In [1]:
import networkx as nx
import json

In [2]:
"""
Graph with CWEs, APs, techniques, tactics, mitigations, detections, d3fend, engage activity

Edges between CWE/APs and APs/techniques are such that every CWE/AP or AP/technique is represented in at least one of the edges, but some edges
can have no true links. For example, in the current graph, the AP node with count 53 is connected to CWE nodes with counts 47, 3, 20, and 73.
The number of links in these four edges will add to at least 53 (for each AP), but it could be that some of the edges have zero links.

Edges linked to mitigations/detections/tactics/d3fend/engage are such that every element in the AP/CWE/technique node connects to at least one
of the mitigations/detections/tactics/d3fend/engage. For example, for an edge between an AP node and AP mitigation node, each AP is linked to at 
least one AP mitigation.
"""

'\nGraph with CWEs, APs, techniques, tactics, mitigations, detections, d3fend, engage activity\n\nEdges between CWE/APs and APs/techniques are such that every CWE/AP or AP/technique is represented in at least one of the edges, but some edges\ncan have no true links. For example, in the current graph, the AP node with count 53 is connected to CWE nodes with counts 47, 3, 20, and 73.\nThe number of links in these four edges will add to at least 53 (for each AP), but it could be that some of the edges have zero links.\n\nEdges linked to mitigations/detections/tactics/d3fend/engage are such that every element in the AP/CWE/technique node connects to at least one\nof the mitigations/detections/tactics/d3fend/engage. For example, for an edge between an AP node and AP mitigation node, each AP is linked to at \nleast one AP mitigation.\n'

In [3]:
with open("w_dict.json", "r") as f:
    w_dict = json.load(f)
with open("ap_dict.json", "r") as f:
    ap_dict = json.load(f)
with open("technique_dict.json", "r") as f:
    technique_dict = json.load(f)

f = open("cwe_mitigation_ids_temp.json")
w_mitigation = json.load(f)

f = open("capec_mitigation_temp.json")
ap_mitigation = json.load(f)

f = open("technique_mitigation_temp.json")
technique_mitigation = json.load(f)

f = open("technique_detection_temp.json")
technique_detection = json.load(f)

f = open("capec_detection_temp.json")
ap_detection = json.load(f)

f = open("cwe_detection_temp.json")
w_detection = json.load(f)

f = open("d3fend_technique.json")
d3fend_technique = json.load(f)

f = open("engage_technique.json")
engage_technique = json.load(f)

f = open("d3fend.json")
d3 = json.load(f)

f = open("engage_activity.json")
engage_activity = json.load(f)

f = open("tactic_temp.json")
tactic = json.load(f)

In [4]:
G = nx.Graph()

In [5]:
# number of cwe mitigations/detections

mitigations = set()
detections = set()
for w in w_dict:
    mitigations.update(w_dict[w]["mitigations"])
    detections.update(w_dict[w]["detections"])

print(len(mitigations))
print(len(detections))

1597
481


In [6]:
G.add_node(
    "CWE mitigations",
    label=len(mitigations),
    shape="diamond",
    color="red",
    title="CWE mitigations",
)
G.add_node(
    "CWE detections",
    label=len(detections),
    shape="square",
    color="red",
    title="CWE detections",
)

In [7]:
counts_dict = {}

for w in w_dict:
    links = w_dict[w]
    str = ["cwe"]
    if links["ap"]:
        str.append("ap")
    if links["mitigations"]:
        str.append("mitigations")
    if links["detections"]:
        str.append("detections")

    str = "_".join(str)

    if str in counts_dict:
        counts_dict[str] += 1
    else:
        counts_dict[str] = 1

counts_dict

{'cwe_mitigations': 345,
 'cwe_mitigations_detections': 29,
 'cwe_ap_mitigations': 201,
 'cwe_ap_detections': 3,
 'cwe': 217,
 'cwe_detections': 9,
 'cwe_ap_mitigations_detections': 73,
 'cwe_ap': 47}

In [8]:
for key in counts_dict:
    G.add_node(key, label=counts_dict[key], color="red", title=key)
    true_key = key.split("_")[1:]
    if "detections" in true_key:
        G.add_edge(key, "CWE detections", color="black")
    if "mitigations" in true_key:
        G.add_edge(key, "CWE mitigations", color="black")

In [9]:
# number of ap mitigations/detections
mitigations = set()
detections = set()
for ap in ap_dict:
    mitigations.update(ap_dict[ap]["mitigations"])
    detections.update(ap_dict[ap]["detections"])

print(len(mitigations))
print(len(detections))

1044
91


In [10]:
G.add_node(
    "AP mitigations",
    label=len(mitigations),
    shape="diamond",
    color="green",
    title="AP mitigations",
)
G.add_node(
    "AP detections",
    label=len(detections),
    shape="square",
    color="green",
    title="AP detections",
)

In [11]:
counts_dict = {}

for ap in ap_dict:
    links = ap_dict[ap]
    str = ["ap"]
    if links["techniques"]:
        str.append("techniques")
    if links["mitigations"]:
        str.append("mitigations")
    if links["detections"]:
        str.append("detections")
    if links["cwes"]:
        str.append("cwes")

    str = "_".join(str)

    if str in counts_dict:
        counts_dict[str] += 1
    else:
        counts_dict[str] = 1

counts_dict

{'ap_mitigations_cwes': 200,
 'ap_mitigations_detections_cwes': 39,
 'ap_techniques_mitigations_cwes': 52,
 'ap_cwes': 93,
 'ap_techniques_mitigations_detections_cwes': 10,
 'ap_techniques_mitigations_detections': 1,
 'ap': 67,
 'ap_mitigations': 53,
 'ap_techniques_mitigations': 10,
 'ap_mitigations_detections': 3,
 'ap_techniques_cwes': 11,
 'ap_techniques': 7}

In [12]:
for key in counts_dict:
    G.add_node(key, label=counts_dict[key], color="green", title=key)
    true_key = key.split("_")[1:]
    if "detections" in true_key:
        G.add_edge(key, "AP detections", color="black")
    if "mitigations" in true_key:
        G.add_edge(key, "AP mitigations", color="black")
    if "cwes" in true_key:
        for node in G.nodes:
            if node.startswith("cwe") and "ap" in node:
                G.add_edge(key, node, color="black")

In [13]:
# number of technique mitigations/detections
mitigations = set()
detections = set()
for technique in technique_dict:
    mitigations.update(technique_dict[technique]["mitigations"])
    detections.update(technique_dict[technique]["detections"])

print(len(mitigations))
print(len(detections))

43
566


In [14]:
for technique in technique_dict:
    technique_dict[technique]["ap"] = []
    technique_dict[technique]["d3fend"] = []
    technique_dict[technique]["engage"] = []

for ap in ap_dict:
    for technique in ap_dict[ap]["techniques"]:
        technique_dict[technique]["ap"].append(ap)

for d3fend_tech in d3fend_technique:
    technique = d3fend_tech["_from"]
    d3fend = d3fend_tech["_to"]
    technique_dict[technique]["d3fend"].append(d3fend)

for engage_tech in engage_technique:
    technique = engage_tech["_from"]
    engage = engage_tech["_to"]
    technique_dict[technique]["engage"].append(engage)

In [15]:
d3fend = set()
engage = set()
tactics = set()

for technique in technique_dict:
    d3fend.update(technique_dict[technique]["d3fend"])
    engage.update(technique_dict[technique]["engage"])
    tactics.update(technique_dict[technique]["tactics"])

print(len(d3fend))
print(len(engage))
print(len(tactics))

36
22
14


In [16]:
G.add_node(
    "Technique mitigations",
    label=len(mitigations),
    shape="diamond",
    color="orange",
    title="Technique mitigations",
)
G.add_node(
    "Technique detections",
    label=len(detections),
    shape="square",
    color="orange",
    title="Technique detections",
)
G.add_node("d3fend", label=len(d3fend), color="yellow", title="d3fend")
G.add_node("engage", label=len(engage), color="black", title="engage activity")
G.add_node("tactics", label=len(tactics), color="blue", title="tactics")

In [17]:
counts_dict = {}

for technique in technique_dict:
    links = technique_dict[technique]
    str = ["technique"]
    if links["ap"]:
        str.append("ap")
    if links["mitigations"]:
        str.append("mitigations")
    if links["detections"]:
        str.append("detections")
    if links["tactics"]:
        str.append("tactics")
    if links["d3fend"]:
        str.append("d3fend")
    if links["engage"]:
        str.append("engage")

    str = "_".join(str)

    if str in counts_dict:
        counts_dict[str] += 1
    else:
        counts_dict[str] = 1

counts_dict

{'technique_mitigations_detections_tactics_engage': 104,
 'technique_mitigations_detections_tactics': 243,
 'technique_mitigations_detections_tactics_d3fend_engage': 10,
 'technique_mitigations_detections_tactics_d3fend': 46,
 'technique_detections_tactics_engage': 17,
 'technique_ap_detections_tactics_engage': 20,
 'technique_detections_tactics': 40,
 'technique_ap_mitigations_detections_tactics': 36,
 'technique_ap_mitigations_detections_tactics_engage': 18,
 'technique_ap_detections_tactics': 6,
 'technique_detections_tactics_d3fend': 4,
 'technique_ap_mitigations_detections_tactics_d3fend': 15,
 'technique_ap_detections_tactics_d3fend': 1,
 'technique_ap_mitigations_detections_tactics_d3fend_engage': 5,
 'technique_detections_tactics_d3fend_engage': 1}

In [18]:
for key in counts_dict:
    G.add_node(key, label=counts_dict[key], color="orange", title=key)
    true_key = key.split("_")[1:]
    if "detections" in true_key:
        G.add_edge(key, "Technique detections", color="black")
    if "mitigations" in true_key:
        G.add_edge(key, "Technique mitigations", color="black")
    if "tactics" in true_key:
        G.add_edge(key, "tactics", color="black")
    if "d3fend" in true_key:
        G.add_edge(key, "d3fend", color="black")
    if "engage" in true_key:
        G.add_edge(key, "engage", color="black")
    if "ap" in true_key:
        for node in G.nodes:
            if node.startswith("ap") and "techniques" in node:
                G.add_edge(key, node, color="black")

In [19]:
# Save graph
file_path = "demo/all_graph_networkx.pkl"
nx.write_gpickle(G, file_path)

In [20]:
from pyvis.network import Network

nt = Network("600px", "600px", notebook=True)
nt.from_nx(G)
nt.show("incomplete_with_all.html")