diff --git a/Nodlink/README.md b/Nodlink/README.md index 36fd60eea17e26595fa2e10ff113b81ccaf32370..5473a182047b48b7e32f17919cfa0554a64d1b9f 100644 --- a/Nodlink/README.md +++ b/Nodlink/README.md @@ -43,7 +43,7 @@ mkdir A-SysArmor/Nodlink/Sysdig/model # for Linux data cp benign_file.json my/path/to/model/benign.json cp anomaly_file.json my/path/to/model/anomaly.json ``` -* precess JSON data +* process JSON data ``` $ python3 process_behavior.py --d my/path/to/model --file benign.json $ python3 process_behavior.py --d my/path/to/model --file anomaly.json diff --git a/Nodlink/nonsense_detector.py b/Nodlink/nonsense_detector.py index bb03e5bb94638b12a83472955a369b49e78b0802..2ea4ac25595dd0cd97a05c6a65f2b457327c6df9 100644 --- a/Nodlink/nonsense_detector.py +++ b/Nodlink/nonsense_detector.py @@ -142,7 +142,7 @@ words taken from various contemporary text corpora, (3) a set of common stop words, and (4) a few million strings created by randomly concatenating items from 2-3 (but not the real identifiers, which are left as-is). The current stored results were produced after experimenting with 2-grams, 3-grams, -4-grams and 5-grams, and and different thresholds. The best performance +4-grams and 5-grams, and different thresholds. The best performance achieved was reached with 4-grams, and that is the value stored in the ngram_data.pklz pickle file in this directory. The pickle file stores the values computed by the function ngram_values(); each entry is a named tuple @@ -181,7 +181,7 @@ thresholds and parameters, then re-scoring the example strings again, and iterating this process until the detector function created by `generate_nonsense_detector()` produces good results on real and random strings. A better method for finding optimal parameter values is to use a -multiobjectve optimization algorithm. Nostril's parameter values were +multiobjective optimization algorithm. Nostril's parameter values were initially derived manually and then fine-tuned using the NSGA-II (Non-dominated Sorting Genetic Algorithm) routine in Platypus (https://github.com/Project-Platypus/Platypus). @@ -739,7 +739,7 @@ def test_unlabeled(input, nonsense_tester, min_length=6, sense='valid', trace_scores=False, save_to=None): '''Test against a file or list of strings. 'nonsense_tester' is a function that should return True if a given string is nonsense. 'sense' - indicates whether each input string should be considerd to be a valid + indicates whether each input string should be considered to be a valid string, or not. If value is 'valid', meaning the input strings are to be considered valid strings and not junk, then nonsense_detector(...) should report False for each one; if the input strings are not valid, then diff --git a/README.md b/README.md index bad1f24e775a21e2c9747e5615d8ed75a87c408c..85f1d87dc3aa2205a2d7a89d82d7297a151de709 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ A-SysArmor聚焦操作系统安全,基于AI等技术增强系统安全能力,提高安全分析效率。 -A-SysArmor目前以实现系统入侵检测能力,主要包含以下模块: +A-SysArmor目前已实现系统入侵检测能力,主要包含以下模块: * **NODROP**: 系统数据采集模块,负责采集系统数据,如进程创建、文件读写、网络访问等。目前主要采集系统调用信息,详细介绍参考[这里](https://gitee.com/openeuler/A-SysArmor/blob/master/NODROP/README.md) * **Nodlink**: 检测模块,负责分析系统数据,基于AI/ML检测系统异常行为,并生成告警图。详细介绍参考[这里](https://gitee.com/openeuler/A-SysArmor/blob/master/Nodlink/README.md)