notebook.community

Edit and run

Using PyMongo

Aaron Gonzales 2015-03-24

We are storing all of the features in a mongo database on Andres' machine. This is a simple notebook that shows you how to use that database to query for your features.

In each cell, you'll see a series of python commands. I recommend that you use ipython notebook or something similar to develop your stuff and then port it into a portable module. Please keep everything backed up on the repo.

First up, ensure you have pymongo installed on your machine and mongo version 3.0 or newer as well.

one of the following will take care of pymongo, depending on if you are using python3 or not (YOU SHOULD BE USING PYTHON3).

sudo python3 -m pip install pymongo sudo pip install pymongo





In [1]:



    


# imports pymongo
import pymongo as pm

The following cell authenticates to the db and obtains the 'samples' collection. A collection is roughly analogous to a table in a SQL database. The 'samples' collection will be our main collection.





In [2]:



    


db_address = "afruizc-office.cs.unm.edu"
username = 'populator'
password = 'malware_challenge'

mg = pm.MongoClient(db_address)
if not mg.malware.authenticate(username, password):
    sys.stderr.write("Authentication error. Terminating...")
    sys.stderr.flush()
    
# Obtain the collection
samples = mg.malware.samples

Hurray! you have your first socket to the database set up. After that, you should run





In [4]:



    


samples.find_one()



    


















    
Out[4]:








{'_id': ObjectId('550b6cfa4d384e40eb9adc34'), 'test': 'test'}
Each document in a mongo database will have an _id key and assigned objectId to it. This is a hash on which mongo builds its initial index and we don't need to worry about it. Everything in mongo is stored as a 'key': 'value' sequence, and documents can have an arbitrary number and depths of kev:value mappings. In our case, each malware sample has a document in the 'samples' collection, and can be queried as such: 




In [9]:



    


for post in samples.find({'class':'5'}):
    print(post['id'] + ',' + post['class'])



    


















    






0qjuDC7Rhx9rHkLlItAp,5
1IpWLz6eyhVxDAfQMKEd,5
1KB3Z7gd5aN4Xmx8W0sf,5
2aHfrLhcPTj5GnFZXUCN,5
2pwjzv6eGEb8QmHPfxSc,5
2qAtoGOuMQZdmH3y7bEY,5
3m8kb5ILPrHcMC1o9Nht,5
3zZpqyclD9B2v5Qas18m,5
40KRbGeQZ8PwcUgt5joa,5
4UTMdcZkxzLvwygO8EuK,5
5tMCNKDogQ2x7zwUbpcZ,5
7cyYPthi5KmvXEs2NkRj,5
8wm2jYBqV30okUMfuDCd,5
AeCXyFRcU2SsgvVTpMzi,5
asKPnzUXjShMc0Tl6Wge,5
b59dlNEacoYUAyeR4Ipq,5
B6dzEY3kKIn8me9McfGg,5
bGPHZFpAL3N957064wzj,5
BKXtxeYlLsprabEWIQhn,5
cIojVJGQOtrL0S1ApeDY,5
CRrAOvzk452LVZIGMWsq,5
cYb4XuNSqOA9IFLHseG1,5
DEyOUKzN2g8suv96eYoC,5
Dj3FqX9IAHco2tG1UOZS,5
dKcE7Q1zuFViSaDRUtxY,5
e2r6IncxE1LQOKFGgphj,5
EB0d2fJGLHam1tQCUDWu,5
ei0C84XpoqcAS6v5ZExI,5
epLciPaHrTu1gl4CW7Uf,5
F6nOrb9ipd0SskWuJjUw,5
FdiEeV3N8WtUSXjmcrxo,5
Fnda3PuqJT6Ep5vjOWCk,5
FsirpP0oDwXeAzC2KndG,5
fyH8oWql4rg7tEJSLpIB,5
gB105vrJPbcGCtuj7p4a,5
GbTUXFYkMoafQSe1zN94,5
GkMBlvTidr5oyYOVJCwc,5
Hc5LqZVK2yzlsb8BEfdO,5
hrguW0CqMt2mJdfvX8IB,5
hZiVAw5nREjHU1qodatK,5
i8WIr0dtVHSGMmwFlcUY,5
idjesBrKybwkzPXMalUL,5

to create a list of samples, you can use the following idiom (list comprehension)





In [13]:



    


names = [post['id'] for post in samples.find({'class':'5'})]



    











In [16]:



    


names



    


















    
Out[16]:








['0qjuDC7Rhx9rHkLlItAp',
 '1IpWLz6eyhVxDAfQMKEd',
 '1KB3Z7gd5aN4Xmx8W0sf',
 '2aHfrLhcPTj5GnFZXUCN',
 '2pwjzv6eGEb8QmHPfxSc',
 '2qAtoGOuMQZdmH3y7bEY',
 '3m8kb5ILPrHcMC1o9Nht',
 '3zZpqyclD9B2v5Qas18m',
 '40KRbGeQZ8PwcUgt5joa',
 '4UTMdcZkxzLvwygO8EuK',
 '5tMCNKDogQ2x7zwUbpcZ',
 '7cyYPthi5KmvXEs2NkRj',
 '8wm2jYBqV30okUMfuDCd',
 'AeCXyFRcU2SsgvVTpMzi',
 'asKPnzUXjShMc0Tl6Wge',
 'b59dlNEacoYUAyeR4Ipq',
 'B6dzEY3kKIn8me9McfGg',
 'bGPHZFpAL3N957064wzj',
 'BKXtxeYlLsprabEWIQhn',
 'cIojVJGQOtrL0S1ApeDY',
 'CRrAOvzk452LVZIGMWsq',
 'cYb4XuNSqOA9IFLHseG1',
 'DEyOUKzN2g8suv96eYoC',
 'Dj3FqX9IAHco2tG1UOZS',
 'dKcE7Q1zuFViSaDRUtxY',
 'e2r6IncxE1LQOKFGgphj',
 'EB0d2fJGLHam1tQCUDWu',
 'ei0C84XpoqcAS6v5ZExI',
 'epLciPaHrTu1gl4CW7Uf',
 'F6nOrb9ipd0SskWuJjUw',
 'FdiEeV3N8WtUSXjmcrxo',
 'Fnda3PuqJT6Ep5vjOWCk',
 'FsirpP0oDwXeAzC2KndG',
 'fyH8oWql4rg7tEJSLpIB',
 'gB105vrJPbcGCtuj7p4a',
 'GbTUXFYkMoafQSe1zN94',
 'GkMBlvTidr5oyYOVJCwc',
 'Hc5LqZVK2yzlsb8BEfdO',
 'hrguW0CqMt2mJdfvX8IB',
 'hZiVAw5nREjHU1qodatK',
 'i8WIr0dtVHSGMmwFlcUY',
 'idjesBrKybwkzPXMalUL']

Just make sure that when you insert a field into a document, you have to reference the doument's name to do so.





In [51]:



    


k_counts = []
for name in names:
    count = 0
    for i, c in enumerate(list(name)):
        if c == 'k':
            count += 1
    k_counts.append(count)



    











In [58]:



    


[line for line in zip(names, k_counts)]



    


















    
Out[58]:








[('0qjuDC7Rhx9rHkLlItAp', 1),
 ('1IpWLz6eyhVxDAfQMKEd', 0),
 ('1KB3Z7gd5aN4Xmx8W0sf', 0),
 ('2aHfrLhcPTj5GnFZXUCN', 0),
 ('2pwjzv6eGEb8QmHPfxSc', 0),
 ('2qAtoGOuMQZdmH3y7bEY', 0),
 ('3m8kb5ILPrHcMC1o9Nht', 1),
 ('3zZpqyclD9B2v5Qas18m', 0),
 ('40KRbGeQZ8PwcUgt5joa', 0),
 ('4UTMdcZkxzLvwygO8EuK', 1),
 ('5tMCNKDogQ2x7zwUbpcZ', 0),
 ('7cyYPthi5KmvXEs2NkRj', 1),
 ('8wm2jYBqV30okUMfuDCd', 1),
 ('AeCXyFRcU2SsgvVTpMzi', 0),
 ('asKPnzUXjShMc0Tl6Wge', 0),
 ('b59dlNEacoYUAyeR4Ipq', 0),
 ('B6dzEY3kKIn8me9McfGg', 1),
 ('bGPHZFpAL3N957064wzj', 0),
 ('BKXtxeYlLsprabEWIQhn', 0),
 ('cIojVJGQOtrL0S1ApeDY', 0),
 ('CRrAOvzk452LVZIGMWsq', 1),
 ('cYb4XuNSqOA9IFLHseG1', 0),
 ('DEyOUKzN2g8suv96eYoC', 0),
 ('Dj3FqX9IAHco2tG1UOZS', 0),
 ('dKcE7Q1zuFViSaDRUtxY', 0),
 ('e2r6IncxE1LQOKFGgphj', 0),
 ('EB0d2fJGLHam1tQCUDWu', 0),
 ('ei0C84XpoqcAS6v5ZExI', 0),
 ('epLciPaHrTu1gl4CW7Uf', 0),
 ('F6nOrb9ipd0SskWuJjUw', 1),
 ('FdiEeV3N8WtUSXjmcrxo', 0),
 ('Fnda3PuqJT6Ep5vjOWCk', 1),
 ('FsirpP0oDwXeAzC2KndG', 0),
 ('fyH8oWql4rg7tEJSLpIB', 0),
 ('gB105vrJPbcGCtuj7p4a', 0),
 ('GbTUXFYkMoafQSe1zN94', 1),
 ('GkMBlvTidr5oyYOVJCwc', 1),
 ('Hc5LqZVK2yzlsb8BEfdO', 0),
 ('hrguW0CqMt2mJdfvX8IB', 0),
 ('hZiVAw5nREjHU1qodatK', 0),
 ('i8WIr0dtVHSGMmwFlcUY', 0),
 ('idjesBrKybwkzPXMalUL', 1)]

now let's put these back in the database:





In [60]:



    


for name, kcount in zip(names, k_counts):
    samples.update({'id': name},
                   {"$set": {"k_count": kcount}})

now let's print those out again and see our handiwork:





In [61]:



    


tmp = [post for post in samples.find({'class':'5'})]



    











In [62]:



    


tmp



    


















    
Out[62]:








[{'_id': ObjectId('5510eb98c3ed805e80502a27'),
  'class': '5',
  'id': '0qjuDC7Rhx9rHkLlItAp',
  'k_count': 1},
 {'_id': ObjectId('5510eb98c3ed805e80502a28'),
  'class': '5',
  'id': '1IpWLz6eyhVxDAfQMKEd',
  'k_count': 0},
 {'_id': ObjectId('5510eb98c3ed805e80502a29'),
  'class': '5',
  'id': '1KB3Z7gd5aN4Xmx8W0sf',
  'k_count': 0},
 {'_id': ObjectId('5510eb98c3ed805e80502a2a'),
  'class': '5',
  'id': '2aHfrLhcPTj5GnFZXUCN',
  'k_count': 0},
 {'_id': ObjectId('5510eb98c3ed805e80502a2b'),
  'class': '5',
  'id': '2pwjzv6eGEb8QmHPfxSc',
  'k_count': 0},
 {'_id': ObjectId('5510eb98c3ed805e80502a2c'),
  'class': '5',
  'id': '2qAtoGOuMQZdmH3y7bEY',
  'k_count': 0},
 {'_id': ObjectId('5510eb98c3ed805e80502a2d'),
  'class': '5',
  'id': '3m8kb5ILPrHcMC1o9Nht',
  'k_count': 1},
 {'_id': ObjectId('5510eb98c3ed805e80502a2e'),
  'class': '5',
  'id': '3zZpqyclD9B2v5Qas18m',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a2f'),
  'class': '5',
  'id': '40KRbGeQZ8PwcUgt5joa',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a30'),
  'class': '5',
  'id': '4UTMdcZkxzLvwygO8EuK',
  'k_count': 1},
 {'_id': ObjectId('5510eb99c3ed805e80502a31'),
  'class': '5',
  'id': '5tMCNKDogQ2x7zwUbpcZ',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a32'),
  'class': '5',
  'id': '7cyYPthi5KmvXEs2NkRj',
  'k_count': 1},
 {'_id': ObjectId('5510eb99c3ed805e80502a33'),
  'class': '5',
  'id': '8wm2jYBqV30okUMfuDCd',
  'k_count': 1},
 {'_id': ObjectId('5510eb99c3ed805e80502a34'),
  'class': '5',
  'id': 'AeCXyFRcU2SsgvVTpMzi',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a35'),
  'class': '5',
  'id': 'asKPnzUXjShMc0Tl6Wge',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a36'),
  'class': '5',
  'id': 'b59dlNEacoYUAyeR4Ipq',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a37'),
  'class': '5',
  'id': 'B6dzEY3kKIn8me9McfGg',
  'k_count': 1},
 {'_id': ObjectId('5510eb99c3ed805e80502a38'),
  'class': '5',
  'id': 'bGPHZFpAL3N957064wzj',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a39'),
  'class': '5',
  'id': 'BKXtxeYlLsprabEWIQhn',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a3a'),
  'class': '5',
  'id': 'cIojVJGQOtrL0S1ApeDY',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a3b'),
  'class': '5',
  'id': 'CRrAOvzk452LVZIGMWsq',
  'k_count': 1},
 {'_id': ObjectId('5510eb99c3ed805e80502a3c'),
  'class': '5',
  'id': 'cYb4XuNSqOA9IFLHseG1',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a3d'),
  'class': '5',
  'id': 'DEyOUKzN2g8suv96eYoC',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a3e'),
  'class': '5',
  'id': 'Dj3FqX9IAHco2tG1UOZS',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a3f'),
  'class': '5',
  'id': 'dKcE7Q1zuFViSaDRUtxY',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a40'),
  'class': '5',
  'id': 'e2r6IncxE1LQOKFGgphj',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a41'),
  'class': '5',
  'id': 'EB0d2fJGLHam1tQCUDWu',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a42'),
  'class': '5',
  'id': 'ei0C84XpoqcAS6v5ZExI',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a43'),
  'class': '5',
  'id': 'epLciPaHrTu1gl4CW7Uf',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a44'),
  'class': '5',
  'id': 'F6nOrb9ipd0SskWuJjUw',
  'k_count': 1},
 {'_id': ObjectId('5510eb99c3ed805e80502a45'),
  'class': '5',
  'id': 'FdiEeV3N8WtUSXjmcrxo',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a46'),
  'class': '5',
  'id': 'Fnda3PuqJT6Ep5vjOWCk',
  'k_count': 1},
 {'_id': ObjectId('5510eb99c3ed805e80502a47'),
  'class': '5',
  'id': 'FsirpP0oDwXeAzC2KndG',
  'k_count': 0},
 {'_id': ObjectId('5510eb99c3ed805e80502a48'),
  'class': '5',
  'id': 'fyH8oWql4rg7tEJSLpIB',
  'k_count': 0},
 {'_id': ObjectId('5510eb9ac3ed805e80502a49'),
  'class': '5',
  'id': 'gB105vrJPbcGCtuj7p4a',
  'k_count': 0},
 {'_id': ObjectId('5510eb9ac3ed805e80502a4a'),
  'class': '5',
  'id': 'GbTUXFYkMoafQSe1zN94',
  'k_count': 1},
 {'_id': ObjectId('5510eb9ac3ed805e80502a4b'),
  'class': '5',
  'id': 'GkMBlvTidr5oyYOVJCwc',
  'k_count': 1},
 {'_id': ObjectId('5510eb9ac3ed805e80502a4c'),
  'class': '5',
  'id': 'Hc5LqZVK2yzlsb8BEfdO',
  'k_count': 0},
 {'_id': ObjectId('5510eb9ac3ed805e80502a4d'),
  'class': '5',
  'id': 'hrguW0CqMt2mJdfvX8IB',
  'k_count': 0},
 {'_id': ObjectId('5510eb9ac3ed805e80502a4e'),
  'class': '5',
  'id': 'hZiVAw5nREjHU1qodatK',
  'k_count': 0},
 {'_id': ObjectId('5510eb9ac3ed805e80502a4f'),
  'class': '5',
  'id': 'i8WIr0dtVHSGMmwFlcUY',
  'k_count': 0},
 {'_id': ObjectId('5510eb9ac3ed805e80502a50'),
  'class': '5',
  'id': 'idjesBrKybwkzPXMalUL',
  'k_count': 1}]

Have fun! let me know if you need help or anything. If you want to run these commands for yourself, please be sure to run the following to clear out the 'k_counts' field from the database. If you need more references, please consult this post or the pymongo tutorial.





In [70]:



    


for name in names:
    samples.update({ 'id': name },
                   { "$unset" : { 'k_count' : 1 } })



    











In [ ]:

Content source: afruizc/microsoft_malware_challenge

Similar notebooks:

notebook.community | gallery | about