ma_cisco_malware/models/pauls_networks.py

import keras
from keras.engine import Input, Model as KerasModel
from keras.layers import Embedding, Conv1D, GlobalMaxPooling1D, Dense, Dropout, Activation, TimeDistributed

import dataset

from collections import namedtuple

Model = namedtuple("Model", ["in_domains", "in_flows", "out_client", "out_server"])

best_config = {
    "type": "paul",
    "batch_size": 64,
    "window_size": 10,
    "domain_length": 40,
    "flow_features": 3,
    #
    'dropout': 0.5,
    'domain_features': 32,
    'drop_out': 0.5,
    'embedding_size': 64,
    'filter_main': 512,
    'flow_features': 3,
    'dense_main': 32,
    'filter_embedding': 32,
    'hidden_embedding': 32,
    'kernel_embedding': 8,
    'kernels_main': 8,
    'input_length': 40
}


def get_embedding(embedding_size, input_length, filter_size, kernel_size, hidden_dims, drop_out=0.5) -> KerasModel:
    x = y = Input(shape=(input_length,))
    y = Embedding(input_dim=dataset.get_vocab_size(), output_dim=embedding_size)(y)
    y = Conv1D(filter_size, kernel_size, activation='relu')(y)
    y = GlobalMaxPooling1D()(y)
    y = Dropout(drop_out)(y)
    y = Dense(hidden_dims)(y)
    y = Activation('relu')(y)
    return KerasModel(x, y)


def get_model(cnnDropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,
              dense_dim, cnn, model_output="both") -> Model:
    ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")
    encoded = TimeDistributed(cnn)(ipt_domains)
    ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    # CNN processing a small slides of flow windows
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu',
               input_shape=(window_size, domain_features + flow_features))(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(cnnDropout)(y)
    y = Dense(dense_dim, activation='relu')(y)
    out_client = Dense(1, activation='sigmoid', name="client")(y)
    out_server = Dense(1, activation='sigmoid', name="server")(y)

    return Model(ipt_domains, ipt_flows, out_client, out_server)


def get_new_model(dropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,
                  dense_dim, cnn, model_output="both") -> Model:
    ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")
    ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")
    encoded = TimeDistributed(cnn)(ipt_domains)
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    y = Dense(dense_dim, activation="relu", name="dense_server")(merged)
    out_server = Dense(1, activation="sigmoid", name="server")(y)
    merged = keras.layers.concatenate([merged, y], -1)
    # CNN processing a small slides of flow windows
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu',
               input_shape=(window_size, domain_features + flow_features))(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(dropout)(y)
    y = Dense(dense_dim, activation='relu', name="dense_client")(y)

    out_client = Dense(1, activation='sigmoid', name="client")(y)

    return Model(ipt_domains, ipt_flows, out_client, out_server)
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`import keras`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`from keras.engine import Input, Model as KerasModel`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`from keras.layers import Embedding, Conv1D, GlobalMaxPooling1D, Dense, Dropout, Activation, TimeDistributed`

move vocab_size into implementation (not user dependent) 2017-07-30 13:47:11 +02:00			`import dataset`

add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`from collections import namedtuple`

			`Model = namedtuple("Model", ["in_domains", "in_flows", "out_client", "out_server"])`

added params 2017-07-07 16:48:10 +02:00			`best_config = {`
add pauls config test (TMP) 2017-07-08 11:53:03 +02:00			`"type": "paul",`
			`"batch_size": 64,`
			`"window_size": 10,`
			`"domain_length": 40,`
			`"flow_features": 3,`
			`#`
			`'dropout': 0.5,`
added params 2017-07-07 16:48:10 +02:00			`'domain_features': 32,`
			`'drop_out': 0.5,`
			`'embedding_size': 64,`
			`'filter_main': 512,`
			`'flow_features': 3,`
add pauls config test (TMP) 2017-07-08 11:53:03 +02:00			`'dense_main': 32,`
added params 2017-07-07 16:48:10 +02:00			`'filter_embedding': 32,`
			`'hidden_embedding': 32,`
			`'kernel_embedding': 8,`
			`'kernels_main': 8,`
			`'input_length': 40`
			`}`

refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`def get_embedding(embedding_size, input_length, filter_size, kernel_size, hidden_dims, drop_out=0.5) -> KerasModel:`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`x = y = Input(shape=(input_length,))`
move vocab_size into implementation (not user dependent) 2017-07-30 13:47:11 +02:00			`y = Embedding(input_dim=dataset.get_vocab_size(), output_dim=embedding_size)(y)`
			`y = Conv1D(filter_size, kernel_size, activation='relu')(y)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(drop_out)(y)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00			`y = Dense(hidden_dims)(y)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`y = Activation('relu')(y)`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`return KerasModel(x, y)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00

			`def get_model(cnnDropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`dense_dim, cnn, model_output="both") -> Model:`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")`
			`encoded = TimeDistributed(cnn)(ipt_domains)`
			`ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")`
			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
			`# CNN processing a small slides of flow windows`
			`y = Conv1D(cnn_dims,`
			`kernel_size,`
			`activation='relu',`
			`input_shape=(window_size, domain_features + flow_features))(merged)`
			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(cnnDropout)(y)`
			`y = Dense(dense_dim, activation='relu')(y)`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`out_client = Dense(1, activation='sigmoid', name="client")(y)`
			`out_server = Dense(1, activation='sigmoid', name="server")(y)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`return Model(ipt_domains, ipt_flows, out_client, out_server)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00

			`def get_new_model(dropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`dense_dim, cnn, model_output="both") -> Model:`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00			`ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")`
			`ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")`
			`encoded = TimeDistributed(cnn)(ipt_domains)`
change model - add dense before server output in new model add some new run scripts 2017-08-05 09:33:07 +02:00			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`y = Dense(dense_dim, activation="relu", name="dense_server")(merged)`
			`out_server = Dense(1, activation="sigmoid", name="server")(y)`
			`merged = keras.layers.concatenate([merged, y], -1)`
change model - add dense before server output in new model add some new run scripts 2017-08-05 09:33:07 +02:00			`# CNN processing a small slides of flow windows`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00			`y = Conv1D(cnn_dims,`
			`kernel_size,`
			`activation='relu',`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`input_shape=(window_size, domain_features + flow_features))(merged)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(dropout)(y)`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`y = Dense(dense_dim, activation='relu', name="dense_client")(y)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`out_client = Dense(1, activation='sigmoid', name="client")(y)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`return Model(ipt_domains, ipt_flows, out_client, out_server)`