Esempio n. 1
0
        public virtual List <VDSElement> LoadData(string path, double radius)
        {
            List <VDSElement> matrix = new List <VDSElement>();

            using (var reader = new System.IO.StreamReader(path))
            {
                reader.ReadLine();
                while (!reader.EndOfStream)
                {
                    string   line      = reader.ReadLine();
                    string[] values    = line.Split(',');
                    double[] row_value = new double[values.Length - 2];


                    for (int i = 2; i < values.Length; i++)
                    {
                        try
                        {
                            row_value[i - 2] = (double)float.Parse(values[i]);
                        }
                        catch (FormatException fe)
                        {
                            int temp = Convert.ToInt32(values[i], 16);
                            row_value[i - 2] = temp;
                            Console.Write(fe.Message);
                        }
                    }
                    VDSElement e = new VDSElement(radius, row_value);
                    matrix.Add(e);
                }
            }
            return(matrix);
        }
Esempio n. 2
0
        private int ScanAFile(string filePath)
        {
            //dumpbin file
            FilePresentation filePresentation = new FilePresentation();

            filePresentation.ExecuteCommandAFile(filePath, temp_stored_path);
            string[] filepats = Directory.GetFiles(temp_stored_path);
            //vector hoa
            double[] featureVector = filePresentation.VectorizeAFile(Directory.GetFiles(System.IO.Path.Combine(Environment.CurrentDirectory, temp_stored_path))[0]);
            //chuan hoa
            double[] basic_features = featureVector.Take(Globals.BASIC_FEATURES).ToArray();
            double[] dlls           = new double[featureVector.Length - Globals.BASIC_FEATURES];
            for (int i = 0; i < dlls.Length; i++)
            {
                dlls[i] = featureVector[Globals.BASIC_FEATURES + i];
            }
            VDSElement e = new VDSElement(Globals.DETECTOR_RADIUS,
                                          new DLLSignature(basic_features, dlls));
            List <VDSElement> testing_data = new List <VDSElement>();

            testing_data.Add(e);
            //kiem tra

            int[] predictingLabels = algorithm.Learner.PredictLabel(algorithm.ConvertToDataLearnerForPredictLabel(testing_data));

            //Xoa cac file temp
            File.Delete(Directory.GetFiles(temp_stored_path)[0]);
            return(predictingLabels[0]);//1: virus, 0: benign --> 0 la virus, 1 benign
        }
        public override double[] ConvertToDataLearner(VDSElement element, List <VDSElement> detector_set)
        {
            DLLSignature new_element = (DLLSignature)element.GetSignature();
            double       average     = 0;
            double       hammingdis  = 0;

            foreach (var d in detector_set)
            {
                average    += element.GetDistance(d);
                hammingdis += new_element.GetHammingDistance((DLLSignature)d.GetSignature());
            }
            double[] features = new double[2];
            //double[] features = new double[new_element.Values.Length+new_element.Dlls.Length+2];
            //for (int i = 0; i < new_element.Values.Length; i++)
            //{
            //    features[i] = new_element.Values[i];
            //}
            //for (int i = 0; i < new_element.Dlls.Length; i++)
            //{
            //    features[new_element.Values.Length+i] = new_element.Dlls[i];
            //}
            //for (int i = 0; i < ((DLLSignature)element.GetSignature()).Dlls.Length; i++)
            //{
            //    features[i] = ((DLLSignature)element.GetSignature()).Dlls[i];
            //}
            features[features.Length - 2] = average / detector_set.Count;
            features[features.Length - 1] = hammingdis / detector_set.Count;
            //return new double[] { average / detector_set.Count };
            return(features);
        }
        /// <summary>
        /// Compute Average of all distance from the current element to detector of detector set
        /// </summary>
        /// <param name="element"></param>
        /// <param name="detector_set"></param>
        /// <returns></returns>
        public virtual double[] ConvertToDataLearner(VDSElement element, List <VDSElement> detector_set)
        {
            double average = 0;

            foreach (var d in detector_set)
            {
                average += element.GetDistance(d);
            }
            return(new double[] { average / detector_set.Count });
        }
Esempio n. 5
0
        public override double[] ConvertToDataLearner(VDSElement element, List <VDSElement> detector_set)
        {
            double average = 0;

            foreach (var d in detector_set)
            {
                average += element.GetDistance(d);
            }
            double[] features = new double[((DLLSignature)element.GetSignature()).Dlls.Length + 1];
            for (int i = 0; i < ((DLLSignature)element.GetSignature()).Dlls.Length; i++)
            {
                features[i] = ((DLLSignature)element.GetSignature()).Dlls[i];
            }
            features[features.Length - 1] = average / detector_set.Count;
            //return new double[] { average / detector_set.Count };
            return(features);
        }
Esempio n. 6
0
        public override List <VDSElement> LoadData(string path, double radius)
        {
            List <VDSElement> matrix = new List <VDSElement>();

            using (var reader = new System.IO.StreamReader(path))
            {
                reader.ReadLine();
                while (!reader.EndOfStream)
                {
                    string   line      = reader.ReadLine();
                    string[] values    = line.Split(',');
                    double[] row_value = new double[values.Length - 2];


                    for (int i = 2; i < values.Length; i++)
                    {
                        try
                        {
                            row_value[i - 2] = (double)float.Parse(values[i]);
                            //row_value[i - 2] = DoubleSupporter.parse_from_string(values[i]);
                        }
                        catch (FormatException fe)
                        {
                            int temp = Convert.ToInt32(values[i], 16);
                            row_value[i - 2] = temp;
                            Console.Write(fe.Message);
                        }
                    }
                    double[] basic_features = row_value.Take(Globals.BASIC_FEATURES).ToArray();
                    double[] dlls           = new double[row_value.Length - Globals.BASIC_FEATURES];
                    for (int i = 0; i < dlls.Length; i++)
                    {
                        dlls[i] = row_value[Globals.BASIC_FEATURES + i];
                    }
                    VDSElement e = new VDSElement(radius,
                                                  new DLLSignature(basic_features, dlls));
                    matrix.Add(e);
                }
            }
            return(matrix);
        }
Esempio n. 7
0
 public double[] ConvertToDataLearner(VDSElement element, List <VDSElement> detector_set)
 {
     return(element.Features);
 }
Esempio n. 8
0
        private void DoLoadModel(string modelfolerpath, int model_type_index)
        {
            modelPath            = Path.Combine(modelfolerpath, "Machine.mc");
            min_max_path         = Path.Combine(modelfolerpath, "Min_Max.csv");
            detector_path        = Path.Combine(modelfolerpath, "Detector.csv");
            training_virus_path  = Path.Combine(modelfolerpath, "Normal_Virus_Training.csv");
            training_benign_path = Path.Combine(modelfolerpath, "Normal_Benign_Training.csv");
            string min_max_learning_path = Path.Combine(modelfolerpath, "Min_Max_Learning.csv");
            //load min_max
            IDataLoader dllDataLoader = new DLLDataLoader();

            min = new List <double>();
            max = new List <double>();
            dllDataLoader.LoadMinMaxData(min_max_path, min, max);

            //load detector
            List <VDSElement> detector_set = new List <VDSElement>();

            using (StreamReader sr = new StreamReader(detector_path))
            {
                string detector_str;

                while ((detector_str = sr.ReadLine()) != null)
                {
                    string[]      values   = detector_str.Split(',');
                    List <double> row_list = new List <double>();
                    double[]      row_value;
                    for (int i = 0; i < values.Length; i++)
                    {
                        try
                        {
                            row_list.Add(DoubleSupporter.parse_from_string(values[i]));
                        }
                        catch { }
                    }
                    row_value = row_list.ToArray();
                    double[] basic_features = row_value.Take(Globals.BASIC_FEATURES).ToArray();
                    double[] dlls           = new double[row_value.Length - Globals.BASIC_FEATURES];
                    for (int j = 0; j < dlls.Length; j++)
                    {
                        dlls[j] = row_value[Globals.BASIC_FEATURES + j];
                    }
                    VDSElement detector = new VDSElement(Globals.DETECTOR_RADIUS,
                                                         new DLLSignature(basic_features, dlls));
                    detector.IsNormalize = true;
                    detector_set.Add(detector);
                }
            }


            Globals.MACHINE_PATH          = modelPath;
            Globals.MIN_MAX_LEARNING_PATH = min_max_learning_path;

            switch (model_type_index)
            {
            case 0: tester = new Learner.Tester(new Learner.SVMBestLearner()); model_name = "SVM"; break;

            case 1: tester = new Learner.Tester(new Learner.NaiveBayesLearner()); model_name = "NaiveBayes"; break;

            case 2: tester = new Learner.Tester(new Learner.C45DecisionTreeLearner()); model_name = "DecisionTree"; break;

            default:
                tester     = new Learner.Tester(new Learner.SVMBestLearner());
                model_name = "SVM";
                break;
            }

            algorithm = new NormalizeAntiVirusAlgorithm(tester, new HammingDLLDistanceAverageConverter());
            tester.Load_Model();
            //algorithm = new NormalizeAntiVirusAlgorithm(tester, new DLLDistanceAverageConveter());
            algorithm.Detector_set = detector_set;
            algorithm.ListMin      = min;
            algorithm.ListMax      = max;
        }