?? 1.cpp
字號:
#include <stdio.h>
#include <malloc.h>
#include <math.h>
#include <time.h>
#include <iostream>
#include <vector>
using namespace std ;
typedef struct recorder
{
float duration; //連接的持續時間
char pro_type[8]; //端口類型
char service[8]; //服務類型
char flag[5]; //標志域
double src_dst_bytes[2]; //源或目的主機發向對方的字節數
bool land; //二值屬性
float w_u_h_n[4];
bool log_in; //二值屬性
float num_root[8];
bool host_guest[2]; //二值屬性
float srv_etc[9];
double dst_host[2];
float host[8];
char is_normal[20];
struct recorder *next; //方便同一簇中記錄間連接起來
}Recorder;
//簇特征描述
typedef struct subContainer
{
Recorder *pFirstRec; //指向屬于該簇的第一個記錄
Recorder *pLastRec; //指向最后一個記錄,方便插入
unsigned int recordNum; //該簇的記錄個數
Recorder clusterCenter; //簇的質心,需要不斷更新
char is_normal[20]; //該簇被標記為正常還是異常
}SubContainer;
typedef vector<Recorder *> RecorderVector; //定義全局容器類型
typedef vector<SubContainer *> ClusterVector; //簇容器類型
/**
* @函數名 : ReadData
* @brief :
* @return : void
* @param : FILE *fp
* @param : Recorder *pRecorder
* @param : Recorder &avg_calc
* @param : unsigned int &calcNormal
* @remark : 讀取文件記錄
*/
void ReadData(FILE *fp, Recorder *pRecorder, Recorder &avg_calc, unsigned int &calcNormal)
{
int i = 0;
fscanf(fp, "%f, %[^,], %[^,], %[^,], %Lf, %Lf, %d, %f, %f, %f, %f, %d, %f, %f, %f, %f, %f, \
%f, %f, %f, %d, %d, %f, %f, %f, %f, %f, %f, %f, %f, %f, %Lf, %Lf, %f, %f, %f, %f, \
%f, %f, %f, %f,%[^.].\r\n",
&pRecorder->duration, pRecorder->pro_type, pRecorder->service, pRecorder->flag, \
&pRecorder->src_dst_bytes[0], &pRecorder->src_dst_bytes[1], &pRecorder->land, \
&pRecorder->w_u_h_n[0], &pRecorder->w_u_h_n[1], &pRecorder->w_u_h_n[2], \
&pRecorder->w_u_h_n[3], &pRecorder->log_in, &pRecorder->num_root[0], \
&pRecorder->num_root[1], &pRecorder->num_root[2], &pRecorder->num_root[3], \
&pRecorder->num_root[4], &pRecorder->num_root[5], &pRecorder->num_root[6], \
&pRecorder->num_root[7], &pRecorder->host_guest[0], &pRecorder->host_guest[1], \
&pRecorder->srv_etc[0], &pRecorder->srv_etc[1], &pRecorder->srv_etc[2], \
&pRecorder->srv_etc[3], &pRecorder->srv_etc[4], &pRecorder->srv_etc[5], \
&pRecorder->srv_etc[6], &pRecorder->srv_etc[7], &pRecorder->srv_etc[8], \
&pRecorder->dst_host[0], &pRecorder->dst_host[1], &pRecorder->host[0], \
&pRecorder->host[1], &pRecorder->host[2], &pRecorder->host[3], &pRecorder->host[4], \
&pRecorder->host[5], &pRecorder->host[6], &pRecorder->host[7], pRecorder->is_normal);
strcat(pRecorder->is_normal, ".");
if (0 == strcmp("normal.", pRecorder->is_normal))
{
calcNormal++;
}
//所有記錄對應屬性求和
avg_calc.duration += pRecorder->duration;
avg_calc.src_dst_bytes[0] += pRecorder->src_dst_bytes[0];
avg_calc.src_dst_bytes[1] += pRecorder->src_dst_bytes[1];
for (i = 0; i < 4; ++i)
{
avg_calc.w_u_h_n[i] += pRecorder->w_u_h_n[i];
}
for (i = 0; i < 8; ++i)
{
avg_calc.num_root[i] += pRecorder->num_root[i];
}
for (i = 0; i < 9; ++i)
{
avg_calc.srv_etc[i] += pRecorder->srv_etc[i];
}
avg_calc.dst_host[0] += pRecorder->dst_host[0];
avg_calc.dst_host[1] += pRecorder->dst_host[1];
for (i = 0; i < 8; ++i)
{
avg_calc.host[i] += pRecorder->host[i];
}
}
/**
* @函數名 : Standardize
* @brief :
* @return : void
* @param : RecorderVector &recorderContainer
* @param : Recorder &avg_vector
* @remark : 對記錄進行標準化
*/
void Standardize(RecorderVector &recorderContainer, Recorder &avg_vector, Recorder &std_vector)
{
int i;
double temp = 1.0 / (recorderContainer.size() - 1);
RecorderVector::iterator recorderIterator;
//第一次遍歷統計標準差
for (recorderIterator = recorderContainer.begin();
recorderIterator != recorderContainer.end(); recorderIterator++)
{
std_vector.duration += pow((*recorderIterator)->duration - avg_vector.duration, 2);
std_vector.src_dst_bytes[0] += pow((*recorderIterator)->src_dst_bytes[0] -
avg_vector.src_dst_bytes[0], 2);
std_vector.src_dst_bytes[1] += pow((*recorderIterator)->src_dst_bytes[1] -
avg_vector.src_dst_bytes[1], 2);
for (i = 0; i < 4; ++i)
{
std_vector.w_u_h_n[i] += pow((*recorderIterator)->w_u_h_n[i] -
avg_vector.w_u_h_n[i], 2);
}
for (i = 0; i < 8; ++i)
{
std_vector.num_root[i] += pow((*recorderIterator)->num_root[i] -
avg_vector.num_root[i], 2);
}
for (i = 0; i < 9; ++i)
{
std_vector.srv_etc[i] += pow((*recorderIterator)->srv_etc[i] -
avg_vector.srv_etc[i], 2);
}
std_vector.dst_host[0] += pow((*recorderIterator)->dst_host[0] -
avg_vector.dst_host[0], 2);
std_vector.dst_host[1] += pow((*recorderIterator)->dst_host[1] -
avg_vector.dst_host[1], 2);
for (i = 0; i < 8; ++i)
{
std_vector.host[i] += pow((*recorderIterator)->host[i] -
avg_vector.host[i], 2);
}
}
//真正的標準差
std_vector.duration = sqrt(temp * std_vector.duration);
std_vector.src_dst_bytes[0] = sqrt(temp * std_vector.src_dst_bytes[0]);
std_vector.src_dst_bytes[1] = sqrt(temp * std_vector.src_dst_bytes[1]);
for (i = 0; i < 4; ++i)
{
std_vector.w_u_h_n[i] = sqrt(temp * std_vector.w_u_h_n[i]);
}
for (i = 0; i < 8; ++i)
{
std_vector.num_root[i] = sqrt(temp * std_vector.num_root[i]);
}
for (i = 0; i < 9; ++i)
{
std_vector.srv_etc[i] = sqrt(temp * std_vector.srv_etc[i]);
}
std_vector.dst_host[0] = sqrt(temp * std_vector.dst_host[0]);
std_vector.dst_host[1] = sqrt(temp * std_vector.dst_host[1]);
for (i = 0; i < 8; ++i)
{
std_vector.host[i] = sqrt(temp * std_vector.host[i]);
}
//第二次遍歷進行標準化
for (recorderIterator = recorderContainer.begin();
recorderIterator != recorderContainer.end(); recorderIterator++)
{
if (0 != std_vector.duration)
{
(*recorderIterator)->duration = ((*recorderIterator)->duration -
avg_vector.duration) / std_vector.duration;
}
if (0 != std_vector.src_dst_bytes[0])
{
(*recorderIterator)->src_dst_bytes[0] = ((*recorderIterator)->src_dst_bytes[0] -
avg_vector.src_dst_bytes[0]) / std_vector.src_dst_bytes[0];
}
if (0 != std_vector.src_dst_bytes[1])
{
(*recorderIterator)->src_dst_bytes[1] = ((*recorderIterator)->src_dst_bytes[1] -
avg_vector.src_dst_bytes[1]) / std_vector.src_dst_bytes[1];
}
for (i = 0; i < 4; ++i)
{
if (0 != std_vector.w_u_h_n[i])
{
(*recorderIterator)->w_u_h_n[i] = ((*recorderIterator)->w_u_h_n[i] -
avg_vector.w_u_h_n[i]) / std_vector.w_u_h_n[i];
}
}
for (i = 0; i < 8; ++i)
{
if (0 != std_vector.num_root[i])
{
(*recorderIterator)->num_root[i] = ((*recorderIterator)->num_root[i] -
avg_vector.num_root[i]) / std_vector.num_root[i];
}
}
for (i = 0; i < 9; ++i)
{
if (0 != std_vector.srv_etc[i])
{
(*recorderIterator)->srv_etc[i] = ((*recorderIterator)->srv_etc[i] -
avg_vector.srv_etc[i]) / std_vector.srv_etc[i];
}
}
if (0 != std_vector.dst_host[0])
{
(*recorderIterator)->dst_host[0] = ((*recorderIterator)->dst_host[0] -
avg_vector.dst_host[0]) / std_vector.dst_host[0];
}
if (0 != std_vector.dst_host[1])
{
(*recorderIterator)->dst_host[1] = ((*recorderIterator)->dst_host[1] -
avg_vector.dst_host[1]) / std_vector.dst_host[1];
}
for (i = 0; i < 8; ++i)
{
if (0 != std_vector.host[i])
{
(*recorderIterator)->host[i] = ((*recorderIterator)->host[i] -
avg_vector.host[i]) / std_vector.host[i];
}
}
}
}
/**
* @函數名 : GetAverage
* @brief :
* @return : void
* @param : Recorder &avg_vector
* @param : int num
* @remark : 計算每個屬性的平均值
*/
void GetAverage(Recorder &avg_vector, int num)
{
int i;
avg_vector.duration = avg_vector.duration / (float)num;
avg_vector.src_dst_bytes[0] = avg_vector.src_dst_bytes[0] / (double)num;
avg_vector.src_dst_bytes[1] = avg_vector.src_dst_bytes[1] / (double)num;
for (i = 0; i < 4; ++i)
{
avg_vector.w_u_h_n[i] = avg_vector.w_u_h_n[i] / (float)num;
}
for (i = 0; i < 8; ++i)
{
avg_vector.num_root[i] = avg_vector.num_root[i] / (float)num;
}
for (i = 0; i < 9; ++i)
{
avg_vector.srv_etc[i] = avg_vector.srv_etc[i] / (float)num;
}
avg_vector.dst_host[0] = avg_vector.dst_host[0] / (double)num;
avg_vector.dst_host[1] = avg_vector.dst_host[1] / (double)num;
for (i = 0; i < 8; ++i)
{
avg_vector.host[i] = avg_vector.host[i] / (float)num;
}
}
/**
* @函數名 : CalcNumDif
* @brief :
* @return : double
* @param : Recorder *pRecord
* @param : Recorder &clusterCenter
* @remark : 計算連續屬性差異
*/
double CalcNumDif(Recorder *pRecord, Recorder &clusterCenter)
{
double numDif = 0.;
int i = 0;
numDif += pow(pRecord->duration - clusterCenter.duration, 2);
numDif += pow(pRecord->src_dst_bytes[0] - clusterCenter.src_dst_bytes[0], 2);
numDif += pow(pRecord->src_dst_bytes[1] - clusterCenter.src_dst_bytes[1], 2);
for (i = 0; i < 4; ++i)
{
numDif += pow(pRecord->w_u_h_n[i] - clusterCenter.w_u_h_n[i], 2);
}
for (i = 0; i < 8; ++i)
{
numDif += pow(pRecord->num_root[i] - clusterCenter.num_root[i], 2);
}
for (i = 0; i < 9; ++i)
{
numDif += pow(pRecord->srv_etc[i] - clusterCenter.srv_etc[i], 2);
}
numDif += pow(pRecord->dst_host[0] - clusterCenter.dst_host[0], 2);
numDif += pow(pRecord->dst_host[1] - clusterCenter.dst_host[1], 2);
for (i = 0; i < 8; ++i)
{
numDif += pow(pRecord->host[i] - clusterCenter.host[i], 2);
}
return numDif;
}
/**
* @函數名 : CalcFeaDif
* @brief :
* @return : double
* @param : Recorder *pRecord
* @param : Recorder *pFirstRecord
* @param : unsigned int totalRec
* @remark : 計算分類屬性差異
*/
double CalcFeaDif(Recorder *pRecord, Recorder *pFirstRecord, unsigned int totalRec)
{
double feaDif = 0;
int i = 0;
unsigned int appeaNum[7] = {0};
while(NULL != pFirstRecord)
{
if (0 == strcmp(pRecord->pro_type, pFirstRecord->pro_type))
{
appeaNum[0]++;
}
if (0 == strcmp(pRecord->service, pFirstRecord->service))
{
appeaNum[1]++;
}
if (0 == strcmp(pRecord->flag, pFirstRecord->flag))
{
appeaNum[2]++;
}
if (pRecord->land == pFirstRecord->land)
{
appeaNum[3]++;
}
if (pRecord->log_in == pFirstRecord->log_in)
{
appeaNum[4]++;
}
if (pRecord->host_guest[0] == pFirstRecord->host_guest[0])
{
appeaNum[5]++;
}
if (pRecord->host_guest[1] == pFirstRecord->host_guest[1])
{
appeaNum[6]++;
}
pFirstRecord = pFirstRecord->next;
}
for (i = 0; i < 7; ++i)
{
feaDif += pow(1.0 - appeaNum[i] / (float)totalRec, 2);
}
return feaDif;
}
/**
* @函數名 : UpdateCluster
* @brief :
* @return : void
* @param : SubContainer *pRecord
* @remark : 更新簇中心
*/
void UpdateCluster(SubContainer *pRecord)
{
int i;
int num = pRecord->recordNum;
Recorder *pList = pRecord->pFirstRec;
Recorder center ;
memset(¢er, 0 ,sizeof(Recorder));
while(NULL != pList)
{
center.duration += pList->duration;
center.src_dst_bytes[0] += pList->src_dst_bytes[0];
center.src_dst_bytes[1] += pList->src_dst_bytes[1];
for (i = 0; i < 4; ++i)
{
center.w_u_h_n[i] += pList->w_u_h_n[i];
}
for (i = 0; i < 8; ++i)
{
center.num_root[i] += pList->num_root[i];
}
for (i = 0; i < 9; ++i)
{
center.srv_etc[i] += pList->srv_etc[i];
}
center.dst_host[0] += pList->dst_host[0];
center.dst_host[1] += pList->dst_host[1];
for (i = 0; i < 8; ++i)
{
center.host[i] += pList->host[i];
}
pList = pList->next;
}
//求平均
center.duration = center.duration / num;
center.src_dst_bytes[0] = center.src_dst_bytes[0] / num;
center.src_dst_bytes[1] = center.src_dst_bytes[1] / num;
for (i = 0; i < 4; ++i)
{
center.w_u_h_n[i] = center.w_u_h_n[i] / num;
}
for (i = 0; i < 8; ++i)
{
center.num_root[i] = center.num_root[i] / num;
}
for (i = 0; i < 9; ++i)
{
center.srv_etc[i] = center.srv_etc[i] / num;
}
center.dst_host[0] = center.dst_host[0] / num;
center.dst_host[1] = center.dst_host[1] / num;
for (i = 0; i < 8; ++i)
{
center.host[i] = center.host[i] / num;
}
pRecord->clusterCenter = center;
}
/**
* @函數名 : SetNewCluster
* @brief :
* @return : bool
* @param : Recorder *pRecord
* @param : ClusterVector &clusterContainer
* @remark : 生成新的簇
*/
bool SetNewCluster(Recorder *pRecord, ClusterVector &clusterContainer)
{
SubContainer *pSubCon = (SubContainer *)malloc(sizeof(SubContainer));
if (NULL == pSubCon)
{
printf("分配內存錯誤。\n");
return 0;
}
memset(pSubCon, 0 , sizeof(SubContainer));
pSubCon->pFirstRec = pRecord;
pSubCon->pLastRec = pRecord;
pSubCon->recordNum = 1;
pSubCon->clusterCenter = *pRecord;
clusterContainer.push_back(pSubCon);
return 1;
}
void OutputInfo(RecorderVector &recorderContainer, ClusterVector &clusterContainer,
const unsigned int &calcAnormal, const unsigned int &calcNormal)
{
//后續輸出
printf("總的記錄的個數是:%d\n", recorderContainer.size());
printf("其中簇的個數有 %u\n\n", clusterContainer.size());
unsigned int correct = 0;
unsigned int incorrect = 0;
ClusterVector::iterator clusterIterator;
for (clusterIterator = clusterContainer.begin();
clusterIterator != clusterContainer.end(); ++clusterIterator)
{
printf("該簇中共有記錄 %u\n", (*clusterIterator)->recordNum);
int num = 0;
Recorder *pList = (*clusterIterator)->pFirstRec;
while (NULL != pList)
{
if (0 == strcmp("normal.", pList->is_normal))
{
num++;
}
pList = pList->next;
}
printf("其中正常記錄 %d\n\n", num);
//該簇被標記為攻擊簇
if ((*clusterIterator)->recordNum <= (recorderContainer.size() * 0.015))
{
//正確檢測到的攻擊數
correct += (*clusterIterator)->recordNum - num;
incorrect += num;
strcpy((*clusterIterator)->is_normal, "anormal.");
}
//該簇被標記為正常簇
else
{
strcpy((*clusterIterator)->is_normal, "normal.");
}
}
printf("該閾值下的檢測率是: %%%.3f\n", correct / (float)calcAnormal *100);
printf("該閾值下的誤報率是: %%%.3f\n", incorrect / (float)calcNormal *100);
}
/**
* @函數名 : GetStadardize
* @brief :
* @return : void
* @param : FILE *pTest
* @param : RecorderVector &recorderTest
* @param : unsigned int &calcNormal
* @remark : 集成讀記錄標準化
*/
void GetStadardize(FILE *pTest, RecorderVector &recorderTest, unsigned int &calcNormal,
Recorder &testAverage, Recorder &std_vector)
{
Recorder *pTestRecorder = NULL;
while (!feof(pTest))
{
pTestRecorder = (Recorder *)malloc(sizeof(Recorder));
if (NULL == pTestRecorder)
{
printf("分配內存錯誤。\n");
return;
}
memset(pTestRecorder, 0, sizeof(Recorder));
//讀入一條記錄
ReadData(pTest, pTestRecorder, testAverage, calcNormal);
//把該指針壓入容器
recorderTest.push_back(pTestRecorder);
}
//求平均
GetAverage(testAverage, recorderTest.size());
//標準化
Standardize(recorderTest, testAverage, std_vector);
}
void MinDis(Recorder *pRecorder, ClusterVector &clusterContainer, double &minTemp,
unsigned int &finalCluster)
{
double numDif = CalcNumDif(pRecorder, clusterContainer.at(0)->clusterCenter);
double feaDif = CalcFeaDif(pRecorder, clusterContainer.at(0)->pFirstRec,
clusterContainer.at(0)->recordNum);
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -