Alin Dobra alinVD
alinVD
/ HourPattern.R
Created
February 9, 2017 18:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## RTime: 113s | |
| ## Display the evolution of traffic towards 128.227.*.* during the day | |
| library(gtStats) | |
| library(gtTranslator) | |
| Hist <- MakeGLA( | |
| representation = list( | |
| C = statistics::fixed_matrix(nrow=11L, ncol=24L), |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # RTime: 177s | |
| # 11 Days, | |
| ## This query shows the daily activity of IPs in the 128.227.X.X, the range used | |
| ## by local UF machines. For each IP, the usage per hour is averaged across the | |
| ## various days and displayed as a graph. | |
| library(gtStats) | |
| ## The bounds for the data that is being considered. | |
| lower <- as.POSIXct("2012-04-06 00:00:00", "GMT") |
alinVD
/ PortStats.R
Created
February 9, 2017 18:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## RTime: | |
| ## Incomming traffic statistics per port in time | |
| library(gtStats) | |
| ## The bounds for the data that is being considered. | |
| lower <- as.POSIXct("2012-04-06 00:00:00", "GMT") | |
| upper <- as.POSIXct("2012-04-16 23:59:59", "GMT") |
alinVD
/ PrivateIPs.R
Created
February 9, 2017 18:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # RTime: 47s | |
| ## This query counts the number of NetFlow records whose source is a private IP | |
| ## address. The private IP ranges are 10.X, 172.16.X - 172.31.X, and 192.168.X. | |
| library(gtBase) | |
| data <- Load(NetFlow) | |
| private <- data[ ("10.0.0.0" <= SrcAddr && SrcAddr <= "10.255.255.255") | |
| || ("172.16.0.0" <= SrcAddr && SrcAddr <= "172.31.255.255") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # RTime: 166s (2min 46s) | |
| ## These queries attaches the MAC Address to each entry in the NetFlow relation | |
| ## by matching the SrcAddr and each endpoint of the flow to a lease in the DHCP | |
| ## relation. If the two endpoints are matched to different lease, then there is | |
| ## an error, which is recorded in the first query. The second query takes all of | |
| ## the correct results and performs further aggregates on the MAC Address. | |
| ## The DHCP lease timestamps are only accurate to the sample, meaning leases | |
| ## can have equal endpoint. The current interval join only supports intervals |
alinVD
/ TraficCorr.R
Created
February 9, 2017 18:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## RTime: 144s | |
| ## This computes the pairwise correlation of traffic for each of the local IPs, | |
| ## with the traffic vectors being computed in the same manner as in the query | |
| ## names Local IPs. | |
| library(gtStats) | |
| ## The bounds for the data that is being considered. | |
| lower <- as.POSIXct("2012-04-06 00:00:00", "GMT") | |
| upper <- as.POSIXct("2012-04-16 23:59:59", "GMT") |
alinVD
/ PortClassification.R
Created
February 9, 2017 18:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## RTime: 42s | |
| ## This classifies connections based on their destination. | |
| library(gtBase) | |
| aggregate <- Multiplexer(Load(NetFlow), | |
| WellKnown = Sum(0 <= Dport && Dport <= 1023), | |
| Registered = Sum(1024 <= Dport && Dport <= 49151), | |
| Dynamic = Sum(49152 <= Dport && Dport <= 65535), | |
| Count()) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # RTime: 282s | |
| # Tuples: | |
| ## This query shows the total activity, measured in bytes transmitted in either | |
| ## direction. The daily profiles are charted at the 15 minute resolution. | |
| library(gtStats) | |
| ## The bounds for the data that is being considered. | |
| lower <- as.POSIXct("2012-04-06 00:00:00", "GMT") | |
| upper <- as.POSIXct("2012-04-16 23:59:59", "GMT") |
alinVD
/ DateVSTime9Mat.R
Created
November 24, 2014 15:47
Date versus Time with 9 matrix result (count, volume, total with raw, normalized on date and normalized on time of day)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Compute the data vs time of day evolution of the stock market | |
| # fgRT: 500s | |
| library(gtBase) | |
| library(nanex) | |
| library(gtTranslator) | |
| Hist <- MakeGLA( | |
| representation = list( | |
| C = statistics::fixed_matrix(nrow=113L, ncol=91L), |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| library(gtBase) | |
| library(nanex) | |
| library(gtTranslator) | |
| Hist <- MakeGLA( | |
| representation = list(H = statistics::fixed_matrix(nrow=113L, ncol=91L)), ## histogram matrix | |
| prototype = function(H = zeros(113L, 91L)){}, | |
| AddItem = function(m,t, cnt){ | |
| mi = as.int(m); | |
| H(mi,t) = H(mi,t)+cnt; |
NewerOlder