Preparation - crimson-unicorn/core GitHub Wiki

All the Right Code in All the Right Places

Clone Unicorn codebase or just a part of its intrusion detection pipeline. Be aware of scary dependencies, as always.

We recommend Linux Ubuntu environment with the following dependencies installed. We make things easy for you. Just copy and paste the lines below on your Terminal. Make sure you have the right privileges to do so.

apt-get install -y sudo python g++-4.9 libz-dev python-pip python-dev build-essential 
pip install numpy==1.14.3 scipy==0.17.0 scikit-learn==0.19.1

:information_source: You may receive an error saying that the g++-4.9 package is not available (for example, if you try to install on Ubuntu 18.04). To solve this, you can add the following to /etc/apt/sources.list:

deb http://dk.archive.ubuntu.com/ubuntu/ xenial main
deb http://dk.archive.ubuntu.com/ubuntu/ xenial universe

and then run apt update && apt-get install g++-4.9

:new: To run Visicorn, you want to install additionally:

apt-get install libsqlite3-dev
pip install pysqlite

Now, you can:

  • Download the parsers: make prepare_parsers

:information_source: Various parsers will be downloaded, including a parser for CamFlow datasets and a parser for StreamSpot datasets.

  • Download the analyzer: make prepare_analyzer

:information_source: Unicorn's analyzer uses GraphChi, a vertex-centric graph processing framework, which is written in C++. Running make prepare_analyzer will also compile the C++ code, so it is ready to run.

:warning: Several compilation-time macros are tunable parameters (e.g., -DSKETCH_SIZE determines the sketch size of graph sketches) that can be adjusted for different experiments. If you need to adjust those parameters, make sure you recompile the code! You can learn more about those parameters here.

  • Download the modeler: make prepare_modeler

You can download them all at once using:

make prepare

Everything should be organized in the build/ directory under core/. You should also create a output/ directory under core/ if you download each component separately, instead of using make prepare (which creates the output/ directory for you). Now you can proceed to download datasets, or if you have already done so, run the experiments.