search

purseclab / ATLAS

ATLAS: A Sequence-based Learning Approach for Attack Investigation
Apache License 2.0
134 stars 53 forks source link

The choice of action in the function get_active_actions_statements(lines) #14

Open zlsfe opened 2 years ago

zlsfe commented 2 years ago

Hi, May I ask why the choice of action in the function get_active_actions_statements(lines)is "write" or "connect". The question has bothered me for a long time. Thanks!

DieselDX commented 1 year ago

抱歉打扰了,我想问一下,您在复现Atlas时候,在运行graph_reader.py时,有出现无法解析IPv6数据的情况吗?对应的数据是下面这种的。 connection_fe80::fd1b:d78f:dab1:8114_ff02::1:3 -> "c:/windows/system32/svchost.exe_1180" [key=0, capacity="1.0", label=connect_26519816, type=connect, timestamp=26519816, sip=fe80::fd1b:d78f:dab1:8114, sport=61605, dip=ff02::1:3,

Win7ery commented 5 months ago

抱歉打扰了,我想问一下,您在复现Atlas时候,在运行graph_reader.py时,有出现无法解析IPv6数据的情况吗?对应的数据是下面这种的。 connection_fe80::fd1b:d78f:dab1:8114_ff02::1:3 -> "c:/windows/system32/svchost.exe_1180" [key=0, capacity="1.0", label=connect_26519816, type=connect, timestamp=26519816, sip=fe80::fd1b:d78f:dab1:8114, sport=61605, dip=ff02::1:3,

你好,我复现时也遇见了类似的问题,您最终是如何解决这个问题的呢?(问题如下) Hello, I also encountered a similar problem when I reproduced, how did you finally solve this problem? (Question below) connection_fe80::fd1b:d78f:dab1:8114_ff02::1:2 -> "c:/windows/system32/svchost.exe_836" [capacity="1.0", dip=ff02::1:2, dport=547, key=0, label=connect_26519780, sip=fe80::fd1b:d78f:dab1:8114, sport=546, timestamp=26519780, type=connect]; ^ Expected "}" (at char 510263), (line:3318, col:16) Traceback (most recent call last): File ".\graph_reader.py", line 29, in G = read_dot(path)

026plan commented 5 months ago

抱歉打扰了,我想问一下,您在复现Atlas时候,在运行graph_reader.py时,有出现无法解析IPv6数据的情况吗?对应的数据是下面这种的。 connection_fe80::fd1b:d78f:dab1:8114_ff02::1:3 -> "c:/windows/system32/svchost.exe_1180" [key=0, capacity="1.0", label=connect_26519816, type=connect, timestamp=26519816, sip=fe80::fd1b:d78f:dab1:8114, sport=61605, dip=ff02::1:3,

你好,我复现时也遇见了类似的问题,您最终是如何解决这个问题的呢?(问题如下) Hello, I also encountered a similar problem when I reproduced, how did you finally solve this problem? (Question below) connection_fe80::fd1b:d78f:dab1:8114_ff02::1:2 -> "c:/windows/system32/svchost.exe_836" [capacity="1.0", dip=ff02::1:2, dport=547, key=0, label=connect_26519780, sip=fe80::fd1b:d78f:dab1:8114, sport=546, timestamp=26519780, type=connect]; ^ Expected "}" (at char 510263), (line:3318, col:16) Traceback (most recent call last): File ".\graph_reader.py", line 29, in G = read_dot(path)

你好,我在复现atlas时,运行graph_reader.py时,出现了因为IPv6地址中的冒号导致的报错问题。希望可以一起讨论一下复现ATLAS的问题。