修复TSG-22710 DoS Event 基于静态敏感阈值输出的告警事件与判定条件不符feature/24.8

author: wangkuan <[email protected]> 2024-09-29 16:38:46 +0800
committer: wangkuan <[email protected]> 2024-09-29 16:38:46 +0800
commit: f49b8090a9490894950844116525dba33d55ac45 (patch)
tree: e7f1844e07a05aa6a48f01e664d4577a64c7839d
parent: 824d2c058f6400f17b064642ec708c23001151a3 (diff)
3 files changed, 13 insertions, 13 deletions
diff --git a/pom.xml b/pom.xml
index c68344a..149011b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.zdjizhi</groupId>
     <artifactId>flink-dos-detection</artifactId>
-    <version>24-09-25</version>
+    <version>24-09-29</version>
 
     <name>flink-dos-detection</name>
     <url>http://www.example.com</url>
@@ -80,7 +80,7 @@
                         </goals>
 
                         <configuration>
-                            <finalName>flink-dos-detection-24-09-25</finalName>
+                            <finalName>flink-dos-detection-24-09-29</finalName>
                             <relocations>
                                 <relocation>
                                     <pattern>org.apache.http</pattern>
diff --git a/src/main/java/com/zdjizhi/function/DosDetectionFunction.java b/src/main/java/com/zdjizhi/function/DosDetectionFunction.java
index 9db50b9..798a472 100644
--- a/src/main/java/com/zdjizhi/function/DosDetectionFunction.java
+++ b/src/main/java/com/zdjizhi/function/DosDetectionFunction.java
@@ -101,19 +101,19 @@ public class DosDetectionFunction extends ProcessFunction<DosSketchLog, DosEvent
 
 
     private DosEventLog getDosEventLogBySensitivityThreshold(DosSketchLog value) {
-        long sketchSessions = value.getSessions();
+        long sketchSessionsRate = value.getSession_rate();
         Integer staticSensitivityThreshold = configuration.get(STATIC_SENSITIVITY_THRESHOLD);
-        long diff = sketchSessions - staticSensitivityThreshold;
+        long diff = sketchSessionsRate - staticSensitivityThreshold;
         return getDosEventLog(value, staticSensitivityThreshold, diff, 0, SENSITIVITY_CONDITION_TYPE, SESSIONS_TAG);
     }
 
     private DosEventLog getDosEventLogByBaseline(DosSketchLog value, String key) {
         String attackType = value.getAttack_type();
-        long sketchSessions = value.getSessions();
+        long sketchSessionsRate = value.getSession_rate();
         DosBaselineThreshold dosBaselineThreshold = baselineMap.get(key).get(attackType);
-        Integer base = getBaseValue(dosBaselineThreshold, value);
-        long diff = sketchSessions - base;
-        return getDosEventLog(value, base, diff, 0, BASELINE_CONDITION_TYPE, SESSIONS_TAG);
+        Integer baseSessionRate = getBaseValue(dosBaselineThreshold, value);
+        long diff = sketchSessionsRate - baseSessionRate;
+        return getDosEventLog(value, baseSessionRate, diff, 0, BASELINE_CONDITION_TYPE, SESSIONS_TAG);
     }
 
     private DosEventLog getDosEventLog(DosSketchLog value, long base, long diff, long profileId, int type, String tag) {
@@ -127,7 +127,7 @@ public class DosDetectionFunction extends ProcessFunction<DosSketchLog, DosEvent
             if (severity != Severity.NORMAL) {
                 if (type == BASELINE_CONDITION_TYPE && percent < configuration.get(BASELINE_SENSITIVITY_THRESHOLD)) {
                     logger.debug("当前server IP:{},类型:{},基线值{}百分比{}未超过基线敏感阈值,日志详情\n{}", destinationIp, attackType, base, percent, value);
-                } else if ((type == BASELINE_CONDITION_TYPE || type == SENSITIVITY_CONDITION_TYPE) && value.getSessions() < staticSensitivityThreshold) {
+                } else if ((type == BASELINE_CONDITION_TYPE || type == SENSITIVITY_CONDITION_TYPE) && value.getSession_rate() < staticSensitivityThreshold) {
                     logger.debug("当前server IP:{},类型:{},基线值{}百分比{}未超过静态敏感阈值,日志详情\n{}", destinationIp, attackType, base, percent, value);
                 } else {
                     result = getResult(value, base, profileId, severity, percent, type, tag);
@@ -155,7 +155,7 @@ public class DosDetectionFunction extends ProcessFunction<DosSketchLog, DosEvent
         dosEventLog.setAttack_type(value.getAttack_type());
         if(base != 0) {
             dosEventLog.setSeverity(severity.severity);
-            dosEventLog.setConditions(getConditions(PERCENT_INSTANCE.format(percent), base, value.getSessions(), type, tag, dosEventLog));
+            dosEventLog.setConditions(getConditions(PERCENT_INSTANCE.format(percent), base, value.getSession_rate(), type, tag, dosEventLog));
         }
         else{
             dosEventLog.setSeverity(severity.severity);
diff --git a/src/test/java/com/zdjizhi/etl/DosDetectionTest.java b/src/test/java/com/zdjizhi/etl/DosDetectionTest.java
index 97b2384..2a78eeb 100644
--- a/src/test/java/com/zdjizhi/etl/DosDetectionTest.java
+++ b/src/test/java/com/zdjizhi/etl/DosDetectionTest.java
@@ -56,7 +56,7 @@ public class DosDetectionTest {
         long pktBase=dosDetectionThreshold.getPackets_per_sec();
         long bitBase=dosDetectionThreshold.getBits_per_sec();
         //基于速率进行计算
-        long diffSession = dosSketchLog.getSessions() - sessionBase;
+        long diffSession = dosSketchLog.getSession_rate() - sessionBase;
         long diffPkt = dosSketchLog.getPkts() - pktBase;
         long diffByte = dosSketchLog.getBytes() - bitBase;
 
@@ -94,7 +94,7 @@ public class DosDetectionTest {
             if (severity != Severity.NORMAL) {
                 if (type == BASELINE_CONDITION_TYPE && percent < 0.2) {
 //                    logger.debug("当前server IP:{},类型:{},基线值{}百分比{}未超过基线敏感阈值,日志详情\n{}", destinationIp, attackType, base, percent, value);
-                }else if ((type == BASELINE_CONDITION_TYPE || type == SENSITIVITY_CONDITION_TYPE) && value.getSessions() < staticSensitivityThreshold){
+                }else if ((type == BASELINE_CONDITION_TYPE || type == SENSITIVITY_CONDITION_TYPE) && value.getSession_rate() < staticSensitivityThreshold){
 //                    logger.debug("当前server IP:{},类型:{},基线值{}百分比{}未超过静态敏感阈值,日志详情\n{}",destinationIp, attackType, base, percent, value);
                 }else {
                     result = getResult(value, base, profileId, severity, percent+1, type, tag);
@@ -121,7 +121,7 @@ public class DosDetectionTest {
         dosEventLog.setAttack_type(value.getAttack_type());
         dosEventLog.setSeverity(severity.severity);
 //        dosEventLog.setConditions(getConditions(PERCENT_INSTANCE.format(percent), base, value.getSketch_sessions(), type, tag));
-        dosEventLog.setConditions(getConditions(percent, base, value.getSessions(), type, tag,dosEventLog));
+        dosEventLog.setConditions(getConditions(percent, base, value.getSession_rate(), type, tag,dosEventLog));
         dosEventLog.setDestination_ip(value.getServer_ip());
 //        dosEventLog.setDestination_country(IpUtils.ipLookup.countryLookup(value.getDestination_ip()));
         String ipList = value.getClient_ip();
author	wangkuan <[email protected]>	2024-09-29 16:38:46 +0800
committer	wangkuan <[email protected]>	2024-09-29 16:38:46 +0800
commit	f49b8090a9490894950844116525dba33d55ac45 (patch)
tree	e7f1844e07a05aa6a48f01e664d4577a64c7839d
parent	824d2c058f6400f17b064642ec708c23001151a3 (diff)