main

分支 (1)

管理

管理

main

knowledge-graph
/
gpt_neo4j.py

import os
import openai
# import neo4j

openai.api_base = "https://api.chatanywhere.com.cn/v1"
# openai.api_base = "https://api.chatanywhere.cn/v1"

# class Neo4jService(object):
#     def __init__(self, uri):
#         self.driver = GraphDatabase.driver(uri)

#     def close(self):
#         self._driver.close()

#     def run_query(self, query):
#         with self._driver.session() as session:
#             result = session.run(query)
#             return result.values()


openai.api_key = "sk-ZSZg6CbowWCd4x26vrvh7IIU2k7OeUpUMhvcEtxSmdXR0KNS"
# print(openai.Model.list())


response1 = openai.ChatCompletion.create(
    model = "gpt-3.5-turbo",            # 模型名称，gpt-3.5-turbo或gpt-3.5-turbo-0301
    # messages=[
    #         {"role": "user", "content": "这是我的Windows系统中neo4j3.3.9版本下的知识图谱结构，根据问题，写一个cypher查询语句，我希望返回的是完整的节点，而不是节点的名字。图谱结构为(source:IP)-[r:CONNECTS_TO]->(end:IP)，其中连接关系有两个属性分别为times和dst_port，分别指代连接次数和目的端口。注意Order by语句不要包含隐式分组表达式。问题：连接次数最少的10个关系有哪些"}
    # ]
    # messages=[
    #     {"role": "user", "content": "这是我的知识图谱结构，根据问题，写一个cypher查询语句，我希望返回的是完整的节点，而不是节点的名字。图谱结构为(source:IP)-[r:CONNECTS_TO]->(end:IP)，其中连接关系有两个属性分别为times和dst_port，分别指代连接次数和目的端口。注意Order by语句不要包含隐式分组表达式。问题：根据连接次数和目的端口信息对源节点和目的节点的连接关系进行聚类"}
    # ]
    # messages=[
    #         {"role": "user", "content": "这是我的知识图谱结构，根据问题，写一个cypher查询语句，我希望返回的是完整的节点，而不是节点的名字。图谱结构为(source:IP)-[r:CONNECTS_TO]->(end:IP)，其中连接关系有两个属性分别为times和dst_port，分别指代连接次数和目的端口。注意Order by语句不要包含隐式分组表达式。问题：根据连接次数和目的端口使用GDS中的Louvain算法执行图节点聚类，返回各个类别以及各个类别所包含的目的节点"}
    # ]
    # messages=[
    #     {"role": "user", "content": "这是我的知识图谱结构，涵盖四台主机资产外联的日志信息，我希望返回网络安全态势感知的报告。图谱结构为(source:IP)-[r:CONNECTS_TO]->(end:IP)。具体节点和关系如下：(:IP,{'ip':'121.199.71.198'})-[times:954,dst_port:389]->(:IP,{'ip':'39.105.244.217'});(:IP,{'ip':'121.199.71.198'})-[times:14,dst_port:443]->(:IP,{'ip':'101.91.37.13'});(:IP,{'ip':'121.199.71.198'})-[times:22,dst_port:80]->(:IP,{'ip':'0.0.0.10'});(:IP,{'ip':'39.107.158.76'})-[times:2,dst_port:10516]->(:IP,{'ip':'112.124.227.177'});(:IP,{'ip':'39.107.53.132'})-[times:17,dst_port:80]->(:IP,{'ip':'39.105.244.217'});(:IP,{'ip':'39.107.53.132'})-[times:7,dst_port:80]->(:IP,{'ip':'47.110.178.120'});(:IP,{'ip':'39.107.53.132'})-[times:52,dst_port:80]->(:IP,{'ip':'8.136.191.105'});(:IP,{'ip':'121.199.71.198'})-[times:7,dst_port:443]->(:IP,{'ip':'101.91.34.103'});(:IP,{'ip':'39.107.158.76'})-[times:54,dst_port:80]->(:IP,{'ip':'8.136.191.105'});(:IP,{'ip':'39.107.53.132'})-[times:14,dst_port:80]->(:IP,{'ip':'47.95.85.24'});(:IP,{'ip':'39.107.158.76'})-[times:18,dst_port:80]->(:IP,{'ip':'47.95.85.24'});(:IP,{'ip':'121.199.71.198'})-[times:12,dst_port:443]->(:IP,{'ip':'101.89.47.18'});(:IP,{'ip':'121.199.71.198'})-[times:17,dst_port:80]->(:IP,{'ip':'116.62.94.15'});(:IP,{'ip':'121.199.71.198'})-[times:20,dst_port:80]->(:IP,{'ip':'47.98.3.219'});(:IP,{'ip':'121.199.71.198'})-[times:2,dst_port:465]->(:IP,{'ip':'157.148.45.129'});(:IP,{'ip':'39.107.158.76'})-[times:20,dst_port:8035]->(:IP,{'ip':'39.105.244.217'});(:IP,{'ip':'121.199.71.198'})-[times:4,dst_port:80]->(:IP,{'ip':'101.37.132.1'});(:IP,{'ip':'121.199.71.198'})-[times:9,dst_port:443]->(:IP,{'ip':'106.11.250.224'});(:IP,{'ip':'121.199.71.198'})-[times:3,dst_port:80]->(:IP,{'ip':'140.205.155.65'});(:IP,{'ip':'121.199.71.198'})-[times:1,dst_port:443]->(:IP,{'ip':'43.192.33.94'});(:IP,{'ip':'121.199.71.198'})-[times:1,dst_port:443]->(:IP,{'ip':'139.9.141.89'});(:IP,{'ip':'121.199.71.198'})-[times:3,dst_port:80]->(:IP,{'ip':'101.69.174.8'});(:IP,{'ip':'39.107.53.132'})-[times:9,dst_port:80]->(:IP,{'ip':'47.110.178.100'});(:IP,{'ip':'121.199.71.198'})-[times:26,dst_port:8901]->(:IP,{'ip':'114.67.58.227'});(:IP,{'ip':'121.199.71.198'})-[times:3,dst_port:80]->(:IP,{'ip':'106.11.172.2'})。其中连接关系有两个属性分别为times和dst_port，分别指代连接次数和目的端口。问题：根据这些关系可以获得哪些具体的威胁情报？哪些目的ip值得网络安全人员注意？"}
    # ]
    # messages=[
    #     {"role": "user", "content": "这是我的知识图谱结构，涵盖1台主机资产外联的日志信息。图谱结构为(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:10',dst_port:'443',in_packet_bytes:'4651',out_packet_bytes:'1727'}]->(_88);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:14',dst_port:'443',in_packet_bytes:'4271',out_packet_bytes:'2025'}]->(_20);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:12',dst_port:'80',in_packet_bytes:'3328',out_packet_bytes:'3009'}]->(_20);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:10',dst_port:'80',in_packet_bytes:'8643',out_packet_bytes:'1216'}]->(_4);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:14',dst_port:'443',in_packet_bytes:'10642',out_packet_bytes:'1958'}]->(_90);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:12',dst_port:'443',in_packet_bytes:'96301',out_packet_bytes:'2345'}]->(_4);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:07',dst_port:'80',in_packet_bytes:'140',out_packet_bytes:'272'}]->(_17);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:14',dst_port:'80',in_packet_bytes:'1599',out_packet_bytes:'651'}]->(_4);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:12',dst_port:'443',in_packet_bytes:'5400',out_packet_bytes:'1333'}]->(_103);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:14',dst_port:'20300',in_packet_bytes:'0',out_packet_bytes:'222'}]->(_92);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:16',dst_port:'80',in_packet_bytes:'6370',out_packet_bytes:'7840'}]->(_9);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:12',dst_port:'80',in_packet_bytes:'3009',out_packet_bytes:'3328'}]->(_20);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:14',dst_port:'80',in_packet_bytes:'140',out_packet_bytes:'272'}]->(_17);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:14',dst_port:'443',in_packet_bytes:'1971',out_packet_bytes:'4271'}]->(_20);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:12',dst_port:'443',in_packet_bytes:'1049',out_packet_bytes:'5032'}]->(_4);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:16',dst_port:'443',in_packet_bytes:'5767',out_packet_bytes:'2147'}]->(_97);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:18',dst_port:'443',in_packet_bytes:'2453',out_packet_bytes:'96301'}]->(_4);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:14',dst_port:'80',in_packet_bytes:'651',out_packet_bytes:'1599'}]->(_4);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:18',dst_port:'80',in_packet_bytes:'120',out_packet_bytes:'236'}]->(_99);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:14',dst_port:'80',in_packet_bytes:'651',out_packet_bytes:'1599'}]->(_4);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:16',dst_port:'514',in_packet_bytes:'0',out_packet_bytes:'1683495'}]->(_120);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:18',dst_port:'443',in_packet_bytes:'96301',out_packet_bytes:'2453'}]->(_4);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:20',dst_port:'123',in_packet_bytes:'0',out_packet_bytes:'90'}]->(_102)(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:14',dst_port:'80',in_packet_bytes:'1599',out_packet_bytes:'651'}]->(_4);(_60)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:22',dst_port:'80',in_packet_bytes:'140',out_packet_bytes:'272'}]->(_6);(_104)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:30',dst_port:'389',in_packet_bytes:'12012',out_packet_bytes:'7234'}]->(_20);(_104)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:30',dst_port:'389',in_packet_bytes:'7234',out_packet_bytes:'12012'}]->(_20)。以上是数据是neo4j的关系，表示源节点到目的节点的连接关系，关系属性分别表示连接开始时间、目的端口、入包大小、出包大小。根据以上信息判断访问时间上都有哪些分布？请具体一些"}
    # ]
    messages=[
        {"role": "user", "content": "这是我的知识图谱结构，涵盖1台主机资产外联的日志信息。图谱结构为(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'443',in_packet_bytes:'6402',out_packet_bytes:'2565'}]->(_17);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'286',out_packet_bytes:'568'}]->(_20);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'286'}]->(_20);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'286'}]->(_20);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'286',out_packet_bytes:'568'}]->(_20);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20);(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:55',dst_port:'80',in_packet_bytes:'520',out_packet_bytes:'640'}]->(_9)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'389',in_packet_bytes:'286',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:55',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'80',in_packet_bytes:'5980',out_packet_bytes:'7360'}]->(_9)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:55',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:55',dst_port:'80',in_packet_bytes:'54',out_packet_bytes:'54'}]->(_9)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:55',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'443',in_packet_bytes:'7211',out_packet_bytes:'2185'}]->(_82)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:55',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:55',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'443',in_packet_bytes:'325774',out_packet_bytes:'12072'}]->(_82)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:55',dst_port:'443',in_packet_bytes:'17604',out_packet_bytes:'18549'}]->(_21)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'286'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'443',in_packet_bytes:'6336',out_packet_bytes:'2451'}]->(_3)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'443',in_packet_bytes:'464558',out_packet_bytes:'16225'}]->(_82)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'443',in_packet_bytes:'326027',out_packet_bytes:'11694'}]->(_82)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'443',in_packet_bytes:'1424',out_packet_bytes:'1462'}]->(_12)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'443',in_packet_bytes:'464669',out_packet_bytes:'16279'}]->(_82)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'286'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:53',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:53',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'286'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'286'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'286',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'8901',in_packet_bytes:'515',out_packet_bytes:'1014'}]->(_18)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'286'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'568',out_packet_bytes:'352'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'389',in_packet_bytes:'286',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:57',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)(_0)-[:CONNECTS_TO{conn_time:'2023-07-1000:00:59',dst_port:'389',in_packet_bytes:'352',out_packet_bytes:'568'}]->(_20)。以上是数据是neo4j的关系，表示源节点到目的节点的连接关系，关系属性分别表示连接开始时间、目的端口、入包大小、出包大小。根据以上信息判断经常访问哪个节点？访问时间上都有哪些分布？有没有它觉得异常的访问行为？请具体一些"}
    ]
)


answer1 = response1["choices"][0]["message"]["content"]
print(answer1)
# print(type(answer1))
# answer1 = answer1.split('```')[1].strip()
# if answer1.startswith("cypher"):
#     answer1 = answer1[len("cypher"):].strip()  # 切片操作去除前缀
# print(answer1)


# neo4j = Neo4jService("bolt://localhost:7687")
# result = neo4j.run_query(answer1)
# neo4j.close()