()
for IP in IPs:
if IP not in abnormal_IPs_list:
IP_suspicious_degree_tuple = (IP, 0)
IPs_suspicious_degree.append(
IP_suspicious_degree_tuple)
self.Rank(IPs_suspicious_degree)
else:
IPs_to_show = self.graphs.transfer_nodes()
IPs_suspicious_degree = []
for IP in IPs_to_show:
if IP not in abnormal_IPs_list:
IP_suspicious_degree_tuple = (IP, 0)
IPs_suspicious_degree.append(
IP_suspicious_degree_tuple)
else:
IP_suspicious_degree_tuple = (
IP, abnormal_IPs_detail_dict[IP]
['suspicious_degree'])
IPs_suspicious_degree.append(
IP_suspicious_degree_tuple)
order_suspicious_rank = sorted(IPs_suspicious_degree,
key=lambda x: x[1],
reverse=True)
self.Rank(order_suspicious_rank)
elif self.flag_for_section == 4:
if radSelect == 0:
self.control_tip.config(
text="IP节点 点的度")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "degree"))
elif radSelect == 1:
self.control_tip.config(
text="IP节点 介数中心性")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "betweeness"))
elif radSelect == 2:
self.control_tip.config(
text="IP节点 点度中心性")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "centrality"))
elif radSelect == 3:
self.control_tip.config(
text="IP节点 连接数")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "link"))
elif radSelect == 4:
self.control_tip.config(
text="IP节点 小包占比")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "length_prop"))
elif radSelect == 5:
self.control_tip.config(
text="IP节点 怀疑度")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "suspicious_degree"))
def radCall(self):
radSelect = self.rad_1.get() #获取单选框选中的索引
# 判断是否处于异常IP模块
if self.flag_for_section != 4:
if self.flag_for_section == 2: #如果是单点分析模块,为了防止图污染,事先会保存一份本地副本,这里为重新加载本地副本
self.graphs.J = self.A.copy()
self.graphs.L = self.B.copy()
if radSelect == 0:
self.control_tip.config(
text="IP节点 点的度")
IPs_to_show = list(self.graphs.degree(
self.flag_for_section)) #调用度排序(剩下的结构类似不再注释)
self.Rank(IPs_to_show)
elif radSelect == 1:
self.control_tip.config(
text="IP节点 介数中心性")
IPs_to_show = list(
self.graphs.betweeness(self.flag_for_section))
self.Rank(IPs_to_show)
elif radSelect == 2:
self.control_tip.config(
text="IP节点 点度中心性")
IPs_to_show = list(
self.graphs.degree_centrality(
self.flag_for_section)) #从nx里取到的三个指标都返回的是元组列表
self.Rank(IPs_to_show)
elif radSelect == 3:
self.control_tip.config(
text="IP节点 连接数")
IPs_to_show = self.graphs.transfer_nodes(
) #单纯的返回IP列表,虽然同名但是和上三个的结构并不同
self.Rank(Analyser.Node_Links_Analyse(
IPs_to_show)) #Rank内的参数变为元组列表,转变过程详见Analyse的函数注释
elif radSelect == 4:
self.control_tip.config(
text="IP节点 小包占比")
IPs_to_show = self.graphs.transfer_nodes() #原理同上
self.Rank(Analyser.Node_Length_Analyse(IPs_to_show))
elif radSelect == 5:
self.control_tip.config(
text="IP节点 怀疑度")
IPs_to_show = self.graphs.transfer_nodes(
) #取J图的节点-事实上在生成G图时,会复制一份给J,因此主GUI同样适用
IPs_suspicious_degree = [] #存所有IP的可疑度的列表:[(IP,可疑度)...]
#构建tuple,添加至上述列表
for IP in IPs_to_show:
if IP not in abnormal_IPs_list:
IP_suspicious_degree_tuple = (IP, 0
) #如果IP不在异常IP列表,那可疑度一定为0
else:
#如果IP在异常IP列表,那异常IP详细字典中一定记录了其可疑度,读字典相应数据填写可疑度
IP_suspicious_degree_tuple = (
IP,
abnormal_IPs_detail_dict[IP]['suspicious_degree'])
IPs_suspicious_degree.append(IP_suspicious_degree_tuple)
#根据可疑度排序,输出排序后的元组列表
order_suspicious_rank = sorted(IPs_suspicious_degree,
key=lambda x: x[1],
reverse=True)
self.Rank(order_suspicious_rank) #显示数据
#如果处于异常IP模块,利用异常IP详细字典直接对所有异常IP的数据按序排序即可,元组列表的生成详见instrument相关函数
elif self.flag_for_section == 4:
if radSelect == 0:
self.control_tip.config(
text="IP节点 点的度")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "degree"))
elif radSelect == 1:
self.control_tip.config(
text="IP节点 介数中心性")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "betweeness"))
elif radSelect == 2:
self.control_tip.config(
text="IP节点 点度中心性")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "centrality"))
elif radSelect == 3:
self.control_tip.config(
text="IP节点 连接数")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "link"))
elif radSelect == 4:
self.control_tip.config(
text="IP节点 小包占比")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "length_prop"))
elif radSelect == 5:
self.control_tip.config(
text="IP节点 怀疑度")
self.Rank(
instrument.change_abnormal_dict_to_tuplelist(
abnormal_IPs_detail_dict, "suspicious_degree"))
