Introduce anomaly detection pipeline with tuned clustering

Author: JohT

domains/anomaly-detection/AnomalyDetectionFeatures.cypher

@@ -0,0 +1,24 @@
+// Query code unit nodes with their anomaly detection
+
+   MATCH (codeUnit)
+   WHERE $projection_node_label IN labels(codeUnit)
+     AND codeUnit[$community_property]                        IS NOT NULL
+     AND codeUnit.clusteringHDBSCANLabel                      IS NOT NULL
+     AND codeUnit.clusteringHDBSCANProbability                IS NOT NULL
+     AND codeUnit.embeddingFastRandomProjectionVisualizationX IS NOT NULL
+     AND codeUnit.embeddingFastRandomProjectionVisualizationY IS NOT NULL
+OPTIONAL MATCH (artifact:Java:Artifact)-[:CONTAINS]->(codeUnit)
+    WITH *, artifact.name AS artifactName
+OPTIONAL MATCH (projectRoot:Directory)<-[:HAS_ROOT]-(proj:TS:Project)-[:CONTAINS]->(codeUnit)
+    WITH *, last(split(projectRoot.absoluteFileName, '/')) AS projectName   
+  RETURN DISTINCT 
+         coalesce(codeUnit.fqn, codeUnit.globalFqn, codeUnit.fileName, codeUnit.signature, codeUnit.name) AS codeUnitName
+        ,codeUnit.name                                        AS shortCodeUnitName
+        ,elementId(codeUnit)                                  AS nodeElementId
+        ,coalesce(artifactName, projectName)                  AS projectName
+        ,codeUnit[$community_property]                        AS communityId
+        ,codeUnit.clusteringHDBSCANLabel                      AS clusteringLabel
+        ,codeUnit.clusteringHDBSCANProbability                AS clusteringProbability
+        ,codeUnit.embeddingFastRandomProjectionVisualizationX AS visualizationX
+        ,codeUnit.embeddingFastRandomProjectionVisualizationY AS visualizationY
+        ,coalesce(codeUnit.centralityPageRank, 0.00001)       AS centrality

domains/anomaly-detection/Set_Parameters_Manual.cypher

@@ -0,0 +1,8 @@
+// Example on how to set the parameters for anomaly detection
+
+:params {
+    "projection_name": "package-anomaly-detection",     
+    "projection_node_label": "Package",
+    "projection_weight_property": "weight25PercentInterfaces",
+    "community_property": "communityLeidenIdTuned",
+}

domains/anomaly-detection/anomalyDetectionPipeline.sh

@@ -0,0 +1,128 @@
+#!/usr/bin/env bash
+
+# Pipeline that coordinates anomaly detection using the Graph Data Science Library of Neo4j.
+# It requires an already running Neo4j graph database with already scanned and analyzed artifacts.
+# The results will be written into the sub directory reports/anomaly-detection.
+
+# Note that "scripts/prepareAnalysis.sh" is required to run prior to this script.
+
+# Requires executeQueryFunctions.sh, projectionFunctions.sh, cleanupAfterReportGeneration.sh
+
+# Fail on any error ("-e" = exit on first error, "-o pipefail" exist on errors within piped commands)
+set -o errexit -o pipefail
+
+# Overrideable Constants (defaults also defined in sub scripts)
+REPORTS_DIRECTORY=${REPORTS_DIRECTORY:-"reports"}
+
+## Get this "scripts/reports" directory if not already set
+# Even if $BASH_SOURCE is made for Bourne-like shells it is also supported by others and therefore here the preferred solution.
+# CDPATH reduces the scope of the cd command to potentially prevent unintended directory changes.
+# This way non-standard tools like readlink aren't needed.
+ANOMALY_DETECTION_SCRIPT_DIR=${ANOMALY_DETECTION_SCRIPT_DIR:-$(CDPATH=. cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)}
+echo "anomalyDetectionPipeline: ANOMALY_DETECTION_SCRIPT_DIR=${ANOMALY_DETECTION_SCRIPT_DIR}"
+# Get the "scripts" directory by taking the path of this script and going one directory up.
+SCRIPTS_DIR=${SCRIPTS_DIR:-"${ANOMALY_DETECTION_SCRIPT_DIR}/../../scripts"} # Repository directory containing the shell scripts
+# Get the "cypher" directory by taking the path of this script and going two directory up and then to "cypher".
+CYPHER_DIR=${CYPHER_DIR:-"${ANOMALY_DETECTION_SCRIPT_DIR}/../../cypher"}
+
+# Function to display script usage
+usage() {
+  echo -e "${COLOR_ERROR}" >&2
+  echo "Usage: $0 [--verbose]" >&2
+  echo -e "${COLOR_DEFAULT}" >&2
+  exit 1
+}
+
+# Default values
+verboseMode="" # either "" or "--verbose"
+
+# Parse command line arguments
+while [[ $# -gt 0 ]]; do
+  key="$1"
+  value="${2}"
+
+  case ${key} in
+    --verbose)
+      verboseMode="--verbose"
+      ;;
+    *)
+      echo -e "${COLOR_ERROR}anomalyDetectionPipeline: Error: Unknown option: ${key}${COLOR_DEFAULT}" >&2
+      usage
+      ;;
+  esac
+  shift || true # ignore error when there are no more arguments
+done
+
+# Define functions to execute a cypher query from within a given file (first and only argument) like "execute_cypher"
+source "${SCRIPTS_DIR}/executeQueryFunctions.sh"
+
+# Define functions to create and delete Graph Projections like "createUndirectedDependencyProjection"
+source "${SCRIPTS_DIR}/projectionFunctions.sh"
+
+# Create report directory
+REPORT_NAME="anomaly-detection"
+FULL_REPORT_DIRECTORY="${REPORTS_DIRECTORY}/${REPORT_NAME}"
+mkdir -p "${FULL_REPORT_DIRECTORY}"
+
+# Query Parameter key pairs for projection and algorithm side
+PROJECTION_NAME="dependencies_projection"
+ALGORITHM_PROJECTION="projection_name"
+
+PROJECTION_NODE="dependencies_projection_node"
+ALGORITHM_NODE="projection_node_label"
+
+PROJECTION_WEIGHT="dependencies_projection_weight_property"
+ALGORITHM_WEIGHT="projection_weight_property"
+
+# Code independent algorithm parameters
+COMMUNITY_PROPERTY="community_property=communityLeidenIdTuned"
+
+# Run the anomaly detection pipeline.
+# 
+# Required Parameters:
+# - projection_name=...
+#   Name prefix for the in-memory projection name. Example: "package-anomaly-detection"
+# - projection_node_label=...
+#   Label of the nodes that will be used for the projection. Example: "Package"
+# - projection_weight_property=...
+#   Name of the node property that contains the dependency weight. Example: "weight"
+anomaly_detection_pipeline() {
+  
+    time "${ANOMALY_DETECTION_SCRIPT_DIR}/tunedLeidenCommunityDetection.py" "${@}" ${verboseMode}
+    time "${ANOMALY_DETECTION_SCRIPT_DIR}/tunedNodeEmbeddingClustering.py" "${@}" ${verboseMode}
+    
+    local nodeLabel
+    nodeLabel=$( extractQueryParameter "projection_node_label" "${@}" )
+    execute_cypher "${ANOMALY_DETECTION_SCRIPT_DIR}/AnomalyDetectionFeatures.cypher" "${@}" > "${FULL_REPORT_DIRECTORY}/${nodeLabel}AnomalyDetection.csv"
+}
+
+# -- Java Artifact Node Embeddings -------------------------------
+
+if createUndirectedDependencyProjection "${PROJECTION_NAME}=artifact-anomaly-detection" "${PROJECTION_NODE}=Artifact" "${PROJECTION_WEIGHT}=weight"; then
+    anomaly_detection_pipeline "${ALGORITHM_PROJECTION}=artifact-anomaly-detection" "${ALGORITHM_NODE}=Artifact" "${ALGORITHM_WEIGHT}=weight" "${COMMUNITY_PROPERTY}"
+fi
+
+# -- Java Package Node Embeddings --------------------------------
+
+if createUndirectedDependencyProjection "${PROJECTION_NAME}=package-anomaly-detection" "${PROJECTION_NODE}=Package" "${PROJECTION_WEIGHT}=weight25PercentInterfaces"; then
+    anomaly_detection_pipeline "${ALGORITHM_PROJECTION}=package-anomaly-detection" "${ALGORITHM_NODE}=Package" "${ALGORITHM_WEIGHT}=weight25PercentInterfaces" "${COMMUNITY_PROPERTY}"
+fi
+
+# -- Java Type Node Embeddings -----------------------------------
+
+if createUndirectedJavaTypeDependencyProjection "${PROJECTION_NAME}=type-anomaly-detection"; then
+    anomaly_detection_pipeline "${ALGORITHM_PROJECTION}=type-anomaly-detection" "${ALGORITHM_NODE}=Type" "${ALGORITHM_WEIGHT}=weight" "${COMMUNITY_PROPERTY}"
+fi
+
+# -- Typescript Module Node Embeddings ---------------------------
+
+if createUndirectedDependencyProjection "${PROJECTION_NAME}=typescript-module-embedding" "${PROJECTION_NODE}=Module" "${PROJECTION_WEIGHT}=lowCouplingElement25PercentWeight"; then
+    anomaly_detection_pipeline "${ALGORITHM_PROJECTION}=typescript-module-embedding" "${ALGORITHM_NODE}=Module" "${ALGORITHM_WEIGHT}=lowCouplingElement25PercentWeight" "${COMMUNITY_PROPERTY}"
+fi
+
+# ---------------------------------------------------------------
+
+# Clean-up after report generation. Empty reports will be deleted.
+source "${SCRIPTS_DIR}/cleanupAfterReportGeneration.sh" "${FULL_REPORT_DIRECTORY}"
+
+echo "anomalyDetectionPipeline: $(date +'%Y-%m-%dT%H:%M:%S%z') Successfully finished."