-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathtiq-test-Fall2014.Rmd
68 lines (53 loc) · 2.49 KB
/
tiq-test-Fall2014.Rmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
---
title: "TIQ-TEST Experiments - Fall 2014"
author: "Alex Pinto"
date: "October 19, 2014"
output: html_document
---
This is an R Markdown document for demonstrating the new tests and functionalities
that are to be introduced in version 0.2 of tiq-test. No presentations have been made of this
material yet.
If you are looking at this file and has no idea what is going on, it might help to review
the previous entry in this series at [RPubs](http://rpubs.com/alexcpsec/tiq-test-Summer2014-2)
Please review our [github repository page](https://github.com/mlsecproject/tiq-test),
report bugs and suggest features!
Adding the TIQ-TEST functions
```{r, message=FALSE}
## Some limitations from not being an R package: Setting the Working directory
tiqtest.dir = file.path("..", "tiq-test")
current.dir = setwd(tiqtest.dir)
source("tiq-test.R")
## Setting the root data path to where it should be in this repo
.tiq.data.setRootPath(file.path(current.dir, "data"))
```
## Acessing the data using TIQ-TEST
We have roughly a month of data available on this public dataset, and this is still
the same dataset as the Summer 2014 presentations:
```{r, message=FALSE}
tiq.data.getAvailableDates("raw", "public_outbound")
```
## Aging Test
The aging test will try to identify how long a specific indicator has lived in a
threat feed. As with other tests, like the population and novelty, you are able
to measure this information on aggregate of all your subgroups or separately.
Here is it run against the whole dataset on the Outbound indicators, as they are
separated out on subgroups:
```{r, fig.height=10, fig.width=12, fig.align='center'}
outbound.aging = tiq.test.agingTest("public_outbound", "20140615", "20140715")
tiq.test.plotAgingTest(outbound.aging)
```
You can also look at it as whole thing, as to evaluate the aging of your whole
TI repository:
```{r, fig.height=10, fig.width=12, fig.align='center'}
outbound.full.aging = tiq.test.agingTest("public_outbound", "20140615", "20140715",
split.ti=FALSE)
tiq.test.plotAgingTest(outbound.full.aging)
```
Here is it run against the whole dataset on the Inbound indicators. It is interesting
to observe how they have different distributions because of the different ways of collecting
the data:
```{r, fig.height=10, fig.width=12, fig.align='center'}
inbound.aging = tiq.test.agingTest("public_inbound", "20140615", "20140715")
tiq.test.plotAgingTest(inbound.aging)
```
That's all for now, folks! Feel free to suggest new tests and experiments!