Shulou(Shulou.com)06/01 Report--

1.1. Security data mining language 1.1.1. Overview 1.1.1.1. Basic characteristics

Compared with the general high-level language or scripting language, the mining language involved in this paper has the following features:

1. Variables need to be declared before they can be used, but the size of an array or vector does not need to be declared in advance (that is, dynamic arrays are supported)

two。 Support for general arithmetic expressions, relational expressions and logical expressions

3. User-defined functions are supported, but functions cannot be nested declarations or definitions

4. Supports conditional (including if and if-else) and loop statements (including continue and break statements), but supports a loop statement in the form of while

5. Support for multi-level nested declaration of user-defined types (similar to typedef struct in Candlestick +).

1.1.1.2. Proprietary characteristic

In addition to supporting features similar to general high-level languages or scripting languages, the languages mentioned in this article also support the following mining-related features, which typically appear as functions:

1. According to the characteristics of information security, the processing and related operations of IP address (including IPv4 and IPv6), date and time are supported.

two。 Built-in data preprocessing related functions, including data filtering, filtering (can support structured or unstructured security data)

3. Provide statistical functions related to distribution models, parameter estimation and hypothesis testing, and support common models such as normal distribution, T-distribution, chi-square distribution, etc.

4. Support time-based sequence analysis

5. Provide rich data input and output (including data visualization) functions

6. Support for inclusion between mining scripts (similar to "include" or "import")

7. More importantly, all scripts for data mining can be executed not only in the data acquisition unit (especially in the data preprocessing part), but also in the core analysis unit.

1.1.2. Basic 1.1.2.1. Data type 1.1.2.1.1. Constant

The system supports two types of constants:

1. String constant: any string enclosed in double quotes, such as "abc" or "2012-12-25 17:00:00"

two。 Numeric constant: any integer or floating point type numeric constant, for example: 123 or 3.1415; the supported length depends on the word length of the host computer.

1.1.2.1.2. Variable

Similar to constants, the system supports the following two basic variable types:

1. String variables: declared as follows

String variable name

Where string is reserved for the system (see appendix)

two。 Numeric variables: declared as follows

Numeric variable name

Numeric is reserved for the system (see appendix). Numeric variables do not distinguish between integer and floating point types, but keep up to 7 decimal places if floating point.

For the above variable names, the system convention can only start with an English letter, mix numbers and underscores, with a maximum length of no more than 50 characters and unequal use of system reserved words.

1.1.2.1.3. List

Because this system supports user-defined types (must be defined first), such as:

List Person

{

Stringname

Numericage

String sex

...

}

So if you need to use a custom type, the variable is declared as follows:

Person variable name

1.1.2.1.4. Array

Because vectors are widely used in secure data mining, this system also supports one-dimensional arrays, but when multi-dimensional arrays are needed, the elements of arrays can also be arrays.

The array is declared as follows:

1. String type: string @ variable name

two。 Numeric: numeric @ variable name

3. User-defined: user_type @ variable name.

When referencing array elements, use the following way: array variable name [subscript] (subscript starts at 0; subscript can also be an expression).

If the subscript crosses the bounds, the system will not crash, but will return "undef".

1.1.2.2. The expression is 1.1.2.2.1. Operational symbol

The mining language operation symbols involved in this article include the following categories (arranged by priority):

1. Member operator: that is, ".", unicast operation, get the member of the variable

two。 Multiplication and division operations: including "*", "/" and "%" (division remainder); only numerical variable operations are supported, and for "*", vector operations are supported in addition to scalar operations (different from ordinary mathematical vector multiplication, but only vector element multiplication)

3. Addition and subtraction operations: including "+" and "-"; support numerical vector operations

4. Relational operations: including "=", "=", "!", "= ~" (regular matching), "! ~" (regular mismatch), where regular expressions support Perl-like types, except regular matching / mismatching operations, other relational operations support numeric and character constants / variables.

5. Logic and Operation: that is "& &"

6. Logic or operation: that is, "| |".

1.1.2.2.2. Function definition and call

In many languages, functions are the only way to expand connotation and denotation; so this system provides a large number of built-in functions, and the system also supports user-defined functions.

1.1.2.2.3. Function definition

Like most languages, this system function is defined as follows:

Returns the type sub function name (parameter list)

{

Function body

}

Where sub is a system reserved word, the return type and parameter list can be empty, multiple parameters are separated by commas, and the function does not allow nested definitions.

An example is as follows (finding the largest of the two numerical variables):

Numeric get_max (numeric a dome numeric b)

{

If (a > b)

{

Returna

}

Else

{

Returnb

}

}

1.1.2.2.4. Function call

The call format of the function is as follows:

Function name (parameter)

It should be noted that the system stipulates that all parameters (such as variables) are passed by reference rather than copy, so if the value of the calling parameter needs to be modified in the function, the corresponding variable value in the main tone function will also be modified.

An example of a function call is as follows (using the function defined in the previous section):

Max = get_max (3jue 5)

1.1.2.3. Statement

In the mining language involved in this article, statement is a very important part, similar to most high-level languages or scripting languages, it also supports three basic forms: order, condition and loop.

1.1.2.3.1. Assignment statement

The assignment statement is the most basic statement in the form of:

Variable = expression

The left operand of the assignment statement must be a variable, and the type of variable can be scalar or vector; we agree that when the left value is a vector, the right value of the assignment statement (right operand) can be a vector or a scalar, if it is a scalar, then assign its actual value to the first element of the vector, and if the vector is assigned to a scalar, only the first element of the vector will be taken.

In addition, the left and right values of the assignment statement must have the same data type, otherwise an error will be reported at compile time.

Here are a few examples to illustrate the use of assignment statements:

1. Constant assignment:

A = 5

two。 Variable assignment:

A = b

3. Expression assignment:

A = breadb-4*a*c

4. Vector assignment:

@ a = @ b

5. Vectors and scalars are assigned to each other:

@ a = bounb-4 the value of the expression bounb-4*a*c is the result of the evaluation of the expression broomb-4.

A = @ array;#an is the value of array [0]

1.1.2.3.2. Conditional statement

In the conditional statements described in this paper, only if or if-else formal conditional statements are supported, but not similar to the switch-case conditional statements in C statements; another difference from C language conditional statements is that conditional statements must be enclosed in curly braces, otherwise they are considered illegal.

The forms of conditional statements include:

If (expression)

{

...

}

And

If (expression)

{

...

}

Else

{

...

}

It is important to note that the expression is true as long as the value of the expression is not non-zero, otherwise it is false.

Conditional statements can be nested at will, but the scope (scope) of declared variables is limited to them. If there is a duplicate definition of variables, they will be adapted according to the nearest principle (these variables will be converted to different intra-file addresses at compile time, so there will be no conflicts).

1.1.2.3.3. Loop statement

For circular statements, only one form is supported, considering the cost of implementation and learning:

While (expression)

{

...

}

Similar forms of do-while and for loops are not supported. Similar to conditional statements, curly braces are required, even if the body of the loop contains only a single statement (somewhat similar to the Perl statement).

In addition, for complete flow control, continue and break can be used in loop statements, which can be traced back to the expression judgment part of the loop and out of the loop, respectively; of course, you can use unconditional jump statements directly to achieve the same effect, but doing so makes process control slightly less "elegant".

1.1.2.3.4. Unconditional jump statement

An unconditional jump statement is a goto statement in the form of:

Goto label

The definition of labeling is as follows:

Labeling: statement

1.1.2.4. Include file

The include file is in the following form:

Import "File name"

The included file should be set in a path that the system can search (the search path uses the system variable).

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.