models.ensemble_techniques_implementation package

Submodules

models.ensemble_techniques_implementation.majority_vote module

async models.ensemble_techniques_implementation.majority_vote.combine_alerts_for_ids_in_alert_dict(alerts_dict: dict) dict[source]

Transforms a dictionary that holds alerts for each IDS in the ensemble into a structured format.

The returned dictionary maps a key composed of timestamp, source_ip, source_port, destination_ip, and destination_port to another dictionary. This inner dictionary contains IDS names as keys and lists of Alert objects as values.

Example output format:

{
“<timestamp>-<source_ip>-<source_port>-<destination_ip>-<destination_port>”: {

“ids1”: [Alert, Alert, …], “ids2”: [Alert, Alert, …]

}

}

Parameters:

alerts_dict (dict) – A dictionary where each key is an IDS name and the value is a list of Alert objects.

Returns:

dict – A dictionary grouping alerts by their common attributes.

async models.ensemble_techniques_implementation.majority_vote.majority_vote(alerts_dict: dict, ensemble) list[Alert][source]

Method to calculate which alerts of an ensemble are majority voted ones

Parameters:

  • alerts_dict (dict) – Dict that holds for each IDS in the ensemble a list of alerts

  • ensemble – (Ensemble): Ensemble Object according to the ORM

Returns:

majority_voted_alerts (list[Alert]) – List of alerts the ensemble voted for

models.ensemble_techniques_implementation.sample_vote module

The following method shows, how to implement a method for an ensembling technique

  1. Add a database entry for your new algorithm

  2. create a new python file in this directory here, named exactly as the function_name property you selcted for the database entry

  3. implement an async method called the same as the function_name property you selected

async models.ensemble_techniques_implementation.sample_vote.sample(alerts_dict: dict, ensemble) list[Alert][source]

Method to calculate which alerts of an ensemble are majority voted ones

Parameters:

  • alerts_dict (dict) – Dict that holds for each IDS in the ensemble a list of alerts

  • ensemble – (Ensemble): Ensemble Object according to the ORM

Returns:

voted_alerts (list[Alert]) – List of alerts the ensemble voted for using a specific algorithm