gfwleak/galaxy-tsg-olap-dos-detection-job
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改IP定位库信息,增加异常检测信息。

Browse Source
This commit is contained in:
wanglihui
2021-08-04 16:30:13 +08:00
parent 896e23db7d
commit 7077c91d46
7 changed files with 34 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/main/java/com/zdjizhi/etl/DosDetection.java
View File

@@ -7,6 +7,9 @@ import com.zdjizhi.sink.OutputStreamSink;
import com.zdjizhi.utils.IpUtils;
import com.zdjizhi.utils.SnowflakeId;
import org.apache.commons.lang.StringUtils;
import org.apache.flink.api.common.state.MapStateDescriptor;
import org.apache.flink.api.common.typeinfo.Types;
import org.apache.flink.api.java.typeutils.MapTypeInfo;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.streaming.api.functions.co.BroadcastProcessFunction;
import org.apache.flink.util.Collector;
@@ -29,6 +32,10 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog, Map<Str
private final static int BASELINE_SIZE = 144;
private static MapStateDescriptor<String, Map<String, Map<String, List<Integer>>>> descriptor = new MapStateDescriptor<>("boradcast-state",
Types.STRING,
new MapTypeInfo<>(String.class, new MapTypeInfo<>(String.class, (Class<List<Integer>>) (Class<?>) List.class).getTypeClass()));
private final static NumberFormat PERCENT_INSTANCE = NumberFormat.getPercentInstance();
@Override
@@ -39,7 +46,7 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog, Map<Str
@Override
public void processElement(DosSketchLog value, ReadOnlyContext ctx, Collector<DosEventLog> out) throws Exception {
try {
Map<String, Map<String, List<Integer>>> broadcast = ctx.getBroadcastState(OutputStreamSink.descriptor).get("broadcast-state");
Map<String, Map<String, List<Integer>>> broadcast = ctx.getBroadcastState(descriptor).get("broadcast-state");
String destinationIp = value.getDestination_ip();
String attackType = value.getAttack_type();
logger.info("当前判断IP{}, 类型: {}",destinationIp,attackType);
@@ -72,8 +79,12 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog, Map<Str
}
@Override
public void processBroadcastElement(Map<String, Map<String, List<Integer>>> value, Context ctx, Collector<DosEventLog> out) throws Exception {
ctx.getBroadcastState(OutputStreamSink.descriptor).put("broadcast-state", value);
public void processBroadcastElement(Map<String, Map<String, List<Integer>>> value, Context ctx, Collector<DosEventLog> out) {
try {
ctx.getBroadcastState(descriptor).put("broadcast-state", value);
}catch (Exception e){
logger.error("更新广播状态失败 {}",e);
}
}
public static void main(String[] args) {
@@ -86,8 +97,8 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog, Map<Str
// strings.add("153.146.241.196");
// strings.add("132.46.241.21");
// String join = StringUtils.join(strings, ",");
System.out.println(IpUtils.ipLookup.countryLookup("192.168.50.150"));
// System.out.println(IpUtils.ipLookup.countryLookup("192.168.50.150"));
System.out.println(Severity.CRITICAL.severity);
}
private DosEventLog getResult(DosSketchLog value,Severity severity,String percent){
@@ -96,7 +107,7 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog, Map<Str
dosEventLog.setStart_time(value.getSketch_start_time());
dosEventLog.setEnd_time(value.getSketch_start_time()+CommonConfig.FLINK_WINDOW_MAX_TIME);
dosEventLog.setAttack_type(value.getAttack_type());
dosEventLog.setSeverity(severity.name());
dosEventLog.setSeverity(severity.toString());
dosEventLog.setConditions(getConditions(percent));
dosEventLog.setDestination_ip(value.getDestination_ip());
dosEventLog.setDestination_country(IpUtils.ipLookup.countryLookup(value.getDestination_ip()));