models.ensemble_techniques_implementation package

Submodules

models.ensemble_techniques_implementation.majority_vote module

async app.models.ensemble_techniques_implementation.majority_vote.combine_alerts_for_ids_in_alert_dict(alerts_dict: dict) dict[source]

Transforms a dictionary that holds alerts for each IDS in the ensemble into a structured format.

The returned dictionary maps a key composed of timestamp, source_ip, source_port, destination_ip, and destination_port to another dictionary. This inner dictionary contains IDS names as keys and lists of Alert objects as values.

Parameters:

alerts_dict (dict) – A dictionary where each key is an IDS name and the value is a list of Alert objects.

Returns:

dict – A dictionary grouping alerts by their common attributes. Each key is a tuple containing (timestamp, source_ip, source_port, destination_ip, destination_port), and each value maps IDS names to lists of matching alerts.

async app.models.ensemble_techniques_implementation.majority_vote.majority_vote(alerts_dict: dict, ensemble) list[Alert][source]

Method to calculate which alerts of an ensemble are majority voted ones

Parameters:

  • alerts_dict (dict) – Dict that holds for each IDS in the ensemble a list of alerts

  • ensemble – (Ensemble): Ensemble Object according to the ORM

Returns:

majority_voted_alerts (list[Alert]) – List of alerts the ensemble voted for

models.ensemble_techniques_implementation.sample_vote module

The following method shows, how to implement a method for an ensembling technique

  1. Add a database entry for your new algorithm

  2. create a new python file in this directory here, named exactly as the function_name property you selcted for the database entry

  3. implement an async method called the same as the function_name property you selected

async app.models.ensemble_techniques_implementation.sample_vote.sample(alerts_dict: dict, ensemble) list[Alert][source]

Method to calculate which alerts of an ensemble are majority voted ones

Parameters:

  • alerts_dict (dict) – Dict that holds for each IDS in the ensemble a list of alerts

  • ensemble – (Ensemble): Ensemble Object according to the ORM

Returns:

voted_alerts (list[Alert]) – List of alerts the ensemble voted for using a specific algorithm