ma_cisco_malware/models/networks.py

from collections import namedtuple

import keras
from keras.engine import Input, Model as KerasModel
from keras.layers import Conv1D, Dense, Dropout, Embedding, GlobalMaxPooling1D, TimeDistributed

import dataset

Model = namedtuple("Model", ["in_domains", "in_flows", "out_client", "out_server"])


def get_domain_embedding_model(embedding_size, input_length, filter_size, kernel_size, hidden_dims,
                               drop_out=0.5) -> KerasModel:
    x = y = Input(shape=(input_length,))
    y = Embedding(input_dim=dataset.get_vocab_size(), output_dim=embedding_size)(y)
    y = Conv1D(filter_size,
               kernel_size,
               activation='relu')(y)
    y = GlobalMaxPooling1D()(y)
    y = Dropout(drop_out)(y)
    y = Dense(hidden_dims, activation="relu")(y)
    return KerasModel(x, y)


def get_final_model(cnnDropout, flow_features, window_size, domain_length, cnn_dims, kernel_size,
                    dense_dim, cnn) -> Model:
    ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")
    encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)
    ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    # CNN processing a small slides of flow windows
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu')(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(cnnDropout)(y)
    y = Dense(dense_dim, activation='relu')(y)
    out_client = Dense(1, activation='sigmoid', name="client")(y)
    out_server = Dense(1, activation='sigmoid', name="server")(y)

    return Model(ipt_domains, ipt_flows, out_client, out_server)


def get_inter_model(dropout, flow_features, window_size, domain_length, cnn_dims, kernel_size,
                    dense_dim, cnn) -> Model:
    ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")
    ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")
    encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    y = Dense(dense_dim,
              activation="relu",
              name="dense_server")(merged)
    out_server = Dense(1, activation="sigmoid", name="server")(y)
    merged = keras.layers.concatenate([merged, y], -1)
    # CNN processing a small slides of flow windows
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu')(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(dropout)(y)
    y = Dense(dense_dim,
              activation='relu',
              name="dense_client")(y)

    out_client = Dense(1, activation='sigmoid', name="client")(y)

    return Model(ipt_domains, ipt_flows, out_client, out_server)


def get_server_model(flow_features, domain_length, dense_dim, cnn):
    ipt_domains = Input(shape=(domain_length,), name="ipt_domains")
    ipt_flows = Input(shape=(flow_features,), name="ipt_flows")
    encoded = cnn(ipt_domains)
    cnn.name = "domain_cnn"
    
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    y = Dense(dense_dim,
              activation="relu",
              name="dense_server")(merged)
    out_server = Dense(1, activation="sigmoid", name="server")(y)
    
    return KerasModel(inputs=[ipt_domains, ipt_flows], outputs=out_server)


def get_long_model(dropout, flow_features, window_size, domain_length, cnn_dims, kernel_size,
                   dense_dim, cnn) -> Model:
    ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")
    ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")
    encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu', name="conv_server")(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(dropout)(y)
    y = Dense(dense_dim,
              activation="relu",
              name="dense_server")(y)
    out_server = Dense(1, activation="sigmoid", name="server")(y)
    # CNN processing a small slides of flow windows
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu', name="conv_client")(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(dropout)(y)
    y = Dense(dense_dim,
              activation='relu',
              name="dense_client")(y)
    
    out_client = Dense(1, activation='sigmoid', name="client")(y)
    
    return Model(ipt_domains, ipt_flows, out_client, out_server)
add regularization to small networks, fix model name in args, fix visualizations 2017-09-10 18:06:40 +02:00			`from collections import namedtuple`

refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`import keras`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`from keras.engine import Input, Model as KerasModel`
refactor server training into separate file; add additional info to hyperband log 2017-10-19 17:37:29 +02:00			`from keras.layers import Conv1D, Dense, Dropout, Embedding, GlobalMaxPooling1D, TimeDistributed`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00
move vocab_size into implementation (not user dependent) 2017-07-30 13:47:11 +02:00			`import dataset`

add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`Model = namedtuple("Model", ["in_domains", "in_flows", "out_client", "out_server"])`

refactor network models; remove depths 2017-11-07 20:32:08 +01:00
			`def get_domain_embedding_model(embedding_size, input_length, filter_size, kernel_size, hidden_dims,`
			`drop_out=0.5) -> KerasModel:`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`x = y = Input(shape=(input_length,))`
move vocab_size into implementation (not user dependent) 2017-07-30 13:47:11 +02:00			`y = Embedding(input_dim=dataset.get_vocab_size(), output_dim=embedding_size)(y)`
add regularization to small networks, fix model name in args, fix visualizations 2017-09-10 18:06:40 +02:00			`y = Conv1D(filter_size,`
			`kernel_size,`
			`activation='relu')(y)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(drop_out)(y)`
refactor server training into separate file; add additional info to hyperband log 2017-10-19 17:37:29 +02:00			`y = Dense(hidden_dims, activation="relu")(y)`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`return KerasModel(x, y)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00

refactor network models; remove depths 2017-11-07 20:32:08 +01:00			`def get_final_model(cnnDropout, flow_features, window_size, domain_length, cnn_dims, kernel_size,`
			`dense_dim, cnn) -> Model:`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")`
remove regularizer for conv and domain 2017-09-10 23:40:14 +02:00			`encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")`
			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
			`# CNN processing a small slides of flow windows`
			`y = Conv1D(cnn_dims,`
			`kernel_size,`
move model creation back into models package 2017-11-07 20:09:20 +01:00			`activation='relu')(merged)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(cnnDropout)(y)`
refactor training - separate staggered training; make differences as small as possible 2017-09-12 08:36:23 +02:00			`y = Dense(dense_dim, activation='relu')(y)`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`out_client = Dense(1, activation='sigmoid', name="client")(y)`
			`out_server = Dense(1, activation='sigmoid', name="server")(y)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`return Model(ipt_domains, ipt_flows, out_client, out_server)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00

refactor network models; remove depths 2017-11-07 20:32:08 +01:00			`def get_inter_model(dropout, flow_features, window_size, domain_length, cnn_dims, kernel_size,`
			`dense_dim, cnn) -> Model:`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00			`ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")`
			`ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")`
remove regularizer for conv and domain 2017-09-10 23:40:14 +02:00			`encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)`
change model - add dense before server output in new model add some new run scripts 2017-08-05 09:33:07 +02:00			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
add regularization to small networks, fix model name in args, fix visualizations 2017-09-10 18:06:40 +02:00			`y = Dense(dense_dim,`
			`activation="relu",`
			`name="dense_server")(merged)`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`out_server = Dense(1, activation="sigmoid", name="server")(y)`
			`merged = keras.layers.concatenate([merged, y], -1)`
change model - add dense before server output in new model add some new run scripts 2017-08-05 09:33:07 +02:00			`# CNN processing a small slides of flow windows`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00			`y = Conv1D(cnn_dims,`
			`kernel_size,`
remove input shape of first conv layer in networks because unnecessary add selu activation to deeper network designs 2017-09-17 17:26:09 +02:00			`activation='relu')(merged)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(dropout)(y)`
add regularization to small networks, fix model name in args, fix visualizations 2017-09-10 18:06:40 +02:00			`y = Dense(dense_dim,`
			`activation='relu',`
			`name="dense_client")(y)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`out_client = Dense(1, activation='sigmoid', name="client")(y)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`return Model(ipt_domains, ipt_flows, out_client, out_server)`
add server classification model 2017-10-05 15:26:53 +02:00

			`def get_server_model(flow_features, domain_length, dense_dim, cnn):`
			`ipt_domains = Input(shape=(domain_length,), name="ipt_domains")`
			`ipt_flows = Input(shape=(flow_features,), name="ipt_flows")`
			`encoded = cnn(ipt_domains)`
add bulk embedding visualization and deep1 network 2017-10-09 14:19:01 +02:00			`cnn.name = "domain_cnn"`

add server classification model 2017-10-05 15:26:53 +02:00			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
			`y = Dense(dense_dim,`
			`activation="relu",`
			`name="dense_server")(merged)`
			`out_server = Dense(1, activation="sigmoid", name="server")(y)`

			`return KerasModel(inputs=[ipt_domains, ipt_flows], outputs=out_server)`
add long final implementation 2017-11-05 22:52:50 +01:00

refactor network models; remove depths 2017-11-07 20:32:08 +01:00			`def get_long_model(dropout, flow_features, window_size, domain_length, cnn_dims, kernel_size,`
move model creation back into models package 2017-11-07 20:09:20 +01:00			`dense_dim, cnn) -> Model:`
add long final implementation 2017-11-05 22:52:50 +01:00			`ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")`
			`ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")`
			`encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)`
			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
			`y = Conv1D(cnn_dims,`
			`kernel_size,`
refactor network models; remove depths 2017-11-07 20:32:08 +01:00			`activation='relu', name="conv_server")(merged)`
add long final implementation 2017-11-05 22:52:50 +01:00			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(dropout)(y)`
			`y = Dense(dense_dim,`
			`activation="relu",`
			`name="dense_server")(y)`
			`out_server = Dense(1, activation="sigmoid", name="server")(y)`
			`# CNN processing a small slides of flow windows`
add soft parameter sharing network 2017-11-06 21:51:49 +01:00			`y = Conv1D(cnn_dims,`
			`kernel_size,`
			`activation='relu', name="conv_client")(merged)`
			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(dropout)(y)`
			`y = Dense(dense_dim,`
			`activation='relu',`
			`name="dense_client")(y)`

			`out_client = Dense(1, activation='sigmoid', name="client")(y)`

			`return Model(ipt_domains, ipt_flows, out_client, out_server)`