def draw_abnormal_SingleIP(IP): #to-do global sql, L, J L.clear() J.clear() abnormal_IPs_detail_dict = instrument.create_abnormal_IPs_dict( abnormal_IP_list) sql = "select * from Link where IP1='" + IP + "'or IP2='" + IP + "'" results = Analyser.get_data(sql) i = 0 for r in results: J.add_edge(r[1], r[2], sty=5, width=1) if r[1] in abnormal_IP_list and r[2] in abnormal_IP_list: role = abnormal_IPs_detail_dict[r[1]]['flawedAmy'] Amy_Attribution_dict = Analyser.Necurs_flaw_Amy_Attribution( r[1], role) Amy_Attribution_list = [ 'download_batch_1', 'download_batch_2', 'download_prefile', 'download_file' ] label = 1 for Amy_Attribution in Amy_Attribution_list: int_packet_length = int(Amy_Attribution_dict[Amy_Attribution]) if int_packet_length != 0: if role == 'C&C Server': L.add_edge(r[1], r[2], sty=label, width=1) elif role == 'Infected': L.add_edge(r[2], r[1], sty=label, width=1) label += 1 elif not (r[1] in abnormal_IP_list and r[2] in abnormal_IP_list): L.add_edge(r[1], r[2], sty=5, width=1) i = i + 1 pos = nx.spring_layout(L, threshold=0.2) ax = plt.gca() draw_MultipleLine(L, pos, ax) ax.autoscale() color_example = [] red_patch = mpatches.Patch(color='red', label='DNS') color_example.append(red_patch) blue_patch = mpatches.Patch(color='blue', label='HTTP') color_example.append(blue_patch) black_patch = mpatches.Patch(color='black', label='HTTPS') color_example.append(black_patch) yellow_patch = mpatches.Patch(color='yellow', label='TCP') color_example.append(yellow_patch) green_patch = mpatches.Patch(color='green', label='UDP') color_example.append(green_patch) plt.legend(handles=color_example) nx.draw_networkx_labels(L, pos, font_size=5, font_family='sans-serif') nodes = list(L.nodes) plt.axis('equal') plt.axis('off') plt.savefig("test.png") plt.clf() plt.close('all') return nodes
def draw_abnormal_SingleIP(self, IP): # to-do self.L.clear() self.J.clear() abnormal_IPs_detail_dict = instrument.create_abnormal_IPs_dict( self, abnormal_IP_list) #生成异常IP字典,应该可以从GUI里直接读取 sql = "select * from Link where IP1='" + IP + "'or IP2='" + IP + "'" results = Analyser.get_data(sql) for r in results: self.J.add_edge(r[1], r[2], sty=5, width=1) #异常单点图依然需要在J图中生成一份,因为计算三大指标的时候需要使用到J if r[1] in abnormal_IP_list and r[2] in abnormal_IP_list: #如果两个点都是异常点,则要在重图中详细画出通信中每个特征流量 role = abnormal_IPs_detail_dict[r[1]][ 'flawedAmy'] #取r[1]在Amy中充当的角色(服务器或被感染者) Amy_Attribution_dict = Analyser.Necurs_flaw_Amy_Attribution( r[1], role) #Amy各特征流量的具体大小,返回为字典 Amy_Attribution_list = [ 'download_batch_1', 'download_batch_2', 'download_prefile', 'download_file' ] #Amy各特征名字 label = 1 #用于给边打标记,使之画出多条边 for Amy_Attribution in Amy_Attribution_list: int_packet_length = int( Amy_Attribution_dict[Amy_Attribution]) #取特征名字对应的流量大小 if int_packet_length != 0: #如果存在,由于是有向图,需要根据源和目的地址画边 if role == 'C&C Server': self.L.add_edge(r[1], r[2], sty=label, width=1) elif role == 'Infected': self.L.add_edge(r[2], r[1], sty=label, width=1) label += 1 #标记自加 elif not (r[1] in abnormal_IP_list and r[2] in abnormal_IP_list): #可以直接用else,如果有至少一个点为正常IP self.L.add_edge(r[1], r[2], sty=5, width=1) #只画一条线,style是5 pos = nx.spring_layout(self.L, threshold=0.2) #参数我也不知道它是干嘛的,反正这个看起来最好 ax = plt.gca() #不知道这是啥 self.draw_MultipleLine(self.L, pos, ax) #画重图,具体不知道他是啥 ax.autoscale() #设置标签,考虑单写一个函数,加入接口来调整label和数量 color_example = [] red_patch = mpatches.Patch(color='red', label='DNS') color_example.append(red_patch) blue_patch = mpatches.Patch(color='blue', label='HTTP') color_example.append(blue_patch) black_patch = mpatches.Patch(color='black', label='HTTPS') color_example.append(black_patch) yellow_patch = mpatches.Patch(color='yellow', label='TCP') color_example.append(yellow_patch) green_patch = mpatches.Patch(color='green', label='UDP') color_example.append(green_patch) plt.legend(handles=color_example) nx.draw_networkx_labels(self.L, pos, font_size=5, font_family='sans-serif') #添加标签 nodes = list(self.L.nodes) plt.axis('equal') plt.axis('off') plt.savefig("test.png") plt.clf() plt.close('all') return nodes