-
Notifications
You must be signed in to change notification settings - Fork 1
/
irc_graph.py
146 lines (115 loc) · 4.42 KB
/
irc_graph.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
from graphviz import Digraph
class Node(object):
def __init__(self, ip: str, port: [int], name: str):
self.ip = ip
self.port = port
self.name = name
def __eq__(self, other):
if isinstance(other, Node):
return self.ip == other.ip and self.port == other.port and self.name == other.name
return False
def id(self):
hash_node = lambda v: str(abs(hash(v)) % (10 ** 8))
return hash_node(self.name)
# return self.ip
def label(self):
return self.name
# return self.ip
class Edge(object):
def __init__(self, src_node: Node, dst_node: Node):
self.src_node = src_node
self.dst_node = dst_node
def __eq__(self, other):
if isinstance(other, Edge):
return self.src_node == other.src_node and self.dst_node == other.dst_node
return False
class MsgEdge(Edge):
def __init__(self, src_node: Node, dst_node: Node, msg: str, time: int, pkt_size: int):
super().__init__(src_node, dst_node)
self.msg = msg
self.time = time
self.pkt_size = pkt_size
def __eq__(self, other):
if isinstance(other, MsgEdge):
return self.src_node == other.src_node and \
self.dst_node == other.dst_node and \
self.time == other.time and \
self.msg == other.msg
return False
class SessionEdge(Edge):
def __init__(self, src_node: Node, dst_node: Node, start_time: str, end_time: int, msg_count: int,
pkt_size_total: int, msg_periodicity: int = None):
super().__init__(src_node, dst_node)
self.start_time = start_time
self.end_time = end_time
self.msg_count = msg_count
self.pkt_size_total = pkt_size_total
self.msg_periodicity = msg_periodicity
class Graph(object):
def __init__(self, nodes=None, edges=None):
if nodes is None:
nodes = []
if edges is None:
edges = []
self.nodes = nodes
self.edges = edges
def add_node(self, node: Node) -> bool:
""" :returns False if the node is already in nodes
:returns True otherwise
"""
if node not in self.nodes:
self.nodes.append(node)
return True
return False
def add_edge(self, edge: Edge) -> bool:
""" :returns False if the edge is already in edges
:returns True otherwise
"""
if edge not in self.edges:
self.edges.append(edge)
return True
return False
def build_graph(irc_logs):
print('building graph...')
graph = Graph()
for log in irc_logs:
v1_ip, v1_ports, v1_name = log['src_ip'], log['src_ports'], log['src']
v2_ip, v2_port, v2_name = log['dst_ip'], log['dst_port'], log['dst']
v1, v2 = Node(v1_ip, v1_ports, v1_name), Node(v2_ip, [v2_port], v2_name)
start_time = log['start_time']
end_time = log['end_time']
msg_count = log['msg_count']
pkt_size_total = log['pkt_size_total']
periodicity = log.get('periodicity', None)
e = SessionEdge(v1, v2, start_time, end_time, msg_count, pkt_size_total, periodicity)
graph.add_node(v1)
graph.add_node(v2)
graph.add_edge(e)
# for m in log['msgs']:
# msg = m['msg']
# time = m['timestamp']
# size = m['pkt_size']
# v1, v2 = Node(v1_ip, v1_ports ,v1_name), Node(v2_ip, [v2_port], v2_name)
# e = MsgEdge(v1, v2, msg, time, size)
# graph.add_node(v1)
# graph.add_node(v2)
# graph.add_edge(e)
return graph
def visualize_graph(graph, tree_path):
print('visualizing graph...')
dot = Digraph('IRC Tree', filename=tree_path)
dot.graph_attr.update(sep='+100,s100')
edges = set()
for edge in graph.edges:
v1, v2 = edge.src_node, edge.dst_node
# comment this block of code to show non-duplicate edges between nodes
dot.node(v1.id(), label=v1.label())
dot.node(v2.id(), label=v2.label())
dot.edge(v1.id(), v2.id())
# uncomment this block of code to show duplicate edges between nodes
if (v1.id(), v2.id()) not in edges:
edges.add((v1.id(), v2.id()))
dot.node(v1.id(), label=v1.label())
dot.node(v2.id(), label=v2.label())
dot.edge(v1.id(), v2.id())
dot.view()