Warning
This documentation is still a work in progress. If you have any issues or questions, please ask on the maec-discussion mailing list or file a bug in our issue tracker.
Bases: object
Calculates distance between two or more MAEC entities. Currently supports only Packages or Malware Subjects.
Added a log’d (log-ized??) number to a list
Bin a numeric value into a bucket, based on a parent list of values. N = number of buckets to use (default = 10).
Build a vector from an input list of strings and superset list of strings.
Calculate the distances between the input Malware Subjects.
Construct the dynamic result (matching) vector for a corresponding feature vector
Construct the static result (matching) vector for a corresponding feature vector
Calculate vector supersets from the feature vectors
Calculate the Euclidean distance between two input vectors
Generate a single, flattened vector from an input list of vectors or values.
Generate a feature vector for the binned Malware Subjects
Scale a numeric value, based on a parent list of values. Return the scaled/normalized form.
Scale a list of numeric values, based on a parent list of numeric value lists. Return the scaled/normalized form.
Normalize two input vectors so that they have similar composition.
Perform the actual distance calculation. Store the results in the distances dictionary.
Populate and return the Malware Subject -> Hashes mapping from an input list of Malware Subjects.
Pre-process the MAEC entities
Print the distances between the Malware Subjects in delimited matrix format to a File-like object.
Try to use the MD5s of the Malware Subjects as the default label. Uses commas as the default delimiter, for CSV-like output.
Bases: object
Generate a feature vector for a Malware Subject based on its static features
Create a vector from a single Object
Create a vector of static features for an input Malware Subject
Extract the static features from the Malware Subject
Calculates the unique set of static features for the Malware Subject
Bases: object
Generate a feature vector for a Malware Subject based on its dynamic features
Create a vector from a single Action
Create a vector of unique action/object pairs for an input Malware Subject
Extract the dynamic features from the Malware Subject
Calculates the unique set of dynamic features for the Malware Subject
Prune the dynamic features based on ignored Object properties/Actions