-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathrandom-delay-LOF-test.py
210 lines (170 loc) · 7.69 KB
/
random-delay-LOF-test.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
# -*- coding: utf-8 -*-
import numpy
import scipy
import random
import json
import glob
import sklearn
import copy
from lof import outliers
from sklearn import preprocessing
from sklearn.feature_extraction import DictVectorizer
from sklearn.decomposition import PCA as sklearnPCA
from matplotlib import pyplot as plt
from mpl_toolkits.mplot3d import Axes3D
from mpl_toolkits.mplot3d import proj3d
import matplotlib.patches as mpatches
from sklearn.cluster import KMeans
print "scipy version: " + scipy.__version__
print "numpy version: " + numpy.__version__
print "sklearn version: " + sklearn.__version__
def main():
# actual provenance data of flow files
flowFileData = []
# list of features used in model
modelFeatures = ["eventType", "componentId", "entitySize", "durationMillis"]
dedupeFeatures = ['eventId', "eventType", "componentId", "entitySize", "durationMillis", 'componentType', 'updatedAttributes']
# "eventType", "componentId", "entitySize", "durationMillis"
# features that need to be type casted to int
intFeatures = ["entitySize", "durationMillis"]
fileDirectory = "/Users/wsong/Desktop/nifi/provenance-data/random-50000delay-mod-1000/*"
saveFigureDirectory = "/Users/wsong/Desktop/Flow Provenance Graphs/Working with CSV/"
flowName = "Random Time Delay"
flowFileData = loadProvenanceData(fileDirectory, 500000)
removeProvenanceReporterContamination(flowFileData)
print "list size after contamination removed", len(flowFileData)
cleanFeatures(flowFileData, dedupeFeatures)
"""# populate random times so not all identical points
for event in flowFileData:
event["durationMillis"] = random.uniform(0, 1)"""
# obtain anomaly count and anomaly locations
groundTruth = findGroundTruth(flowFileData)
anomalyIndexList = []
count = 0
for num in list(enumerate(groundTruth)):
if num[1][1] == 1:
anomalyIndexList.append(num[0])
count += 1
print "number of anomalies", count
print "number of events:", len(flowFileData)
print "anomaly indicies", anomalyIndexList
# populate anomalous times
for index in anomalyIndexList:
flowFileData[index]["durationMillis"] = random.uniform(50, 100)
print flowFileData[index]["durationMillis"]
# [dict(t) for t in set([tuple(sorted(d.items())) for d in flowFileData])]
print "removing dupilcates"
# the below solution cant even finish
# [i for n, i in enumerate(flowFileData) if i not in flowFileData[n + 1:]]
print "done removing duplicates"
rawData = copy.deepcopy(flowFileData)
cleanFeatures(flowFileData, modelFeatures)
# cast integer features to int
for dataPoint in flowFileData:
for feature in intFeatures:
dataPoint[feature] = float(dataPoint[feature])
# loads features from a dictionary
# link for reference:
# http://scikit-learn.org/stable/modules/feature_extraction.html#dict-feature-extraction
vec = DictVectorizer()
data = vec.fit_transform(flowFileData).toarray()
dataScaled = preprocessing.scale(data)
# dataScaled = preprocessing.MinMaxScaler().fit_transform(data)
print "Original data Dimensions:", dataScaled.shape
instances = []
for dataPoint in dataScaled:
instances.append(tuple(dataPoint))
print 'starting lof'
lof = outliers(5, instances)
for outlier in lof:
value = outlier["lof"]
index = outlier["index"]
print value, index
"""# run PCA
# sklearn_pca = sklearnPCA(n_components=.99)
sklearn_pca = sklearnPCA(n_components=3)
dataReduced = sklearn_pca.fit_transform(dataScaled)
print "Variance Accounted for:", sklearn_pca.explained_variance_ratio_
print "PCA Data Dimensions:", dataReduced.shape"""
"""
# use_colours = {0: 'green', 1: 'red'}
use_colours = {'LogAttribute': 'blue', 'GenerateFlowFile': 'green', 'ExecuteScript': 'red', 'Input Port': 'black', 'PutFile': 'purple'}
use_sizes = {0: 10, 1: 50}
use_markers = {0: 'o', 1: 'x'}
fig = plt.figure()
ax = fig.gca(projection='3d')
ax.set_title(flowName)
ax.set_xlabel('Column a')
ax.set_ylabel('Column b')
ax.set_zlabel('Column c')
ax.view_init(elev=50, azim=60) # elevation and angle
ax.dist = 12
ax.scatter(
dataReduced[0:len(dataReduced), 0], dataReduced[0:len(dataReduced), 1], dataReduced[0:len(dataReduced), 2], # data
color=[use_colours[x["componentType"]] for x in rawData], # marker colour
marker='o', # marker shape
s=[use_sizes[x[1]] for x in groundTruth] # marker size
)
classes = ['LogAttribute', 'GenerateFlowFile', 'ExecuteScript', 'Input Port', 'PutFile']
class_colours = ['blue', 'green', 'red', 'black', 'purple']
recs = []
for i in range(0,len(class_colours)):
recs.append(mpatches.Rectangle((0,0),1,1,fc=class_colours[i]))
plt.legend(recs,classes, loc = 4, fontsize=10)
# color=[use_colours[x[1]] for x in groundTruth]
plt.show()"""
"""for i in xrange(0, 80, 20):
for j in xrange(0, 100, 45):
ax.view_init(elev=i, azim=j)
plt.savefig(saveFigureDirectory + flowName + " elev"+str(i)+" angle"+str(j)+".png")"""
print "script complete"
def divideDataSet(dataSet, trainingSetProportion, clusterinSetProportion):
# partition dataset into training set, and test set
totalDataCount = dataSet.shape[0]
trainingDataLength = int(totalDataCount*trainingSetProportion)
testDataLength = totalDataCount - trainingDataLength
print "total data count:", totalDataCount
print "training data count:", trainingDataLength
print "test data count:", testDataLength
trainingData = dataSet[0:trainingDataLength, :]
testData = dataSet[trainingDataLength: totalDataCount, :]
# partition training set into clustering set and threshold calculation set
clusteringDataLength = int(trainingDataLength*clusterinSetProportion)
thresholdDataLength = trainingDataLength - clusteringDataLength
print "clustering data count :", clusteringDataLength
print "threshold calculation data count:", thresholdDataLength
clusteringData = trainingData[0: clusteringDataLength, :]
thresholdData = trainingData[clusteringDataLength: trainingDataLength, :]
return [testData, clusteringData, thresholdData]
# removes all features not considered in model
def cleanFeatures(listOfEvents, features):
for eventDict in listOfEvents:
for key in eventDict.keys():
if key not in features:
del eventDict[key]
# load provenance data from local machine
def loadProvenanceData(directory, maxNumberOfDataEntries):
listOfProvenanceFiles = []
for file in glob.glob(directory):
listOfProvenanceFiles.append(file)
random.shuffle(listOfProvenanceFiles)
provenanceData = []
index = 0
while len(provenanceData) < maxNumberOfDataEntries and index < len(listOfProvenanceFiles):
with open(listOfProvenanceFiles[index], 'r') as myfile:
jsonString = myfile.read()
provenanceData = provenanceData + json.loads(jsonString)
print len(provenanceData)
index += 1
return provenanceData
def findGroundTruth(provenanceData):
groundTruth = []
for event in provenanceData:
if event['componentType'] == 'ExecuteScript' and event['updatedAttributes']['anomaly'] == 'y':
groundTruth.append((event['eventId'], 1))
else:
groundTruth.append((event['eventId'], 0))
return groundTruth
def removeProvenanceReporterContamination(flowFileData):
flowFileData[:] = [event for event in flowFileData if event['componentName'] != 'ProvenanceData' and event['componentName'] != 'PutProvenance']
main()