maec.analytics.distance
Module
Version: 4.1.0.17
Classes¶
-
class
maec.analytics.distance.
Distance
(maec_entity_list)[source]¶ Bases:
object
Calculates distance between two or more MAEC entities. Currently supports only Packages or Malware Subjects.
-
bin_list
(numeric_value, numeric_list, n=10)[source]¶ Bin a numeric value into a bucket, based on a parent list of values. N = number of buckets to use (default = 10).
-
build_string_vector
(string_list, superset_string_list, ignore_case=True)[source]¶ Build a vector from an input list of strings and superset list of strings.
-
create_dynamic_result_vector
(dynamic_vector)[source]¶ Construct the dynamic result (matching) vector for a corresponding feature vector
-
create_static_result_vector
(static_vector)[source]¶ Construct the static result (matching) vector for a corresponding feature vector
-
euclidean_distance
(vector_1, vector_2)[source]¶ Calculate the Euclidean distance between two input vectors
-
flatten_vector
(vector_entry_list)[source]¶ Generate a single, flattened vector from an input list of vectors or values.
-
generate_feature_vectors
(merged_subjects)[source]¶ Generate a feature vector for the binned Malware Subjects
-
normalize_numeric
(numeric_value, numeric_list, normalize=True, scale_log=True)[source]¶ Scale a numeric value, based on a parent list of values. Return the scaled/normalized form.
-
normalize_numeric_list
(value_list, numeric_list, normalize=True, scale_log=True)[source]¶ Scale a list of numeric values, based on a parent list of numeric value lists. Return the scaled/normalized form.
-
normalize_vectors
(vector_1, vector_2)[source]¶ Normalize two input vectors so that they have similar composition.
-
perform_calculation
()[source]¶ Perform the actual distance calculation. Store the results in the distances dictionary.
-
-
class
maec.analytics.distance.
StaticFeatureVector
(malware_subject, deduplicator)[source]¶ Bases:
object
Generate a feature vector for a Malware Subject based on its static features
-
create_object_vector
(object, static_feature_dict, callback_function=None)[source]¶ Create a vector from a single Object
-
-
class
maec.analytics.distance.
DynamicFeatureVector
(malware_subject, deduplicator, ignored_object_properties, ignored_actions)[source]¶ Bases:
object
Generate a feature vector for a Malware Subject based on its dynamic features
-
create_dynamic_vectors
(malware_subject)[source]¶ Create a vector of unique action/object pairs for an input Malware Subject
-