//Event handeler if an object is changed
private static void OnChanged(object source, FileSystemEventArgs e)
{
//Cancel out appdata
Console.WriteLine(e.FullPath + " is " + e.ChangeType);
if (e.FullPath.Contains(@"C:\Users\Baseline\Desktop") ||
e.FullPath.Contains(@"C:\Users\Baseline\Documents") ||
e.FullPath.Contains(@"C:\Users\Baseline\Downloads") ||
e.FullPath.Contains(@"C:\Users\Baseline\Videos"))
{
if (e.FullPath.Contains("."))
{
if (e.ChangeType.ToString().Equals("Changed"))
{
FilemonEventHandler.changeOccured(e);
}
else if (e.ChangeType.ToString().Equals("Created"))
{
FilemonEventHandler.creationOccured(e);
}
else if (e.ChangeType.ToString().Equals("Deleted"))
{
FilemonEventHandler.deletionOccured(e);
}
}
}
}
public static void shannonEntropyFileMonDetection()
{
FilemonEventHandler.setEntropyThreshold(entropyThreshold);
FilemonEventHandler.setThresholdToReaction(thresholdToReaction);
FilemonEventHandler.setSecondsInThreshold(secondsInThreshold);
//Find entropy of all files
ShannonEntropy temp1 = new ShannonEntropy();
temp1.getEntropyOfAllFilesInPath(path1);
ShannonEntropy temp2 = new ShannonEntropy();
temp2.getEntropyOfAllFilesInPath(path2);
ShannonEntropy temp3 = new ShannonEntropy();
temp3.getEntropyOfAllFilesInPath(path3);
ShannonEntropy temp4 = new ShannonEntropy();
temp4.getEntropyOfAllFilesInPath(path4);
//Print the entropies
Dictionary <string, double> test = ShannonEntropy.getSavedEntropies();
foreach (var item in test)
{
Console.WriteLine(item.Key + " - " + item.Value);
}
Thread.Sleep(30000);
}
