def main(test_file): kassnn_f = Path("kass_nn") train_filename = kassnn_f / "level_2/train_logs/min_meth/train_min_meth.log" test_filename = kassnn_f / str("level_2/test_logs/min_meth/" + test_file) config_file = kassnn_f / "config/config.yml" logpar = LogParser(train_filename) characteristic = MinMeth(logpar, config_file) # Loading training data X_train = lp.load_parsed_data(train_filename, True, characteristic) # Loading testing data X_test = lp.load_parsed_data(test_filename, False, characteristic) # Training model clf = eif.train_model(X_train, characteristic, characteristic.n_threads) # Predicting model anomaly_scores = eif.predict_wo_train(X_test, clf, characteristic.n_threads) i = 0 for anom in anomaly_scores: print( "TEST {}\n\tFull anomaly value: {}\n\tDangerousness in range [0-5]: {}" .format(i, anom, get_dangerousness_int(anom))) i += 1 # Plotting model fig = plt.open_plot() plt.plot_model(fig, X_train, X_test, anomaly_scores, clf, characteristic.mesh, [1, 1, 1], "Min vs Meth", characteristic.n_threads) plt.close_plot()
def plot_dangerousness(self, min_meth_pred, min_dir_pred, min_file_ext_pred, min_long_pred): fig = plt.open_plot() plt.plot_model(fig, self.min_meth.X_train, self.min_meth.X_test, min_meth_pred, self.min_meth.clf, self.min_meth.mesh, [2, 2, 1], "Min vs Meth", self.n_threads) plt.plot_model(fig, self.min_dir.X_train, self.min_dir.X_test, min_dir_pred, self.min_dir.clf, self.min_dir.mesh, [2, 2, 2], "Min vs Dir", self.n_threads) if min_file_ext_pred is not None: plt.plot_model(fig, self.min_file_ext.X_train, self.min_file_ext.X_test, min_file_ext_pred, self.min_file_ext.clf, self.min_file_ext.mesh, [2, 2, 3], "Min vs FileExt", self.n_threads) plt.plot_model(fig, self.min_long.X_train, self.min_long.X_test, min_long_pred, self.min_long.clf, self.min_long.mesh, [2, 2, 4], "Min vs Long", self.n_threads) plt.close_plot()
def main(test_file): kassnn_f = Path("kass_nn") train_filename = kassnn_f / "level_2/train_logs/foreach_ip_url/train_foreach_ip_url_spec.log" test_filename = kassnn_f / str("level_2/test_logs/foreach_ip_url/" + test_file) config_file = kassnn_f / "config/config.yml" logpar = LogParser(train_filename) characteristic = IPMinURL(logpar, config_file) # Loading training data X_train = lp.load_parsed_data(train_filename, True, characteristic) # Loading testing data X_test = lp.load_parsed_data(test_filename, False, characteristic) # Training model if isinstance(X_train, dict): for key in X_train: characteristic.clfs_by_ip[key] = eif.train_model( X_train[key], characteristic) else: clf = eif.train_model(X_train) # Predicting model i = 0 for log in X_test: ip = characteristic.get_group_criteria(log) if ip in X_train: anomaly_scores = eif.predict_wo_train( [log], characteristic.clfs_by_ip[ip], characteristic.n_threads) print( "TEST {}\n\tFull anomaly value: {}\n\tDangerousness in range [0-5]: {}" .format(i, anomaly_scores[0], get_dangerousness_int(anomaly_scores[0]))) # Plotting model fig = plt.open_plot() plt.plot_model(fig, X_train[ip], [log], anomaly_scores, characteristic.clfs_by_ip[ip], characteristic.mesh, [1, 1, 1], "Min vs URL by IP", characteristic.n_threads) plt.close_plot() i += 1