gfwleak/galaxy-tsg-olap-dos-detection-job
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-13094 修复DoS Event日志出现MVsys id

Browse Source
This commit is contained in:
wanglihui
2022-12-21 17:11:14 +08:00
parent 01bbe562c9
commit ce15a27a1b
2 changed files with 11 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/main/java/com/zdjizhi/etl/DosDetection.java
View File

@@ -25,7 +25,6 @@ import java.util.concurrent.TimeUnit;
*/
public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<String, byte[]>, DosEventLog> {
// private static final Logger logger = LoggerFactory.getLogger(DosDetection.class);
private static final Log logger = LogFactory.get();
private static Map<String, Map<String, DosBaselineThreshold>> baselineMap = new HashMap<>();
private final static NumberFormat PERCENT_INSTANCE = NumberFormat.getPercentInstance();
@@ -66,7 +65,7 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<Stri
@Override
public void processElement(DosSketchLog value, ReadOnlyContext ctx, Collector<DosEventLog> out) {
ArrayList<DosEventLog> finalResults = new ArrayList<>();
DosEventLog finalResult = null;
try {
String destinationIp = value.getDestination_ip();
int vsysId = value.getVsys_id();
@@ -81,26 +80,21 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<Stri
logger.debug("当前判断IP{}, 类型: {}", key, attackType);
if (threshold == null && baselineMap.containsKey(key)) {
DosEventLog finalResult = getDosEventLogByBaseline(value,key);
finalResults.add(finalResult);
finalResult = getDosEventLogByBaseline(value,key);
} else if (threshold == null && !baselineMap.containsKey(key)) {
DosEventLog finalResult = getDosEventLogBySensitivityThreshold(value);
finalResults.add(finalResult);
finalResult = getDosEventLogBySensitivityThreshold(value);
} else if (threshold != null) {
finalResults = getDosEventLogByStaticThreshold(value, threshold);
finalResult = getDosEventLogByStaticThreshold(value, threshold);
} else {
logger.debug("未获取到当前server IP{} 类型 {} 静态阈值 和 baseline", key, attackType);
}
} catch (Exception e) {
e.printStackTrace();
logger.error("判定失败\n {} \n{}", value, e);
}
for (DosEventLog dosEventLog:finalResults){
if (dosEventLog != null){
out.collect(dosEventLog);
}
if (finalResult != null){
out.collect(finalResult);
}
}
@@ -125,7 +119,7 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<Stri
return getDosEventLog(value, base, diff, BASELINE_CONDITION_TYPE, SESSIONS_TAG);
}
private ArrayList<DosEventLog> getDosEventLogByStaticThreshold(DosSketchLog value, DosDetectionThreshold threshold) throws CloneNotSupportedException {
private DosEventLog getDosEventLogByStaticThreshold(DosSketchLog value, DosDetectionThreshold threshold) throws CloneNotSupportedException {
long base = threshold.getSessionsPerSec();
long diff = value.getSketch_sessions() - base;
DosEventLog result = getDosEventLog(value, base, diff, STATIC_CONDITION_TYPE, SESSIONS_TAG);
@@ -139,6 +133,7 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<Stri
result = getDosEventLog(value, base, diff, STATIC_CONDITION_TYPE, BITS_TAG);
}
}
/*
ArrayList<DosEventLog> dosEventLogs = new ArrayList<>();
if (result != null){
dosEventLogs.add(result);
@@ -152,7 +147,8 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<Stri
}
}
}
return dosEventLogs;
*/
return result;
}
private DosEventLog getDosEventLog(DosSketchLog value, long base, long diff, int type, String tag) {