gfwleak/galaxy-tsg-olap-dos-detection-job
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix:Profile ID recognition error(TSG-19499)

Browse Source
This commit is contained in:
wangchengcheng
2024-02-28 16:58:15 +08:00
parent 046b7fea80
commit fae16e5804
5 changed files with 31 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/main/java/com/zdjizhi/common/DosDetectionThreshold.java
View File

@@ -3,29 +3,28 @@ package com.zdjizhi.common;
import java.io.Serializable; import java.io.Serializable;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Objects;
/** /**
* @author wlh * @author wlh
*/ */
public class DosDetectionThreshold implements Serializable { public class DosDetectionThreshold implements Serializable {
private long profile_id; private long id;
private String attack_type; private String attack_type;
private ArrayList<String> server_ip_list; private ArrayList<String> server_ip_list;
private String server_ip_addr; private String server_ip_addr;
private long packets_per_sec; private long packets_per_sec;
private long bits_per_sec; private long bits_per_sec;
private long sessions_per_sec; private long sessions_per_sec;
private int is_valid; private int is_enabled;
private int vsys_id; private int vsys_id;
private Integer[] superior_ids; private Integer[] superior_ids;
public long getProfile_id() { public long getId() {
return profile_id; return id;
} }
public void setProfile_id(long profile_id) { public void setId(long id) {
this.profile_id = profile_id; this.id = id;
} }
public String getAttack_type() { public String getAttack_type() {
@@ -76,12 +75,12 @@ public class DosDetectionThreshold implements Serializable {
this.sessions_per_sec = sessions_per_sec; this.sessions_per_sec = sessions_per_sec;
} }
public int getIs_valid() { public int getIs_enabled() {
return is_valid; return is_enabled;
} }
public void setIs_valid(int is_valid) { public void setIs_enabled(int is_enabled) {
this.is_valid = is_valid; this.is_enabled = is_enabled;
} }
public int getVsys_id() { public int getVsys_id() {
@@ -103,14 +102,14 @@ public class DosDetectionThreshold implements Serializable {
@Override @Override
public String toString() { public String toString() {
return "DosDetectionThreshold{" + return "DosDetectionThreshold{" +
"profile_id=" + profile_id + "id=" + id +
", attack_type='" + attack_type + '\'' + ", attack_type='" + attack_type + '\'' +
", server_ip_list=" + server_ip_list + ", server_ip_list=" + server_ip_list +
", server_ip_addr='" + server_ip_addr + '\'' + ", server_ip_addr='" + server_ip_addr + '\'' +
", packets_per_sec=" + packets_per_sec + ", packets_per_sec=" + packets_per_sec +
", bits_per_sec=" + bits_per_sec + ", bits_per_sec=" + bits_per_sec +
", sessions_per_sec=" + sessions_per_sec + ", sessions_per_sec=" + sessions_per_sec +
", is_valid=" + is_valid + ", is_enabled=" + is_enabled +
", vsys_id=" + vsys_id + ", vsys_id=" + vsys_id +
", superior_ids=" + Arrays.toString(superior_ids) + ", superior_ids=" + Arrays.toString(superior_ids) +
'}'; '}';

6
src/main/java/com/zdjizhi/function/DosDetectionFunction.java
View File

@@ -184,13 +184,13 @@ public class DosDetectionFunction extends ProcessFunction<DosSketchLog, DosEvent
DosEventLog result = null; DosEventLog result = null;
if (diffSessionPercent >= diffPktPercent && diffSessionPercent >= diffBitPercent) { if (diffSessionPercent >= diffPktPercent && diffSessionPercent >= diffBitPercent) {
profileId = threshold.getProfile_id(); profileId = threshold.getId();
result = getDosEventLog(value, sessionBase, diffSession, profileId, STATIC_CONDITION_TYPE, SESSIONS_TAG); result = getDosEventLog(value, sessionBase, diffSession, profileId, STATIC_CONDITION_TYPE, SESSIONS_TAG);
} else if (diffPktPercent >= diffSessionPercent && diffPktPercent >= diffBitPercent) { } else if (diffPktPercent >= diffSessionPercent && diffPktPercent >= diffBitPercent) {
profileId = threshold.getProfile_id(); profileId = threshold.getId();
result = getDosEventLog(value, pktBase, diffPkt, profileId, STATIC_CONDITION_TYPE, PACKETS_TAG); result = getDosEventLog(value, pktBase, diffPkt, profileId, STATIC_CONDITION_TYPE, PACKETS_TAG);
} else if (diffBitPercent >= diffPktPercent && diffBitPercent >= diffSessionPercent) { } else if (diffBitPercent >= diffPktPercent && diffBitPercent >= diffSessionPercent) {
profileId = threshold.getProfile_id(); profileId = threshold.getId();
result = getDosEventLog(value, bitBase, diffByte, profileId, STATIC_CONDITION_TYPE, BITS_TAG); result = getDosEventLog(value, bitBase, diffByte, profileId, STATIC_CONDITION_TYPE, BITS_TAG);
} }
return result; return result;

18
src/main/resources/detection_dos_attack.properties
View File

@@ -1,5 +1,5 @@
source.kafka.topic=DOS-SKETCH-RECORD source.kafka.topic=DOS-SKETCH-RECORD
source.kafka.props.bootstrap.servers=192.168.45.102:9094 source.kafka.props.bootstrap.servers=192.168.44.12:9094
source.kafka.props.group.id=dos-detection-job-20240116 source.kafka.props.group.id=dos-detection-job-20240116
source.kafka.props.session.timeout.ms=60000 source.kafka.props.session.timeout.ms=60000
source.kafka.props.max.poll.records=5000 source.kafka.props.max.poll.records=5000
@@ -11,7 +11,7 @@ source.kafka.props.sasl.jaas.config=org.apache.kafka.common.security.plain.Plain
#kafka sink #kafka sink
kafka.sink.event.topic.name=DOS-EVENT kafka.sink.event.topic.name=DOS-EVENT
kafka.sink.metric.topic=TRAFFIC-TOP-DESTINATION-IP-METRIC kafka.sink.metric.topic=TRAFFIC-TOP-DESTINATION-IP-METRIC
sink.kafka.props.bootstrap.servers=192.168.45.102:9094 sink.kafka.props.bootstrap.servers=192.168.44.12:9094
sink.kafka.props.security.protocol=SASL_PLAINTEXT sink.kafka.props.security.protocol=SASL_PLAINTEXT
sink.kafka.props.sasl.mechanism=PLAIN sink.kafka.props.sasl.mechanism=PLAIN
sink.kafka.props.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="galaxy2019"; sink.kafka.props.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="galaxy2019";
@@ -24,13 +24,16 @@ sink.kafka.props.buffer.memory=134217728
sink.kafka.props.max.request.size=10485760 sink.kafka.props.max.request.size=10485760
sink.kafka.props.compression.type=snappy sink.kafka.props.compression.type=snappy
#zookeeper地址
hbase.zookeeper.quorum=192.168.45.102:2181
flink.watermark.max.orderness=300 ip.user.defined.kd.id=dasdasdsad
#zookeeper地址
hbase.zookeeper.quorum=192.168.44.12:2181
flink.watermark.max.orderness=30
#计算窗口大小默认600s #计算窗口大小默认600s
flink.window.max.time=600 flink.window.max.time=60
#cm服务访问地址 #cm服务访问地址
bifang.server.uri=http://192.168.44.3 bifang.server.uri=http://192.168.44.3
@@ -46,6 +49,3 @@ baseline.sessions.warning.threshold=1
baseline.sessions.major.threshold=2.5 baseline.sessions.major.threshold=2.5
baseline.sessions.severe.threshold=5 baseline.sessions.severe.threshold=5
baseline.sessions.critical.threshold=8 baseline.sessions.critical.threshold=8

10
src/test/java/com/zdjizhi/etl/DosDetectionTest.java
View File

@@ -32,13 +32,13 @@ public class DosDetectionTest {
serverIpList.add("192.168.50.1/24"); serverIpList.add("192.168.50.1/24");
serverIpList.add("FC::12:0:0/54"); serverIpList.add("FC::12:0:0/54");
serverIpList.add("FC::12:0:0"); serverIpList.add("FC::12:0:0");
dosDetectionThreshold.setProfile_id(4437); dosDetectionThreshold.setId(4437);
dosDetectionThreshold.setAttack_type("DNS Flood"); dosDetectionThreshold.setAttack_type("DNS Flood");
dosDetectionThreshold.setServer_ip_list(serverIpList); dosDetectionThreshold.setServer_ip_list(serverIpList);
dosDetectionThreshold.setSessions_per_sec(1); dosDetectionThreshold.setSessions_per_sec(1);
dosDetectionThreshold.setPackets_per_sec(1); dosDetectionThreshold.setPackets_per_sec(1);
dosDetectionThreshold.setBits_per_sec(100000); dosDetectionThreshold.setBits_per_sec(100000);
dosDetectionThreshold.setIs_valid(1); dosDetectionThreshold.setIs_enabled(1);
dosDetectionThreshold.setSuperior_ids(new Integer[]{5,4,12,27}); dosDetectionThreshold.setSuperior_ids(new Integer[]{5,4,12,27});
@@ -67,15 +67,15 @@ public class DosDetectionTest {
long profileId = 0; long profileId = 0;
DosEventLog result =null; DosEventLog result =null;
if (diffSessionPercent >= diffPktPercent && diffSessionPercent >= diffBitPercent){ if (diffSessionPercent >= diffPktPercent && diffSessionPercent >= diffBitPercent){
profileId = dosDetectionThreshold.getProfile_id(); profileId = dosDetectionThreshold.getId();
result= getDosEventLog(dosSketchLog, sessionBase, diffSession, profileId, STATIC_CONDITION_TYPE, SESSIONS_TAG); result= getDosEventLog(dosSketchLog, sessionBase, diffSession, profileId, STATIC_CONDITION_TYPE, SESSIONS_TAG);
System.out.println(result); System.out.println(result);
}else if (diffPktPercent >= diffSessionPercent && diffPktPercent >= diffBitPercent){ }else if (diffPktPercent >= diffSessionPercent && diffPktPercent >= diffBitPercent){
profileId = dosDetectionThreshold.getProfile_id(); profileId = dosDetectionThreshold.getId();
result = getDosEventLog(dosSketchLog, pktBase, diffPkt,profileId, STATIC_CONDITION_TYPE, PACKETS_TAG); result = getDosEventLog(dosSketchLog, pktBase, diffPkt,profileId, STATIC_CONDITION_TYPE, PACKETS_TAG);
System.out.println(result); System.out.println(result);
}else if (diffBitPercent >= diffPktPercent && diffBitPercent >= diffSessionPercent){ }else if (diffBitPercent >= diffPktPercent && diffBitPercent >= diffSessionPercent){
profileId = dosDetectionThreshold.getProfile_id(); profileId = dosDetectionThreshold.getId();
result = getDosEventLog(dosSketchLog, bitBase, diffByte, profileId, STATIC_CONDITION_TYPE, BITS_TAG); result = getDosEventLog(dosSketchLog, bitBase, diffByte, profileId, STATIC_CONDITION_TYPE, BITS_TAG);
System.out.println(result); System.out.println(result);
} }