PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
std_dev_calc.h
Go to the documentation of this file.
1#pragma once
2
3#include <windows.h>
4#include <iostream>
5#include <map>
6
7namespace pesieve {
8 namespace stats {
9
10 class StdDeviationCalc
11 {
12 public:
13 StdDeviationCalc(const std::map<BYTE, size_t>& _population, size_t _max)
14 : mean(0), population(_population)
15 {
16 max = _max;
17 mean = calcMean();
18 }
19
20 double getSum() { return sum; }
21
22 double getMean() { return mean; }
23
24 double calcSampleVariance()
25 {
26 if (max == 0) return 0;
27 return _calcVariance(max - 1);
28 }
29
30 double calcPopulationVariance()
31 {
32 return _calcVariance(max);
33 }
34
35 double calcSampleStandardDeviation()
36 {
37 return sqrt(calcSampleVariance());
38 }
39
40 double calcPopulationStandardDeviation()
41 {
42 return sqrt(calcPopulationVariance());
43 }
44
45 void printAll()
46 {
47 std::cout << "Counts Sum:\t\t\t: " << calcSum() << "\n";
48 std::cout << "Total Numbers\t\t\t: " << max << "\n";
49 std::cout << "Mean\t\t\t\t: " << mean << "\n";
50 std::cout << "Population Variance\t\t: " << calcPopulationVariance() << "\n";
51 std::cout << "Sample variance\t\t\t: " << calcSampleVariance() << "\n";
52 std::cout << "Population Standard Deviation\t: " << calcPopulationStandardDeviation() << "\n";
53 std::cout << "Sample Standard Deviation\t: " << calcSampleStandardDeviation() << "\n";
54 }
55
56 private:
57
58 double _calcVariance(ULONG _max)
59 {
60 if (_max == 0) return 0;
61
62 double temp = 0;
63 for (auto itr = population.begin(); itr != population.end(); ++itr)
64 {
65 const double val = itr->second;
66 temp += (val - mean) * (val - mean);
67 }
68 return temp / _max;
69 }
70
71 double calcSum()
72 {
73 double sum = 0;
74 for (auto itr = population.begin(); itr != population.end(); ++itr) {
75 const double val = itr->second;
76 sum += val;
77 }
78 return sum;
79 }
80
81 double calcMean()
82 {
83 if (max == 0) return 0;
84
85 double sum = calcSum();
86 return (sum / max);
87 }
88
89 size_t max;
90 const std::map<BYTE, size_t>& population;
91 double mean;
92 double sum;
93
94 }; // namespace stats
95 }; // namespace pesieve
96};
pesieve::stats::StdDeviationCalc::StdDeviationCalc
StdDeviationCalc(const std::map< BYTE, size_t > &_population, size_t _max)
Definition std_dev_calc.h:13
Generated by doxygen 1.12.0