ma_cisco_malware/models/pauls_networks.py

from collections import namedtuple

import keras
from keras.engine import Input, Model as KerasModel
from keras.layers import Conv1D, Dense, Dropout, Embedding, GlobalMaxPooling1D, TimeDistributed

import dataset

Model = namedtuple("Model", ["in_domains", "in_flows", "out_client", "out_server"])

best_config = {
    "type": "paul",
    "batch_size": 64,
    "window_size": 10,
    "domain_length": 40,
    "flow_features": 3,
    #
    'dropout': 0.5,
    'domain_features': 32,
    'drop_out': 0.5,
    'embedding_size': 64,
    'filter_main': 512,
    'flow_features': 3,
    'dense_main': 32,
    'filter_embedding': 32,
    'hidden_embedding': 32,
    'kernel_embedding': 8,
    'kernels_main': 8,
    'input_length': 40
}


def get_embedding(embedding_size, input_length, filter_size, kernel_size, hidden_dims, drop_out=0.5) -> KerasModel:
    x = y = Input(shape=(input_length,))
    y = Embedding(input_dim=dataset.get_vocab_size(), output_dim=embedding_size)(y)
    y = Conv1D(filter_size,
               kernel_size,
               activation='relu')(y)
    y = GlobalMaxPooling1D()(y)
    y = Dropout(drop_out)(y)
    y = Dense(hidden_dims, activation="relu")(y)
    return KerasModel(x, y)


def get_model(cnnDropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,
              dense_dim, cnn, model_output="both") -> Model:
    ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")
    encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)
    ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    # CNN processing a small slides of flow windows
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu',
               input_shape=(window_size, domain_features + flow_features))(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(cnnDropout)(y)
    y = Dense(dense_dim, activation='relu')(y)
    out_client = Dense(1, activation='sigmoid', name="client")(y)
    out_server = Dense(1, activation='sigmoid', name="server")(y)

    return Model(ipt_domains, ipt_flows, out_client, out_server)


def get_new_model(dropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,
                  dense_dim, cnn, model_output="both") -> Model:
    ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")
    ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")
    encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    y = Dense(dense_dim,
              activation="relu",
              name="dense_server")(merged)
    out_server = Dense(1, activation="sigmoid", name="server")(y)
    merged = keras.layers.concatenate([merged, y], -1)
    # CNN processing a small slides of flow windows
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu')(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(dropout)(y)
    y = Dense(dense_dim,
              activation='relu',
              name="dense_client")(y)

    out_client = Dense(1, activation='sigmoid', name="client")(y)

    return Model(ipt_domains, ipt_flows, out_client, out_server)


def get_server_model(flow_features, domain_length, dense_dim, cnn):
    ipt_domains = Input(shape=(domain_length,), name="ipt_domains")
    ipt_flows = Input(shape=(flow_features,), name="ipt_flows")
    encoded = cnn(ipt_domains)
    cnn.name = "domain_cnn"
    
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    y = Dense(dense_dim,
              activation="relu",
              name="dense_server")(merged)
    out_server = Dense(1, activation="sigmoid", name="server")(y)
    
    return KerasModel(inputs=[ipt_domains, ipt_flows], outputs=out_server)


def get_new_model2(dropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,
                   dense_dim, cnn, model_output="both") -> Model:
    ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")
    ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")
    encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu')(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(dropout)(y)
    y = Dense(dense_dim,
              activation="relu",
              name="dense_server")(y)
    out_server = Dense(1, activation="sigmoid", name="server")(y)
    # CNN processing a small slides of flow windows
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu')(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(dropout)(y)
    y = Dense(dense_dim,
              activation='relu',
              name="dense_client")(y)
    
    out_client = Dense(1, activation='sigmoid', name="client")(y)
    
    return Model(ipt_domains, ipt_flows, out_client, out_server)


import keras.backend as K


def get_new_soft(dropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,
                 dense_dim, cnn, model_output="both") -> Model:
    def dist_reg(distant_layer):
        def dist_reg_h(weights):
            print("REG FUNCTION")
            print(weights)
            print(distant_layer)
            return 0.01 * K.sum(K.abs(weights - distant_layer))
        
        return dist_reg_h
    
    ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")
    ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")
    encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)
    merged = keras.layers.concatenate([encoded, ipt_flows], -1)
    y = conv_server = Conv1D(cnn_dims,
                             kernel_size,
                             activation='relu', name="conv_server")(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(dropout)(y)
    y = dense_server = Dense(dense_dim,
                             activation="relu",
                             name="dense_server")(y)
    out_server = Dense(1, activation="sigmoid", name="server")(y)
    # CNN processing a small slides of flow windows
    y = Conv1D(cnn_dims,
               kernel_size,
               activation='relu', name="conv_client")(merged)
    # remove temporal dimension by global max pooling
    y = GlobalMaxPooling1D()(y)
    y = Dropout(dropout)(y)
    y = Dense(dense_dim,
              activation='relu',
              name="dense_client")(y)
    
    out_client = Dense(1, activation='sigmoid', name="client")(y)
    # model = KerasModel(inputs=(ipt_domains, ipt_flows), outputs=(out_client, out_server))
    
    
    return Model(ipt_domains, ipt_flows, out_client, out_server)
add regularization to small networks, fix model name in args, fix visualizations 2017-09-10 18:06:40 +02:00			`from collections import namedtuple`

refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`import keras`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`from keras.engine import Input, Model as KerasModel`
refactor server training into separate file; add additional info to hyperband log 2017-10-19 17:37:29 +02:00			`from keras.layers import Conv1D, Dense, Dropout, Embedding, GlobalMaxPooling1D, TimeDistributed`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00
move vocab_size into implementation (not user dependent) 2017-07-30 13:47:11 +02:00			`import dataset`

add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`Model = namedtuple("Model", ["in_domains", "in_flows", "out_client", "out_server"])`

added params 2017-07-07 16:48:10 +02:00			`best_config = {`
add pauls config test (TMP) 2017-07-08 11:53:03 +02:00			`"type": "paul",`
			`"batch_size": 64,`
			`"window_size": 10,`
			`"domain_length": 40,`
			`"flow_features": 3,`
			`#`
			`'dropout': 0.5,`
added params 2017-07-07 16:48:10 +02:00			`'domain_features': 32,`
			`'drop_out': 0.5,`
			`'embedding_size': 64,`
			`'filter_main': 512,`
			`'flow_features': 3,`
add pauls config test (TMP) 2017-07-08 11:53:03 +02:00			`'dense_main': 32,`
added params 2017-07-07 16:48:10 +02:00			`'filter_embedding': 32,`
			`'hidden_embedding': 32,`
			`'kernel_embedding': 8,`
			`'kernels_main': 8,`
			`'input_length': 40`
			`}`

refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`def get_embedding(embedding_size, input_length, filter_size, kernel_size, hidden_dims, drop_out=0.5) -> KerasModel:`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`x = y = Input(shape=(input_length,))`
move vocab_size into implementation (not user dependent) 2017-07-30 13:47:11 +02:00			`y = Embedding(input_dim=dataset.get_vocab_size(), output_dim=embedding_size)(y)`
add regularization to small networks, fix model name in args, fix visualizations 2017-09-10 18:06:40 +02:00			`y = Conv1D(filter_size,`
			`kernel_size,`
			`activation='relu')(y)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(drop_out)(y)`
refactor server training into separate file; add additional info to hyperband log 2017-10-19 17:37:29 +02:00			`y = Dense(hidden_dims, activation="relu")(y)`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`return KerasModel(x, y)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00

			`def get_model(cnnDropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`dense_dim, cnn, model_output="both") -> Model:`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")`
remove regularizer for conv and domain 2017-09-10 23:40:14 +02:00			`encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")`
			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
			`# CNN processing a small slides of flow windows`
			`y = Conv1D(cnn_dims,`
			`kernel_size,`
fix missing parameters, add flat network structure, make larger graphics 2017-09-20 14:43:28 +02:00			`activation='relu',`
			`input_shape=(window_size, domain_features + flow_features))(merged)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(cnnDropout)(y)`
refactor training - separate staggered training; make differences as small as possible 2017-09-12 08:36:23 +02:00			`y = Dense(dense_dim, activation='relu')(y)`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`out_client = Dense(1, activation='sigmoid', name="client")(y)`
			`out_server = Dense(1, activation='sigmoid', name="server")(y)`
refactor models package: create separate modules for pauls and renes networks 2017-07-05 18:10:22 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`return Model(ipt_domains, ipt_flows, out_client, out_server)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00

			`def get_new_model(dropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`dense_dim, cnn, model_output="both") -> Model:`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00			`ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")`
			`ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")`
remove regularizer for conv and domain 2017-09-10 23:40:14 +02:00			`encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)`
change model - add dense before server output in new model add some new run scripts 2017-08-05 09:33:07 +02:00			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
add regularization to small networks, fix model name in args, fix visualizations 2017-09-10 18:06:40 +02:00			`y = Dense(dense_dim,`
			`activation="relu",`
			`name="dense_server")(merged)`
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`out_server = Dense(1, activation="sigmoid", name="server")(y)`
			`merged = keras.layers.concatenate([merged, y], -1)`
change model - add dense before server output in new model add some new run scripts 2017-08-05 09:33:07 +02:00			`# CNN processing a small slides of flow windows`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00			`y = Conv1D(cnn_dims,`
			`kernel_size,`
remove input shape of first conv layer in networks because unnecessary add selu activation to deeper network designs 2017-09-17 17:26:09 +02:00			`activation='relu')(merged)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(dropout)(y)`
add regularization to small networks, fix model name in args, fix visualizations 2017-09-10 18:06:40 +02:00			`y = Dense(dense_dim,`
			`activation='relu',`
			`name="dense_client")(y)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`out_client = Dense(1, activation='sigmoid', name="client")(y)`
add new network architecture - server label moves to the middle 2017-07-29 19:42:36 +02:00
add staggered model training for intermediate sever prediction; refactor model return values 2017-09-07 14:24:55 +02:00			`return Model(ipt_domains, ipt_flows, out_client, out_server)`
add server classification model 2017-10-05 15:26:53 +02:00

			`def get_server_model(flow_features, domain_length, dense_dim, cnn):`
			`ipt_domains = Input(shape=(domain_length,), name="ipt_domains")`
			`ipt_flows = Input(shape=(flow_features,), name="ipt_flows")`
			`encoded = cnn(ipt_domains)`
add bulk embedding visualization and deep1 network 2017-10-09 14:19:01 +02:00			`cnn.name = "domain_cnn"`

add server classification model 2017-10-05 15:26:53 +02:00			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
			`y = Dense(dense_dim,`
			`activation="relu",`
			`name="dense_server")(merged)`
			`out_server = Dense(1, activation="sigmoid", name="server")(y)`

			`return KerasModel(inputs=[ipt_domains, ipt_flows], outputs=out_server)`
add long final implementation 2017-11-05 22:52:50 +01:00

			`def get_new_model2(dropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,`
			`dense_dim, cnn, model_output="both") -> Model:`
			`ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")`
			`ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")`
			`encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)`
			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
			`y = Conv1D(cnn_dims,`
			`kernel_size,`
			`activation='relu')(merged)`
			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(dropout)(y)`
			`y = Dense(dense_dim,`
			`activation="relu",`
			`name="dense_server")(y)`
			`out_server = Dense(1, activation="sigmoid", name="server")(y)`
			`# CNN processing a small slides of flow windows`
			`y = Conv1D(cnn_dims,`
			`kernel_size,`
			`activation='relu')(merged)`
			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(dropout)(y)`
			`y = Dense(dense_dim,`
			`activation='relu',`
			`name="dense_client")(y)`

			`out_client = Dense(1, activation='sigmoid', name="client")(y)`

			`return Model(ipt_domains, ipt_flows, out_client, out_server)`
add soft parameter sharing network 2017-11-06 21:51:49 +01:00

			`import keras.backend as K`


			`def get_new_soft(dropout, flow_features, domain_features, window_size, domain_length, cnn_dims, kernel_size,`
			`dense_dim, cnn, model_output="both") -> Model:`
			`def dist_reg(distant_layer):`
			`def dist_reg_h(weights):`
			`print("REG FUNCTION")`
			`print(weights)`
			`print(distant_layer)`
			`return 0.01 * K.sum(K.abs(weights - distant_layer))`

			`return dist_reg_h`

			`ipt_domains = Input(shape=(window_size, domain_length), name="ipt_domains")`
			`ipt_flows = Input(shape=(window_size, flow_features), name="ipt_flows")`
			`encoded = TimeDistributed(cnn, name="domain_cnn")(ipt_domains)`
			`merged = keras.layers.concatenate([encoded, ipt_flows], -1)`
			`y = conv_server = Conv1D(cnn_dims,`
			`kernel_size,`
			`activation='relu', name="conv_server")(merged)`
			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(dropout)(y)`
			`y = dense_server = Dense(dense_dim,`
			`activation="relu",`
			`name="dense_server")(y)`
			`out_server = Dense(1, activation="sigmoid", name="server")(y)`
			`# CNN processing a small slides of flow windows`
			`y = Conv1D(cnn_dims,`
			`kernel_size,`
			`activation='relu', name="conv_client")(merged)`
			`# remove temporal dimension by global max pooling`
			`y = GlobalMaxPooling1D()(y)`
			`y = Dropout(dropout)(y)`
			`y = Dense(dense_dim,`
			`activation='relu',`
			`name="dense_client")(y)`

			`out_client = Dense(1, activation='sigmoid', name="client")(y)`
			`# model = KerasModel(inputs=(ipt_domains, ipt_flows), outputs=(out_client, out_server))`


			`return Model(ipt_domains, ipt_flows, out_client, out_server)`