基于DoS Sketch一元组进行实时检测

2021-09-14 18:46:23 +08:00
parent 8cfb442c44
commit 62f3c65d66
9 changed files with 118 additions and 77 deletions
--- a/src/main/java/com/zdjizhi/etl/ParseStaticThreshold.java
+++ b/src/main/java/com/zdjizhi/etl/ParseStaticThreshold.java
@@ -42,7 +42,7 @@ public class ParseStaticThreshold {
        String psw = HttpClientUtils.ERROR_MESSAGE;
        try {
            URIBuilder uriBuilder = new URIBuilder(CommonConfig.BIFANG_SERVER_URI);
-            HashMap<String, String> parms = new HashMap<>();
+            HashMap<String, Object> parms = new HashMap<>();
            parms.put("password", CommonConfig.BIFANG_SERVER_PASSWORD);
            HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_ENCRYPTPWD_PATH, parms);
            String resposeJsonStr = HttpClientUtils.httpGet(uriBuilder.build());
@@ -75,7 +75,7 @@ public class ParseStaticThreshold {
        try {
            if (!HttpClientUtils.ERROR_MESSAGE.equals(encryptpwd)) {
                URIBuilder uriBuilder = new URIBuilder(CommonConfig.BIFANG_SERVER_URI);
-                HashMap<String, String> parms = new HashMap<>();
+                HashMap<String, Object> parms = new HashMap<>();
                parms.put("username", CommonConfig.BIFANG_SERVER_USER);
                parms.put("password", encryptpwd);
                HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_LOGIN_PATH, parms);
@@ -107,7 +107,9 @@ public class ParseStaticThreshold {
        ArrayList<DosDetectionThreshold> thresholds = null;
        try {
            URIBuilder uriBuilder = new URIBuilder(CommonConfig.BIFANG_SERVER_URI);
-            HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_POLICY_THRESHOLD_PATH, null);
+            HashMap<String, Object> parms = new HashMap<>();
+            parms.put("pageSize",-1);
+            HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_POLICY_THRESHOLD_PATH, parms);
            String token = loginBifangServer();
            if (!HttpClientUtils.ERROR_MESSAGE.equals(token)) {
                BasicHeader authorization = new BasicHeader("Authorization", token);
@@ -142,22 +144,6 @@ public class ParseStaticThreshold {
            ArrayList<DosDetectionThreshold> dosDetectionThreshold = getDosDetectionThreshold();
            if (dosDetectionThreshold != null && !dosDetectionThreshold.isEmpty()) {
                for (DosDetectionThreshold threshold : dosDetectionThreshold) {
-                    String attackType = threshold.getAttackType();
-                    switch (attackType) {
-                        case "tcp_syn_flood":
-                            threshold.setAttackType("TCP SYN Flood");
-                            break;
-                        case "udp_flood":
-                            threshold.setAttackType("UDP Flood");
-                            break;
-                        case "icmp_flood":
-                            threshold.setAttackType("ICMP Flood");
-                            break;
-                        case "dns_amplification":
-                            threshold.setAttackType("DNS Amplification");
-                            break;
-                        default:
-                    }
                    ArrayList<String> serverIpList = threshold.getServerIpList();
                    for (String sip : serverIpList) {
                        IPAddressString ipAddressString = new IPAddressString(sip);
@@ -168,7 +154,16 @@ public class ParseStaticThreshold {
                                floodTypeThresholdMap = new HashMap<>();
                            }
                            floodTypeThresholdMap.put(threshold.getAttackType(), threshold);
-                            thresholdRangeMap.put(Range.closed(address.getLower(), address.getUpper()), floodTypeThresholdMap);
+                            if (address.isPrefixed()){
+                                if (address.isMultiple()){
+                                    thresholdRangeMap.put(Range.closed(address.getLower(), address.getUpper()), floodTypeThresholdMap);
+                                }else {
+                                    thresholdRangeMap.put(Range.closed(address.adjustPrefixLength(address.getBitCount()),
+                                            address.toMaxHost().withoutPrefixLength()), floodTypeThresholdMap);
+                                }
+                            }else {
+                                thresholdRangeMap.put(Range.closed(address, address), floodTypeThresholdMap);
+                            }
                        }
                    }
                }
@@ -180,7 +175,15 @@ public class ParseStaticThreshold {
    }

    public static void main(String[] args) {
+
+        ArrayList<DosDetectionThreshold> dosDetectionThreshold = getDosDetectionThreshold();
+        dosDetectionThreshold.forEach(System.out::println);
+
+
+        System.out.println("------------------------");
        TreeRangeMap<IPAddress, Map<String, DosDetectionThreshold>> staticThreshold = createStaticThreshold();
+
+        /*
        Map<Range<IPAddress>, Map<String, DosDetectionThreshold>> rangeMapMap = staticThreshold.asMapOfRanges();
        for (Range<IPAddress> range : rangeMapMap.keySet()) {
            Map<String, DosDetectionThreshold> thresholdMap = rangeMapMap.get(range);
@@ -189,6 +192,8 @@ public class ParseStaticThreshold {
                System.out.println(range + "---" + type + "---" + threshold);
            }
        }
+        */
+
    }