In [211]:
%%time 

from py2neo import Graph, Node, Relationship
import pandas as pd

g = Graph("http://localhost:7474/db/data/", user="neo4j", password="test")

# Read the microsoft-malware-prediction training dataset (sample only the first 40000 rows)
df = pd.read_csv("microsoft-malware-prediction/train.csv", nrows = 40000)
df = df.fillna("NA")
df["OSIdentifier"] = df["Platform"].map(str) + "_" + df["OsVer"].map(str) + "_" + df["OsBuild"].map(str)

# Create the main machine tables and other useful tables (to model relationships)
## create machine table/csv
machine_df = df[["MachineIdentifier", "Processor", "Census_ProcessorManufacturerIdentifier", "Census_ProcessorModelIdentifier", "Census_MDC2FormFactor", "HasDetections", "Firewall", "OSIdentifier", "CountryIdentifier", "OrganizationIdentifier"]]
machine_df.to_csv("machine.csv", index=False)

# create country table/csv
country_df = pd.DataFrame()
country_df["CountryIdentifier"] = df["CountryIdentifier"].unique()
country_df.to_csv("country.csv", index=False)

# create organization table/csv
org_df = pd.DataFrame()
org_df["OrganizationIdentifier"] = df["OrganizationIdentifier"].unique()
org_df.to_csv("organization.csv", index=False)

# create os table/csv
os_df = pd.DataFrame()
os_df["OSIdentifier"] = df["OSIdentifier"].unique()
os_df = pd.merge(os_df, df[["Platform", "OsVer", "OsBuild", "OSIdentifier"]], left_on = "OSIdentifier", right_on = "OSIdentifier", how = "left").groupby("OSIdentifier").first().reset_index()
os_df.to_csv("os.csv", index=False)

# create firewall table/csv
firewall_df = pd.DataFrame()
firewall_df["Firewall"] = df["Firewall"].unique()
firewall_df.to_csv("firewall.csv", index=False)

# create MalwareDetected table/csv
machine_type_df = pd.DataFrame()
machine_type_df["machine_type"] = df["Census_MDC2FormFactor"].unique()
machine_type_df.to_csv("machine_type.csv", index=False)

# create MalwareDetected table/csv
malware_df = pd.DataFrame()
malware_df["HasDetections"] = df["HasDetections"].unique()
malware_df.to_csv("malware.csv", index=False)

# output the sampled 40k dataset
# df.to_csv("train_40000.csv", index=False)

Wall time: 3.97 s


In [177]:
df["os_id"].unique()

array(['windows10_10.0.0.0_17134', 'windows10_10.0.0.0_14393',
       'windows10_10.0.0.0_16299', 'windows7_6.1.1.0_7601',
       'windows8_6.3.0.0_9600', 'windows10_10.0.0.0_10240',
       'windows10_10.0.0.0_15063', 'windows10_10.0.0.0_10586',
       'windows2016_10.0.0.0_14393', 'windows10_10.0.0.0_17744',
       'windows10_10.0.0.0_17692'], dtype=object)

In [134]:
%%time

# df["LocationId"] = df["GeoNameIdentifier"].map(str) + df["OrganizationIdentifier"].map(str) + df["OrganizationIdentifier"].map(str)
# df["LocationId"].duplicated()

for i,j in df.iterrows():
    machine_id = j["MachineIdentifier"]
    processor_architecture = j["Processor"]
    processor_manufacturer = j["Census_ProcessorManufacturerIdentifier"]
    processor_model = j["Census_ProcessorModelIdentifier"]
    processor_core_count = j["Census_ProcessorCoreCount"]
    
    country_id = j["CountryIdentifier"]
    city_id = j["CityIdentifier"]
    organization_id = j["OrganizationIdentifier"]
    geo_name_id = j["GeoNameIdentifier"]
    
    
    platform = j["Platform"]
    OSVer = j["OsVer"]
    OSBuild = j["OsBuild"]    
    firewall = j["Firewall"]
    machine_type = j["Census_MDC2FormFactor"]
    protected = j["IsProtected"]
    genuine = j["Census_GenuineStateName"]
    malware_detected = j["HasDetections"]
    
    machine_node = Node("Machine", name=machine_id)
    country_node = Node("Country", name=country_id)
    city_node = Node("City", name=city_id)
    organization_node = Node("Organization", name=organization_id)
    geo_node = Node("Geo", name=geo_name_id)
    platform_node = Node("Platform", name=platform)
    os_version_node = Node("OSVersion", name=OSVer)
    os_build_node = Node("OSBuild", name=OSBuild)
    firewall_node = Node("Firewall", name=firewall)
    machinetype_node = Node("MachineType", name=machine_type)
    protected_node = Node("Protected", name=protected)
    genuine_node = Node("Genuine", name=genuine)
    malware_detected_node = Node("MalwareDetected", name=malware_detected)
    
    country_at = Relationship(machine_node, "COUNTRY_AT", country_node)
    city_at = Relationship(machine_node, "CITY_AT", city_node)
    org_at = Relationship(machine_node, "ORG_AT", organization_node)
    geo_at = Relationship(machine_node, "GEO_AT", geo_node)
    has_platform = Relationship(machine_node, "HAS_PLATFORM", platform_node)
    has_osversion = Relationship(machine_node, "HAS_OSVERSION", os_version_node)
    has_osbuild = Relationship(machine_node, "HAS_OSBUILD", os_build_node)
    has_firewall_enabled = Relationship(machine_node, "HAS_FIREWALL_ENABLED", firewall_node)
    machinetype_is = Relationship(machine_node, "MACHINE_TYPE_IS", machinetype_node)
    is_protected = Relationship(machine_node, "IS_PROTECTED", protected_node)
    is_genuine = Relationship(machine_node, "IS_GENUINE", genuine_node)
    has_malware = Relationship(machine_node, "HAS_MALWARE", malware_detected_node)
    
    tx = g.begin()
    
    tx.create(machine_node)
    tx.create(country_node)
    tx.create(city_node)
    tx.create(organization_node)
    tx.create(geo_node)
    tx.create(platform_node)
    tx.create(os_version_node)
    tx.create(os_build_node)
    tx.create(firewall_node)
    tx.create(machinetype_node)
    tx.create(protected_node)
    tx.create(genuine_node)
    tx.create(malware_detected_node)
    
    tx.create(country_at)
    tx.create(city_at)
    tx.create(org_at)
    tx.create(geo_at)
    tx.create(has_platform)
    tx.create(has_osversion)
    tx.create(has_osbuild)
    tx.create(has_firewall_enabled)
    tx.create(machinetype_is)
    tx.create(is_protected)
    tx.create(is_genuine)
    tx.create(has_malware)
    
    tx.commit() 
    tx.finished()
    
print("Done")

Done


In [115]:
df.columns

Index(['Unnamed: 0', 'MachineIdentifier', 'ProductName', 'EngineVersion',
       'AppVersion', 'AvSigVersion', 'IsBeta', 'RtpStateBitfield',
       'IsSxsPassiveMode', 'DefaultBrowsersIdentifier',
       'AVProductStatesIdentifier', 'AVProductsInstalled', 'AVProductsEnabled',
       'HasTpm', 'CountryIdentifier', 'CityIdentifier',
       'OrganizationIdentifier', 'GeoNameIdentifier',
       'LocaleEnglishNameIdentifier', 'Platform', 'Processor', 'OsVer',
       'OsBuild', 'OsSuite', 'OsPlatformSubRelease', 'OsBuildLab',
       'SkuEdition', 'IsProtected', 'AutoSampleOptIn', 'PuaMode', 'SMode',
       'IeVerIdentifier', 'SmartScreen', 'Firewall', 'UacLuaenable',
       'Census_MDC2FormFactor', 'Census_DeviceFamily',
       'Census_OEMNameIdentifier', 'Census_OEMModelIdentifier',
       'Census_ProcessorCoreCount', 'Census_ProcessorManufacturerIdentifier',
       'Census_ProcessorModelIdentifier', 'Census_ProcessorClass',
       'Census_PrimaryDiskTotalCapacity', 'Census_PrimaryDiskTypeN

In [None]:


# tx = g.begin()
# a = Node("Person", name="Alice")
# tx.create(a)
# b = Node("Person", name="Bob")
# ab = Relationship(a, "KNOWS", b)
# tx.create(ab)
# tx.commit() 
# g.exists(ab)


tx = g.begin()
a = Node("MachineID", name=str(machine_id))

tx.create(a)
b = Node("Person", name="DEF")
ab = Relationship(a, "KNOWS", b)
tx.create(ab)
tx.commit() 
tx.finished()

g.exists(ab)

In [25]:
k = g.nodes.match("Alice").limit(1)

In [35]:
len(g.nodes.match("Person", name="Alice"))

2

In [42]:
g.nodes.match("Person", name="Alice").first()



(_0:Person {name: 'Alice'})

In [None]:
g.match()

In [65]:
k = g.nodes.match("Person", name="Alice").skip(1).first()


In [33]:
k = g.nodes.match("Person", name="Alice")

In [34]:
k.merge()

AttributeError: 'NodeMatch' object has no attribute 'merge'

In [13]:
g.exists(a2)

False

In [12]:
a2 = Node("Person", name="Alice")

In [78]:
tx = g.begin()
a = Node("Person", name="ABC")
tx.create(a)
b = Node("Person", name="DEF")
ab = Relationship(a, "KNOWS", b)
tx.create(ab)
tx.commit() 
tx.finished()

g.exists(ab)

True

True

In [56]:
# list(g.relationships.match("KNOWS").limit(3))

In [79]:
g.run("MATCH (person:Person {name: 'Alice'}) RETURN person.name").to_table()

person.name
Alice
Alice


In [80]:
g.run("MATCH (person:Person)-[r:KNOWS]->(d) WHERE person.name='ABC' RETURN person.name, r, d.name").to_table()

g.run("MATCH (person:Person)-[r:KNOWS]->(d)  RETURN person.name, r, d.name").to_table()

person.name,r,d.name
Alice,(Alice)-[:KNOWS {}]->(Bob),Bob
ABC,(ABC)-[:KNOWS {}]->(DEF),DEF
Alice,(Alice)-[:KNOWS {}]->(Bob),Bob
ABC,(ABC)-[:KNOWS {}]->(DEF),DEF
ABC,(ABC)-[:KNOWS {}]->(DEF),DEF


In [11]:
# g.run("[r:KNOWS] RETURN r")
q =g.run('MATCH (cloudAtlas {title: "Cloud Atlas"})<-[:DIRECTED]-(directors) RETURN directors.name')
q.to_table()

In [None]:
g.run("MATCH (p) RETURN p").to_table()

In [73]:
g.run("MATCH (p:Person)-[:KNOWS]->(p:Person) RETURN p").to_table()

In [65]:
g.run("MATCH (person:Person {name: 'Alice'}) RETURN person.name").to_table()

In [19]:
graph.run("MATCH (a:Person) RETURN a.name, a.born LIMIT 5").to_table()

a.name,a.born
Keanu Reeves,1964
Carrie-Anne Moss,1967
Laurence Fishburne,1961
Hugo Weaving,1960
Lilly Wachowski,1967


In [14]:
graph.evaluate("MATCH (a:Person) RETURN count(a)")

NameError: name 'graph' is not defined