From 433b2a0957d266538a0e39cb2bf1e696f3a7b303 Mon Sep 17 00:00:00 2001
From: valentin <poubelle@romanet.fr>
Date: Sat, 4 Apr 2020 22:20:02 +0200
Subject: [PATCH] Corrected semi-auto accuracy tester

---
 .04_detect_from_oneline_csv.py.swp | Bin 0 -> 20480 bytes
 04_detect_from_oneline_csv.py      |  98 ++++++++++++++++++-----------
 2 files changed, 61 insertions(+), 37 deletions(-)
 create mode 100644 .04_detect_from_oneline_csv.py.swp
diff --git a/.04_detect_from_oneline_csv.py.swp b/.04_detect_from_oneline_csv.py.swp
new file mode 100644
index 0000000000000000000000000000000000000000..a22b046f15306196f2cc3821f3087c9a66ba3881
GIT binary patch
literal 20480
zcmeHOTZ|k>6)o(5**H#65Qq;Hid~zTfu7l&^^=8h6tCBgrL1jvY{%Ak($vh<?6$Y3
zyVH;LjvdFK@REX167dE6016<)!#^lO5G0}~NJu0K0f~SD;tQc5#0L-pKb%|rnC{t`
z^%5Z<QIB=DyQ^+h-9B~ec0I0JGiQ%2@&lC_hTq#5d;H~3-}lbeP3%$0SkMYAKcI|_
zf1zA?wY9MrdoUE7ZW&95g)gQZ*S;uy9glj4o@e&x9qG%quXkO$r`wh^4NK~6Z?)p|
zZ%}uhoimU#umJ;s-z^{5!FJD9)li?Bd@q0d?PoS9kZ0u#<P78t<P78t<P78t<P78t
z<P5yg81S8~>>6HbOY~yrqwAZ7t~W)`cSP5NL-|{y=k3w8Gn5}a=9ip-oPnHyoPnHy
zoPnHyoPnHyoPnHyoPnHyoPqxV0|E>6&tma@>zmOy&i~`}{~vE->_y;vz{i1O00;hj
zD`QUpj{+Y7W&s8~zk{(a0~YWh;AY?#w=niaU<J4nm;t7N3UE8{TWl759rzmX0I(DI
z`^}8K0{jMe9B_dX00-U!Yy<u=!Pu+7uYn%}&j8;59KZtZ1r7qcfC=EAZ)NOd;CbK)
z;Pb#5&;;gzIbbL7r)`Y=3V0FtCGc(FTfoPFb3h4rAFvD93H;$LjJ*JS1^6iN0B{Ak
z44ef%3^3rQ;Pzpl2^<6N28i!>gZEp2?Z6h`uh@in33v{;4m=F}92+s$<INaUH_?^C
z4_xW-8t)pW)O}m`rRP^xg&9b%VQ5V@;kbt77bkhGtp4$nuIw0X->@xy<tn!WpW9u!
zD_*&}tHc|8;nZpVASLt+i#Ow9la;RR_Jm(FG;X!@o-i*7H)&Agt{qsNV$qmhpILf;
zb!JAZmJ*@jdYQ5Tsmg3=dLK!aN(`-WgF^#XSW9w5iP9WrZQBfb*1ETklG&1NcXXlh
zXE<BmC|H~2%oHtYQXP#ZXCar3Cb)GasI@rCH)fDCF%=PcdfD(4+uZQx_@qV>y5DzX
zBNT0x2Et)Vi6bSJqJ|2f&uANV;1x7pFy)fr8{k$J&|Q#&NYCy_v*LtZRXnE$){13c
zvZ(6hp)z>=Mqz$gxT5V#*YJF!t?E5&nj=!{2&qBedy8Ui!SY?(=|czl6&A%s+pPyJ
zukZP?cUHO{<Ve9q(OyRE4c#W$^l(agcHp*UwyspNVGWunL=_&hLPJ8`b>p(Clv-Df
zpKzore8XC*_Y?lXfdfnH;LW2RNm7W`&89htXmaDYsoSU#RGB1B#kL;}oO^81;b?r7
zI?n8KPpm>M)l*r?K@}NQlZP623`d1CRl0_+`!I2jNGZk=DGQp6hHa?B=)bT*6Wu;2
z4ub<VvB4e*OfzYbmk)ApSvYbIrQ-G~Dy2leBI047q8|Gg-IHc$J40GixK@dEWS4i*
zk{-WXQKe&)PVq9I7tq09mfXK&^T0trCmMOkhA&gYrdaU&j_$REDP34t-4|9zxShI6
zD3(eZn<y5Ho)f^(DId3{JQh9|JrL>3rG9O)2M;H#Ns^DX!I(N3kzQ;lmDD&+vI7sg
zLBFVS4C)S7dUz^1bf~eWq(wrDD|^C$GK<0rgn1<N$aTe)?UK$sQDOv_H_|I4okKk$
zm&dL0GQ&$`Y$JI;_>Z)mkV!KdV)ToK%XvP*nM%N)^U&d3V@_-A(PsB+yZ39eRc*I6
zyHDF&)%MP4d-rM8{o0-nYP<I~l^^7H@^cksw2tk`qB6F)E?8Y5@i0;(<6jj_d4^OL
z_(7rJ@t<`;Br(>1Q0BlDrF~8|C++YkC+*AVdEn;4r_tU}l^o?mDPyF|MaC%q%qEf^
zzz8Yxw(a8U<JeXQ4v<F%=i6j{uuTKW@U$GRkYh{{-!$R|z5|BR)%dy6+`7)DoTLC8
zPB9YIc)xZWah2&Jj_|xhR@V&+{z+E_NUCijdyJu<j=h+47mYQ;f;<iUXgqklr-sKs
zVR!(H`ym@H*Ej`((j0}HKEKy?SB9*aO{Hf#Fx~WHrGpPzadPlQrO)%4;nk{esl;*_
zBcNxmN*;anDFt)IaEe3@p13E+<w>7rA3aFBeawmupE$n2o0FKBq~=*@-RV?ZDLNFF
zS}a5br=zRhHeu%#f6Xsw_?#O(18%EU(BLdg`;s2kT{|L7PnI^LL#0wtDlm$O<=zTv
zcdbg~5(e&>e3<R}ysmuE5y&pmY=UQtNz0SHmZ>}*NiVFymQK4;dh^uFM%O?Og<XiL
zSmJkJJE8HDSBV<BXtzwGHB`SPj8&<(L?1>Q$sH8|Di+r9LqoE|y4=+fhiu#P)0$-7
zdAPt)7d<B}UzI`^Zo1$p_<6f`#Ky=Q-<l6r;&(VK+Xl^xh^g1q$|<>o#ys22c88iq
ztnb6NYkQs!XMm3)l+2bHr`Nb9r0-&C7{5smwyAsf2Q<0TrRxrBMB&!L)x-Hs)Pwh^
zw5WctkkzMc!|=#gh4weEX6Grtkd>ynhHJy8c{JvtGTATwP=V<C9m~ew^Q=@0LpPQ<
zg!=`|hcUOdU5%$yQ7$T5aHKvbEP1!>FIa7iprIav#+Zi0O=YGc*^0+>Z5`vyr(xEq
zF9+SODeI1D_?s$<l7^*Ldb+0yMeN}{9n<zP7!e~+cU*YfF?|;0TS3q1Q<~+(Ne<1h
z@L7Rehtc|f8SD4!w2sI6A4_ocdkJg(?*pF$9s@1_GXU)Y+yOiX`DdeY58-+Sr~*5I
zt-$YgF!o*G3&1tt0&ozR0=5Bv!}|aCz)yg00*?V#fMuWt+y?vw$~+Bx75EHb0cU{y
zK>o`a$Qj5P$Qj5P$Qj5P$Qj5P_^&ZAHHD2<b)-W7NmZw1Q&DXVhf61IZ0^_$TCI;S
zX1~^QRBL9pg!V+74QksUD^=Czq||CfH3+Uo6d933+v{VJLGAdQjoCx)P|=}BORh^u
z_2&k88)R+RpGm)LRKfVX@i|Gw@ws5>#<Dk*$OvQ})>(dNY@3mZ&MjddW_5T=FFMPd
z)v$*g?~?Iat#*(f{kMd%8pfgKH2tB2K{~d(gfp(>U^6}~9Cf}~Qb%|=KaPd?2WnO9
zTN_>MC*qtH$D~6Wk&)Iofo<&F*Tjx3PO7|$z{v-WNjLNt$zB^8#U63`jMs81!gWQz
z7;nev>aoOAVqp?UY$QT-IE0hM%rmhZ9UfPFTOA*j)cXG^oROc!xjL=?<M{rku*Uxp
z@CZO>|L*{v!Mgrw;7h<Y;5^px?*d-ITK!qzhrpA-4}fdH1%TG_TY#To&Hg0tDd3a9
zRiFc$1**Vhv`;#G0{8a=_W@1d6mS684!nx|7l7{o4*_dH{>vH28ORyP8ORyP8ORxU
z-7qkbOwPv4eqX<ld=qcrciUW)VzOqa@o`~@Rb*g&K(ls)9#Y)IUA~Gt!fJuSv=G6m
z9;1Z=PF}faw*y4{^=SbTn0|OvU&oqR38oY0aV$&06cpYRrC&1q<*@!W2gmscV^iyu
zs1h{F4K%1?PtbZ2FWL>PFmQC;3Wiqp(E6ls>GV~dI|?2hH`0nF%swqv@RAbYga}x(
zBn6(5Qc<`BYRCjGAsD1Cdq!CV&?Kb=MYtk1AtTE%)Z<t{EbO9)P28!-Oyc!F6LX20
z5b<#s0U}3S(UXJ7ObzinDj2nv#AoVJ3N7Q-B`TFhglCS7AR2^JrDK>V2I&7QXfqqM
zl?uwrgnJF%CY9Wzh{c2@u#=4?By$0e6!Nrg@vP3*H6=ljQOXd{zzmbsa-&f&5OrEb
z+>N@Kjc?WpO@tl7x>|u@c9bm^sGb6bgKG$ijw!3^PQywm@CPA5T{{fIT0(e>MIl0I
zE2l8vFs!M}!#Lr1#KiH1VK@av7e?>Fv4>#z1yqU<DHT-B5pQE*w}P6^8u`h=P^4&(
pY%YciW2ucta2N*WR7}J*6(?28-gF$f-A<x>^lHUfF(*OqzW^hqPuc(g

literal 0
HcmV?d00001

diff --git a/04_detect_from_oneline_csv.py b/04_detect_from_oneline_csv.py
index 9a3eeaf..1a0c448 100644
--- a/04_detect_from_oneline_csv.py
+++ b/04_detect_from_oneline_csv.py
@@ -43,64 +43,88 @@ class ManualFeatureSelector(TransformerMixin):
         return self
 
     def transform(self, X):
-        # -- corresponding values to these indices are -> ['Characteristics', 'DllCharacteristics', 'SectionsMaxEntropy', 'MajorSubsystemVersion', 'Machine', 'Subsystem', 'ResourcesMaxEntropy', 'ResourcesMinEntropy', 'VersionInformationSize', 'MajorOperatingSystemVersion', 'ResourcesMeanEntropy', 'SectionsMeanEntropy'] -- 
-        return X.values[:,[3,26,36,20,2,25,50,49,55,16,48,34]]
-# - Create the pipeline - 
+        # -- corresponding values to these indices are : 
+	
+	#['Characteristics', 
+	#'DllCharacteristics', 
+	#'SectionsMaxEntropy', 
+	#'MajorSubsystemVersion', 
+	#'Machine', 
+	#'Subsystem', 
+	#'ResourcesMaxEntropy', 
+	#'ResourcesMinEntropy', 
+	#'VersionInformationSize', 
+	#'MajorOperatingSystemVersion', 
+	#'ResourcesMeanEntropy', 
+	#'SectionsMeanEntropy'] 
+        
+	# ? X.transpose()   
+        Y = X[:,[4,27,37,21,3,26,51,50,56,17,49,35]] 
+        return Y 	 
 
-pipeline = Pipeline([
+
+# =-=-=-=-=-=-= Pipelines =-=-=-=-=-=-=  
+
+# - This pipeline select usefull features -
+pipeline_features_selection = Pipeline([
 	('features_remap', ManualFeatureSelector()), 
+])
+
+
+# - This pipeline use the imputer and scales the values - 
+pipeline = Pipeline([
 	('imputer', SimpleImputer(strategy="median")),
 	('std_scaler', StandardScaler()),
 ]) 
 
+
+# - Call the two upper pipelines - 
+def full_pipeline(data): 
+	prepared = pipeline_features_selection.fit_transform(data)
+	#print("Full pipeline -> shape:", prepared.shape)
+	#print("=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=", list(prepared))   
+	prepared = pipeline.fit_transform(prepared) 
+	return prepared   
+
+# =-=-=-=-=-=-= Load previously saved model =-=-=-=-=-=-=
 saved_model = joblib.load("models/malware_classifier_1.pkl") 
 
-def list_transformer(l): 
-	l_t = [] 
-
-	l_t.append(l[3])	
-	l_t.append(l[26])	
-	l_t.append(l[36])	
-	l_t.append(l[20])	
-	l_t.append(l[2])	
-	l_t.append(l[25])	
-	l_t.append(l[50])	
-	l_t.append(l[49])	
-	l_t.append(l[55])	
-	l_t.append(l[16])	
-	l_t.append(l[48])	
-	l_t.append(l[34])
-	
-	return l_t 	
+# =-=-=-=-=-=-= Prediction core =-=-=-=-=-=-=-= 
+# - This function use the model and predict if it's a malware or not -
+# - The file infos are given in numpy array type - 
+# - Use np.array([['info1', 'info2', 'infox']]) to build the 'line' variable -
  
 def predict_one_line(model,line): 
-
-	#X_unknown = pipeline.fit_transform(line) 
-	X_unknown = list_transformer(line) 
-	X_unknown = pd.DataFrame([X_unknown]) 
-	X_unknown.columns = ['Characteristics', 'DllCharacteristics', 'SectionsMaxEntropy',     'MajorSubsystemVersion', 'Machine', 'Subsystem', 'ResourcesMaxEntropy', 'ResourcesMinEntropy', 'VersionInformationSize', '    MajorOperatingSystemVersion', 'ResourcesMeanEntropy', 'SectionsMeanEntropy']  
+	X_unknown = full_pipeline(line) 
+	X_unknown_columns = ['Characteristics', 'DllCharacteristics', 'SectionsMaxEntropy',     'MajorSubsystemVersion', 'Machine', 'Subsystem', 'ResourcesMaxEntropy', 'ResourcesMinEntropy', 'VersionInformationSize', '    MajorOperatingSystemVersion', 'ResourcesMeanEntropy', 'SectionsMeanEntropy']  
+	X_unknown = pd.DataFrame(X_unknown, columns=X_unknown_columns) 
 	ans = model.predict(X_unknown) 
-	ans_type = ['malicious', 'legitimate']
-	#print(ans[0])  
-	#print("This file is: ", ans_type[ans[0]]) 
+	#ans_type = ['malicious', 'legitimate']
 	return ans[0] 
 
+
+# =-=-=-=-=-=-=-= Semi-auto prediction tester =-=-=-=-=-=-= 
+# - Takes each line of the dataset
+# - Parse it as a numpy array 
+# - Send it to the prediction function (predict_one_line) 
+# - Compare the result with the expected value 
+# - Save the result 
+# - At the end, print the prediction accuracy result 
+
 res = []
-labels = [] 
-nb_malware_to_test = 2000 
+nb_malware_to_test = 10 
 good_ans = 0 
 for i in range(nb_malware_to_test): 
-	print(" =-=-=-= Prediction {} out of {} ({}%) [ ERT ~ {} min ] =-=-=-=".format(i, nb_malware_to_test, round((i/nb_malware_to_test)*100,1), round(((nb_malware_to_test-i)*1.2)/60,1)))  
+	print(" =-=-=-= Prediction {} out of {} ({}%) [ ERT ~ {} min ] =-=-=-=".format(i, nb_malware_to_test, round((i/nb_malware_to_test)*100,1), round(((nb_malware_to_test-i)*1.2)/60,1)))
 	features = file_to_test.values[i,]
+	features_list = features.tolist()
+	features_array = [features_list]
+	features = np.array(features_array) 	
+	
 	res.append(predict_one_line(saved_model, features)) 
-	labels.append(file_to_test.values[i,][56]) 
 	if res[i] == file_to_test.values[i,][56]: 
 		good_ans +=1 
 	
 print(" ===> Got {} / {} good answers".format(good_ans, nb_malware_to_test))  
 
 l1 = file_to_test.values[2,] 
-#print(file_to_test.values[1,]) 
-print(l1)  
-#predict_one_line(saved_model, l1) 
-#predict_one_line(saved_model, file_to_test) 
