《基于数据科学的恶意软件分析》
Malware Data Science Attack Detection and Attribution Joshua Saxe Hillary Sanders著 何能强 严寒冰 译 与从恶意软件里提取威胁情报相关的网络分析理论基础 使用可视化来识别恶意软件样本之间关系的方法 如何使用Python和各种开源工具包从恶意软件网络中创建、可视化和提取情报来进行数据分析和可视化 如何将所有知识结合在一起,来揭示和分析恶意软件数据集中的攻击活动
Ubuntu20.04.1 Python3.8.10安装pygraphviz
#推荐学习:windows安装Pygraphviz
#https:
#pygraphviz github下载地址:
#https:
#推荐学习:linux安装Pygraphviz
#https:
#https:
#sudo apt install python-pygraphviz
#error:无法定位软件包 python-pygraphviz
#使用如下方法 终端输入:
sudo apt-get install graphviz graphviz-dev
pip install --pre pygraphviz
install-requirements.sh
sudo apt install icoutils
#我之前安装过icoutils
sudo pip install -r '/home/ubuntu20/桌面/malware_data_science/ch4/code/requirements.txt'
#error:Downloading Murmur-0.1.3.tar.gz (24 kB)
# Preparing metadata (setup.py) ... error
#挨个下载
sudo pip install networkx==2.0
sudo pip install pydot==1.2.4
sudo pip install Murmur==0.1.3 #报错
#pip list显示pefile==2021.9.3;requirements.txt要求pefile==2017.11.5;如果以后出问题再修改
sudo pip install matplotlib==2.0.0 #报错
代码清单4-1 实例化一个网络
#!/usr/bin/python
import networkx
# Instantiate a network with no nodes and no edges.
#实例化一个没有节点和边的网络
network = networkx.Graph()
nodes = ["hello","world",1,2,3]
for node in nodes:
network.add_node(node)
network.add_edge("hello","world")
network.add_edge(1,2)
network.add_edge(1,3)
network.add_node(1,myattribute="foo")
network.node[1]["myattribute"] = "foo"
print(network.node[1]["myattribute"])# prints "foo"
network.add_edge("node1","node2",myattribute="attribute of an edge")
network.get_edge_data("node1","node2")["myattribute"] = "attribute of an edge"
network.get_edge_data("node1","node2")["myattribute"] = 321
print(network.get_edge_data("node1","node2")["myattribute"])# prints 321
代码清单4-3 使用write_dot()将网络保存到磁盘
#!/usr/bin/python
import networkx
from networkx.drawing.nx_agraph import write_dot
# instantiate a network, add some nodes, and connect them
#实例化网络,添加一些节点并连接它们
nodes = ["hello","world",1,2,3]
network = networkx.Graph()
for node in nodes:
network.add_node(node)
network.add_edge("hello","world")
write_dot(network, "network.dot")
#桌面生成一个network.dot文件
#使用fdp实现网络可视化 终端输入
fdp network.dot -T png -o network.png
#桌面生成一个network.png文件
#练习:
#!/usr/bin/python
import networkx
from networkx.drawing.nx_agraph import write_dot
# instantiate a network, add some nodes, and connect them
#实例化网络,添加一些节点并连接它们
nodes = [1,2,3,4,5]
network = networkx.Graph()
for node in nodes:
network.add_node(node)
network.add_edge(1,2)
network.add_edge(1,3)
network.add_edge(1,4)
network.add_edge(1,5)
network.add_edge(2,3)
network.add_edge(2,4)
network.add_edge(2,5)
network.add_edge(3,4)
network.add_edge(3,5)
network.add_edge(4,5)
write_dot(network, "network.dot")
4.6使用GraphViz实现网络可视化
4.6.1使用参数调整网络
#不允许任何节点彼此重叠
fdp network.dot -Goverlap=false -T png -o network.png
#将边绘制为曲线以提高网络的可读性
fdp network.dot -Gsplines=true -T png -o network.png
#将边绘制为曲线并且不允许节点存在视觉上的重叠
fdp network.dot -Gsplines=true -Goverlap=false -T png -o network.png
4.6.2 GraphViz命令行工具
#我下载的数据的ch4目录中没有callback_servers_malware_projection.dot
#fdp
fdp network.dot -T png -o fdp_servers.png -Goverlap=false
#sfdp
sfdp network.dot -T png -o sfdp_servers.png -Goverlap=false
#neato
neato network.dot -T png -o neato_servers.png -Goverlap=false
4.6.3向节点和边添加可视属性
1.边宽度
代码清单4-4 设置penwidth属性
#!/usr/bin/python
import networkx
from networkx.drawing.nx_agraph import write_dot
g = networkx.Graph()
g.add_node(1)
g.add_node(2)
g.add_edge(1,2,penwidth=10) # make the edge extra wide
write_dot(g,'network.dot')
#使用fdp实现网络可视化 终端输入
fdp network.dot -T png -o network.png
#桌面生成一个network.png文件
2.节点和边颜色
代码清单4-5 设置节点和边的颜色
#!/usr/bin/python
import networkx
from networkx.drawing.nx_agraph import write_dot
g = networkx.Graph()
g.add_node(1,color="blue") # make the node outline blue
g.add_node(2,color="pink") # make the node outline pink
g.add_edge(1,2,color="red") # make the edge red
write_dot(g,'network.dot')
#完整颜色列表http:
#使用fdp实现网络可视化 终端输入
fdp network.dot -T png -o network.png
#桌面生成一个network.png文件
3.节点形状
代码清单4-6 设置节点形状
#!/usr/bin/python
import networkx
from networkx.drawing.nx_agraph import write_dot
g = networkx.Graph()
g.add_node(1,shape='diamond')
g.add_node(2,shape='egg')
g.add_edge(1,2)
write_dot(g,'network.dot')
#http:
#使用fdp实现网络可视化 终端输入
fdp network.dot -T png -o network.png
#桌面生成一个network.png文件
4.文本标签
代码清单4-7 标记节点和边
#!/usr/bin/python
import networkx
from networkx.drawing.nx_agraph import write_dot
g = networkx.Graph()
g.add_node(1,label="first node")
g.add_node(2,label="second node")
g.add_edge(1,2,label="link between first and second node")
write_dot(g,'network.dot')
#使用fdp实现网络可视化 终端输入
fdp network.dot -T png -o network.png
#桌面生成一个network.png文件
认真是一种态度更是一种责任
|