|
import os |
|
import sys |
|
import csv |
|
import json |
|
from collections import defaultdict |
|
import networkx as nx |
|
from datetime import datetime |
|
import logging |
|
|
|
|
|
def col2idx(cols): |
|
result = dict() |
|
for i, col in enumerate(cols): |
|
result[col] = i |
|
return result |
|
|
|
|
|
def load_alert_param(_alert_param_csv): |
|
"""Load an alert parameter file |
|
:param _alert_param_csv: Alert parameter CSV file |
|
:return: dict of line number of the parameter file and parameter set as dict |
|
""" |
|
with open(_alert_param_csv, "r") as _rf: |
|
reader = csv.reader(_rf) |
|
header = next(reader) |
|
name2idx = col2idx(header) |
|
count_idx = name2idx["count"] |
|
type_idx = name2idx["type"] |
|
schedule_idx = name2idx["schedule_id"] |
|
min_acct_idx = name2idx["min_accounts"] |
|
max_acct_idx = name2idx["max_accounts"] |
|
min_amt_idx = name2idx["min_amount"] |
|
max_amt_idx = name2idx["max_amount"] |
|
min_period_idx = name2idx["min_period"] |
|
max_period_idx = name2idx["max_period"] |
|
bank_idx = name2idx["bank_id"] |
|
sar_idx = name2idx["is_sar"] |
|
|
|
param_data = dict() |
|
line_num = 2 |
|
for row in reader: |
|
count = int(row[count_idx]) |
|
alert_type = row[type_idx] |
|
is_ordered = int(row[schedule_idx]) > 0 |
|
accounts = (int(row[min_acct_idx]), int(row[max_acct_idx])) |
|
amount = (float(row[min_amt_idx]), float(row[max_amt_idx])) |
|
period = (int(row[min_period_idx]), int(row[max_period_idx])) |
|
is_multiple_banks = row[bank_idx] == "" |
|
is_sar = row[sar_idx].lower() == "true" |
|
params = {"count": count, "type": alert_type, "ordered": is_ordered, |
|
"accounts": accounts, "amount": amount, "period": period, |
|
"multiple_banks": is_multiple_banks, "sar": is_sar} |
|
param_data[line_num] = params |
|
line_num += 1 |
|
|
|
return param_data |
|
|
|
|
|
def load_alert_tx(_alert_tx_schema, _alert_tx_csv): |
|
"""Load an alert-related transaction CSV file and construct subgraphs |
|
:param _alert_tx_schema: |
|
:param _alert_tx_csv: |
|
:return: dict of alert ID and alert transaction subgraph |
|
""" |
|
alert_idx = None |
|
type_idx = None |
|
orig_idx = None |
|
bene_idx = None |
|
amt_idx = None |
|
date_idx = None |
|
for i, col in enumerate(_alert_tx_schema): |
|
data_type = col.get("dataType") |
|
if data_type == "alert_id": |
|
alert_idx = i |
|
elif data_type == "alert_type": |
|
type_idx = i |
|
elif data_type == "orig_id": |
|
orig_idx = i |
|
elif data_type == "dest_id": |
|
bene_idx = i |
|
elif data_type == "amount": |
|
amt_idx = i |
|
elif data_type == "timestamp": |
|
date_idx = i |
|
|
|
alert_graphs = defaultdict(nx.DiGraph) |
|
with open(_alert_tx_csv, "r") as _rf: |
|
reader = csv.reader(_rf) |
|
next(reader) |
|
for row in reader: |
|
alert_id = row[alert_idx] |
|
alert_type = row[type_idx] |
|
orig_id = row[orig_idx] |
|
bene_id = row[bene_idx] |
|
amount = float(row[amt_idx]) |
|
date_str = row[date_idx].split("T")[0] |
|
date = datetime.strptime(date_str, "%Y-%m-%d") |
|
alert_graphs[alert_id].add_edge(orig_id, bene_id, amount=amount, date=date) |
|
alert_graphs[alert_id].graph["alert_id"] = alert_id |
|
alert_graphs[alert_id].graph["alert_type"] = alert_type |
|
|
|
return alert_graphs |
|
|
|
|
|
def satisfies_params(alert_sub_g, param): |
|
"""Check whether the given alert subgraph satisfies the given parameter |
|
:param alert_sub_g: Alert subgraph |
|
:param param: Alert parameters as dict from a parameter file |
|
:return: If the subgraph satisfies all of the given parameter, return True. |
|
""" |
|
alert_id = alert_sub_g.graph["alert_id"] |
|
num_accounts = alert_sub_g.number_of_nodes() |
|
tx_attrs = [attr for _, _, attr in alert_sub_g.edges(data=True)] |
|
start_date = min([attr["date"] for attr in tx_attrs]) |
|
end_date = max([attr["date"] for attr in tx_attrs]) |
|
period = (end_date - start_date).days + 1 |
|
init_amount = [attr["amount"] for attr in tx_attrs if attr["date"] == start_date][0] |
|
alert_type = param["type"] |
|
|
|
if alert_type == "cycle" and not is_cycle(alert_sub_g): |
|
return False |
|
elif alert_type == "scatter_gather" and not is_scatter_gather(alert_sub_g): |
|
return False |
|
elif alert_type == "gather_scatter" and not is_gather_scatter(alert_sub_g): |
|
return False |
|
|
|
min_acct, max_acct = param["accounts"] |
|
if not min_acct <= num_accounts <= max_acct: |
|
logging.info("Alert %s: The number of accounts %d is not within [%d, %d]" |
|
% (alert_id, num_accounts, min_acct, max_acct)) |
|
return False |
|
|
|
min_amt, max_amt = param["amount"] |
|
if not min_amt <= init_amount <= max_amt: |
|
logging.info("Alert %s: initial amount %f is not within [%f, %f]" % (alert_id, init_amount, min_amt, max_amt)) |
|
return False |
|
|
|
min_period, max_period = param["period"] |
|
if not min_period <= period <= max_period: |
|
logging.info("Alert %s: period %d is not within [%d, %d]" % (alert_id, period, min_period, max_period)) |
|
return False |
|
|
|
return True |
|
|
|
|
|
def is_cycle(alert_sub_g: nx.DiGraph, is_ordered: bool = True): |
|
alert_id = alert_sub_g.graph["alert_id"] |
|
edges = alert_sub_g.edges(data=True) |
|
cycles = list(nx.simple_cycles(alert_sub_g)) |
|
if len(cycles) != 1: |
|
logging.info("Alert %s is not a cycle pattern" % alert_id) |
|
return False |
|
if is_ordered: |
|
edges.sort(key=lambda e: e[2]["date"]) |
|
next_orig = None |
|
next_amt = sys.float_info.max |
|
next_date = datetime.strptime("1970-01-01", "%Y-%m-%d") |
|
for orig, bene, attr in edges: |
|
if next_orig is not None and orig != next_orig: |
|
logging.info("Alert %s is not a cycle pattern" % alert_id) |
|
return False |
|
else: |
|
next_orig = bene |
|
|
|
amount = attr["amount"] |
|
if amount == next_amt: |
|
logging.info("Alert %s cycle transaction amounts are unordered" % alert_id) |
|
return False |
|
else: |
|
next_amt = amount |
|
|
|
date = attr["date"] |
|
if date < next_date: |
|
logging.info("Alert %s cycle transactions are chronologically unordered" % alert_id) |
|
return False |
|
else: |
|
next_date = date |
|
return True |
|
|
|
|
|
def is_scatter_gather(alert_sub_g: nx.DiGraph, is_ordered: bool = True): |
|
alert_id = alert_sub_g.graph["alert_id"] |
|
num_accts = alert_sub_g.number_of_nodes() |
|
num_mid = num_accts - 2 |
|
out_degrees = alert_sub_g.out_degree() |
|
in_degrees = alert_sub_g.in_degree() |
|
orig = None |
|
bene = None |
|
mid_accts = list() |
|
for n, out_d in out_degrees.items(): |
|
in_d = in_degrees[n] |
|
if out_d == num_mid: |
|
orig = n |
|
if in_d != 0: |
|
logging.info("Alert %s is not a scatter-gather pattern: invalid vertex degree %d -> [%s] -> %d" |
|
% (alert_id, in_d, n, out_d)) |
|
return False |
|
elif out_d == 0: |
|
bene = n |
|
if in_d != num_mid: |
|
logging.info("Alert %s is not a scatter-gather pattern: invalid vertex degree %d -> [%s] -> %d" |
|
% (alert_id, in_d, n, out_d)) |
|
return False |
|
elif out_d == 1: |
|
mid_accts.append(n) |
|
if in_d != 1: |
|
logging.info("Alert %s is not a scatter-gather pattern: invalid vertex degree %d -> [%s] -> %d" |
|
% (alert_id, in_d, n, out_d)) |
|
return False |
|
else: |
|
logging.info("Alert %s is not a scatter-gather pattern: invalid vertex degree %d -> [%s] -> %d" |
|
% (alert_id, in_d, n, out_d)) |
|
return False |
|
if len(mid_accts) != num_mid: |
|
logging.info("Not a scatter-gather pattern: " + alert_id) |
|
return False |
|
|
|
if is_ordered: |
|
for mid in mid_accts: |
|
scatter_attr = alert_sub_g.get_edge_data(orig, mid) |
|
gather_attr = alert_sub_g.get_edge_data(mid, bene) |
|
if scatter_attr is None: |
|
logging.info("Alert %s is not a scatter-gather pattern: scatter edge %s -> %s not found" |
|
% (alert_id, orig, mid)) |
|
return False |
|
elif gather_attr is None: |
|
logging.info("Alert %s is not a scatter-gather pattern: gather edge %s -> %s not found" |
|
% (alert_id, mid, bene)) |
|
|
|
scatter_date = scatter_attr["date"] |
|
gather_date = gather_attr["date"] |
|
if scatter_date > gather_date: |
|
logging.info("Alert %s scatter-gather transactions are chronologically unordered" % alert_id) |
|
return False |
|
scatter_amount = scatter_attr["amount"] |
|
gather_amount = gather_attr["amount"] |
|
if scatter_amount <= gather_amount: |
|
logging.info("Alert %s scatter-gather transaction amounts are unordered" % alert_id) |
|
return False |
|
|
|
return True |
|
|
|
|
|
def is_gather_scatter(alert_sub_g: nx.DiGraph, is_ordered: bool = True): |
|
alert_id = alert_sub_g.graph["alert_id"] |
|
num_accts = alert_sub_g.number_of_nodes() |
|
out_degrees = alert_sub_g.out_degree() |
|
in_degrees = alert_sub_g.in_degree() |
|
|
|
orig_accts = [n for n, d in out_degrees.items() if d == 1 and in_degrees[n] == 0] |
|
bene_accts = [n for n, d in in_degrees.items() if d == 1 and out_degrees[n] == 0] |
|
num_orig = len(orig_accts) |
|
num_bene = len(bene_accts) |
|
hub_accts = [n for n, d in out_degrees.items() if d == num_bene and in_degrees[n] == num_orig] |
|
if len(hub_accts) != 1 or (num_orig + num_bene + 1) != num_accts: |
|
logging.info("Alert %s is not a gather-scatter pattern" % alert_id) |
|
return False |
|
|
|
hub = hub_accts[0] |
|
last_gather_date = datetime.strptime("1970-01-01", "%Y-%m-%d") |
|
total_gather_amount = 0.0 |
|
for orig in orig_accts: |
|
attr = alert_sub_g.get_edge_data(orig, hub) |
|
if attr is None: |
|
logging.info("Alert %s is not a gather-scatter pattern: gather edge %s -> %s not found" |
|
% (alert_id, orig, hub)) |
|
return False |
|
date = attr["date"] |
|
amount = attr["amount"] |
|
last_gather_date = max(last_gather_date, date) |
|
total_gather_amount += amount |
|
|
|
if is_ordered: |
|
max_scatter_amount = total_gather_amount / num_bene |
|
for bene in bene_accts: |
|
attr = alert_sub_g.get_edge_data(hub, bene) |
|
if attr is None: |
|
return False |
|
date = attr["date"] |
|
amount = attr["amount"] |
|
if date < last_gather_date: |
|
logging.info("Alert %s gather-scatter transactions are chronologically unordered " % alert_id) |
|
return False |
|
elif max_scatter_amount <= amount: |
|
logging.info("Alert %s gather-scatter transaction amounts are unordered" % alert_id) |
|
return False |
|
|
|
return True |
|
|
|
|
|
class AlertValidator: |
|
|
|
def __init__(self, conf_json, sim_name=None): |
|
with open(conf_json, "r") as rf: |
|
self.conf = json.load(rf) |
|
|
|
self.sim_name = sim_name if sim_name is not None else self.conf["general"]["simulation_name"] |
|
self.input_dir = self.conf["input"]["directory"] |
|
self.output_dir = os.path.join(self.conf["output"]["directory"], self.sim_name) |
|
schema_json = self.conf["input"]["schema"] |
|
schema_path = os.path.join(self.input_dir, schema_json) |
|
with open(schema_path, "r") as rf: |
|
self.schema = json.load(rf) |
|
|
|
log_file = os.path.join(self.output_dir, "alert_validations.log") |
|
logging.basicConfig(filename=log_file, filemode="w", level=logging.INFO) |
|
|
|
|
|
self.alert_param_file = self.conf["input"]["alert_patterns"] |
|
alert_param_path = os.path.join(self.input_dir, self.alert_param_file) |
|
schema_file = self.conf["input"]["schema"] |
|
schema_path = os.path.join(self.input_dir, schema_file) |
|
self.alert_params = load_alert_param(alert_param_path) |
|
|
|
|
|
alert_tx_file = self.conf["output"]["alert_transactions"] |
|
alert_tx_path = os.path.join(self.output_dir, alert_tx_file) |
|
with open(schema_path, "r") as _rf: |
|
schema = json.load(_rf) |
|
self.alert_graphs = load_alert_tx(schema["alert_tx"], alert_tx_path) |
|
|
|
def validate_single(self, alert_id): |
|
if alert_id not in self.alert_graphs: |
|
raise KeyError("No such alert ID: " + alert_id) |
|
sub_g = self.alert_graphs[alert_id] |
|
alert_type = sub_g.graph["alert_type"] |
|
for line_num, param in self.alert_params.items(): |
|
if param["type"] != alert_type: |
|
continue |
|
if satisfies_params(sub_g, param): |
|
logging.info("The alert %s subgraph matches the parameter %s:%d, data %s" % |
|
(alert_id, self.alert_param_file, line_num, str(param))) |
|
return True |
|
else: |
|
logging.warning("The alert subgraph (ID:%s, Type:%s) does not match any parameter sets" |
|
% (alert_id, alert_type)) |
|
return False |
|
|
|
def validate_all(self): |
|
num_alerts = len(self.alert_graphs) |
|
num_matched = 0 |
|
for alert_id in self.alert_graphs.keys(): |
|
if self.validate_single(alert_id): |
|
num_matched += 1 |
|
num_unmatched = num_alerts - num_matched |
|
print("Total number of alerts: %d, matched: %d, unmatched: %d" % (num_alerts, num_matched, num_unmatched)) |
|
|
|
|
|
if __name__ == "__main__": |
|
argv = sys.argv |
|
if len(argv) < 2: |
|
print("Usage: python3 %s [ConfJson] [SimName]" % argv[0]) |
|
exit(1) |
|
|
|
_conf_json = argv[1] |
|
_sim_name = argv[2] if len(argv) >= 3 else None |
|
av = AlertValidator(_conf_json, _sim_name) |
|
av.validate_all() |
|
|
