In [10]:
import numpy as np

In [11]:
# --- 1. Define Baseline Patterns ---
# [data transfer, login_attempts, privilege_requests, network_scans, failed_authentications]
n = np.array([0.8, 3, 1, 0, 0])   # Normal User 
a = np.array([2.1, 8, 5, 2, 1])   # Admin User 
s1 = np.array([15.2, 25, 12, 8, 15]) # Suspicious Activity 1 
s2 = np.array([1.2, 45, 3, 15, 32]) # Suspicious Activity 2 
c = np.array([3.4, 12, 7, 3, 4])   # Current Session 

In [12]:
# Dictionary to hold patterns for easier iteration
patterns = {
    "Normal User": n,
    "Admin User": a,
    "Suspicious 1": s1,
    "Suspicious 2": s2
}

In [13]:
# --- 3. Define Reusable Helper Functions ---

def cosine_similarity(v1, v2):
    """Calculates the cosine similarity between two non-zero vectors."""
    dot_product = np.dot(v1, v2)
    norm_v1 = np.linalg.norm(v1)
    norm_v2 = np.linalg.norm(v2)
    
    # Avoid division by zero if a vector is all zeros
    if norm_v1 == 0 or norm_v2 == 0:
        return 0.0
        
    return dot_product / (norm_v1 * norm_v2)

In [14]:
def vector_projection(v_to_project, v_onto):
    """Calculates the projection of v_to_project onto v_onto."""
    # Projection formula: ( (v1 . v2) / ||v2||^2 ) * v2
    dot_product = np.dot(v_to_project, v_onto)
    norm_sq = np.linalg.norm(v_onto)**2
    
    if norm_sq == 0:
        return np.zeros(v_onto.shape)
        
    return (dot_product / norm_sq) * v_onto

In [15]:
def angle_between(v1, v2):
    """Calculates the angle in degrees between two vectors."""
    sim = cosine_similarity(v1, v2)
    # Clip to handle potential floating-point inaccuracies (e.g., 1.000001)
    sim = np.clip(sim, -1.0, 1.0)
    return np.degrees(np.arccos(sim))

In [16]:
print("--- Setup Complete ---")
print(f"Current Session (c): {c}\n")

--- Setup Complete ---
Current Session (c): [ 3.4 12.   7.   3.   4. ]



In [17]:
def threat_similarity_analysis(current_session, all_patterns):
    print("--- 1. Threat Similarity Detection ---")
    similarity_results = {}
    
    # Calculate similarity for each pattern 
    for name, pattern_vec in all_patterns.items():
        sim = cosine_similarity(current_session, pattern_vec)
        similarity_results[name] = sim
        print(f"Cosine Similarity with {name}: {sim:.4f}")

    # Determine the most similar pattern [cite: 25]
    most_similar_name = max(similarity_results, key=similarity_results.get)
    max_similarity = similarity_results[most_similar_name]
    print(f"\nMost Resembled Pattern: {most_similar_name} (Similarity: {max_similarity:.4f})")

    # Implement threshold-based classification 
    threshold = 0.8
    classification = "Unclassified"
    if max_similarity > threshold:
        classification = most_similar_name
    
    print(f"Classification (Threshold > {threshold}): {classification}")
    print("-" * 30 + "\n")
    return similarity_results

# Run the analysis
similarity_scores = threat_similarity_analysis(c, patterns)

--- 1. Threat Similarity Detection ---
Cosine Similarity with Normal User: 0.9251
Cosine Similarity with Admin User: 0.9856
Cosine Similarity with Suspicious 1: 0.9553
Cosine Similarity with Suspicious 2: 0.8500

Most Resembled Pattern: Admin User (Similarity: 0.9856)
Classification (Threshold > 0.8): Admin User
------------------------------

