class Kitsune:
def __init__(
self,
file_path,
limit,
max_autoencoder_size=10,
FM_grace_period=None,
AD_grace_period=10000,
learning_rate=0.1,
hidden_ratio=0.75,
):
#init packet feature extractor (AfterImage)
self.FE = FE(file_path, limit)
#init Kitnet
self.AnomDetector = KitNET(self.FE.get_num_features(),
max_autoencoder_size, FM_grace_period,
AD_grace_period, learning_rate,
hidden_ratio)
def proc_next_packet(self):
# create feature vector
x = self.FE.get_next_vector()
if len(x) == 0:
return -1 #Error or no packets left
# process KitNET
return self.AnomDetector.process(
x
) # will train during the grace periods, then execute on all the rest.
def __init__(
self,
file_path,
limit,
max_autoencoder_size=10,
FM_grace_period=None,
AD_grace_period=10000,
learning_rate=0.1,
hidden_ratio=0.75,
):
#init packet feature extractor (AfterImage)
self.FE = FE(file_path, limit)
#init Kitnet
self.AnomDetector = KitNET(self.FE.get_num_features(),
max_autoencoder_size, FM_grace_period,
AD_grace_period, learning_rate,
hidden_ratio)
def train_normal():
# File location
path = "../kitsune_dataset/wiretap_normal_hostonly.csv" #the pcap, pcapng, or tsv file to process.
packet_limit = np.Inf #the number of packets to process
# KitNET params:
maxAE = 10 #maximum size for any autoencoder in the ensemble layer
FMgrace = 10000 #the number of instances taken to learn the feature mapping (the ensemble's architecture)
ADgrace = 740000 #the number of instances used to train the anomaly detector (ensemble itself)
# Build Kitsune
K = KitNET(100,maxAE,FMgrace,ADgrace,0.1,0.75)
input_file=open(path, "r")
input_file.readline()
count=0
tbar=tqdm()
rmse=[]
while True:
feature_vector=input_file.readline()
fv=feature_vector.rstrip().split(",")
if len(fv)==101:
fv=fv[:-1]
fv=np.array(fv, dtype="float")
res=K.process(fv)
count+=1
tbar.update(1)
if count>FMgrace+ADgrace:
break
# save
model_path="../models/kitsune_video_ho.pkl"
with open(model_path, "wb") as of:
pickle.dump(K, of)