新增命中静态阈值后填充Profile IDtsg-23.04

author: unknown <[email protected]> 2023-04-03 17:35:36 +0800
committer: unknown <[email protected]> 2023-04-03 17:35:36 +0800
commit: d8b0a7637b12fd31135467e60e58f6fbf399dcd2 (patch)
tree: 2c4db15b731bec266539a853c67a879f16c31219
parent: b56a2ec31e0b98a8dec3ac2dbf2dcfb0dcd46caa (diff)
3 files changed, 25 insertions, 11 deletions
diff --git a/src/main/java/com/zdjizhi/common/DosDetectionThreshold.java b/src/main/java/com/zdjizhi/common/DosDetectionThreshold.java
index bfcda1d..401673a 100644
--- a/src/main/java/com/zdjizhi/common/DosDetectionThreshold.java
+++ b/src/main/java/com/zdjizhi/common/DosDetectionThreshold.java
@@ -9,7 +9,7 @@ import java.util.Objects;
  * @author wlh
  */
 public class DosDetectionThreshold implements Serializable {
-    private String profileId;
+    private long profileId;
     private String attackType;
     private ArrayList<String> serverIpList;
     private String serverIpAddr;
@@ -20,11 +20,11 @@ public class DosDetectionThreshold implements Serializable {
     private int vsysId;
     private Integer[] superiorIds;
 
-    public String getProfileId() {
+    public long getProfileId() {
         return profileId;
     }
 
-    public void setProfileId(String profileId) {
+    public void setProfileId(long profileId) {
         this.profileId = profileId;
     }
 
diff --git a/src/main/java/com/zdjizhi/common/DosEventLog.java b/src/main/java/com/zdjizhi/common/DosEventLog.java
index c901076..6ea1f1d 100644
--- a/src/main/java/com/zdjizhi/common/DosEventLog.java
+++ b/src/main/java/com/zdjizhi/common/DosEventLog.java
@@ -8,6 +8,7 @@ public class DosEventLog implements Serializable,Cloneable {
     private int vsys_id;
     private long start_time;
     private long end_time;
+    private long profile_id;
     private String attack_type;
     private String severity;
     private String conditions;
@@ -51,6 +52,14 @@ public class DosEventLog implements Serializable,Cloneable {
         this.end_time = end_time;
     }
 
+    public long getProfile_id() {
+        return profile_id;
+    }
+
+    public void setProfile_id(long profile_id) {
+        this.profile_id = profile_id;
+    }
+
     public String getAttack_type() {
         return attack_type;
     }
@@ -138,6 +147,7 @@ public class DosEventLog implements Serializable,Cloneable {
                 ", vsys_id=" + vsys_id +
                 ", start_time=" + start_time +
                 ", end_time=" + end_time +
+                ", profile_id=" + profile_id +
                 ", attack_type='" + attack_type + '\'' +
                 ", severity='" + severity + '\'' +
                 ", conditions='" + conditions + '\'' +
diff --git a/src/main/java/com/zdjizhi/etl/DosDetection.java b/src/main/java/com/zdjizhi/etl/DosDetection.java
index 5d5ce85..9c66bcf 100644
--- a/src/main/java/com/zdjizhi/etl/DosDetection.java
+++ b/src/main/java/com/zdjizhi/etl/DosDetection.java
@@ -107,7 +107,7 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<Stri
         long sketchSessions = value.getSketch_sessions();
         Integer staticSensitivityThreshold = NacosUtils.getIntProperty("static.sensitivity.threshold");
         long diff = sketchSessions - staticSensitivityThreshold;
-        return getDosEventLog(value, staticSensitivityThreshold, diff, SENSITIVITY_CONDITION_TYPE, SESSIONS_TAG);
+        return getDosEventLog(value, staticSensitivityThreshold, diff,0, SENSITIVITY_CONDITION_TYPE, SESSIONS_TAG);
     }
 
     private DosEventLog getDosEventLogByBaseline(DosSketchLog value,String key) {
@@ -116,21 +116,24 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<Stri
         DosBaselineThreshold dosBaselineThreshold = baselineMap.get(key).get(attackType);
         Integer base = getBaseValue(dosBaselineThreshold, value);
         long diff = sketchSessions - base;
-        return getDosEventLog(value, base, diff, BASELINE_CONDITION_TYPE, SESSIONS_TAG);
+        return getDosEventLog(value, base, diff, 0,BASELINE_CONDITION_TYPE, SESSIONS_TAG);
     }
 
     private DosEventLog getDosEventLogByStaticThreshold(DosSketchLog value, DosDetectionThreshold threshold) throws CloneNotSupportedException {
         long base = threshold.getSessionsPerSec();
         long diff = value.getSketch_sessions() - base;
-        DosEventLog result = getDosEventLog(value, base, diff, STATIC_CONDITION_TYPE, SESSIONS_TAG);
+        long profileId = threshold.getProfileId();
+        DosEventLog result = getDosEventLog(value, base, diff, profileId, STATIC_CONDITION_TYPE, SESSIONS_TAG);
         if (result == null) {
             base = threshold.getPacketsPerSec();
             diff = value.getSketch_packets() - base;
-            result = getDosEventLog(value, base, diff, STATIC_CONDITION_TYPE, PACKETS_TAG);
+            profileId = threshold.getProfileId();
+            result = getDosEventLog(value, base, diff,profileId, STATIC_CONDITION_TYPE, PACKETS_TAG);
             if (result == null) {
                 base = threshold.getBitsPerSec();
                 diff = value.getSketch_bytes() - base;
-                result = getDosEventLog(value, base, diff, STATIC_CONDITION_TYPE, BITS_TAG);
+                profileId=threshold.getProfileId();
+                result = getDosEventLog(value, base, diff, profileId, STATIC_CONDITION_TYPE, BITS_TAG);
             }
         }
         /*
@@ -151,7 +154,7 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<Stri
         return result;
     }
 
-    private DosEventLog getDosEventLog(DosSketchLog value, long base, long diff, int type, String tag) {
+    private DosEventLog getDosEventLog(DosSketchLog value, long base, long diff, long profileId, int type, String tag) {
         DosEventLog result = null;
         String destinationIp = value.getDestination_ip();
         String attackType = value.getAttack_type();
@@ -165,7 +168,7 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<Stri
                 }else if ((type == BASELINE_CONDITION_TYPE || type == SENSITIVITY_CONDITION_TYPE) && value.getSketch_sessions() < staticSensitivityThreshold){
                     logger.debug("当前server IP:{},类型:{},基线值{}百分比{}未超过静态敏感阈值,日志详情\n{}",destinationIp, attackType, base, percent, value);
                 }else {
-                    result = getResult(value, base, severity, percent+1, type, tag);
+                    result = getResult(value, base, profileId, severity, percent+1, type, tag);
                     if (type == SENSITIVITY_CONDITION_TYPE){
                         result.setSeverity(Severity.MAJOR.severity);
                     }
@@ -178,12 +181,13 @@ public class DosDetection extends BroadcastProcessFunction<DosSketchLog,Map<Stri
         return result;
     }
 
-    private DosEventLog getResult(DosSketchLog value, long base, Severity severity, double percent, int type, String tag) {
+    private DosEventLog getResult(DosSketchLog value, long base, long profileId, Severity severity, double percent, int type, String tag) {
         DosEventLog dosEventLog = new DosEventLog();
         dosEventLog.setLog_id(SnowflakeId.generateId());
         dosEventLog.setVsys_id(value.getVsys_id());
         dosEventLog.setStart_time(value.getSketch_start_time());
         dosEventLog.setEnd_time(value.getSketch_start_time() + value.getSketch_duration());
+        dosEventLog.setProfile_id(profileId);
         dosEventLog.setAttack_type(value.getAttack_type());
         dosEventLog.setSeverity(severity.severity);
         dosEventLog.setConditions(getConditions(PERCENT_INSTANCE.format(percent), base, value.getSketch_sessions(), type, tag));
author	unknown <[email protected]>	2023-04-03 17:35:36 +0800
committer	unknown <[email protected]>	2023-04-03 17:35:36 +0800
commit	d8b0a7637b12fd31135467e60e58f6fbf399dcd2 (patch)
tree	2c4db15b731bec266539a853c67a879f16c31219
parent	b56a2ec31e0b98a8dec3ac2dbf2dcfb0dcd46caa (diff)