恶意登录监控的CEP实现

文章目录


恶意登录监控的CEP实现
前提链接,那里是第一种实现方式
注意事项:正确导入Map的包

import org.apache.flink.cep.scala.{CEP, PatternStream}
import org.apache.flink.cep.scala.pattern.Pattern
import org.apache.flink.streaming.api.scala._
import org.apache.flink.streaming.api.TimeCharacteristic
import org.apache.flink.streaming.api.functions.timestamps.BoundedOutOfOrdernessTimestampExtractor
import org.apache.flink.streaming.api.scala.StreamExecutionEnvironment
import org.apache.flink.streaming.api.windowing.time.Time

import scala.collection.Map
 /**
 * 恶意登录监控
   1.基本需求
        用户在短时间内频繁登录失败,有程序恶意攻击的可能
        同一用户(可以是不同IP)在2秒内连续两次登录失败,需要报警
    2.解决思路
        将用户的登录失败行为存入ListState,设定定时器2秒后触发,查看ListState中有几次失败登录
        更加精确的检测,可以使用CEP库实现事件流的模式匹配
 * @return ${return}
 * @author fujiwen
 */
object LoginFailWithCEP {
        def main(args: Array[String]): Unit = {
                val env: StreamExecutionEnvironment = 
                	StreamExecutionEnvironment.getExecutionEnvironment
                env.setStreamTimeCharacteristic(TimeCharacteristic.EventTime)
                env.setParallelism(1)
        
                val dataStream: DataStream[LoginEvent] = env.fromCollection(List(
                        LoginEvent(1, "192.168.0.1", "fail", 1558430842),
                        LoginEvent(1, "192.168.0.2", "fail", 1558430843),
                        LoginEvent(1, "192.168.0.3", "fail", 1558430844),
                        LoginEvent(1, "192.168.0.1", "fail", 1558430845),
                        LoginEvent(1, "192.168.0.2", "fail", 1558430846),
                        LoginEvent(1, "192.168.0.3", "fail", 1558430847),
                        LoginEvent(1, "192.168.0.1", "fail", 1558430848),
                        LoginEvent(1, "192.168.0.2", "fail", 1558430849),
                        LoginEvent(1, "192.168.0.3", "fail", 1558430888),
                        LoginEvent(2, "192.168.10.10", "success", 1558430845)
                )).assignTimestampsAndWatermarks(
                        new BoundedOutOfOrdernessTimestampExtractor[LoginEvent](Time.milliseconds(1000)) {
                                override def extractTimestamp(t: LoginEvent): Long = t.eventTime * 1000
                        })
                //本次采用CEP实现
                //定义匹配模式,匹配2秒内连续失败的
                val loginFailPattern: Pattern[LoginEvent, LoginEvent] = Pattern
                        .begin[LoginEvent]("begin")
                        .where(_.eventType.equals("fail"))
                        .next("next")
                        .where(_.eventType.equals("fail"))
                        .within(Time.seconds(2))
                //定义匹配的数据流
                val patternStream: PatternStream[LoginEvent] = CEP
                	.pattern(dataStream.keyBy(_.userId), loginFailPattern)
                //注意事项导入正确的Map包
                patternStream.select((pattern: Map[String, Iterable[LoginEvent]]) => {
                        val first: LoginEvent = pattern.getOrElse("begin", null).iterator.next()
                        val second: LoginEvent = pattern.getOrElse("next", null).iterator.next()
                        (second.userId, second.ip, second.eventType)
                }).print()
                env.execute("Login Fail Test")
        }
}
//case class LoginEvent(userId: Long, ip: String, eventType: String, eventTime: Long)
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值