-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathseparate_clusters.sh
executable file
·65 lines (54 loc) · 1.6 KB
/
separate_clusters.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/bash
# filelist
files=("ADSPY" "BDS-Hupigon" "BDS-Udr" "DIAL" "GAME-Casino" "GAME-Dldr-Fenomen"
"GAME-Dldr-TryMedia" "TR-Dldr-Swizzor" "TR-Drop" "W32-Virut"
"WORM-Allaple" )
#"TR-Dropper"
# "TR-Crypt-CFI" "HEUR" "TR-Crypt-TPM" "TR-Crypt-ULPM" "TR-Crypt-XDR" "TR-Crypt-
# XPACK" "TR-Crypt-ZPACK" "BDS-Bifrose" "TR-Luder-Patched" "TR-Spy" "W32-Parite"
# "Worm-VB" "TR-Downloader" "BDS-Backdoor" "DR-Delphi" "TR-Agent" "TR-Dldr-
# Delphi"
# files=("Trojan.Agent" "Trojan.Pincav" "Worm.Allaple" "Worm.Palevo"
# "dedler" "heolag" "tibbs")
# Small sample size // Ignored
#"Trojan.Bifrose" "Trojan.Buzus" "Trojan.Downloader" "Trojan.Dropper"
#"Trojan.FakeSSH" "Trojan.IRCBot" "Trojan.Lolbot" "Trojan.Renos" "Trojan.Inject"
#"Trojan.SdBot" "Trojan.Small" "Trojan.Spy" "Trojan.TDSS" "Trojan.Zbot"
#"W32.Virut" "Worm.Agent" "Worm.Autorun" "Worm.Bybz" "Worm.Kolab" "Worm.Peda"
#"Trojan.Nepoe" "UNKNOWN"
if [ $# -ne 2 ]
then
echo "Usage: ./separate_clusters.sh ./data/logs ./data/clusters"
exit 1
fi
#folders
logs=$1
clusters=$2
#binaries
histogram=./bin/hist
getcluster=./scripts/getcluster.py
meanshift=./scripts/meanshift.py
# clean
rm $clusters/*
# cluster files
for file in "${files[@]}"
do
echo ">>$file"
mkdir -p $clusters/$file
cp $logs/$file* $clusters/$file/
done
echo ""
for d in $clusters/*/
do
echo $d
$histogram $d* > "$d"histogram.txt
python3 $meanshift "$d"histogram.txt > "$d"clusters.txt
for f in $d/*.beh
do
lines=$(wc -l < $f | sed "s/ //g")
clust=$(python3 $getcluster "$d"clusters.txt $lines)
mkdir -p $d"$(basename $d)"_$clust
mv $f $d"$(basename $d)"_$clust/$(basename $f)
done
done
echo""