function Production.TrendAnalysis()

in ransomware/artifact.lua [3782:3870]

• 64 lines of code
• 11 McCabe index (conditional complexity)

function Production.TrendAnalysis(processData)
    
    local numRenames = 0
    local numRenameExtensions = 0
    local numRenamePreviousExtensions = 0

    for _, v in pairs(processData.renameExtensions) do
        numRenameExtensions = numRenameExtensions + 1
        numRenames = numRenames + #v
    end

    for _, _ in pairs(processData.renamePreviousExtensions) do
        numRenamePreviousExtensions = numRenamePreviousExtensions + 1
    end

    if 20 < numRenames and 0 < numRenameExtensions then
        local renameExtensionRatio = numRenamePreviousExtensions / numRenameExtensions
        utils.DebugLog('numRenames : ' .. numRenames .. ' | numRenameExtensions: ' .. numRenameExtensions ..
                           ' | numRenamePreviousExtensions: ' .. numRenamePreviousExtensions)

        if 2.0 < renameExtensionRatio then
            utils.DebugLog('Previous to Current Ratio > 2.0: ' .. renameExtensionRatio)
            
            utils.DebugLog('TREND_SCORE_CHANGE: TREND_SCORE_RENAME_EXTENSION_RATIO: ' ..
                               (globals.config.TREND_SCORE_RENAME_EXTENSION_RATIO['score'] * renameExtensionRatio))
            processData.trendScore = processData.trendScore +
                                         (globals.config.TREND_SCORE_RENAME_EXTENSION_RATIO['score'] *
                                             renameExtensionRatio)
            utils.DebugLog('TREND_SCORE_CHANGE: TREND_SCORE_NUM_RENAMES: ' ..
                               (globals.config.TREND_SCORE_NUM_RENAMES['score'] * numRenames))
            processData.trendScore = processData.trendScore +
                                         (globals.config.TREND_SCORE_NUM_RENAMES['score'] * numRenames)
        end

        if 1 == numRenamePreviousExtensions and 3 < numRenameExtensions then
            
            renameExtensionRatio = (numRenameExtensions / numRenamePreviousExtensions) *
                                       globals.config.TREND_SCORE_SINGLE_PREV_RENAME_EXTENSION['score']
            processData.trendScore = processData.trendScore + renameExtensionRatio
            utils.DebugLog('TREND_SCORE_CHANGE: TREND_SCORE_SINGLE_PREV_RENAME_EXTENSION: ' .. renameExtensionRatio)
        end
    end

    

    
    
    

    
    local numCreates = 0
    local numCreateExtensions = 0

    for _, v in pairs(processData.createExtensions) do
        numCreateExtensions = numCreateExtensions + 1
        numCreates = numCreates + #v
    end

    local numDeletes = 0
    local numDeleteExtensions = 0

    for _, v in pairs(processData.deleteExtensions) do
        numDeleteExtensions = numDeleteExtensions + 1
        numDeletes = numDeletes + #v
    end

    local deleteCreateRatio = 0

    if 0 < numCreateExtensions then
        deleteCreateRatio = numDeleteExtensions / numCreateExtensions
        utils.DebugLog('deleteCreateRatio: ' .. deleteCreateRatio)

        if 1.0 <= deleteCreateRatio then
            
            processData.trendScore = processData.trendScore +
                                         (deleteCreateRatio * globals.config.TREND_SCORE_DELETE_CREATE_RATIO['score'])
            utils.DebugLog('TREND_SCORE_CHANGE: TREND_SCORE_DELETE_CREATE_RATIO: ' ..
                               (deleteCreateRatio * globals.config.TREND_SCORE_DELETE_CREATE_RATIO['score']))

            if numCreates > numDeletes then
                processData.trendScore = processData.trendScore +
                                             globals.config.TREND_SCORE_MORE_CREATES_THAN_DELETES['score']
                utils.DebugLog('TREND_SCORE_CHANGE: TREND_SCORE_MORE_CREATES_THAN_DELETES: ' ..
                                   globals.config.TREND_SCORE_MORE_CREATES_THAN_DELETES['score'])
            end
        end

    end
end