Skip to content

plotting

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

plotting

README.md

MalGraphIQ plots phase

  • Input: Set of WBC occurrence files in JSON format (as generated by the occurrencces phase).
  • Output: Visual representations of such occurrences.
$ python3 ../malgraphiq.py plots -h      
usage: MalGraphIQ plots [-h] [--fig_title FIG_TITLE] [-rc_max [0-100]] [--plots_dir PLOTS_DIR] [-bb] [--lower_figure_limit [0-100]]
                        [--upper_figure_limit [0-100]] [--lower_figure_ratio [10-90]]
                        json

positional arguments:
  json                  JSON file or directory of matches, or a list of match dictionaries, as produced by the previous phase.

options:
  -h, --help            show this help message and exit
  --fig_title FIG_TITLE
                        Title for the generated plots (default: none).
  -rc_max [0-100], --radarchart_max_scale [0-100]
                        Max scale for radarcharts (default: 100).
  --plots_dir PLOTS_DIR
                        If specified, WBC match plots are written in that directory otherwise they are generated in the PLOTS folder, which is
                        created if it does not exist (default: ./PLOTS/).
  -bb, --broken_barcharts
                        Use broken barcharts. That is, break the Y-axis of the micro-behavior occurrences visualizations (default: False).
  --lower_figure_limit [0-100]
                        Specifies the upper limit of the lower half of the broken figure (default: 50).
  --upper_figure_limit [0-100]
                        Specifies the lower limit of the upper half of the broken figure (default: 50).
  --lower_figure_ratio [10-90]
                        Ratio (w.r.t total figure's height) of lower figure for broken barcharts. The upper figure ratio is 100 - the
                        specified value. That is, the remaining space within the plot (default: 50).

Commands executed assuming current working directory in this folder.

Barcharts (unbroken)

$ python3 ../malgraphiq.py plots ../occurrences/test.json -rc_max 30 --plots_dir visualizations

Broken barcharts with default division values 0% - 50% | 50% - 100%

$ python3 .../malgraphiq.py plots ../occurrences/test.json -rc_max 30 --plots_dir visualizations

Broken barcharts with division values 0% - 20% | 80% - 100%

$ python3 ../malgraphiq.py plots ../occurrences/test.json -rc_max 30 --plots_dir visualizations --broken_barcharts --lower_figure_limit 20 --upper_figure_limit 80

Broken barcharts with division values 0% - 20% | 80% - 100%, but breaking is at 30% height, not in the center of the plot.

$ python3 ../malgraphiq.py plots ../occurrences/test.json -rc_max 30 --plots_dir visualizations --broken_barcharts --lower_figure_limit 20 --upper_figure_limit 80 --lower_figure_ratio 30

Broken barcharts with division values 0% - 20% | 80% - 100%, but breaking is at 30% height, not in the center of the plot with figure title.

$ python3 ../malgraphiq.py plots ../occurrences/test.json -rc_max 30 --plots_dir visualizations --broken_barcharts --lower_figure_limit 20 --upper_figure_limit 80 --lower_figure_ratio 30 --fig_title "Malware Family Behavior"