Пример #1
0
 private static void ComputeProfile(FlowProfile profile, IEnumerable <IFlowRecord> flows)
 {
     foreach (var flow in flows)
     {
         var modelObject = flow.Model.ToString();
         if (!profile.TryGetValue(modelObject, out var model))
         {
             model = profile.NewModel();
             profile[modelObject] = model;
         }
         model.Samples.Add(new double[] { flow.FlowPackets, flow.FlowOctets });
     }
 }
Пример #2
0
        private (int Normal, int Abnormal, int Unknown) TestAndPrint(FlowProfile profile, IEnumerable <IFlowRecord> flows, string label = "")
        {
            var normalCount   = 0;
            var abnormalCount = 0;
            var unknownCount  = 0;
            var matchingTable = new DataTable();

            matchingTable.Columns.Add("CoAP Flow", typeof(string));
            matchingTable.Columns.Add("Packets", typeof(string));
            matchingTable.Columns.Add("Octets", typeof(string));
            matchingTable.Columns.Add("Score", typeof(double));
            matchingTable.Columns.Add("Threshold", typeof(double));
            matchingTable.Columns.Add("Label", typeof(string));
            foreach (var flow in flows)
            {
                var observation = new double[] { flow.FlowPackets, flow.FlowOctets };
                if (profile.TryGetValue(flow.Model.ToString(), out var matchingProfile))
                {
                    var score   = matchingProfile.Score(observation);
                    var matches = (score > (matchingProfile.Threshold * profile.ThresholdMultiplier));
                    matchingTable.Rows.Add($"{flow.Key} {flow.Model}", flow.FlowPackets, flow.FlowOctets, score, matchingProfile.Threshold, matches ? "normal" : "abnormal");
                    if (matches)
                    {
                        normalCount++;
                    }
                    else
                    {
                        abnormalCount++;
                    }
                }
                else
                {
                    matchingTable.Rows.Add($"{flow.Key} {flow.Model}", flow.FlowPackets, flow.FlowOctets, double.NaN, double.NaN, "unknown");
                    unknownCount++;
                }
            }
            Console.WriteLine($"{label}:");
            ConsoleTableBuilder.From(matchingTable)
            .WithFormat(ConsoleTableBuilderFormat.MarkDown)
            .ExportAndWriteLine();
            return(normalCount, abnormalCount, unknownCount);
        }
Пример #3
0
        private void ComputeDistances(FlowProfile profile1, FlowProfile profile2)
        {
            var measuresTable = new DataTable();

            measuresTable.Columns.Add("Target", typeof(string));
            measuresTable.Columns.Add("Count 1", typeof(double));
            measuresTable.Columns.Add("Count 2", typeof(double));
            measuresTable.Columns.Add("Distance", typeof(double));
            foreach (var m1 in profile1)
            {
                if (profile2.TryGetValue(m1.Key, out var m2))
                {
                    var b    = new Bhattacharyya();
                    var dist = b.Distance(m1.Value.Samples.ToArray(), m2.Samples.ToArray());
                    measuresTable.Rows.Add(m1.Key, m1.Value.Samples.Count, m2.Samples.Count, dist);
                }
            }

            Console.WriteLine("Distances:");
            ConsoleTableBuilder.From(measuresTable)
            .WithFormat(ConsoleTableBuilderFormat.MarkDown)
            .ExportAndWriteLine();
        }