From fae16e5804fac5d9e9999e85bbbf3b930c3b753d Mon Sep 17 00:00:00 2001
From: wangchengcheng <wangchengcheng@geedgenetworks.com>
Date: Wed, 28 Feb 2024 16:58:15 +0800
Subject: [PATCH] =?UTF-8?q?fix:Profile=20ID=20recognition=20error=EF=BC=88?=
 =?UTF-8?q?TSG-19499=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../zdjizhi/common/DosDetectionThreshold.java | 25 +++++++++----------
 .../function/DosDetectionFunction.java        |  6 ++---
 .../utils/Threshold/ParseStaticThreshold.java |  2 +-
 .../resources/detection_dos_attack.properties | 20 +++++++--------
 .../com/zdjizhi/etl/DosDetectionTest.java     | 10 ++++----
 5 files changed, 31 insertions(+), 32 deletions(-)

diff --git a/src/main/java/com/zdjizhi/common/DosDetectionThreshold.java b/src/main/java/com/zdjizhi/common/DosDetectionThreshold.java
index dc0825b..ca17bfc 100644
--- a/src/main/java/com/zdjizhi/common/DosDetectionThreshold.java
+++ b/src/main/java/com/zdjizhi/common/DosDetectionThreshold.java
@@ -3,29 +3,28 @@ package com.zdjizhi.common;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Objects;
 
 /**
  * @author wlh
  */
 public class DosDetectionThreshold implements Serializable {
-    private long profile_id;
+    private long id;
     private String attack_type;
     private ArrayList<String> server_ip_list;
     private String server_ip_addr;
     private long packets_per_sec;
     private long bits_per_sec;
     private long sessions_per_sec;
-    private int is_valid;
+    private int is_enabled;
     private int vsys_id;
     private Integer[] superior_ids;
 
-    public long getProfile_id() {
-        return profile_id;
+    public long getId() {
+        return id;
     }
 
-    public void setProfile_id(long profile_id) {
-        this.profile_id = profile_id;
+    public void setId(long id) {
+        this.id = id;
     }
 
     public String getAttack_type() {
@@ -76,12 +75,12 @@ public class DosDetectionThreshold implements Serializable {
         this.sessions_per_sec = sessions_per_sec;
     }
 
-    public int getIs_valid() {
-        return is_valid;
+    public int getIs_enabled() {
+        return is_enabled;
     }
 
-    public void setIs_valid(int is_valid) {
-        this.is_valid = is_valid;
+    public void setIs_enabled(int is_enabled) {
+        this.is_enabled = is_enabled;
     }
 
     public int getVsys_id() {
@@ -103,14 +102,14 @@ public class DosDetectionThreshold implements Serializable {
     @Override
     public String toString() {
         return "DosDetectionThreshold{" +
-                "profile_id=" + profile_id +
+                "id=" + id +
                 ", attack_type='" + attack_type + '\'' +
                 ", server_ip_list=" + server_ip_list +
                 ", server_ip_addr='" + server_ip_addr + '\'' +
                 ", packets_per_sec=" + packets_per_sec +
                 ", bits_per_sec=" + bits_per_sec +
                 ", sessions_per_sec=" + sessions_per_sec +
-                ", is_valid=" + is_valid +
+                ", is_enabled=" + is_enabled +
                 ", vsys_id=" + vsys_id +
                 ", superior_ids=" + Arrays.toString(superior_ids) +
                 '}';
diff --git a/src/main/java/com/zdjizhi/function/DosDetectionFunction.java b/src/main/java/com/zdjizhi/function/DosDetectionFunction.java
index e556124..6662873 100644
--- a/src/main/java/com/zdjizhi/function/DosDetectionFunction.java
+++ b/src/main/java/com/zdjizhi/function/DosDetectionFunction.java
@@ -184,13 +184,13 @@ public class DosDetectionFunction extends ProcessFunction<DosSketchLog, DosEvent
         DosEventLog result = null;
 
         if (diffSessionPercent >= diffPktPercent && diffSessionPercent >= diffBitPercent) {
-            profileId = threshold.getProfile_id();
+            profileId = threshold.getId();
             result = getDosEventLog(value, sessionBase, diffSession, profileId, STATIC_CONDITION_TYPE, SESSIONS_TAG);
         } else if (diffPktPercent >= diffSessionPercent && diffPktPercent >= diffBitPercent) {
-            profileId = threshold.getProfile_id();
+            profileId = threshold.getId();
             result = getDosEventLog(value, pktBase, diffPkt, profileId, STATIC_CONDITION_TYPE, PACKETS_TAG);
         } else if (diffBitPercent >= diffPktPercent && diffBitPercent >= diffSessionPercent) {
-            profileId = threshold.getProfile_id();
+            profileId = threshold.getId();
             result = getDosEventLog(value, bitBase, diffByte, profileId, STATIC_CONDITION_TYPE, BITS_TAG);
         }
         return result;
diff --git a/src/main/java/com/zdjizhi/utils/Threshold/ParseStaticThreshold.java b/src/main/java/com/zdjizhi/utils/Threshold/ParseStaticThreshold.java
index 3875e9a..54b7169 100644
--- a/src/main/java/com/zdjizhi/utils/Threshold/ParseStaticThreshold.java
+++ b/src/main/java/com/zdjizhi/utils/Threshold/ParseStaticThreshold.java
@@ -123,7 +123,7 @@ public class ParseStaticThreshold {
      * 根据vsysId获取静态阈值配置列表
      * @return thresholds
      */
-    private ArrayList<DosDetectionThreshold> getDosDetectionThreshold() {
+    private  ArrayList<DosDetectionThreshold> getDosDetectionThreshold() {
         ArrayList<DosDetectionThreshold> vsysThresholds = new ArrayList<>();
         ArrayList<DosVsysId> vsysIds = getVsysId();
         try {
diff --git a/src/main/resources/detection_dos_attack.properties b/src/main/resources/detection_dos_attack.properties
index bf97608..b73018d 100644
--- a/src/main/resources/detection_dos_attack.properties
+++ b/src/main/resources/detection_dos_attack.properties
@@ -1,5 +1,5 @@
 source.kafka.topic=DOS-SKETCH-RECORD
-source.kafka.props.bootstrap.servers=192.168.45.102:9094
+source.kafka.props.bootstrap.servers=192.168.44.12:9094
 source.kafka.props.group.id=dos-detection-job-20240116
 source.kafka.props.session.timeout.ms=60000
 source.kafka.props.max.poll.records=5000
@@ -11,7 +11,7 @@ source.kafka.props.sasl.jaas.config=org.apache.kafka.common.security.plain.Plain
 #kafka sink
 kafka.sink.event.topic.name=DOS-EVENT
 kafka.sink.metric.topic=TRAFFIC-TOP-DESTINATION-IP-METRIC
-sink.kafka.props.bootstrap.servers=192.168.45.102:9094
+sink.kafka.props.bootstrap.servers=192.168.44.12:9094
 sink.kafka.props.security.protocol=SASL_PLAINTEXT
 sink.kafka.props.sasl.mechanism=PLAIN
 sink.kafka.props.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="galaxy2019";
@@ -24,13 +24,16 @@ sink.kafka.props.buffer.memory=134217728
 sink.kafka.props.max.request.size=10485760
 sink.kafka.props.compression.type=snappy
 
-#zookeeper地址
-hbase.zookeeper.quorum=192.168.45.102:2181
 
-flink.watermark.max.orderness=300
+ip.user.defined.kd.id=dasdasdsad
+
+#zookeeper地址
+hbase.zookeeper.quorum=192.168.44.12:2181
+
+flink.watermark.max.orderness=30
 
 #计算窗口大小，默认600s
-flink.window.max.time=600
+flink.window.max.time=60
 
 #cm服务访问地址
 bifang.server.uri=http://192.168.44.3
@@ -45,7 +48,4 @@ baseline.sessions.minor.threshold=0.2
 baseline.sessions.warning.threshold=1
 baseline.sessions.major.threshold=2.5
 baseline.sessions.severe.threshold=5
-baseline.sessions.critical.threshold=8
-
-
-
+baseline.sessions.critical.threshold=8
\ No newline at end of file
diff --git a/src/test/java/com/zdjizhi/etl/DosDetectionTest.java b/src/test/java/com/zdjizhi/etl/DosDetectionTest.java
index 5634e4a..f67bf5f 100644
--- a/src/test/java/com/zdjizhi/etl/DosDetectionTest.java
+++ b/src/test/java/com/zdjizhi/etl/DosDetectionTest.java
@@ -32,13 +32,13 @@ public class DosDetectionTest {
         serverIpList.add("192.168.50.1/24");
         serverIpList.add("FC::12:0:0/54");
         serverIpList.add("FC::12:0:0");
-        dosDetectionThreshold.setProfile_id(4437);
+        dosDetectionThreshold.setId(4437);
         dosDetectionThreshold.setAttack_type("DNS Flood");
         dosDetectionThreshold.setServer_ip_list(serverIpList);
         dosDetectionThreshold.setSessions_per_sec(1);
         dosDetectionThreshold.setPackets_per_sec(1);
         dosDetectionThreshold.setBits_per_sec(100000);
-        dosDetectionThreshold.setIs_valid(1);
+        dosDetectionThreshold.setIs_enabled(1);
         dosDetectionThreshold.setSuperior_ids(new Integer[]{5,4,12,27});
 
 
@@ -67,15 +67,15 @@ public class DosDetectionTest {
         long profileId = 0;
         DosEventLog result =null;
         if (diffSessionPercent >= diffPktPercent && diffSessionPercent >= diffBitPercent){
-            profileId = dosDetectionThreshold.getProfile_id();
+            profileId = dosDetectionThreshold.getId();
             result= getDosEventLog(dosSketchLog, sessionBase, diffSession, profileId, STATIC_CONDITION_TYPE, SESSIONS_TAG);
             System.out.println(result);
         }else if (diffPktPercent >= diffSessionPercent && diffPktPercent >= diffBitPercent){
-            profileId = dosDetectionThreshold.getProfile_id();
+            profileId = dosDetectionThreshold.getId();
             result = getDosEventLog(dosSketchLog, pktBase, diffPkt,profileId, STATIC_CONDITION_TYPE, PACKETS_TAG);
             System.out.println(result);
         }else if (diffBitPercent >= diffPktPercent && diffBitPercent >= diffSessionPercent){
-            profileId = dosDetectionThreshold.getProfile_id();
+            profileId = dosDetectionThreshold.getId();
             result = getDosEventLog(dosSketchLog, bitBase, diffByte, profileId, STATIC_CONDITION_TYPE, BITS_TAG);
             System.out.println(result);
         }