diff options
Diffstat (limited to 'lib/Analyzer/SequenceOperationsAnalyzer.php')
-rw-r--r-- | lib/Analyzer/SequenceOperationsAnalyzer.php | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/lib/Analyzer/SequenceOperationsAnalyzer.php b/lib/Analyzer/SequenceOperationsAnalyzer.php new file mode 100644 index 0000000..a515e91 --- /dev/null +++ b/lib/Analyzer/SequenceOperationsAnalyzer.php @@ -0,0 +1,90 @@ +<?php + +/** + * @copyright Copyright (c) 2018 Matthias Held <matthias.held@uni-konstanz.de> + * @author Matthias Held <matthias.held@uni-konstanz.de> + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace OCA\RansomwareDetection\Analyzer; + +use OCA\RansomwareDetection\Monitor; + +class SequenceOperationsAnalyzer +{ + /** + * Sequence operation class. + * + * @var int + */ + const NO_WRITE_AND_DELETE = 0; + const ONLY_WRITE = 1; + const ONLY_DELETE = 2; + const EQUAL_WRITE_AND_DELETE = 3; + const DIFF_WRITE_AND_DELETE = 4; + + /** + * Classifies the operations in a sequence. + * + * @param array $sequence + * + * @return int + */ + public function analyze($sequence) + { + $numberOfWrittenFiles = 0; + $numberOfDeletedFiles = 0; + $numberOfRenamedFiles = 0; + + $sequenceClass = self::NO_WRITE_AND_DELETE; + + foreach ($sequence as $fileOperation) { + switch ($fileOperation->getCommand()) { + case Monitor::WRITE: + $numberOfWrittenFiles++; + break; + case Monitor::READ: + break; + case Monitor::RENAME: + $numberOfRenamedFiles++; + break; + case Monitor::DELETE: + $numberOfDeletedFiles++; + break; + default: + break; + } + } + + if ($numberOfWrittenFiles > 0) { + if ($numberOfDeletedFiles > 0) { + if ($numberOfWrittenFiles === $numberOfDeletedFiles) { + $sequenceClass = self::EQUAL_WRITE_AND_DELETE; + } else { + $sequenceClass = self::DIFF_WRITE_AND_DELETE; + } + } else { + $sequenceClass = self::ONLY_WRITE; + } + } else { + if ($numberOfDeletedFiles > 0) { + $sequenceClass = self::ONLY_DELETE; + } + } + + return $sequenceClass; + } +} |