Struct owlyshield_ransom::predictions::prediction::input_tensors::PredictionRow [−][src]
pub struct PredictionRow {Show 34 fields
pub ops_read: u64,
pub ops_setinfo: u64,
pub ops_written: u64,
pub ops_open: u64,
pub bytes_read: u64,
pub bytes_written: u64,
pub entropy_read: f32,
pub entropy_written: f32,
pub files_opened: usize,
pub files_deleted: usize,
pub files_read: usize,
pub files_renamed: usize,
pub files_written: usize,
pub extensions_read: usize,
pub extensions_written: usize,
pub extensions_written_doc: usize,
pub extensions_written_archives: usize,
pub extensions_written_db: usize,
pub extensions_written_code: usize,
pub extensions_written_exe: usize,
pub dirs_with_files_created: usize,
pub dirs_with_files_updated: usize,
pub pids: usize,
pub exe_exists: bool,
pub clusters: usize,
pub clusters_max_size: usize,
pub alters_email_file: bool,
pub password_vault_read_count: usize,
pub alters_event_log_file: bool,
pub alters_ssh_file: bool,
pub on_shared_drive_read_count: u32,
pub on_shared_drive_write_count: u32,
pub on_removable_drive_read_count: u32,
pub on_removable_drive_write_count: u32,
}Expand description
Record of the features used to feed models’ inputs tensors. Features are the results of aggregate functions (mainly sum, max and count) applied to:
- Data that comes from the driver (ops_read, entropy_read…)
- Calculations done in this project crate::process module (clustering)
Fields
ops_read: u64Count of Read operations crate::driver_com::IrpMajorOp::IrpRead
ops_setinfo: u64Count of SetInfo operations crate::driver_com::IrpMajorOp::IrpSetInfo
ops_written: u64Count of Write operations crate::driver_com::IrpMajorOp::IrpWrite
ops_open: u64Count of Handle Creation operations crate::driver_com::IrpMajorOp::IrpCreate
bytes_read: u64Total bytes read (by gid)
bytes_written: u64Total bytes written (by gid)
entropy_read: f32Total entropy read
entropy_written: f32Total entropy write
files_opened: usizeFile descriptors created
files_deleted: usizeFile descriptors deleted
files_read: usizeFile descriptors read
files_renamed: usizeFile descriptors renamed
files_written: usizeFile descriptors written
extensions_read: usizeUnique extensions read count
extensions_written: usizeUnique extensions write count
extensions_written_doc: usizeUnique extensions written count (documents)
extensions_written_archives: usizeUnique extensions written count (archives)
extensions_written_db: usizeUnique extensions written count (DB)
extensions_written_code: usizeUnique extensions written count (code)
extensions_written_exe: usizeUnique extensions written count (executables)
dirs_with_files_created: usizeDirectories having files created
dirs_with_files_updated: usizeDirectories having files updated
pids: usizeNumber of pids in this gid process family
exe_exists: boolProcess exe file still exists (father)?
clusters: usizeNumber of directories (with files updated) clusters created
clusters_max_size: usizeDeepest cluster size
alters_email_file: boolIs process altering (reading, writing) email files
password_vault_read_count: usizeNumber of distinct password vault files read
alters_event_log_file: boolIs process altering (reading, writing) Windows log files
alters_ssh_file: boolIs process altering (reading, writing) ssh files
Count of Read operations crate::driver_com::IrpMajorOp::IrpRead on a shared (remote) drive
Count of Write operations crate::driver_com::IrpMajorOp::IrpWrite on a shared (remote) drive
on_removable_drive_read_count: u32Count of Read operations crate::driver_com::IrpMajorOp::IrpRead on a removable drive
on_removable_drive_write_count: u32Count of Write operations crate::driver_com::IrpMajorOp::IrpWrite on a removable drive