def draw_abnormal_SingleIP(IP):
#to-do
global sql, L, J
L.clear()
J.clear()
abnormal_IPs_detail_dict = instrument.create_abnormal_IPs_dict(
abnormal_IP_list)
sql = "select * from Link where IP1='" + IP + "'or IP2='" + IP + "'"
results = Analyser.get_data(sql)
i = 0
for r in results:
J.add_edge(r[1], r[2], sty=5, width=1)
if r[1] in abnormal_IP_list and r[2] in abnormal_IP_list:
role = abnormal_IPs_detail_dict[r[1]]['flawedAmy']
Amy_Attribution_dict = Analyser.Necurs_flaw_Amy_Attribution(
r[1], role)
Amy_Attribution_list = [
'download_batch_1', 'download_batch_2', 'download_prefile',
'download_file'
]
label = 1
for Amy_Attribution in Amy_Attribution_list:
int_packet_length = int(Amy_Attribution_dict[Amy_Attribution])
if int_packet_length != 0:
if role == 'C&C Server':
L.add_edge(r[1], r[2], sty=label, width=1)
elif role == 'Infected':
L.add_edge(r[2], r[1], sty=label, width=1)
label += 1
elif not (r[1] in abnormal_IP_list and r[2] in abnormal_IP_list):
L.add_edge(r[1], r[2], sty=5, width=1)
i = i + 1
pos = nx.spring_layout(L, threshold=0.2)
ax = plt.gca()
draw_MultipleLine(L, pos, ax)
ax.autoscale()
color_example = []
red_patch = mpatches.Patch(color='red', label='DNS')
color_example.append(red_patch)
blue_patch = mpatches.Patch(color='blue', label='HTTP')
color_example.append(blue_patch)
black_patch = mpatches.Patch(color='black', label='HTTPS')
color_example.append(black_patch)
yellow_patch = mpatches.Patch(color='yellow', label='TCP')
color_example.append(yellow_patch)
green_patch = mpatches.Patch(color='green', label='UDP')
color_example.append(green_patch)
plt.legend(handles=color_example)
nx.draw_networkx_labels(L, pos, font_size=5, font_family='sans-serif')
nodes = list(L.nodes)
plt.axis('equal')
plt.axis('off')
plt.savefig("test.png")
plt.clf()
plt.close('all')
return nodes
def draw_abnormal_SingleIP(self, IP):
# to-do
self.L.clear()
self.J.clear()
abnormal_IPs_detail_dict = instrument.create_abnormal_IPs_dict(
self, abnormal_IP_list) #生成异常IP字典,应该可以从GUI里直接读取
sql = "select * from Link where IP1='" + IP + "'or IP2='" + IP + "'"
results = Analyser.get_data(sql)
for r in results:
self.J.add_edge(r[1], r[2], sty=5,
width=1) #异常单点图依然需要在J图中生成一份,因为计算三大指标的时候需要使用到J
if r[1] in abnormal_IP_list and r[2] in abnormal_IP_list:
#如果两个点都是异常点,则要在重图中详细画出通信中每个特征流量
role = abnormal_IPs_detail_dict[r[1]][
'flawedAmy'] #取r[1]在Amy中充当的角色(服务器或被感染者)
Amy_Attribution_dict = Analyser.Necurs_flaw_Amy_Attribution(
r[1], role) #Amy各特征流量的具体大小,返回为字典
Amy_Attribution_list = [
'download_batch_1', 'download_batch_2', 'download_prefile',
'download_file'
] #Amy各特征名字
label = 1 #用于给边打标记,使之画出多条边
for Amy_Attribution in Amy_Attribution_list:
int_packet_length = int(
Amy_Attribution_dict[Amy_Attribution]) #取特征名字对应的流量大小
if int_packet_length != 0: #如果存在,由于是有向图,需要根据源和目的地址画边
if role == 'C&C Server':
self.L.add_edge(r[1], r[2], sty=label, width=1)
elif role == 'Infected':
self.L.add_edge(r[2], r[1], sty=label, width=1)
label += 1 #标记自加
elif not (r[1] in abnormal_IP_list
and r[2] in abnormal_IP_list): #可以直接用else,如果有至少一个点为正常IP
self.L.add_edge(r[1], r[2], sty=5, width=1) #只画一条线,style是5
pos = nx.spring_layout(self.L, threshold=0.2) #参数我也不知道它是干嘛的,反正这个看起来最好
ax = plt.gca() #不知道这是啥
self.draw_MultipleLine(self.L, pos, ax) #画重图,具体不知道他是啥
ax.autoscale()
#设置标签,考虑单写一个函数,加入接口来调整label和数量
color_example = []
red_patch = mpatches.Patch(color='red', label='DNS')
color_example.append(red_patch)
blue_patch = mpatches.Patch(color='blue', label='HTTP')
color_example.append(blue_patch)
black_patch = mpatches.Patch(color='black', label='HTTPS')
color_example.append(black_patch)
yellow_patch = mpatches.Patch(color='yellow', label='TCP')
color_example.append(yellow_patch)
green_patch = mpatches.Patch(color='green', label='UDP')
color_example.append(green_patch)
plt.legend(handles=color_example)
nx.draw_networkx_labels(self.L,
pos,
font_size=5,
font_family='sans-serif') #添加标签
nodes = list(self.L.nodes)
plt.axis('equal')
plt.axis('off')
plt.savefig("test.png")
plt.clf()
plt.close('all')
return nodes
