csle_attack_profiler package

Submodules

csle_attack_profiler.attack_profiler module

class csle_attack_profiler.attack_profiler.AttackProfiler(techniques_tactics: Dict[str, List[str]], mitigations: Dict[str, List[str]], data_sources: Dict[str, List[str]], subtechniques: Dict[str, str], action_id: csle_common.dao.emulation_action.attacker.emulation_attacker_action_id.EmulationAttackerActionId)[source]

Bases: object

Class representing the attack profile based on the MITRE ATT&CK framework for Enterprise.

static get_attack_profile(attacker_action: csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction) → csle_attack_profiler.attack_profiler.AttackProfiler[source]

Returns the attack profile of the actions

Params attacker_action: the attacker action
Returns: the attack profile of the action

static get_attack_profile_sequence(attacker_actions: List[csle_common.dao.emulation_action.attacker.emulation_attacker_action.EmulationAttackerAction], attack_graph: Optional[csle_attack_profiler.dao.attack_graph.AttackGraph] = None) → List[csle_attack_profiler.attack_profiler.AttackProfiler][source]

Returns the attack profile of the actions in a sequence

Params attacker_action: a list of attacker actions
Returns: a list of attack profiles of the actions

csle_attack_profiler.hmm_profiling module

class csle_attack_profiler.hmm_profiling.HMMProfiler(statistics: List[csle_common.dao.system_identification.emulation_statistics.EmulationStatistics], model_name: Optional[str] = None)[source]

Bases: object

The HMMProfiler class is used to profile a sequence of observations based on a Hidden Markov Model (HMM).

calculate_initial_states(transition_matrix: List[List[float]]) → List[float][source]

Calculates the initial states probabilities based on the transition matrix.

1 / (# of states)

Parameters: transition_matrix – The transition matrix
Returns: The start states probabilities

convert_states_to_profiles(states: List[str]) → List[Union[csle_attack_profiler.attack_profiler.AttackProfiler, str]][source]

Converts a list of states to a list of AttackProfiles.

Parameters: states – The list of states to convert
Returns: The list of EmulationAttackerActionId

create_model(transition_matrix: List[List[float]], hidden_states: List[str], metric: str, save_model: bool = False, location: str = '.') → None[source]

Creates the HMM model based on the given transition matrix, states and metrics. If save = True, matrices are saved to given location

Parameters

transition_matrix – The transition matrix
states – The list of states of the HMM (format: ‘A:attack_name’ or ‘no_intrusion’ based on emulation statistics file)
metrics – The list of metrics to profile
save – Whether to save the matrices to a file
location – The location to save the matrices, if save = True, e.g “./resources”, default is current directory

Returns

None

generate_sequence(intrusion_length: int, initial_state_index: int, seed: Optional[int] = None) → Tuple[List[str], List[int]][source]

Generates a sequence of states and corresponding observations based on the given emission matrix, and transition matrix. First, a sequence of observation from ‘no intrusion’ is generated based on the geometric distribution of the initial state. Then, a sequence observations and states are generated based on emission matrix and transition matrix. The length of this intrusion sequence is given by the intrusion_length parameter.

Parameters

intrusion_length – The length of the intrusion
initial_state_index – The index of the initial state
seed – The seed for the random number generator

return: The sequence of states and observations

get_matrices_of_observation(statistics: List[csle_common.dao.system_identification.emulation_statistics.EmulationStatistics], metric: str, states: List[str]) → Tuple[List[List[float]], List[int]][source]

Creates the emission matrix for a given metric based on the statistics from the EmulationStatistics objects.

Parameters

statistics – The list of EmulationStatistics objects
metric – The metric to get the emission matrix for
states – The list of states

Returns

The emission matrix, the list of observations, the list of states

load_model(location: str, metric: str) → None[source]

Loads the HMM model from the given location.

Parameters: location – The location of the model files, default is current directory
Returns: None

profile_sequence(sequence: List[int]) → List[str][source]

Profiles a sequence of observations based on the HMM model.

Parameters: sequence – The sequence of observations
Returns: The most likely sequence of states

static viterbi(hidden_states: List[csle_common.dao.emulation_action.attacker.emulation_attacker_action_id.EmulationAttackerActionId], init_probs: List[float], trans_matrix: List[List[float]], emission_matrix: List[List[float]], obs: List[int], emissions_list: List[int]) → List[float][source]

Viterbi algorithm for Hidden Markov Models (HMM).

Parameters

hidden_states – The hidden states
init_probs – The initial probabilities of the hidden states
trans_matrix – The transition matrix
emission_matrix – The emission matrix
obs – The observation sequence
emissions_list – The list of possible observations

Returns

The most likely sequence of hidden states

csle_attack_profiler package

Submodules

csle_attack_profiler.attack_profiler module

csle_attack_profiler.hmm_profiling module

Module contents