gfwleak/galaxy-tsg-olap-dos-detection-job
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加一元组作为基线生成数据源

Browse Source
This commit is contained in:
wanglihui
2021-09-13 14:14:58 +08:00
parent 4f8807dfa1
commit 8cfb442c44
3 changed files with 20 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/com/zdjizhi/etl/DosDetection.java
View File

@@ -108,7 +108,8 @@ public class DosDetection extends RichMapFunction<DosSketchLog, DosEventLog> {
Tuple2<ArrayList<Integer>, Integer> floodTypeTup = baselineMap.get(destinationIp).get(attackType);
Integer base = getBaseValue(floodTypeTup, value);
long sketchSessions = value.getSketch_sessions();
return sketchSessions > CommonConfig.SENSITIVITY_THRESHOLD ? getDosEventLog(value, base, sketchSessions - base, "baseline"):Tuple2.of(Severity.NORMAL, null);
return sketchSessions > CommonConfig.SENSITIVITY_THRESHOLD ?
getDosEventLog(value, base, sketchSessions - base, "baseline") : Tuple2.of(Severity.NORMAL, null);
}
private Tuple2<Severity, DosEventLog> getDosEventLogByStaticThreshold(DosSketchLog value, Map<String, DosDetectionThreshold> thresholdMap) {

20
src/main/java/com/zdjizhi/etl/EtlProcessFunction.java
View File

@@ -69,15 +69,19 @@ public class EtlProcessFunction extends ProcessWindowFunction<DosSketchLog, DosS
HashSet<String> sourceIpSet = new HashSet<>();
try {
for (DosSketchLog newSketchLog : elements){
sessions += newSketchLog.getSketch_sessions();
packets += newSketchLog.getSketch_packets();
bytes += newSketchLog.getSketch_bytes();
startTime = newSketchLog.getSketch_start_time();
duration = newSketchLog.getSketch_duration();
cnt += 1;
if (sourceIpSet.size() < CommonConfig.SOURCE_IP_LIST_LIMIT){
sourceIpSet.add(newSketchLog.getSource_ip());
String sourceIp = newSketchLog.getSource_ip();
if ("0.0.0.0".equals(sourceIp) || "::".equals(sourceIp)){
sessions += newSketchLog.getSketch_sessions();
packets += newSketchLog.getSketch_packets();
bytes += newSketchLog.getSketch_bytes();
startTime = newSketchLog.getSketch_start_time();
duration = newSketchLog.getSketch_duration();
}else {
if (sourceIpSet.size() < CommonConfig.SOURCE_IP_LIST_LIMIT){
sourceIpSet.add(sourceIp);
}
}
cnt += 1;
}
String sourceIpList = StringUtils.join(sourceIpSet, ",");
// return Tuple6.of(sessions/cnt/duration,packets/cnt/duration,bytes/cnt/duration,sourceIpList,startTime,duration);