//Event handeler if an object is changed private static void OnChanged(object source, FileSystemEventArgs e) { //Cancel out appdata Console.WriteLine(e.FullPath + " is " + e.ChangeType); if (e.FullPath.Contains(@"C:\Users\Baseline\Desktop") || e.FullPath.Contains(@"C:\Users\Baseline\Documents") || e.FullPath.Contains(@"C:\Users\Baseline\Downloads") || e.FullPath.Contains(@"C:\Users\Baseline\Videos")) { if (e.FullPath.Contains(".")) { if (e.ChangeType.ToString().Equals("Changed")) { FilemonEventHandler.changeOccured(e); } else if (e.ChangeType.ToString().Equals("Created")) { FilemonEventHandler.creationOccured(e); } else if (e.ChangeType.ToString().Equals("Deleted")) { FilemonEventHandler.deletionOccured(e); } } } }
public static void shannonEntropyFileMonDetection() { FilemonEventHandler.setEntropyThreshold(entropyThreshold); FilemonEventHandler.setThresholdToReaction(thresholdToReaction); FilemonEventHandler.setSecondsInThreshold(secondsInThreshold); //Find entropy of all files ShannonEntropy temp1 = new ShannonEntropy(); temp1.getEntropyOfAllFilesInPath(path1); ShannonEntropy temp2 = new ShannonEntropy(); temp2.getEntropyOfAllFilesInPath(path2); ShannonEntropy temp3 = new ShannonEntropy(); temp3.getEntropyOfAllFilesInPath(path3); ShannonEntropy temp4 = new ShannonEntropy(); temp4.getEntropyOfAllFilesInPath(path4); //Print the entropies Dictionary <string, double> test = ShannonEntropy.getSavedEntropies(); foreach (var item in test) { Console.WriteLine(item.Key + " - " + item.Value); } Thread.Sleep(30000); }