public void AggregateData(List<Sample> samples, FeatureVectorType aggregateType, bool includeProcessInfo = false)
{
if (aggregateType == FeatureVectorType.SummedContextSwitch)
{
SumSamplesBetweenContextSwitches(samples, false, includeProcessInfo);
}
else if (aggregateType == FeatureVectorType.AverageContextSwitch)
{
AverageSamplesBetweenContextSwitches(samples, false, includeProcessInfo);
}
else if (aggregateType == FeatureVectorType.SummedContextSwitchWithTotalCountIncluded)
{
SumSamplesBetweenContextSwitches(samples, true, includeProcessInfo);
}
else if (aggregateType == FeatureVectorType.AverageContextSwithWithTotalCountIncluded)
{
AverageSamplesBetweenContextSwitches(samples, true, includeProcessInfo);
}
else if (aggregateType == FeatureVectorType.Histogram)
{
CreateHistogramFromSamples(samples, includeProcessInfo, false);
}
else if (aggregateType == FeatureVectorType.HistogramBetweenContextSwitches)
{
CreateHistogramFromSamples(samples, includeProcessInfo, true);
}
else if (aggregateType == FeatureVectorType.RawSamples)
{
List<string> sampleStrings = new List<string>();
foreach (Sample sample in samples)
{
string malwareString = (sample.FromMalware) ? Constants.MalwareString : Constants.NonMalwareString;
string sampleString =
sample.CycleCount + Constants.Delimiter +
sample.EventValue1 + Constants.Delimiter +
sample.EventValue2 + Constants.Delimiter +
sample.EventValue3 + Constants.Delimiter +
sample.EventValue4 + Constants.Delimiter +
sample.EventValue5 + Constants.Delimiter +
sample.EventValue6 + Constants.Delimiter +
malwareString;
sampleStrings.Add(sampleString);
}
if (MultipleDataAggregatedEvent != null)
{
MultipleDataAggregatedEvent(sampleStrings);
}
}
}
/// <summary>
/// Creates a dataset file that logs the summed values of a sample file.
/// </summary>
/// <param name="outputDirectory">Directory where the dataset file will be saved.</param>
public void CreateDatasetFile(
string outputDirectory,
FeatureVectorType aggregateTypeArg,
bool includeProcessInfo,
int experimentNum,
bool isTestSet)
{
if (datasetWriter != null)
{
datasetWriter.Close();
datasetWriter.Dispose();
datasetWriter = null;
sampleFileIdCounter = 0;
}
aggregateType = aggregateTypeArg;
string outputFileName = GenerateOutputFileName(aggregateType, includeProcessInfo, isTestSet);
string outputFile = Path.Combine(outputDirectory, outputFileName);
try
{
FileStream stream = new FileStream(outputFile, FileMode.Append);
datasetWriter = new StreamWriter(stream);
if (stream.Position == 0)
{
// We are creating a new file, so format the top of the file into an ARFF format
if (aggregateType == FeatureVectorType.Histogram || aggregateType == FeatureVectorType.HistogramBetweenContextSwitches)
{
datasetWriter.WriteLine("@RELATION " + "Experiment_" + experimentNum + "_" + outputFileName);
WriteHistogramAttributes();
}
else
{
datasetWriter.WriteLine("@RELATION " + outputFileName);
WritePmuAttributeInformation(experimentNum);
}
if (aggregateType == FeatureVectorType.AverageContextSwithWithTotalCountIncluded ||
aggregateType == FeatureVectorType.SummedContextSwitchWithTotalCountIncluded)
{
datasetWriter.WriteLine("@ATTRIBUTE ValBetweenContextSwitch real");
}
if (includeProcessInfo)
{
datasetWriter.WriteLine("@ATTRIBUTE Process_Name string");
datasetWriter.WriteLine("@ATTRIBUTE Sample_File_ID real");
}
datasetWriter.WriteLine(string.Format("@ATTRIBUTE class {{{0},{1}}}", Constants.MalwareString, Constants.NonMalwareString));
datasetWriter.WriteLine("");
datasetWriter.WriteLine("@DATA");
}
sampleAggregator.DataAggregatedEvent += WriteToDataSet;
sampleAggregator.MultipleDataAggregatedEvent += WriteToDataSet;
}
catch (Exception ex)
{
Console.WriteLine("Unable to create dataset output file. Exception: " + ex.Message);
}
}
private string GenerateOutputFileName(FeatureVectorType aggregateTypeArg, bool includeProcessInfo, bool isTestSet)
{
string rv = null;
string testType = (isTestSet) ? "test" : "train";
string procinfoString = (includeProcessInfo) ? "procInfo_" : "";
string histogramInformation = "";
if (aggregateTypeArg == FeatureVectorType.HistogramBetweenContextSwitches)
{
histogramInformation = "_CtxSwitch";
}
else if (aggregateTypeArg == FeatureVectorType.Histogram)
{
histogramInformation = "_IgnoreCtxSwitch";
}
rv = string.Format("{0}_{1}dataset_{2}{3}.arff", testType, procinfoString, aggregateType.ToString(), histogramInformation);
return rv;
}
private GraphMap<FeatureVector, WeightMatrix>.Box CreateLayer(string name, int numOfUnits, FeatureVectorType fvt)
{
if (vectors.ContainsKey(name))
{
MessageBox.Show("There already is a feature vector named " + name);
return null;
}
var info = featVecType[fvt];
FlowLayoutPanel flp = CreateStatePanel(numOfUnits);
var box = gm.AddBox(info.Item1, new FeatureVector() { name = name, layer = info.Item3, type = info.Item2, size = numOfUnits, fvt = fvt }, x => x.name + " " + x.size + " units", flp);
SetupStatePanel(flp, box);
vectors[name] = box;
SetActions(box);
if (info.Item3 == LayerType.INPUT)
{
inputs.Add(box);
}
else if (info.Item3 == LayerType.HIDDEN)
{
hiddens.Add(box);
}
else if (info.Item3 == LayerType.OUTPUT)
{
outputs.Add(box);
}
return box;
}
private GraphMap <FeatureVector, WeightMatrix> .Box CreateLayer(string name, int numOfUnits, FeatureVectorType fvt)
{
if (vectors.ContainsKey(name))
{
MessageBox.Show("There already is a feature vector named " + name);
return(null);
}
var info = featVecType[fvt];
FlowLayoutPanel flp = CreateStatePanel(numOfUnits);
var box = gm.AddBox(info.Item1, new FeatureVector()
{
name = name, layer = info.Item3, type = info.Item2, size = numOfUnits, fvt = fvt
}, x => x.name + " " + x.size + " units", flp);
SetupStatePanel(flp, box);
vectors[name] = box;
SetActions(box);
if (info.Item3 == LayerType.INPUT)
{
inputs.Add(box);
}
else if (info.Item3 == LayerType.HIDDEN)
{
hiddens.Add(box);
}
else if (info.Item3 == LayerType.OUTPUT)
{
outputs.Add(box);
}
return(box);
}
