diff options
author | Matthias Held <ilovemilk@wusa.io> | 2018-09-10 21:58:48 +0300 |
---|---|---|
committer | Matthias Held <ilovemilk@wusa.io> | 2018-09-10 21:58:48 +0300 |
commit | 8b949ae0784f06d73d8e4ff63c9454f54b8c2d82 (patch) | |
tree | 6c508fc0054b3e88cd5fb8ab02ab4adec98fbfc1 | |
parent | a43f4877ee6114e3188b2b8f5ee05ec4d6a30013 (diff) |
Clean up
Signed-off-by: Matthias Held <matthias.held@uni-konstanz.de>
-rw-r--r-- | js/utils.js | 2 | ||||
-rw-r--r-- | lib/Analyzer/SequenceAnalyzer.php | 52 | ||||
-rw-r--r-- | tests/Unit/Analyzer/SequenceAnalyzerTest.php | 2 |
3 files changed, 23 insertions, 33 deletions
diff --git a/js/utils.js b/js/utils.js index afe41b1..18afda9 100644 --- a/js/utils.js +++ b/js/utils.js @@ -42,7 +42,7 @@ var self = this; var td, tr = $('<tr data-id="' + fileData.id + '" data-sequence="' + fileData.sequence + '"></tr>'), mtime = parseInt(fileData.timestamp, 10) * 1000, - basename, extension, simpleSize, sizeColor, filename; + basename, extension, simpleSize, filename; if (isNaN(mtime)) { mtime = new Date().getTime(); diff --git a/lib/Analyzer/SequenceAnalyzer.php b/lib/Analyzer/SequenceAnalyzer.php index 18ba96e..30aa520 100644 --- a/lib/Analyzer/SequenceAnalyzer.php +++ b/lib/Analyzer/SequenceAnalyzer.php @@ -69,10 +69,9 @@ class SequenceAnalyzer * * The next part is the analysis of the suspicion levels of the files written. * Therefor the suspicions levels are weighted: - * High - 1 - * Middle - 0.75 - * Low - 0.5 - * None - 0.25 + * Suspicious - 1 + * Maybe suspicious - 0.5 + * Not suspicious - 0.25 * * summed up and divided by the sum of all written files. The higher the result, * the higher is the suspicion of the hole sequence. @@ -91,30 +90,23 @@ class SequenceAnalyzer return $sequenceResult; } - $highSuspicionFiles = []; - $middleSuspicionFiles = []; - $lowSuspicionFiles = []; - $noSuspicionFiles = []; - $writtenFiles = []; - $sizeOfWrittenFiles = 0; - $deletedFiles = []; - $sizeOfDeletedFiles = 0; + $files = ['written' => [], 'size_written' => 0, 'deleted' => [], 'size_deleted' => 0, 'suspicious' => [], 'maybe_suspicious' => [], 'not_suspicious' => []]; $suspicionScore = 0; foreach ($sequence as $file) { if ($file->getType() === 'file') { switch ($file->getCommand()) { case Monitor::WRITE: - $writtenFiles[] = $file; - $sizeOfWrittenFiles = $sizeOfWrittenFiles + $file->getSize(); + $files['written'][] = $file; + $files['size_written'] = $files['size_written'] + $file->getSize(); break; case Monitor::READ: break; case Monitor::RENAME: break; case Monitor::DELETE: - $deletedFiles[] = $file; - $sizeOfDeletedFiles = $sizeOfDeletedFiles + $file->getSize(); + $files['deleted'][] = $file; + $files['size_deleted'] = $files['size_deleted'] + $file->getSize(); break; case Monitor::CREATE: break; @@ -123,13 +115,13 @@ class SequenceAnalyzer } switch ($file->getSuspicionClass()) { case Classifier::SUSPICIOUS: - $highSuspicionFiles[] = $file; + $files['suspicious'][] = $file; break; case Classifier::MAYBE_SUSPICIOUS: - $middleSuspicionFiles[] = $file; + $files['maybe_suspicious'][] = $file; break; case Classifier::NOT_SUSPICIOUS: - $noSuspicionFiles[] = $file; + $files['not_suspicious'][] = $file; break; case Classifier::NO_INFORMATION: break; @@ -140,11 +132,11 @@ class SequenceAnalyzer } // compare files written and files deleted - if (sizeof($writtenFiles) > 0 && sizeof($deletedFiles) > 0) { - $sequenceResult->setSizeWritten($sizeOfWrittenFiles); - $sequenceResult->setSizeDeleted($sizeOfDeletedFiles); - $upperBound = sizeof($deletedFiles) + self::NUMBER_OF_INFO_FILES; - if (sizeof($writtenFiles) <= $upperBound && sizeof($writtenFiles) >= sizeof($deletedFiles)) { + if (sizeof($files['written']) > 0 && sizeof($files['deleted']) > 0) { + $sequenceResult->setSizeWritten($files['size_written']); + $sequenceResult->setSizeDeleted($files['size_deleted']); + $upperBound = sizeof($files['deleted']) + self::NUMBER_OF_INFO_FILES; + if (sizeof($writtenFiles) <= $upperBound && sizeof($files['written']) >= sizeof($files['deleted'])) { if ($this->sequenceSizeAnalyzer->analyze($sequence) === SequenceSizeAnalyzer::EQUAL_SIZE) { $sequenceResult->setQuantities(2); $suspicionScore += 2; @@ -155,18 +147,16 @@ class SequenceAnalyzer } } - $numberOfWrittenFiles = sizeof($highSuspicionFiles) + sizeof($middleSuspicionFiles) - + sizeof($lowSuspicionFiles) + sizeof($noSuspicionFiles); + $numberOfWrittenFiles = sizeof($files['suspicious']) + sizeof($files['maybe_suspicious']) + sizeof($files['not_suspicious']); // remove info files from the weight $numberOfInfoFiles = self::NUMBER_OF_INFO_FILES; - if (sizeof($noSuspicionFiles) < self::NUMBER_OF_INFO_FILES) { - $numberOfInfoFiles = sizeof($noSuspicionFiles); + if (sizeof($files['not_suspicious']) < self::NUMBER_OF_INFO_FILES) { + $numberOfInfoFiles = sizeof($files['not_suspicious']); } // weight the suspicion levels. - $suspicionSum = (sizeof($highSuspicionFiles) * 1) + (sizeof($middleSuspicionFiles) * 0.75) - + (sizeof($lowSuspicionFiles) * 0.5) + ((sizeof($noSuspicionFiles) - $numberOfInfoFiles) * 0.25); + $suspicionSum = (sizeof($files['suspicious']) * 1) + (sizeof($files['maybe_suspicious']) * 0.5) + ((sizeof($files['not_suspicious']) - $numberOfInfoFiles) * 0.25); // check for division by zero. if (($numberOfWrittenFiles - $numberOfInfoFiles) > 0) { @@ -175,7 +165,7 @@ class SequenceAnalyzer } // entropy funnelling - $entropyFunnelling = $this->entropyFunnellingAnalyzer->analyze($deletedFiles, $writtenFiles); + $entropyFunnelling = $this->entropyFunnellingAnalyzer->analyze($files['deleted'], $files['written']); $sequenceResult->setEntropyFunnelling($entropyFunnelling); $suspicionScore += $entropyFunnelling->getEntropyFunnelling(); diff --git a/tests/Unit/Analyzer/SequenceAnalyzerTest.php b/tests/Unit/Analyzer/SequenceAnalyzerTest.php index 595a532..eeed975 100644 --- a/tests/Unit/Analyzer/SequenceAnalyzerTest.php +++ b/tests/Unit/Analyzer/SequenceAnalyzerTest.php @@ -122,7 +122,7 @@ class SequenceAnalyzerTest extends TestCase ['sequence' => [$fileOperationRead], 'suspicionScore' => 0], ['sequence' => [$fileOperationRename], 'suspicionScore' => 0], ['sequence' => [$fileOperationUnknown], 'suspicionScore' => 0], - ['sequence' => [$fileOperation3], 'suspicionScore' => 0.75], + ['sequence' => [$fileOperation3], 'suspicionScore' => 0.5], ['sequence' => [$fileOperation4], 'suspicionScore' => 0], ['sequence' => [$fileOperation5], 'suspicionScore' => 0], ['sequence' => [$fileOperation6], 'suspicionScore' => 0], |