The model is multi-label classifier and predicts Intrusion Set based on Incident. It was trained using Naive Bayes and both training and validation sets were generated.
from attribution_tools import parsers
parsers.incident_json_to_str(incident_json: dict) -> strfrom attribution_tools.train_attribution_model import TrainingAttributionToolsModel
trained_values = TrainingAttributionToolsModel(intrusion_sets_data: list, database_version: string)
trained_values.retrain_model() -> (model, f1_score, incremented_database_version)The value of intrusion_sets_data is list of dictionaries, where each dictionary is json representation of intrusion set. The database_version has a default value of "(0, 0, 1)" and if no value provided that value will be used. However, the database versions helps to track model version and check that the correct model version is used.
Retraining module returns tuple value, where the first value is model and the second one is f1 score. F1 score value is a value between 0 and 1. Closer value is to 1, more accurate model is.
The value of model is None by default and in case no value provided the default model from repo will be used
from attribution_tools.attribution_model import AttributionToolsModel
attribution_tools_model = AttributionToolsModel(model_value -> trained_values[0], database_version -> trained_values[2])
attribution_tools_model.predict(incident_str: str) -> json{"label": {"labels": [str_intrusion-set, str_intrusion-set, str_intrusion-set], "probas": [double, double, double]}, "db_version": str}In case of error, the label will take values:
-1in case of input parameter error;-2if model isNone;-3if case of unexpected exception. When everything passed successful, the string with 3 top intrusion set's and their probabilities will be returned.
{"label": {'labels': ['Aggah_intrusion-set--088d7359-97fb-591b-aeed-be46caf1027d', 'Kippis_intrusion-set--088d7359-2332-591b-aeed-be83caf1027d', 'UNC2891_intrusion-set--6520a731-fa8a-5232-ba9f-8e0bff785ad6'], 'probas': [0.9585474768119115, 0.04145252318808973, 0.03145252318808973]}, "db_version": "(0, 0, 1)"}
This package was developed as a part of CC-Driver project, funded by the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement No. 883543