Add/Fix: 更新Kafka Topic 为 DOS-SKETCH-TOP-SERVER-IP; 增加Attack Type: NTP Flood

src/main/java/cn/mesalab/config/ApplicationConfig.java

@@ -31,6 +31,7 @@ public class ApplicationConfig {
     public static final String DRUID_ATTACKTYPE_UDP_FLOOD = ConfigUtils.getStringProperty("druid.attacktype.udpflood");
     public static final String DRUID_ATTACKTYPE_ICMP_FLOOD = ConfigUtils.getStringProperty("druid.attacktype.icmpflood");
     public static final String DRUID_ATTACKTYPE_DNS_AMPL = ConfigUtils.getStringProperty("druid.attacktype.dnsamplification");
+    public static final String DRUID_ATTACKTYPE_NTP_FLOOD = ConfigUtils.getStringProperty("druid.attacktype.ntpflood");
     public static final String DRUID_SERVERIP_COLUMN_NAME = ConfigUtils.getStringProperty("druid.columnname.serverip");
     public static final String DRUID_VSYSID_COLUMN_NAME = ConfigUtils.getStringProperty("druid.columnname.vsysid");
     public static final String DRUID_ATTACKTYPE_COLUMN_NAME = ConfigUtils.getStringProperty("druid.columnname.attacktype");

src/main/java/cn/mesalab/service/BaselineGeneration.java

@@ -23,7 +23,8 @@ public class BaselineGeneration {
             ApplicationConfig.DRUID_ATTACKTYPE_TCP_SYN_FLOOD,
             ApplicationConfig.DRUID_ATTACKTYPE_ICMP_FLOOD,
             ApplicationConfig.DRUID_ATTACKTYPE_UDP_FLOOD,
-            ApplicationConfig.DRUID_ATTACKTYPE_DNS_AMPL
+            ApplicationConfig.DRUID_ATTACKTYPE_DNS_AMPL,
+            ApplicationConfig.DRUID_ATTACKTYPE_NTP_FLOOD
             );
     private static final Integer BASELINE_POINT_NUM =
             ApplicationConfig.BASELINE_RANGE_DAYS * 24 * (60/ApplicationConfig.HISTORICAL_GRAD);

src/main/resources/application.properties

@@ -1,15 +1,12 @@
 ############## 数据库配置 ###############
 ##########################################
 #Druid配置
-#druid.url=jdbc:avatica:remote:url=http://10.111.200.180:8089/druid/v2/sql/avatica/
-# test
-druid.url=jdbc:avatica:remote:url=http://192.168.44.12:8082/druid/v2/sql/avatica/
+druid.url=jdbc:avatica:remote:url=http://192.168.44.12:8089/druid/v2/sql/avatica/
 druid.driver=org.apache.calcite.avatica.remote.Driver
-druid.table=traffic_top_destination_ip_metrics_log
+druid.table=dos_sketch_top_server_ip
 
 #HBase配置
 hbase.table=dos:ddos_traffic_baselines
-#hbase.zookeeper.quorum=10.111.200.165,10.111.200.166,10.111.200.167,10.111.200.168,10.111.200.169
 hbase.zookeeper.quorum=192.168.44.12
 hbase.zookeeper.client.port=2181
 
@@ -20,14 +17,15 @@ hbase.zookeeper.client.port=2181
 # 0：读取默认范围天数read.historical.days；
 # 1：指定时间范围
 read.druid.time.limit.type=1
-read.druid.min.time=1663430400000
-read.druid.max.time=1663603200000
+read.druid.min.time=1711522800000
+read.druid.max.time=1711526400000
 
 #Druid字段映射
 druid.attacktype.tcpsynflood=TCP SYN Flood
 druid.attacktype.udpflood=UDP Flood
 druid.attacktype.icmpflood=ICMP Flood
 druid.attacktype.dnsamplification=DNS Flood
+druid.attacktype.ntpflood=NTP Flood
 druid.columnname.serverip=destination_ip
 druid.columnname.vsysid=vsys_id
 druid.columnname.attacktype=attack_type
@@ -43,7 +41,7 @@ hbase.baseline.zero.replace.value.suffix=default_value
 
 #数据情况
 #读取历史N天数据，最小值为3天（需要判断周期性）
-read.historical.days=3
+read.historical.days=30
 #历史数据汇聚粒度为10分钟
 historical.grad=10
 # 数据库Time格式
@@ -77,9 +75,9 @@ monitor.frequency.bin.num=100
 ##########################################
 ################ 并发参数 #################
 ##########################################
-all.partition.num=10
-core.pool.size=10
-max.pool.size=10
+all.partition.num=1
+core.pool.size=1
+max.pool.size=1
 #druid分区字段partition_num的最大值为9999
 druid.statement.query.timeout=36000
 druid.partition.num.max=10000