@@ -140,11 +140,18 @@ def evaluate_heuristic_results(
140140
141141 Returns
142142 -------
143- tuple[float, JsonType ]
143+ tuple[float, list[str] ]
144144 Returns the confidence associated with the detected malicious combination, and associated rule IDs detailing
145145 what rules were triggered.
146146 """
147147 facts_list : list [str ] = []
148+ triggered_rules = []
149+ # confidence is calculated using the probability of the package being benign, so the negation of the confidence values
150+ # in the problog model. Multiplying these probabilities together on several triggers will further decrease the probability
151+ # of the package being benign. This is then negated after calculation to get the probability of the package being malicious.
152+ # If no rules are triggered, this will simply result in 1.0 - 1.0 = 0.0.
153+ confidence : float = 1.0
154+
148155 for heuristic , result in heuristic_results .items ():
149156 if result == HeuristicResult .PASS :
150157 facts_list .append (f"{ heuristic .value } )
@@ -159,10 +166,11 @@ def evaluate_heuristic_results(
159166 problog_model = PrologString (problog_code )
160167 problog_results : dict [Term , float ] = get_evaluatable ().create_from (problog_model ).evaluate ()
161168
162- confidence = sum (conf for conf in problog_results .values () if conf is not None )
163- triggered_rules : JsonType = ["No malicious rules triggered" ]
164- if confidence > 0 :
165- triggered_rules = [term .args [0 ] for term in problog_results ]
169+ for term , conf in problog_results .items ():
170+ if conf is not None and conf > 0 :
171+ confidence *= 1.0 - conf # decrease the probability of the package being benign
172+ triggered_rules .append (term .args [0 ])
173+ confidence = round (1.0 - confidence , 2 ) # 2 decimal places
166174
167175 return confidence , triggered_rules
168176
0 commit comments