Currently, SAGE is one file sage.py, which is over 1k lines of code. The largest part of the file consists of the functions, and only at the very end there is the actual main part. A better approach might be to split sage.py into separate files, as it was also done in SECLEDS.
Proposed solution
The following files will be present in the repository:
sage.py with the main part, alert parsing and global parameters
plotting.py with the functions that are related to plotting (including make_state_groups)
episode_sequence_generation.py (from making hyperalert sequences to trace generation, i.e. from aggregate_into_episodes until generate_traces excluding)
model_learning.py (from generate_traces until make_state_sequences and group_episodes_per_av including; the code in group_episodes_per_av can go to make_state_sequences function, since it just makes the state sequences on an attacker or victim level)
ag_generation.py (converting state sequences into AGs, i.e. make_attack_graphs and the related functions)
Furthermore, the global parameters will become function parameters wherever applicable.
Finally, the docker branch will be updated accordingly to make sure that all the files are copied.
Description
Currently, SAGE is one file
sage.py, which is over 1k lines of code. The largest part of the file consists of the functions, and only at the very end there is the actual main part. A better approach might be to splitsage.pyinto separate files, as it was also done in SECLEDS.Proposed solution
The following files will be present in the repository:
sage.pywith the main part, alert parsing and global parametersplotting.pywith the functions that are related to plotting (includingmake_state_groups)episode_sequence_generation.py(from making hyperalert sequences to trace generation, i.e. fromaggregate_into_episodesuntilgenerate_tracesexcluding)model_learning.py(fromgenerate_tracesuntilmake_state_sequencesandgroup_episodes_per_avincluding; the code ingroup_episodes_per_avcan go tomake_state_sequencesfunction, since it just makes the state sequences on an attacker or victim level)ag_generation.py(converting state sequences into AGs, i.e.make_attack_graphsand the related functions)Furthermore, the global parameters will become function parameters wherever applicable.
Finally, the
dockerbranch will be updated accordingly to make sure that all the files are copied.