fix:Profile ID recognition error（TSG-19499）

2024-02-28 16:58:15 +08:00
parent 046b7fea80
commit fae16e5804
5 changed files with 31 additions and 32 deletions
--- a/src/main/java/com/zdjizhi/common/DosDetectionThreshold.java
+++ b/src/main/java/com/zdjizhi/common/DosDetectionThreshold.java
@@ -3,29 +3,28 @@ package com.zdjizhi.common;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Objects;

 /**
 * @author wlh
 */
 public class DosDetectionThreshold implements Serializable {
-    private long profile_id;
+    private long id;
    private String attack_type;
    private ArrayList<String> server_ip_list;
    private String server_ip_addr;
    private long packets_per_sec;
    private long bits_per_sec;
    private long sessions_per_sec;
-    private int is_valid;
+    private int is_enabled;
    private int vsys_id;
    private Integer[] superior_ids;

-    public long getProfile_id() {
-        return profile_id;
+    public long getId() {
+        return id;
    }

-    public void setProfile_id(long profile_id) {
-        this.profile_id = profile_id;
+    public void setId(long id) {
+        this.id = id;
    }

    public String getAttack_type() {
@@ -76,12 +75,12 @@ public class DosDetectionThreshold implements Serializable {
        this.sessions_per_sec = sessions_per_sec;
    }

-    public int getIs_valid() {
-        return is_valid;
+    public int getIs_enabled() {
+        return is_enabled;
    }

-    public void setIs_valid(int is_valid) {
-        this.is_valid = is_valid;
+    public void setIs_enabled(int is_enabled) {
+        this.is_enabled = is_enabled;
    }

    public int getVsys_id() {
@@ -103,14 +102,14 @@ public class DosDetectionThreshold implements Serializable {
    @Override
    public String toString() {
        return "DosDetectionThreshold{" +
-                "profile_id=" + profile_id +
+                "id=" + id +
                ", attack_type='" + attack_type + '\'' +
                ", server_ip_list=" + server_ip_list +
                ", server_ip_addr='" + server_ip_addr + '\'' +
                ", packets_per_sec=" + packets_per_sec +
                ", bits_per_sec=" + bits_per_sec +
                ", sessions_per_sec=" + sessions_per_sec +
-                ", is_valid=" + is_valid +
+                ", is_enabled=" + is_enabled +
                ", vsys_id=" + vsys_id +
                ", superior_ids=" + Arrays.toString(superior_ids) +
                '}';
--- a/src/main/java/com/zdjizhi/function/DosDetectionFunction.java
+++ b/src/main/java/com/zdjizhi/function/DosDetectionFunction.java
@@ -184,13 +184,13 @@ public class DosDetectionFunction extends ProcessFunction<DosSketchLog, DosEvent
        DosEventLog result = null;

        if (diffSessionPercent >= diffPktPercent && diffSessionPercent >= diffBitPercent) {
-            profileId = threshold.getProfile_id();
+            profileId = threshold.getId();
            result = getDosEventLog(value, sessionBase, diffSession, profileId, STATIC_CONDITION_TYPE, SESSIONS_TAG);
        } else if (diffPktPercent >= diffSessionPercent && diffPktPercent >= diffBitPercent) {
-            profileId = threshold.getProfile_id();
+            profileId = threshold.getId();
            result = getDosEventLog(value, pktBase, diffPkt, profileId, STATIC_CONDITION_TYPE, PACKETS_TAG);
        } else if (diffBitPercent >= diffPktPercent && diffBitPercent >= diffSessionPercent) {
-            profileId = threshold.getProfile_id();
+            profileId = threshold.getId();
            result = getDosEventLog(value, bitBase, diffByte, profileId, STATIC_CONDITION_TYPE, BITS_TAG);
        }
        return result;
--- a/src/main/resources/detection_dos_attack.properties
+++ b/src/main/resources/detection_dos_attack.properties
@@ -1,5 +1,5 @@
 source.kafka.topic=DOS-SKETCH-RECORD
-source.kafka.props.bootstrap.servers=192.168.45.102:9094
+source.kafka.props.bootstrap.servers=192.168.44.12:9094
 source.kafka.props.group.id=dos-detection-job-20240116
 source.kafka.props.session.timeout.ms=60000
 source.kafka.props.max.poll.records=5000
@@ -11,7 +11,7 @@ source.kafka.props.sasl.jaas.config=org.apache.kafka.common.security.plain.Plain
 #kafka sink
 kafka.sink.event.topic.name=DOS-EVENT
 kafka.sink.metric.topic=TRAFFIC-TOP-DESTINATION-IP-METRIC
-sink.kafka.props.bootstrap.servers=192.168.45.102:9094
+sink.kafka.props.bootstrap.servers=192.168.44.12:9094
 sink.kafka.props.security.protocol=SASL_PLAINTEXT
 sink.kafka.props.sasl.mechanism=PLAIN
 sink.kafka.props.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="galaxy2019";
@@ -24,13 +24,16 @@ sink.kafka.props.buffer.memory=134217728
 sink.kafka.props.max.request.size=10485760
 sink.kafka.props.compression.type=snappy

-#zookeeper地址
-hbase.zookeeper.quorum=192.168.45.102:2181

-flink.watermark.max.orderness=300
+ip.user.defined.kd.id=dasdasdsad
+
+#zookeeper地址
+hbase.zookeeper.quorum=192.168.44.12:2181
+
+flink.watermark.max.orderness=30

 #计算窗口大小，默认600s
-flink.window.max.time=600
+flink.window.max.time=60

 #cm服务访问地址
 bifang.server.uri=http://192.168.44.3
@@ -46,6 +49,3 @@ baseline.sessions.warning.threshold=1
 baseline.sessions.major.threshold=2.5
 baseline.sessions.severe.threshold=5
 baseline.sessions.critical.threshold=8
-
-
-
--- a/src/test/java/com/zdjizhi/etl/DosDetectionTest.java
+++ b/src/test/java/com/zdjizhi/etl/DosDetectionTest.java
@@ -32,13 +32,13 @@ public class DosDetectionTest {
        serverIpList.add("192.168.50.1/24");
        serverIpList.add("FC::12:0:0/54");
        serverIpList.add("FC::12:0:0");
-        dosDetectionThreshold.setProfile_id(4437);
+        dosDetectionThreshold.setId(4437);
        dosDetectionThreshold.setAttack_type("DNS Flood");
        dosDetectionThreshold.setServer_ip_list(serverIpList);
        dosDetectionThreshold.setSessions_per_sec(1);
        dosDetectionThreshold.setPackets_per_sec(1);
        dosDetectionThreshold.setBits_per_sec(100000);
-        dosDetectionThreshold.setIs_valid(1);
+        dosDetectionThreshold.setIs_enabled(1);
        dosDetectionThreshold.setSuperior_ids(new Integer[]{5,4,12,27});


@@ -67,15 +67,15 @@ public class DosDetectionTest {
        long profileId = 0;
        DosEventLog result =null;
        if (diffSessionPercent >= diffPktPercent && diffSessionPercent >= diffBitPercent){
-            profileId = dosDetectionThreshold.getProfile_id();
+            profileId = dosDetectionThreshold.getId();
            result= getDosEventLog(dosSketchLog, sessionBase, diffSession, profileId, STATIC_CONDITION_TYPE, SESSIONS_TAG);
            System.out.println(result);
        }else if (diffPktPercent >= diffSessionPercent && diffPktPercent >= diffBitPercent){
-            profileId = dosDetectionThreshold.getProfile_id();
+            profileId = dosDetectionThreshold.getId();
            result = getDosEventLog(dosSketchLog, pktBase, diffPkt,profileId, STATIC_CONDITION_TYPE, PACKETS_TAG);
            System.out.println(result);
        }else if (diffBitPercent >= diffPktPercent && diffBitPercent >= diffSessionPercent){
-            profileId = dosDetectionThreshold.getProfile_id();
+            profileId = dosDetectionThreshold.getId();
            result = getDosEventLog(dosSketchLog, bitBase, diffByte, profileId, STATIC_CONDITION_TYPE, BITS_TAG);
            System.out.println(result);
        }