In [1]:
%load_ext autoreload
%autoreload

import sys

import pandas as pd
import numpy as np
import matplotlib.pyplot as plt

from sklearn.model_selection import train_test_split
from sklearn.tree import DecisionTreeClassifier

sys.path.append('../../utils')
from utils import thomas_parser
from toBoolean import convert

### Comparison between different kind of datasets

Let's first see performances on a default dataset, which means a threshold of 3/5 detectors, a limit of 8000 malwares,  all features considered, all detectors considered and errors understood as non-packed result.

In [2]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-19-05-T3.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.996
Accuracy on test set: 0.995


#### Different thresholds

In [3]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-19-05-T1.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.974
Accuracy on test set: 0.972


In [4]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-19-05-T2.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.995
Accuracy on test set: 0.991


In [5]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-19-05-T4.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.998
Accuracy on test set: 0.996


In [6]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-19-05-T5.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.997
Accuracy on test set: 0.996


#### Errors considered as positive result from detector

In [7]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-22-05-error.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.996
Accuracy on test set: 0.995


#### Check influence of each detector

In [8]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-22-05-DIE.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.997
Accuracy on test set: 0.993


In [9]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-22-05-CISCO.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.998
Accuracy on test set: 0.996


In [10]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-22-05-MANALYZE.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.997
Accuracy on test set: 0.996


In [11]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-22-05-PEID.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.997
Accuracy on test set: 0.994


In [12]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-22-05-PEFRAME.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.998
Accuracy on test set: 0.998


#### Only boolean values (either most important or all features considered)

In [13]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-19-05-T3.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
data = convert(data, False)
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.986
Accuracy on test set: 0.987


In [14]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-19-05-T3.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
data = convert(data, True)
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.990
Accuracy on test set: 0.989


#### Agreement on same packer

In [15]:
gt = pd.read_csv('../../../dumps/dataset_variations/16K-22-05-agreement.csv')
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
data = convert(data, True)
target = gt['label']
data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)
tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.991
Accuracy on test set: 0.986


#### Test with Thomas datasets

In [17]:
gt = pd.read_csv(thomas_parser("../../../dumps/thomas_datasets/2019-08.Merged"))
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']

data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)

tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.987
Accuracy on test set: 0.986


In [18]:
gt = pd.read_csv(thomas_parser("../../../dumps/thomas_datasets/2019-09.Merged"))
cols = [col for col in gt.columns if col not in ['label']]
data = gt[cols]
target = gt['label']

data_train, data_test, target_train, target_test = train_test_split(data,target, test_size = 0.20, random_state = 0)

tree = DecisionTreeClassifier(max_depth=7,min_samples_split=10,min_samples_leaf=7,random_state=0)
tree.fit(data_train, target_train)
print("Accuracy on training set: {:.3f}".format(tree.score(data_train, target_train))) 
print("Accuracy on test set: {:.3f}".format(tree.score(data_test, target_test)))

Accuracy on training set: 0.991
Accuracy on test set: 0.987
