def Load_In(self):
#导入过程中需要为异常IP的三个数据结构写入数据
global abnormal_Links_list
global abnormal_IPs_list
global abnormal_IPs_detail_dict
self.graphs.create_wholeGraph() #生成G图,但不生成png
abnormal_IPs_Rank = Analyser.abnormal_modes_analyse(
) #执行异常IP判断程序,详见该函数.返回排序后的[(异常IP,异常数)...]
self.Rank(abnormal_IPs_Rank, 0) #显示至上部列表框
abnormal_IPs_list = Analyser.read_abnormal_IP_list() #读取异常IP列表
abnormal_Links_list = Analyser.abnormal_links(
abnormal_IPs_list) #读取异常IP连接列表
Links_list = instrument.change_IPs_to_Links_str(
abnormal_Links_list) #将异常IP连接列表中的两个IP拼接成字符串.最终返回字符串列表
data_list = [] #存异常IP连接列表中的连接数数据,由于其和Links_list均从一个列表中顺序读取,因此是一一匹配的.
for abnormal_Link in abnormal_Links_list: #取数据的过程
data_list.append(abnormal_Link[2])
Links_dic = instrument.change_list_to_dict(
Links_list, data_list) #输入两个列表,将其一一匹配的保存为字典格式:{IP字符串:连接数,...}
order_Links_Ranks = sorted(
Links_dic.items(), key=lambda x: x[1],
reverse=True) #按照连接数重新排序字典,排序保存为[(IP字符串,连接数)...]
self.Rank(order_Links_Ranks, 1) #显示至下部列表框
self.load_in_flag = 1 #导入完毕,标记置1
# 生成异常IP详细字典,由于需要用到graph的相关指标,输入参数需要graphs对象和异常IP的列表,具体过程详见函数部分
abnormal_IPs_detail_dict = instrument.create_abnormal_IPs_dict(
self.graphs, abnormal_IPs_list)
self.flag_for_section = 4 #导入后默认为异常IP分析模块
def draw_abnormal_SingleIP(IP):
#to-do
global sql, L, J
L.clear()
J.clear()
abnormal_IPs_detail_dict = instrument.create_abnormal_IPs_dict(
abnormal_IP_list)
sql = "select * from Link where IP1='" + IP + "'or IP2='" + IP + "'"
results = Analyser.get_data(sql)
i = 0
for r in results:
J.add_edge(r[1], r[2], sty=5, width=1)
if r[1] in abnormal_IP_list and r[2] in abnormal_IP_list:
role = abnormal_IPs_detail_dict[r[1]]['flawedAmy']
Amy_Attribution_dict = Analyser.Necurs_flaw_Amy_Attribution(
r[1], role)
Amy_Attribution_list = [
'download_batch_1', 'download_batch_2', 'download_prefile',
'download_file'
]
label = 1
for Amy_Attribution in Amy_Attribution_list:
int_packet_length = int(Amy_Attribution_dict[Amy_Attribution])
if int_packet_length != 0:
if role == 'C&C Server':
L.add_edge(r[1], r[2], sty=label, width=1)
elif role == 'Infected':
L.add_edge(r[2], r[1], sty=label, width=1)
label += 1
elif not (r[1] in abnormal_IP_list and r[2] in abnormal_IP_list):
L.add_edge(r[1], r[2], sty=5, width=1)
i = i + 1
pos = nx.spring_layout(L, threshold=0.2)
ax = plt.gca()
draw_MultipleLine(L, pos, ax)
ax.autoscale()
color_example = []
red_patch = mpatches.Patch(color='red', label='DNS')
color_example.append(red_patch)
blue_patch = mpatches.Patch(color='blue', label='HTTP')
color_example.append(blue_patch)
black_patch = mpatches.Patch(color='black', label='HTTPS')
color_example.append(black_patch)
yellow_patch = mpatches.Patch(color='yellow', label='TCP')
color_example.append(yellow_patch)
green_patch = mpatches.Patch(color='green', label='UDP')
color_example.append(green_patch)
plt.legend(handles=color_example)
nx.draw_networkx_labels(L, pos, font_size=5, font_family='sans-serif')
nodes = list(L.nodes)
plt.axis('equal')
plt.axis('off')
plt.savefig("test.png")
plt.clf()
plt.close('all')
return nodes
def Load_In(self):
global abnormal_Links_list
global abnormal_IPs_list
global abnormal_IPs_detail_dict
global flag_for_section
Draw_Graph.create_wholeGraph()
abnormal_IPs_Rank = Analyser.abnormal_modes_analyse()
self.Rank(abnormal_IPs_Rank,0)
abnormal_IPs_list=Analyser.read_abnormal_IPs()
abnormal_Links_list=Analyser.abnormal_links(abnormal_IPs_list)
Links_list=instrument.change_IPs_to_Links_str(abnormal_Links_list)
data_list=[]
for abnormal_Link in abnormal_Links_list:
data_list.append(abnormal_Link[2])
Links_dic=instrument.change_list_to_dict(Links_list,data_list)
order_Links_Ranks = sorted(Links_dic.items(), key=lambda x: x[1], reverse=True)
self.Rank(order_Links_Ranks,1)
self.load_in_flag = 1
abnormal_IPs_detail_dict=instrument.create_abnormal_IPs_dict(abnormal_IPs_list)
flag_for_section=2
def draw_abnormal_SingleIP(self, IP):
# to-do
self.L.clear()
self.J.clear()
abnormal_IPs_detail_dict = instrument.create_abnormal_IPs_dict(
self, abnormal_IP_list) #生成异常IP字典,应该可以从GUI里直接读取
sql = "select * from Link where IP1='" + IP + "'or IP2='" + IP + "'"
results = Analyser.get_data(sql)
for r in results:
self.J.add_edge(r[1], r[2], sty=5,
width=1) #异常单点图依然需要在J图中生成一份,因为计算三大指标的时候需要使用到J
if r[1] in abnormal_IP_list and r[2] in abnormal_IP_list:
#如果两个点都是异常点,则要在重图中详细画出通信中每个特征流量
role = abnormal_IPs_detail_dict[r[1]][
'flawedAmy'] #取r[1]在Amy中充当的角色(服务器或被感染者)
Amy_Attribution_dict = Analyser.Necurs_flaw_Amy_Attribution(
r[1], role) #Amy各特征流量的具体大小,返回为字典
Amy_Attribution_list = [
'download_batch_1', 'download_batch_2', 'download_prefile',
'download_file'
] #Amy各特征名字
label = 1 #用于给边打标记,使之画出多条边
for Amy_Attribution in Amy_Attribution_list:
int_packet_length = int(
Amy_Attribution_dict[Amy_Attribution]) #取特征名字对应的流量大小
if int_packet_length != 0: #如果存在,由于是有向图,需要根据源和目的地址画边
if role == 'C&C Server':
self.L.add_edge(r[1], r[2], sty=label, width=1)
elif role == 'Infected':
self.L.add_edge(r[2], r[1], sty=label, width=1)
label += 1 #标记自加
elif not (r[1] in abnormal_IP_list
and r[2] in abnormal_IP_list): #可以直接用else,如果有至少一个点为正常IP
self.L.add_edge(r[1], r[2], sty=5, width=1) #只画一条线,style是5
pos = nx.spring_layout(self.L, threshold=0.2) #参数我也不知道它是干嘛的,反正这个看起来最好
ax = plt.gca() #不知道这是啥
self.draw_MultipleLine(self.L, pos, ax) #画重图,具体不知道他是啥
ax.autoscale()
#设置标签,考虑单写一个函数,加入接口来调整label和数量
color_example = []
red_patch = mpatches.Patch(color='red', label='DNS')
color_example.append(red_patch)
blue_patch = mpatches.Patch(color='blue', label='HTTP')
color_example.append(blue_patch)
black_patch = mpatches.Patch(color='black', label='HTTPS')
color_example.append(black_patch)
yellow_patch = mpatches.Patch(color='yellow', label='TCP')
color_example.append(yellow_patch)
green_patch = mpatches.Patch(color='green', label='UDP')
color_example.append(green_patch)
plt.legend(handles=color_example)
nx.draw_networkx_labels(self.L,
pos,
font_size=5,
font_family='sans-serif') #添加标签
nodes = list(self.L.nodes)
plt.axis('equal')
plt.axis('off')
plt.savefig("test.png")
plt.clf()
plt.close('all')
return nodes