def create_abnormal_IPs_dict(graphs,IPs_list): abnormal_IPs_detail={} abnormal_IPs_detail_dict={} mode = 0 for IP in IPs_list: IPs = graphs.degree(mode) for IP_degree in IPs: if operator.eq(IP, IP_degree[0]) == True: abnormal_IPs_detail["degree"]=IP_degree[1] break IPs = graphs.betweeness(mode) for IP_betweeness in IPs: if operator.eq(IP, IP_betweeness[0]) == True: abnormal_IPs_detail["betweeness"]=round(IP_betweeness[1], 5) break IPs = graphs.degree_centrality(mode) for IP_centrality in IPs: if operator.eq(IP, IP_centrality[0]) == True: abnormal_IPs_detail["centrality"]=round(IP_centrality[1], 5) break IP_list = [] IP_list.append(IP) abnormal_IPs_detail["link"]=Analyser.Node_Links_Analyse(IP_list)[0][1] abnormal_IPs_detail["length_prop"]=round(Analyser.Node_Length_Analyse(IP_list)[0][1], 5) sql = "select has_dga,Necurs_FlawedAmy from abnormal_list where IP='" + IP + "'" results = Analyser.get_data(sql) if results[0][0] == 'YES': abnormal_IPs_detail["dga"] = 'Yes' else: abnormal_IPs_detail["dga"] = 'No' abnormal_IPs_detail["flawedAmy"]=results[0][1] abnormal_IPs_detail["suspicious_degree"]=Analyser.read_abnormal_IP_dict()[IP] abnormal_IPs_detail_dict[IP]=abnormal_IPs_detail.copy() return abnormal_IPs_detail_dict
def radCall(): radSelect = self.radVar.get() if self.menu_special == 0 and self.menu_deepth != 0: if radSelect == 0: #self.control_title.config(text="度排序") self.control_tip.config( text="IP节点 点的度") IPs = list(Draw_Graph.degree(0)) self.Rank(IPs) elif radSelect == 1: self.control_tip.config( text="IP节点 介数中心性") IPs = list(Draw_Graph.betweeness(0)) self.Rank(Draw_Graph.betweeness(0)) elif radSelect == 2: self.control_tip.config( text="IP节点 点度中心性") IPs = list(Draw_Graph.degree_centrality(0)) self.Rank(Draw_Graph.degree_centrality(0)) elif radSelect == 3: self.control_tip.config( text="IP节点 连接数") IPs = Draw_Graph.transfer_nodes() self.Rank(Analyser.Node_Links_Analyse(IPs)) elif radSelect == 4: self.control_tip.config( text="IP节点 小包占比") IPs = Draw_Graph.transfer_nodes() self.Rank(Analyser.Node_Length_Analyse(IPs))
def IP_details(self, IP): #print(IP+"*") mode = 0 if self.Section_for_Analyse == 1: mode = 0 else: mode = 1 IPs = Draw_Graph.degree(mode) for IP_degree in IPs: if operator.eq(IP, IP_degree[0]) == True: self.inform_Text0.config(text="度") self.inform_Text1.config(text=IP_degree[1]) break IPs = Draw_Graph.betweeness(mode) for IP_betweeness in IPs: if operator.eq(IP, IP_betweeness[0]) == True: self.inform_Text2.config(text="介数中心性") self.inform_Text3.config(text=round(IP_betweeness[1], 5)) break IPs = Draw_Graph.degree_centrality(mode) for IP_centrality in IPs: if operator.eq(IP, IP_centrality[0]) == True: self.inform_Text4.config(text="点度中心性") self.inform_Text5.config(text=round(IP_centrality[1], 5)) break IP_list = [] IP_list.append(IP) self.inform_Text6.config(text="连接数") self.inform_Text8.config(text="小包占比") self.inform_Text7.config( text=Analyser.Node_Links_Analyse(IP_list)[0][1]) self.inform_Text9.config( text=round(Analyser.Node_Length_Analyse(IP_list)[0][1], 5))
def radCall(self): radSelect = self.radVar.get() if flag_for_section != 2: if radSelect == 0: self.control_tip.config( text="IP节点 点的度") IPs = list(Draw_Graph.degree(flag_for_section)) print(IPs) self.Rank(IPs) elif radSelect == 1: self.control_tip.config( text="IP节点 介数中心性") IPs = list(Draw_Graph.betweeness(flag_for_section)) self.Rank(IPs) elif radSelect == 2: self.control_tip.config( text="IP节点 点度中心性") IPs = list(Draw_Graph.degree_centrality(flag_for_section)) self.Rank(IPs) elif radSelect == 3: self.control_tip.config( text="IP节点 连接数") IPs = Draw_Graph.transfer_nodes() self.Rank(Analyser.Node_Links_Analyse(IPs)) elif radSelect == 4: self.control_tip.config( text="IP节点 小包占比") IPs = Draw_Graph.transfer_nodes() self.Rank(Analyser.Node_Length_Analyse(IPs)) elif flag_for_section == 2: if radSelect == 0: self.control_tip.config( text="IP节点 点的度") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "degree")) elif radSelect == 1: self.control_tip.config( text="IP节点 介数中心性") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "betweeness")) elif radSelect == 2: self.control_tip.config( text="IP节点 点度中心性") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "centrality")) elif radSelect == 3: self.control_tip.config( text="IP节点 连接数") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "link")) elif radSelect == 4: self.control_tip.config( text="IP节点 小包占比") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "length_prop"))
def IP_details(self, IP): mode = 0 IPs = self.graphs.degree(mode) for IP_degree in IPs: if operator.eq(IP, IP_degree[0]) == True: self.inform_Text0.config(text="度") self.inform_Text1.config(text=IP_degree[1]) break IPs = self.graphs.betweeness(mode) for IP_betweeness in IPs: if operator.eq(IP, IP_betweeness[0]) == True: self.inform_Text2.config(text="介数中心性") self.inform_Text3.config(text=round(IP_betweeness[1], 5)) break IPs = self.graphs.degree_centrality(mode) for IP_centrality in IPs: if operator.eq(IP, IP_centrality[0]) == True: self.inform_Text4.config(text="点度中心性") self.inform_Text5.config(text=round(IP_centrality[1], 5)) break IP_list = [] IP_list.append(IP) self.inform_Text6.config(text="连接数") self.inform_Text8.config(text="小包占比") self.inform_Text7.config( text=Analyser.Node_Links_Analyse(IP_list)[0][1]) self.inform_Text9.config( text=round(Analyser.Node_Length_Analyse(IP_list)[0][1], 5)) if IP in abnormal_IPs_detail_dict.keys(): self.inform_Text11.config(text=abnormal_IPs_detail_dict[IP]['dga']) self.inform_Text13.config( text=abnormal_IPs_detail_dict[IP]['flawedAmy']) else: self.inform_Text11.config(text="No") self.inform_Text13.config(text="Null")
def Func_One_Select(): if var.get()==1: label_textbox.config(text="IP节点 点的度") Rank(Draw_Graph.degree()) elif var.get()==2: label_textbox.config(text="IP节点 介数中心性") Rank(Draw_Graph.betweeness()) elif var.get()==3: label_textbox.config(text="IP节点 点度中心性") Rank(Draw_Graph.degree_centrality()) elif var.get()==4: label_textbox.config(text="IP节点 连接数") Rank(Analyser.Node_Links_Analyse(IPs)) elif var.get()==5: label_textbox.config(text="IP节点 小包占比") Rank(Analyser.Node_Length_Analyse(IPs))
def IP_details(self, IP): mode = 0 #nx的相关指标在全图或连通图内才有意义,暂设为全图下的统计.该参数使IP对指标的分析不受当前显示的图的影响.总基于全图. IPs = self.graphs.degree( mode) #由于nx无法分析单个指定IP,因此先拉出所有点的相关信息,再从相应的元组列表中找到该IP及对应数据 for IP_degree in IPs: if operator.eq( IP, IP_degree[0] ) == True: #字符串相等,似乎可以直接用'==',IP_degree是元组(IP,data),下同 self.inform_Text0.config(text="度") self.inform_Text1.config(text=IP_degree[1]) break IPs = self.graphs.betweeness(mode) for IP_betweeness in IPs: if operator.eq(IP, IP_betweeness[0]) == True: self.inform_Text2.config(text="介数中心性") self.inform_Text3.config(text=round(IP_betweeness[1], 5)) break IPs = self.graphs.degree_centrality(mode) for IP_centrality in IPs: if operator.eq(IP, IP_centrality[0]) == True: self.inform_Text4.config(text="点度中心性") self.inform_Text5.config(text=round(IP_centrality[1], 5)) break IP_list = [] #由于Analyser的两个函数为了支持批量处理,输入IP都是以列表的方式,因此构造一个仅一项的列表,便于调用函数 IP_list.append(IP) self.inform_Text6.config(text="连接数") self.inform_Text8.config(text="小包占比") self.inform_Text7.config(text=Analyser.Node_Links_Analyse(IP_list)[0] [1]) #具体详见Analyser中的函数注释 self.inform_Text9.config(text=round( Analyser.Node_Length_Analyse(IP_list)[0][1], 5)) #round函数控制小数点位数 #异常属性判断 if IP in abnormal_IPs_detail_dict.keys( ): #其实这里用abnormal_list来判断更简洁,因为dict的keys就是前者,懒得改了 #分别取IP的各类异常状态 self.inform_Text11.config(text=abnormal_IPs_detail_dict[IP]['dga']) self.inform_Text13.config( text=abnormal_IPs_detail_dict[IP]['flawedAmy']) else: #正常的IP一定没有异常属性 self.inform_Text11.config(text="No") self.inform_Text13.config(text="Null")
def create_abnormal_IPs_dict(graphs, IPs_list): abnormal_IPs_detail = {} #单个IP的字典 abnormal_IPs_detail_dict = {} #字典的字典 mode = 0 #nx三大指标基于G for IP in IPs_list: IPs = graphs.degree(mode) for IP_degree in IPs: if operator.eq(IP, IP_degree[0]) == True: abnormal_IPs_detail["degree"] = IP_degree[1] break IPs = graphs.betweeness(mode) for IP_betweeness in IPs: if operator.eq(IP, IP_betweeness[0]) == True: abnormal_IPs_detail["betweeness"] = round(IP_betweeness[1], 5) break IPs = graphs.degree_centrality(mode) for IP_centrality in IPs: if operator.eq(IP, IP_centrality[0]) == True: abnormal_IPs_detail["centrality"] = round(IP_centrality[1], 5) break IP_list = [] IP_list.append(IP) #写两个统计分析数据,由于Analyser相关函数需要输入列表,因此以IP_list输入 abnormal_IPs_detail["link"] = Analyser.Node_Links_Analyse( IP_list)[0][1] abnormal_IPs_detail["length_prop"] = round( Analyser.Node_Length_Analyse(IP_list)[0][1], 5) #查询异常IP在数据库中相关特征的记录,并填充字典 sql = "select has_dga,Necurs_FlawedAmy from abnormal_list where IP='" + IP + "'" results = Analyser.get_data(sql) if results[0][0] == 'YES': abnormal_IPs_detail["dga"] = 'Yes' else: abnormal_IPs_detail["dga"] = 'No' abnormal_IPs_detail["flawedAmy"] = results[0][1] #读取异常IP怀疑度 abnormal_IPs_detail[ "suspicious_degree"] = Analyser.read_abnormal_IP_dict()[IP] #创建字典的字典,key是IP,value是字典 abnormal_IPs_detail_dict[IP] = abnormal_IPs_detail.copy() return abnormal_IPs_detail_dict
def radCall(self): radSelect = self.radVar.get() if self.flag_for_section != 4: if self.flag_for_section == 2: self.graphs.J = self.A.copy() self.graphs.L = self.B.copy() if radSelect == 0: self.control_tip.config( text="IP节点 点的度") IPs_to_show = list(self.graphs.degree(self.flag_for_section)) self.Rank(IPs_to_show) elif radSelect == 1: self.control_tip.config( text="IP节点 介数中心性") IPs_to_show = list( self.graphs.betweeness(self.flag_for_section)) self.Rank(IPs_to_show) elif radSelect == 2: self.control_tip.config( text="IP节点 点度中心性") IPs_to_show = list( self.graphs.degree_centrality(self.flag_for_section)) self.Rank(IPs_to_show) elif radSelect == 3: self.control_tip.config( text="IP节点 连接数") IPs_to_show = self.graphs.transfer_nodes() self.Rank(Analyser.Node_Links_Analyse(IPs_to_show)) elif radSelect == 4: self.control_tip.config( text="IP节点 小包占比") IPs_to_show = self.graphs.transfer_nodes() self.Rank(Analyser.Node_Length_Analyse(IPs_to_show)) elif radSelect == 5: self.control_tip.config( text="IP节点 怀疑度") if self.flag_for_section == 0: IPs_suspicious_degree = instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "suspicious_degree") IPs = self.graphs.transfer_all_nodes() for IP in IPs: if IP not in abnormal_IPs_list: IP_suspicious_degree_tuple = (IP, 0) IPs_suspicious_degree.append( IP_suspicious_degree_tuple) self.Rank(IPs_suspicious_degree) else: IPs_to_show = self.graphs.transfer_nodes() IPs_suspicious_degree = [] for IP in IPs_to_show: if IP not in abnormal_IPs_list: IP_suspicious_degree_tuple = (IP, 0) IPs_suspicious_degree.append( IP_suspicious_degree_tuple) else: IP_suspicious_degree_tuple = ( IP, abnormal_IPs_detail_dict[IP] ['suspicious_degree']) IPs_suspicious_degree.append( IP_suspicious_degree_tuple) order_suspicious_rank = sorted(IPs_suspicious_degree, key=lambda x: x[1], reverse=True) self.Rank(order_suspicious_rank) elif self.flag_for_section == 4: if radSelect == 0: self.control_tip.config( text="IP节点 点的度") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "degree")) elif radSelect == 1: self.control_tip.config( text="IP节点 介数中心性") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "betweeness")) elif radSelect == 2: self.control_tip.config( text="IP节点 点度中心性") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "centrality")) elif radSelect == 3: self.control_tip.config( text="IP节点 连接数") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "link")) elif radSelect == 4: self.control_tip.config( text="IP节点 小包占比") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "length_prop")) elif radSelect == 5: self.control_tip.config( text="IP节点 怀疑度") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "suspicious_degree"))
def radCall(self): radSelect = self.rad_1.get() #获取单选框选中的索引 # 判断是否处于异常IP模块 if self.flag_for_section != 4: if self.flag_for_section == 2: #如果是单点分析模块,为了防止图污染,事先会保存一份本地副本,这里为重新加载本地副本 self.graphs.J = self.A.copy() self.graphs.L = self.B.copy() if radSelect == 0: self.control_tip.config( text="IP节点 点的度") IPs_to_show = list(self.graphs.degree( self.flag_for_section)) #调用度排序(剩下的结构类似不再注释) self.Rank(IPs_to_show) elif radSelect == 1: self.control_tip.config( text="IP节点 介数中心性") IPs_to_show = list( self.graphs.betweeness(self.flag_for_section)) self.Rank(IPs_to_show) elif radSelect == 2: self.control_tip.config( text="IP节点 点度中心性") IPs_to_show = list( self.graphs.degree_centrality( self.flag_for_section)) #从nx里取到的三个指标都返回的是元组列表 self.Rank(IPs_to_show) elif radSelect == 3: self.control_tip.config( text="IP节点 连接数") IPs_to_show = self.graphs.transfer_nodes( ) #单纯的返回IP列表,虽然同名但是和上三个的结构并不同 self.Rank(Analyser.Node_Links_Analyse( IPs_to_show)) #Rank内的参数变为元组列表,转变过程详见Analyse的函数注释 elif radSelect == 4: self.control_tip.config( text="IP节点 小包占比") IPs_to_show = self.graphs.transfer_nodes() #原理同上 self.Rank(Analyser.Node_Length_Analyse(IPs_to_show)) elif radSelect == 5: self.control_tip.config( text="IP节点 怀疑度") IPs_to_show = self.graphs.transfer_nodes( ) #取J图的节点-事实上在生成G图时,会复制一份给J,因此主GUI同样适用 IPs_suspicious_degree = [] #存所有IP的可疑度的列表:[(IP,可疑度)...] #构建tuple,添加至上述列表 for IP in IPs_to_show: if IP not in abnormal_IPs_list: IP_suspicious_degree_tuple = (IP, 0 ) #如果IP不在异常IP列表,那可疑度一定为0 else: #如果IP在异常IP列表,那异常IP详细字典中一定记录了其可疑度,读字典相应数据填写可疑度 IP_suspicious_degree_tuple = ( IP, abnormal_IPs_detail_dict[IP]['suspicious_degree']) IPs_suspicious_degree.append(IP_suspicious_degree_tuple) #根据可疑度排序,输出排序后的元组列表 order_suspicious_rank = sorted(IPs_suspicious_degree, key=lambda x: x[1], reverse=True) self.Rank(order_suspicious_rank) #显示数据 #如果处于异常IP模块,利用异常IP详细字典直接对所有异常IP的数据按序排序即可,元组列表的生成详见instrument相关函数 elif self.flag_for_section == 4: if radSelect == 0: self.control_tip.config( text="IP节点 点的度") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "degree")) elif radSelect == 1: self.control_tip.config( text="IP节点 介数中心性") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "betweeness")) elif radSelect == 2: self.control_tip.config( text="IP节点 点度中心性") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "centrality")) elif radSelect == 3: self.control_tip.config( text="IP节点 连接数") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "link")) elif radSelect == 4: self.control_tip.config( text="IP节点 小包占比") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "length_prop")) elif radSelect == 5: self.control_tip.config( text="IP节点 怀疑度") self.Rank( instrument.change_abnormal_dict_to_tuplelist( abnormal_IPs_detail_dict, "suspicious_degree"))