public static void NumberAnalyzer(List <IdsTech> content)
{
var drawer = new Drawer <DateTime, double>()
{
Path = @"E:\data\IDS\241AN\测试.jpg"
};
//var typecontent = content.GroupBy(x => x.ThreatName).Where(t => t.Count() > 1000);
Dictionary <DateTime, Drawer <DateTime, double> .BoxPlot> dict = new Dictionary <DateTime, Drawer <DateTime, double> .BoxPlot>();
foreach (var item in content.GroupBy(x => (int)Statics.Timeround(x.StartTime, TimeSpan.FromMinutes(10)).TimeOfDay.TotalMinutes))
{
var groups = item.GroupBy(x => x.StartTime.DayOfYear).Select(x => (double)x.Count()).ToArray();
var percentiles = Statics.Quartiles(groups);
DateTime time = new DateTime(2019, 1, 1);
dict.Add(time + TimeSpan.FromMinutes(item.Key), drawer.CreateBoxPlotInstance(groups.Min(), groups.Max(), percentiles.Item1, percentiles.Item3, groups.Average(), percentiles.Item2));
}
drawer.AddBoxPlotSeries(dict);
//foreach (var c in typecontent)
//{
// foreach (var item in c.GroupBy(x => Statics.Timeround(x.StartTime, TimeSpan.FromMinutes(10))).ToDictionary(x => x.Key, x => x.Count()))
// {
// Console.WriteLine(item.Key + "," + item.Value);
// }
// Dictionary<DateTime, Drawer<DateTime, double>.BoxPlot> dict = new Dictionary<DateTime, Drawer<DateTime, double>.BoxPlot>();
// foreach (var item in c.GroupBy(x => (int)Statics.Timeround(x.StartTime, TimeSpan.FromMinutes(10)).TimeOfDay.TotalMinutes))
// {
// var groups = item.GroupBy(x => x.StartTime.DayOfYear).Select(x => (double)x.Count()).ToArray();
// var percentiles = Statics.Quartiles(groups);
// DateTime time = new DateTime(2019, 1, 1);
// dict.Add(time + TimeSpan.FromMinutes(item.Key), drawer.CreateBoxPlotInstance(groups.Min(), groups.Max(), percentiles.Item1, percentiles.Item3, groups.Average(), percentiles.Item2));
// }
// drawer.AddBoxPlotSeries(dict, c.Key);
//}
drawer.SaveBoxPlot();
}
public static void TypeAnalyzer(List <IdsTech> content)
{
//var content = ContentExtractor.CsvReader<IdsTech>(@"E:\data\IDS\241.txt");
var s = content.GroupBy(a => a.ThreatName).Where(g => g.Count() > 1000).ToDictionary(g => g.Key, h => h.Count());
var drawer = new Drawer <DateTime, int>()
{
Path = @"E:\data\IDS\241AN\1000次威胁名称stacked_per1min.jpg"
};
drawer.InitialGraph();
foreach (var item in s)
{
var seriesData = content.Where(c => c.ThreatName == item.Key)
.GroupBy(x => Statics.Timeround(x.StartTime, TimeSpan.FromMinutes(1)))
.ToDictionary(a => a.Key, b => b.Count());
drawer.AddSeries(seriesData, SeriesChartType.StackedColumn, item.Key.ToString());
}
drawer.Save(true);
}
static void Main2(string[] args)
{
var content = ContentExtractor.LineJsonReader <IdsEve>(@"E:\data\eve11.json");
var max = content.GroupBy(x => x.TargetIp).ToDictionary(x => x.Key, x => x.Count());
var maxip = max.OrderByDescending(x => x.Value).FirstOrDefault().Key;
var samples = content.Where(x => Statics.IpEquals(maxip, x.TargetIp)).ToArray();
//var samples = content.ToArray();
//Console.WriteLine("EventType: " + content.Select(x => x.EventType).Distinct().Count());
//Console.WriteLine("FlowId: " + content.Select(x => x.FlowId).Distinct().Count());
//Console.WriteLine("SourceIp: " + content.Select(x => x.SourceIp).Distinct().Count());
var drawer = new Drawer <DateTime, int>()
{
Path = @"E:\data\eve11_by_alert_signature_maxip.jpg"
};
drawer.InitialGraph();
var groups = samples.Where(x => x.EventType == "alert").GroupBy(x => x.Alert.SignatureId);
foreach (var items in groups)
{
var points = items.GroupBy(x => Statics.Timeround(x.Timestamp, TimeSpan.FromMilliseconds(100)))
.ToDictionary(x => x.Key, x => x.Count()).OrderBy(x => x.Key);
drawer.AddSeries(points, SeriesChartType.Line, items.Key);
}
//drawer.Chart.ChartAreas["Default"].AxisX.
drawer.SetAxisLogarithmic(false);
drawer.Save(true);
// Console.ReadKey();
}
