anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(clustering): roll session digraph SimHashes into identity centroid

Browse Source 
The identity clusterer folds an identity's per-session
motor.digraph_simhash observations into one 8-byte bitwise-majority
centroid (denoises per-session jitter) and writes it to
AttackerIdentity.kd_digraph_simhash via update_identity_fingerprints —
the orphaned column is now populated. list_identities_for_clustering
projects it so the campaign clusterer can read it.

Extends the repo abstract + DummyRepo stub/coverage.
This commit is contained in:
anti
2026-06-16 17:05:34 -04:00
parent 66c73ce59d
commit 869d1eabb7
7 changed files with 150 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
decnet/web/db/sqlmodel_repo/campaigns.py
View File

@@ -105,6 +105,7 @@ class CampaignsMixin(_MixinBase):
AttackerIdentity.hassh_hashes,
AttackerIdentity.payload_simhashes,
AttackerIdentity.c2_endpoints,
AttackerIdentity.kd_digraph_simhash,
).order_by(AttackerIdentity.created_at)
if limit is not None:
statement = statement.limit(limit)
@@ -129,6 +130,7 @@ class CampaignsMixin(_MixinBase):
"hassh_hashes": row.hassh_hashes,
"payload_simhashes": row.payload_simhashes,
"c2_endpoints": row.c2_endpoints,
"kd_digraph_simhash": row.kd_digraph_simhash,
}
for row in result.all()
]