├── docker
    ├── data
    │   └── logFilePaths
    ├── X2Stream.jar
    ├── dbmanager-entrypoint.sh
    ├── Dockerfile.file2stream
    ├── anomalies.sql
    ├── Dockerfile.mysql
    ├── Dockerfile.dbserver
    ├── Dockerfile.logflash
    ├── build.sh
    ├── wait-for.sh
    ├── docker-compose.yml
    ├── docker-entrypoint.sh
    └── resources
    │   └── config.properties
├── src
    └── main
    │   ├── java
    │       ├── humanfeedback
    │       │   ├── FeedBackMonitor.java
    │       │   ├── FeedBackFalseAlarms.java
    │       │   ├── SuspiciousRegion.java
    │       │   ├── TuningRegion.java
    │       │   └── SuspiciousRegionMonitor.java
    │       ├── TCFGmodel
    │       │   ├── FileUtil.java
    │       │   ├── TCFG.java
    │       │   ├── TCFGConstructor.java
    │       │   ├── ShareMemory.java
    │       │   └── TCFGUtil.java
    │       ├── modelconstruction
    │       │   ├── MatrixUpdater.java
    │       │   ├── MatrixUpdaterMode1.java
    │       │   ├── MatrixUpdaterMode3.java
    │       │   ├── MatrixTriple.java
    │       │   ├── MetricsMonitoring.java
    │       │   ├── IndenpendencyFilter.java
    │       │   ├── TransferParamMatrix.java
    │       │   └── MatrixUpdaterMode2.java
    │       ├── workflow
    │       │   ├── WorkFlow.java
    │       │   ├── Config.java
    │       │   ├── WorkFlowMode1.java
    │       │   ├── WatermarkGenerator.java
    │       │   ├── WorkFlowMode2.java
    │       │   ├── Controller.java
    │       │   └── CommandListener.java
    │       ├── faultdiagnosis
    │       │   ├── FaultDiagnosis.java
    │       │   ├── FaultDiagnosisMode3.java
    │       │   ├── Anomaly.java
    │       │   ├── FaultDiagnosisMode1.java
    │       │   └── FaultDiagnosisMode2.java
    │       ├── templatemining
    │       │   ├── LogCluster.java
    │       │   ├── Node.java
    │       │   ├── Parse.java
    │       │   └── LogParser.java
    │       ├── dao
    │       │   ├── AnomalyJSON.java
    │       │   └── MysqlUtil.java
    │       └── Entrance.java
    │   └── resources
    │       ├── log4j.properties
    │       └── config.properties
├── README.md
└── pom.xml


/docker/data/logFilePaths:
--------------------------------------------------------------------------------
1 | /data/adc-06-04-2019-2_20k


--------------------------------------------------------------------------------
/docker/X2Stream.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jia-tong-FINE/LogFlash/HEAD/docker/X2Stream.jar


--------------------------------------------------------------------------------
/docker/dbmanager-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | sh /wait-for.sh mysql:3306
3 | java -jar /opt/logflashdb.jar


--------------------------------------------------------------------------------
/docker/Dockerfile.file2stream:
--------------------------------------------------------------------------------
1 | FROM openjdk:11.0.7-jre-slim
2 | ADD X2Stream.jar /opt
3 | CMD ["java", "-jar", "/opt/X2Stream.jar"]


--------------------------------------------------------------------------------
/docker/anomalies.sql:
--------------------------------------------------------------------------------
1 | DROP SCHEMA IF EXISTS anomalies;
2 | CREATE SCHEMA anomalies;
3 | USE anomalies;
4 | DROP TABLE IF EXISTS `anomaly_log`;
5 | 


--------------------------------------------------------------------------------
/src/main/java/humanfeedback/FeedBackMonitor.java:
--------------------------------------------------------------------------------
1 | package humanfeedback;
2 | 
3 | public interface FeedBackMonitor {
4 | 
5 |     void addToWhiteList(String eventID);
6 | 
7 | }
8 | 


--------------------------------------------------------------------------------
/docker/Dockerfile.mysql:
--------------------------------------------------------------------------------
 1 | FROM mysql
 2 | 
 3 | WORKDIR /
 4 | 
 5 | ENV MYSQL_ROOT_PASSWORD jt1118961
 6 | 
 7 | COPY ./anomalies.sql /docker-entrypoint-initdb.d
 8 | 
 9 | ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
10 | 
11 | CMD ["mysqld"]


--------------------------------------------------------------------------------
/docker/Dockerfile.dbserver:
--------------------------------------------------------------------------------
 1 | FROM openjdk:8-jre-alpine
 2 | ADD logflashdb.jar /opt
 3 | 
 4 | COPY dbmanager-entrypoint.sh /
 5 | COPY wait-for.sh /
 6 | Run chmod 775 /dbmanager-entrypoint.sh
 7 | Run chmod 775 /wait-for.sh
 8 | 
 9 | ENTRYPOINT ["/dbmanager-entrypoint.sh"]
10 | CMD ["--help"]


--------------------------------------------------------------------------------
/src/main/java/TCFGmodel/FileUtil.java:
--------------------------------------------------------------------------------
 1 | package TCFGmodel;
 2 | 
 3 | import java.io.File;
 4 | 
 5 | public class FileUtil {
 6 | 
 7 |     public static void CreateDir(String sp) {
 8 |         File file=new File(sp);
 9 |         if(!file.exists()){
10 |             file.mkdir();
11 |         }
12 |     }
13 | }
14 | 


--------------------------------------------------------------------------------
/src/main/java/modelconstruction/MatrixUpdater.java:
--------------------------------------------------------------------------------
 1 | package modelconstruction;
 2 | 
 3 | import org.apache.flink.api.java.tuple.Tuple7;
 4 | 
 5 | import java.util.List;
 6 | 
 7 | public interface MatrixUpdater {
 8 | 
 9 |     double calGradientForInfected(long a, long b, TransferParamMatrix c, List<Tuple7> d, long e, long f);
10 | 
11 |     double calGradientForUninfected(long a, long b, TransferParamMatrix c, List<Tuple7> d, long e);
12 | 
13 | 
14 | }
15 | 


--------------------------------------------------------------------------------
/src/main/java/workflow/WorkFlow.java:
--------------------------------------------------------------------------------
 1 | package workflow;
 2 | 
 3 | 
 4 | import org.apache.flink.api.java.utils.ParameterTool;
 5 | import org.apache.flink.streaming.api.datastream.DataStreamSource;
 6 | import org.apache.flink.streaming.api.environment.StreamExecutionEnvironment;
 7 | 
 8 | public interface WorkFlow {
 9 |     void workflow(StreamExecutionEnvironment env, DataStreamSource<String> dataStream, ParameterTool parameter) throws Exception;
10 | }
11 | 


--------------------------------------------------------------------------------
/src/main/java/workflow/Config.java:
--------------------------------------------------------------------------------
 1 | package workflow;
 2 | 
 3 | import java.util.HashMap;
 4 | import java.util.Map;
 5 | 
 6 | public class Config {
 7 |     public static Map<String, String> parameter;
 8 |     public static Map<String, Integer> valueStates = new HashMap<>();
 9 | 
10 |     static {
11 |         //reserve a flag for each valueState
12 |         valueStates.put("transferParamMatrix", 0);
13 |         valueStates.put("tcfgValueState", 0);
14 |         valueStates.put("parseTree", 0);
15 |     }
16 | }
17 | 


--------------------------------------------------------------------------------
/src/main/java/workflow/WorkFlowMode1.java:
--------------------------------------------------------------------------------
 1 | package workflow;
 2 | 
 3 | 
 4 | import org.apache.flink.api.java.utils.ParameterTool;
 5 | import org.apache.flink.streaming.api.datastream.DataStreamSource;
 6 | import org.apache.flink.streaming.api.environment.StreamExecutionEnvironment;
 7 | 
 8 | public class WorkFlowMode1 implements WorkFlow{
 9 |     @Override
10 |     public void workflow(StreamExecutionEnvironment env, DataStreamSource<String> dataStream, ParameterTool parameter) throws Exception{
11 | 
12 |     }
13 | }
14 | 


--------------------------------------------------------------------------------
/src/main/java/modelconstruction/MatrixUpdaterMode1.java:
--------------------------------------------------------------------------------
 1 | package modelconstruction;
 2 | 
 3 | import org.apache.flink.api.java.tuple.Tuple7;
 4 | import java.util.List;
 5 | 
 6 | 
 7 | public class MatrixUpdaterMode1 implements MatrixUpdater {
 8 | 
 9 |     @Override
10 |     public double calGradientForInfected(long a, long b, TransferParamMatrix c, List<Tuple7> d, long e, long f) {
11 |         return 0;
12 |     }
13 | 
14 |     @Override
15 |     public double calGradientForUninfected(long a, long b, TransferParamMatrix c, List<Tuple7> d, long e) {
16 |         return 0;
17 |     }
18 | }
19 | 


--------------------------------------------------------------------------------
/src/main/java/modelconstruction/MatrixUpdaterMode3.java:
--------------------------------------------------------------------------------
 1 | package modelconstruction;
 2 | 
 3 | import org.apache.flink.api.java.tuple.Tuple7;
 4 | 
 5 | import java.util.List;
 6 | 
 7 | 
 8 | public class MatrixUpdaterMode3 implements MatrixUpdater {
 9 | 
10 |     @Override
11 |     public double calGradientForInfected(long a, long b, TransferParamMatrix c, List<Tuple7> d, long e, long f) {
12 |         return 0;
13 |     }
14 | 
15 |     @Override
16 |     public double calGradientForUninfected(long a, long b, TransferParamMatrix c, List<Tuple7> d, long e) {
17 |         return 0;
18 |     }
19 | }
20 | 


--------------------------------------------------------------------------------
/src/main/java/humanfeedback/FeedBackFalseAlarms.java:
--------------------------------------------------------------------------------
 1 | package humanfeedback;
 2 | 
 3 | import faultdiagnosis.Anomaly;
 4 | import java.util.Queue;
 5 | import java.util.concurrent.LinkedBlockingQueue;
 6 | 
 7 | public class FeedBackFalseAlarms {
 8 | 
 9 |     private Queue<Anomaly> falseAlarms = new LinkedBlockingQueue<>();
10 | 
11 |     public Anomaly getAnomalyFromFalseAlarms() {
12 |         return falseAlarms.poll();
13 |     }
14 | 
15 |     public void addAnomalyToFalseAlarms(Anomaly anomaly) {
16 |         falseAlarms.offer(anomaly);
17 |     }
18 | 
19 |     public boolean isEmply() {
20 |         return falseAlarms.isEmpty();
21 |     }
22 | 
23 | 
24 | }
25 | 


--------------------------------------------------------------------------------
/src/main/java/faultdiagnosis/FaultDiagnosis.java:
--------------------------------------------------------------------------------
 1 | package faultdiagnosis;
 2 | 
 3 | import TCFGmodel.TCFG;
 4 | import org.apache.flink.api.java.tuple.Tuple7;
 5 | 
 6 | import java.util.List;
 7 | import java.util.Map;
 8 | 
 9 | public interface FaultDiagnosis {
10 | 
11 |     double calProbability(double ti, double tj, double alphaji, long timeWindow, long delta);
12 | 
13 |     double calProbabilityOfCurrentEntry(List<Tuple7> logList, Map<String, Map<String, Double>> paramMatrix, long timeWindow, long delta);
14 | 
15 |     List<Tuple7> detectSuspiciousRequest(TCFG tcfg, List<Tuple7> logList);
16 | 
17 |     Anomaly faultDiagnosisProcess (TCFG tcfg, List<Tuple7> tempList);
18 | }
19 | 


--------------------------------------------------------------------------------
/src/main/java/humanfeedback/SuspiciousRegion.java:
--------------------------------------------------------------------------------
 1 | package humanfeedback;
 2 | 
 3 | import faultdiagnosis.Anomaly;
 4 | import java.util.LinkedList;
 5 | import java.util.Queue;
 6 | 
 7 | public class SuspiciousRegion {
 8 | 
 9 |     public Queue<Anomaly> sequenceAnomalyQueue = new LinkedList<>();
10 |     public Queue<Anomaly> latencyAnomalyQueue = new LinkedList<>();
11 |     public Queue<Anomaly> redundancyAnomalyQueue = new LinkedList<>();
12 | 
13 |     public boolean isEmpty() {
14 |         if (sequenceAnomalyQueue.isEmpty() && latencyAnomalyQueue.isEmpty() && redundancyAnomalyQueue.isEmpty()) {
15 |             return true;
16 |         }
17 |         return false;
18 |     }
19 | 
20 | }
21 | 


--------------------------------------------------------------------------------
/src/main/java/modelconstruction/MatrixTriple.java:
--------------------------------------------------------------------------------
 1 | package modelconstruction;
 2 | 
 3 | public class MatrixTriple{
 4 | 
 5 |     double value;
 6 |     long timeWeight;
 7 | 
 8 | 
 9 |     public MatrixTriple(double value, long timeWeight) {
10 |         this.value = value;
11 |         this.timeWeight = timeWeight;
12 |     }
13 | 
14 | 
15 |     public void setValue(double value) {
16 |         this.value = value;
17 |     }
18 | 
19 |     public void setTimeWeight(long timeWeight) {
20 |         this.timeWeight = timeWeight;
21 |     }
22 | 
23 |     public double getValue() {
24 |         return value;
25 |     }
26 | 
27 |     public long getTimeWeight() {
28 |         return timeWeight;
29 |     }
30 | }
31 | 


--------------------------------------------------------------------------------
/src/main/java/templatemining/LogCluster.java:
--------------------------------------------------------------------------------
 1 | package templatemining;
 2 | 
 3 | import java.io.Serializable;
 4 | import java.util.List;
 5 | 
 6 | class LogCluster implements Serializable {
 7 |     public List<String> logTemplate;
 8 |     public String eventID;
 9 | 
10 |     public LogCluster() {
11 |     }
12 | 
13 |     LogCluster(List<String> logTemplate, String eventID) {
14 |         this.logTemplate = logTemplate;
15 |         this.eventID = eventID;
16 |     }
17 | 
18 |     List<String> getLogTemplate() {
19 |         return logTemplate;
20 |     }
21 | 
22 |     void setLogTemplate(List<String> logTemplate) {
23 |         this.logTemplate = logTemplate;
24 |     }
25 | 
26 |     String getEventID() {
27 |         return eventID;
28 |     }
29 | 
30 |     void setEventID(String eventID) {
31 |         this.eventID = eventID;
32 |     }
33 | }
34 | 


--------------------------------------------------------------------------------
/src/main/java/faultdiagnosis/FaultDiagnosisMode3.java:
--------------------------------------------------------------------------------
 1 | package faultdiagnosis;
 2 | 
 3 | import TCFGmodel.TCFG;
 4 | import org.apache.flink.api.java.tuple.Tuple7;
 5 | import java.util.List;
 6 | import java.util.Map;
 7 | 
 8 | public class FaultDiagnosisMode3 implements FaultDiagnosis{
 9 | 
10 | 
11 |     @Override
12 |     public double calProbability(double ti, double tj, double alphaji, long timeWindow, long delta) {
13 |         return 0;
14 |     }
15 | 
16 |     @Override
17 |     public double calProbabilityOfCurrentEntry(List<Tuple7> logList, Map<String, Map<String, Double>> paramMatrix, long timeWindow, long delta) {
18 |         return 0;
19 |     }
20 | 
21 |     @Override
22 |     public List<Tuple7> detectSuspiciousRequest(TCFG tcfg, List<Tuple7> logList) {
23 |         return null;
24 |     }
25 | 
26 |     @Override
27 |     public Anomaly faultDiagnosisProcess(TCFG tcfg, List<Tuple7> tempList) {
28 |         return null;
29 |     }
30 | }
31 | 


--------------------------------------------------------------------------------
/src/main/java/humanfeedback/TuningRegion.java:
--------------------------------------------------------------------------------
 1 | package humanfeedback;
 2 | 
 3 | import TCFGmodel.TCFGUtil;
 4 | import faultdiagnosis.Anomaly;
 5 | 
 6 | import java.util.ArrayList;
 7 | import java.util.LinkedList;
 8 | import java.util.List;
 9 | import java.util.Queue;
10 | 
11 | public class TuningRegion {
12 | 
13 |     Queue<Anomaly> anomalyQueue = new LinkedList<>();
14 |     List<String> eventWhiteList = new ArrayList<>();
15 | 
16 | 
17 |     public void addAnomalyToQueue(Anomaly e) {
18 |         anomalyQueue.offer(e);
19 |     }
20 | 
21 |     public Anomaly pollAnomalyFromQueue() {
22 |         return anomalyQueue.poll();
23 |     }
24 | 
25 |     public Anomaly showAnomalyFromQueue() {
26 |         return anomalyQueue.element();
27 |     }
28 | 
29 |     public void addEventToWhiteList(String eventID) {
30 |         eventWhiteList.add(eventID);
31 |     }
32 | 
33 |     public void deleteEventFromWhiteList(String eventID) {
34 |         eventWhiteList.remove(eventID);
35 |     }
36 | 
37 |     public boolean isEmpty() {
38 |         return anomalyQueue.isEmpty();
39 |     }
40 | 
41 |     public List<String> getEventWhiteList() {
42 |         return eventWhiteList;
43 |     }
44 | 
45 | }
46 | 


--------------------------------------------------------------------------------
/src/main/resources/log4j.properties:
--------------------------------------------------------------------------------
 1 | ################################################################################
 2 | #  Licensed to the Apache Software Foundation (ASF) under one
 3 | #  or more contributor license agreements.  See the NOTICE file
 4 | #  distributed with this work for additional information
 5 | #  regarding copyright ownership.  The ASF licenses this file
 6 | #  to you under the Apache License, Version 2.0 (the
 7 | #  "License"); you may not use this file except in compliance
 8 | #  with the License.  You may obtain a copy of the License at
 9 | #
10 | #      http://www.apache.org/licenses/LICENSE-2.0
11 | #
12 | #  Unless required by applicable law or agreed to in writing, software
13 | #  distributed under the License is distributed on an "AS IS" BASIS,
14 | #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | #  See the License for the specific language governing permissions and
16 | # limitations under the License.
17 | ################################################################################
18 | 
19 | log4j.rootLogger=INFO, console
20 | 
21 | log4j.appender.console=org.apache.log4j.ConsoleAppender
22 | log4j.appender.console.layout=org.apache.log4j.PatternLayout
23 | log4j.appender.console.layout.ConversionPattern=%d{HH:mm:ss,SSS} %-5p %c - %m%n


--------------------------------------------------------------------------------
/src/main/java/templatemining/Node.java:
--------------------------------------------------------------------------------
 1 | package templatemining;
 2 | 
 3 | import java.io.Serializable;
 4 | import java.util.ArrayList;
 5 | import java.util.HashMap;
 6 | import java.util.List;
 7 | import java.util.Map;
 8 | 
 9 | public class Node implements Serializable {
10 |     public int depth;
11 |     public Map<String, Node> childD;
12 |     public List<LogCluster> childLG;
13 |     public String digitOrtoken;
14 | 
15 |     public Node() {
16 |         childD = new HashMap<>();
17 |         childLG = new ArrayList<>();
18 |         depth = 0;
19 |     }
20 | 
21 |     Node(int depth, String digitOrtoken) {
22 |         childD = new HashMap<>();
23 |         childLG = new ArrayList<>();
24 |         this.depth = depth;
25 |         this.digitOrtoken = digitOrtoken;
26 |     }
27 | 
28 |     Map<String, Node> getChildD() {
29 |         return childD;
30 |     }
31 | 
32 |     List<LogCluster> getChildLG() {
33 |         return childLG;
34 |     }
35 | 
36 |     int getDepth() {
37 |         return depth;
38 |     }
39 | 
40 |     String getDigitOrtoken() {
41 |         return digitOrtoken;
42 |     }
43 | 
44 |     void setChildD(String seqLen, Node node) {
45 |         childD.put(seqLen, node);
46 |     }
47 | 
48 |     void setChildLG(LogCluster child) {
49 |         childLG.add(child);
50 |     }
51 | }
52 | 


--------------------------------------------------------------------------------
/docker/Dockerfile.logflash:
--------------------------------------------------------------------------------
 1 | FROM openjdk:8-jre-alpine
 2 | 
 3 | # Install requirements
 4 | RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories
 5 | RUN apk add bash snappy libc6-compat netcat-openbsd
 6 | 
 7 | # Flink environment variables
 8 | ENV FLINK_INSTALL_PATH=/opt
 9 | ENV FLINK_HOME $FLINK_INSTALL_PATH/flink
10 | ENV FLINK_LIB_DIR $FLINK_HOME/lib
11 | ENV FLINK_PLUGINS_DIR $FLINK_HOME/plugins
12 | ENV FLINK_OPT_DIR $FLINK_HOME/opt
13 | ENV FLINK_JOB_ARTIFACTS_DIR $FLINK_INSTALL_PATH/artifacts
14 | ENV FLINK_USR_LIB_DIR $FLINK_HOME/usrlib
15 | ENV PATH $PATH:$FLINK_HOME/bin
16 | 
17 | ARG flink_dist=NOT_SET
18 | ARG job_artifacts=NOT_SET
19 | 
20 | # Install build dependencies and flink
21 | ADD $flink_dist $FLINK_INSTALL_PATH/
22 | ADD $job_artifacts/* $FLINK_JOB_ARTIFACTS_DIR/
23 | 
24 | RUN set -x && \
25 |   ln -s $FLINK_INSTALL_PATH/flink-[0-9]* $FLINK_HOME && \
26 |   ln -s $FLINK_JOB_ARTIFACTS_DIR $FLINK_USR_LIB_DIR && \
27 |   addgroup -S flink && adduser -D -S -H -G flink -h $FLINK_HOME flink && \
28 |   chown -R flink:flink ${FLINK_INSTALL_PATH}/flink-* && \
29 |   chown -R flink:flink ${FLINK_JOB_ARTIFACTS_DIR}/ && \
30 |   chown -h flink:flink $FLINK_HOME
31 | 
32 | COPY docker-entrypoint.sh /
33 | COPY wait-for.sh /
34 | Run chmod 775 /docker-entrypoint.sh
35 | Run chmod 775 /wait-for.sh
36 | 
37 | USER flink
38 | EXPOSE 8081 6123 30822 30833
39 | ENTRYPOINT ["/docker-entrypoint.sh"]
40 | CMD ["--help"]


--------------------------------------------------------------------------------
/docker/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | usage() {
 3 |   cat <<EOF
 4 | Usage:
 5 |   build.sh --job-artifacts <comma-separated-paths-to-job-artifacts> --flink-path <path-to-flink> [--image-name <image>]
 6 |   build.sh --help
 7 |   If the --image-name flag is not used the built image name will be 'flink-job'.
 8 | EOF
 9 |   exit 1
10 | }
11 | 
12 | while [[ $# -ge 1 ]]; do
13 |   key="$1"
14 |   case $key in
15 |   --job-artifacts)
16 |     JOB_ARTIFACTS_PATH="$2"
17 |     shift
18 |     ;;
19 |   --flink-path)
20 |     FLINK_PATH="$2"
21 |     shift
22 |     ;;
23 |   --image-name)
24 |     IMAGE_NAME="$2"
25 |     shift
26 |     ;;
27 |   --help)
28 |     usage
29 |     ;;
30 |   *)
31 |     # unknown option
32 |     ;;
33 |   esac
34 |   shift
35 | done
36 | 
37 | IMAGE_NAME=${IMAGE_NAME:-flink-job}
38 | 
39 | # TMPDIR must be contained within the working directory so it is part of the
40 | # Docker context. (i.e. it can't be mktemp'd in /tmp)
41 | TMPDIR=_TMP_
42 | 
43 | cleanup() {
44 |   rm -rf "${TMPDIR}"
45 | }
46 | trap cleanup EXIT
47 | mkdir -p "${TMPDIR}"
48 | 
49 | JOB_ARTIFACTS_DIST="${TMPDIR}/artifacts"
50 | mkdir -p ${JOB_ARTIFACTS_DIST}
51 | 
52 | job_artifacts_array=("${JOB_ARTIFACTS_PATH}")
53 | for artifact in "${job_artifacts_array[@]}"; do
54 |   cp "${artifact}" ${JOB_ARTIFACTS_DIST}/
55 | done
56 | 
57 | if [ -n "${FLINK_PATH}" ]; then
58 |   FLINK_DIST="${TMPDIR}/flink.tgz"
59 |   cp "${FLINK_PATH}" "${FLINK_DIST}"
60 | else
61 |   usage
62 | fi
63 | 
64 | if [ -d models  ];then
65 |   echo dir exist
66 | else
67 |   mkdir models
68 |   chmod 777 models
69 | fi
70 | 
71 | docker build --build-arg flink_dist="${FLINK_DIST}" --build-arg job_artifacts="${JOB_ARTIFACTS_DIST}" -t "${IMAGE_NAME}" -f Dockerfile.logflash .
72 | 


--------------------------------------------------------------------------------
/docker/wait-for.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | TIMEOUT=180
 4 | QUIET=0
 5 | 
 6 | echoerr() {
 7 |   if [ "$QUIET" -ne 1 ]; then printf "%s\n" "$*" 1>&2; fi
 8 | }
 9 | 
10 | usage() {
11 |   exitcode="$1"
12 |   cat << USAGE >&2
13 | Usage:
14 |   $cmdname host:port [-t timeout] [-- command args]
15 |   -q | --quiet                        Do not output any status messages
16 |   -t TIMEOUT | --timeout=timeout      Timeout in seconds, zero for no timeout
17 |   -- COMMAND ARGS                     Execute command with args after the test finishes
18 | USAGE
19 |   exit "$exitcode"
20 | }
21 | 
22 | wait_for() {
23 |   for i in `seq $TIMEOUT` ; do
24 |     nc -z "$HOST" "$PORT" > /dev/null 2>&1
25 |     
26 |     result=$?
27 |     if [ $result -eq 0 ] ; then
28 |       if [ $# -gt 0 ] ; then
29 |         exec "$@"
30 |       fi
31 |       exit 0
32 |     fi
33 |     sleep 1
34 |   done
35 |   echo "Operation timed out" >&2
36 |   exit 1
37 | }
38 | 
39 | while [ $# -gt 0 ]
40 | do
41 |   case "$1" in
42 |     *:* )
43 |     HOST=$(printf "%s\n" "$1"| cut -d : -f 1)
44 |     PORT=$(printf "%s\n" "$1"| cut -d : -f 2)
45 |     shift 1
46 |     ;;
47 |     -q | --quiet)
48 |     QUIET=1
49 |     shift 1
50 |     ;;
51 |     -t)
52 |     TIMEOUT="$2"
53 |     if [ "$TIMEOUT" = "" ]; then break; fi
54 |     shift 2
55 |     ;;
56 |     --timeout=*)
57 |     TIMEOUT="${1#*=}"
58 |     shift 1
59 |     ;;
60 |     --)
61 |     shift
62 |     break
63 |     ;;
64 |     --help)
65 |     usage 0
66 |     ;;
67 |     *)
68 |     echoerr "Unknown argument: $1"
69 |     usage 1
70 |     ;;
71 |   esac
72 | done
73 | 
74 | if [ "$HOST" = "" -o "$PORT" = "" ]; then
75 |   echoerr "Error: you need to provide a host and port to test."
76 |   usage 2
77 | fi
78 | 
79 | wait_for "$@"
80 | 


--------------------------------------------------------------------------------
/docker/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | # Docker compose file for a Flink job cluster deployment.
 2 | #
 3 | # Parameters:
 4 | # * FLINK_DOCKER_IMAGE_NAME - Image name to use for the deployment (default: flink-job:latest)
 5 | # * FLINK_JOB - Name of the Flink job to execute (default: none)
 6 | # * DEFAULT_PARALLELISM - Default parallelism with which to start the job (default: 1)
 7 | # * FLINK_JOB_ARGUMENTS - Additional arguments which will be passed to the job cluster (default: none)
 8 | 
 9 | version: "2.2"
10 | services:
11 |   jobmanager:
12 |     image: ${FLINK_DOCKER_IMAGE_NAME:-flink-job}
13 |     ports:
14 |       - "30881:8081"
15 |     hostname: jobmanager
16 |     command: job-manager --job-classname ${FLINK_JOB} -Djobmanager.rpc.address=jobmanager -Dparallelism.default=${DEFAULT_PARALLELISM:-1} -Dlog.file=/opt/flink/log ${FLINK_JOB_ARGUMENTS}
17 |     volumes:
18 |       - ./resources:/opt/resources
19 |       - ./models:/opt/models
20 |     depends_on:
21 |       - file2stream
22 |       - mysql
23 |   taskmanager:
24 |     image: ${FLINK_DOCKER_IMAGE_NAME:-flink-job}
25 |     ports:
26 |       - "30822:30822"
27 |     hostname: taskmanager
28 |     command: task-manager -Djobmanager.rpc.address=jobmanager -Dlog.file=/opt/flink/log
29 |     scale: ${DEFAULT_PARALLELISM:-1}
30 |     volumes:
31 |       - ./resources:/opt/resources
32 |       - ./models:/opt/models
33 |     depends_on:
34 |       - file2stream
35 |       - mysql
36 |   mysql:
37 |     image: logsql
38 |     hostname: mysql
39 |   dbserver:
40 |     image: dbserver
41 |     ports:
42 |       - "30855:30855"
43 |     hostname: dbserver
44 |     depends_on:
45 |       - mysql
46 |   file2stream:
47 |     image: file2stream
48 |     ports:
49 |       - "30833:30833"
50 |       - "30837:30837"
51 |     hostname: file2stream
52 |     volumes:
53 |       - ./data:/data
54 |       - ./resources:/opt/resources


--------------------------------------------------------------------------------
/docker/docker-entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #if unspecified, the hostname of the container is taken as the JobManager address
 3 | FLINK_HOME=${FLINK_HOME:-"/opt/flink"}
 4 | CONF_FILE="${FLINK_HOME}/conf/flink-conf.yaml"
 5 | LOG4J_FILE="${FLINK_HOME}/conf/log4j-console.properties"
 6 | JOB_CLUSTER="job-manager"
 7 | TASK_MANAGER="task-manager"
 8 | 
 9 | CMD="$1"
10 | shift
11 | 
12 | if [ "${CMD}" == "--help" ] || [ "${CMD}" == "-h" ]; then
13 |   echo "Usage: $(basename "$0") (${JOB_CLUSTER}|${TASK_MANAGER})"
14 |   exit 0
15 | elif [ "${CMD}" == "${JOB_CLUSTER}" ] || [ "${CMD}" == "${TASK_MANAGER}" ]; then
16 |   echo "Starting the ${CMD}"
17 |   ./wait-for.sh mysql:3306
18 |   if [ "${CMD}" == "${TASK_MANAGER}" ]; then
19 |     sed -i -e "s/log4j.rootLogger=INFO, console/log4j.rootLogger=INFO, console, file/g" ${LOG4J_FILE}
20 |     echo -e "# Log all infos in the given file\nlog4j.appender.file=org.apache.log4j.FileAppender\nlog4j.appender.file.file=${FLINK_HOME}/log/output.log\nlog4j.appender.file.append=false\nlog4j.appender.file.layout=org.apache.log4j.PatternLayout\nlog4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p %-60c %x - %m%n" >> ${LOG4J_FILE}
21 |     echo -e "web.log.path: /opt/flink/log/output.log\ntaskmanager.log.path: /opt/flink/log/output.log" >> ${CONF_FILE}
22 |     exec "$FLINK_HOME"/bin/taskmanager.sh start-foreground "$@"
23 |   else
24 |     sed -i -e "s/log4j.rootLogger=INFO, console/log4j.rootLogger=INFO, console, file/g" ${LOG4J_FILE}
25 |     echo -e "# Log all infos in the given file\nlog4j.appender.file=org.apache.log4j.FileAppender\nlog4j.appender.file.file=${FLINK_HOME}/log/output.log\nlog4j.appender.file.append=false\nlog4j.appender.file.layout=org.apache.log4j.PatternLayout\nlog4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p %-60c %x - %m%n" >> ${LOG4J_FILE}
26 |     echo -e "web.log.path: /opt/flink/log/output.log\ntaskmanager.log.path: /opt/flink/log/output.log" >> ${CONF_FILE}
27 |     exec "$FLINK_HOME"/bin/standalone-job.sh start-foreground "$@"
28 |   fi
29 | fi
30 | 
31 | exec "$@"
32 | 


--------------------------------------------------------------------------------
/src/main/java/workflow/WatermarkGenerator.java:
--------------------------------------------------------------------------------
 1 | package workflow;
 2 | 
 3 | import org.apache.flink.api.java.tuple.Tuple7;
 4 | import org.apache.flink.api.java.utils.ParameterTool;
 5 | import org.apache.flink.streaming.api.functions.AssignerWithPeriodicWatermarks;
 6 | import org.apache.flink.streaming.api.watermark.Watermark;
 7 | 
 8 | import javax.annotation.Nullable;
 9 | 
10 | public class WatermarkGenerator {
11 | 
12 |     public static class BoundedOutOfOrdernessGenerator implements AssignerWithPeriodicWatermarks<Tuple7<String, String, String, String, String, String, String>> {
13 | 
14 |         private long currentMaxTimestamp;
15 | 
16 |         @Nullable
17 |         @Override
18 |         public Watermark getCurrentWatermark() {
19 |             ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
20 |             long maxOutOfOrderness = Long.parseLong(parameterTool.get("maxOutOfOrderness")); // timeWindow milliseconds
21 |             return new Watermark(currentMaxTimestamp - maxOutOfOrderness);
22 |         }
23 | 
24 |         @Override
25 |         public long extractTimestamp(Tuple7<String, String, String, String, String, String, String> element, long previousElementTimestamp) {
26 |             long timestamp = Long.parseLong(element.f0);
27 |             currentMaxTimestamp = Math.max(timestamp, currentMaxTimestamp);
28 |             return timestamp;
29 |         }
30 |     }
31 | 
32 |     public static class TimeLagWatermarkGenerator implements AssignerWithPeriodicWatermarks<Tuple7<String, String, String, String, String, String, String>> {
33 | 
34 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
35 |         private final long maxTimeLag = Long.parseLong(parameterTool.get("timeSlag")); // timeSlag seconds
36 | 
37 |         @Nullable
38 |         @Override
39 |         public Watermark getCurrentWatermark() {
40 |             return new Watermark(System.currentTimeMillis() - maxTimeLag);
41 |         }
42 | 
43 |         @Override
44 |         public long extractTimestamp(Tuple7<String, String, String, String, String, String, String> element, long previousElementTimestamp) {
45 |             return Long.parseLong(element.f0);
46 |         }
47 |     }
48 | }
49 | 


--------------------------------------------------------------------------------
/src/main/java/faultdiagnosis/Anomaly.java:
--------------------------------------------------------------------------------
 1 | package faultdiagnosis;
 2 | 
 3 | import com.alibaba.fastjson.annotation.JSONField;
 4 | import org.apache.flink.api.java.tuple.Tuple7;
 5 | 
 6 | import java.util.List;
 7 | 
 8 | public class Anomaly {
 9 | 
10 |     @JSONField(name = "LogID")
11 |     private String anomalyLogId;
12 |     @JSONField(name = "Log")
13 |     private Tuple7 anomalyLog;
14 |     @JSONField(name = "LogList")
15 |     private List<Tuple7> anomalyLogList;
16 |     @JSONField(name = "Request")
17 |     private List<Tuple7> suspectedAnomalyRequest;
18 |     @JSONField(name = "Type")
19 |     private String anomalyType;
20 | 
21 |     Anomaly() {
22 |     }
23 | 
24 |     public Anomaly(String anomalyLogId, Tuple7 anomalyLog, List<Tuple7> anomalyLogList, List<Tuple7> suspectedAnomalyRequest, String anomalyType) {
25 |         this.anomalyLogId = anomalyLogId;
26 |         this.anomalyLog = anomalyLog;
27 |         this.anomalyLogList = anomalyLogList;
28 |         this.suspectedAnomalyRequest = suspectedAnomalyRequest;
29 |         this.anomalyType = anomalyType;
30 |     }
31 | 
32 |     public String getAnomalyLogId() {
33 |         return anomalyLogId;
34 |     }
35 | 
36 |     public Tuple7 getAnomalyLog() {
37 |         return anomalyLog;
38 |     }
39 | 
40 |     public List<Tuple7> getAnomalyLogList() {
41 |         return anomalyLogList;
42 |     }
43 | 
44 |     public List<Tuple7> getSuspectedAnomalyRequest() {
45 |         return suspectedAnomalyRequest;
46 |     }
47 | 
48 |     public String getAnomalyType() {
49 |         return anomalyType;
50 |     }
51 | 
52 |     public void setAnomalyLogId(String anomalyLogId) {
53 |         this.anomalyLogId = anomalyLogId;
54 |     }
55 | 
56 |     public void setAnomalyLog(Tuple7 anomalyLog) {
57 |         this.anomalyLog = anomalyLog;
58 |     }
59 | 
60 |     public void setAnomalyLogList(List<Tuple7> anomalyLogList) {
61 |         this.anomalyLogList = anomalyLogList;
62 |     }
63 | 
64 |     public void setSuspectedAnomalyRequest(List<Tuple7> suspectedAnomalyRequest) {
65 |         this.suspectedAnomalyRequest = suspectedAnomalyRequest;
66 |     }
67 | 
68 |     public void setAnomalyType(String anomalyType) {
69 |         this.anomalyType = anomalyType;
70 |     }
71 | }
72 | 


--------------------------------------------------------------------------------
/src/main/java/modelconstruction/MetricsMonitoring.java:
--------------------------------------------------------------------------------
 1 | package modelconstruction;
 2 | 
 3 | import TCFGmodel.TCFGUtil;
 4 | import org.apache.flink.api.java.utils.ParameterTool;
 5 | import org.slf4j.Logger;
 6 | import org.slf4j.LoggerFactory;
 7 | 
 8 | import java.io.IOException;
 9 | import java.util.LinkedList;
10 | import java.util.Queue;
11 | 
12 | public class MetricsMonitoring extends Thread {
13 | 
14 |     private boolean flag = true;
15 |     private final TCFGUtil tcfgUtil = new TCFGUtil();
16 |     private final Logger LOG = LoggerFactory.getLogger(MetricsMonitoring.class);
17 |     MovingVariance m = new MovingVariance(10);
18 | 
19 |     @Override
20 |     public void run() {
21 |         try {
22 |             flag = Boolean.parseBoolean(ParameterTool.fromPropertiesFile("src/main/resources/config.properties").toMap().get("metricsMonitoring"));
23 |             LOG.info("{}",flag);
24 |         } catch (IOException e) {
25 |             e.printStackTrace();
26 |         }
27 |         while (flag) {
28 |             try {
29 |                 Thread.sleep(300);
30 |                 TransferParamMatrix transferParamMatrix = tcfgUtil.getMatrixFromMemory();
31 |                 if (transferParamMatrix == null) continue;
32 |                 double norm = transferParamMatrix.getNorm();
33 |                 double var = m.add(norm);
34 |                 if (var != 0.0 && var < 0.005) {
35 |                     tcfgUtil.saveTrainingFlag(0);
36 |                     tcfgUtil.saveDetectionFlag(1);
37 |                     System.out.println("反馈机制已开启！");
38 |                     System.out.println("异常检测已开启！");
39 |                     LOG.info("反馈机制已开启！");
40 |                     LOG.info("异常检测已开启！");
41 |                     cancel();
42 |                 }
43 |             } catch (NullPointerException ignored) {
44 | 
45 |             } catch (Exception e) {
46 |                 e.printStackTrace();
47 |             }
48 |         }
49 |     }
50 | 
51 |     public void cancel() {
52 |         flag = false;
53 |     }
54 | }
55 | 
56 | class MovingVariance {
57 |     int size;
58 |     Queue<Double> q = new LinkedList<>();
59 |     double sum = 0;
60 |     double avg = 0;
61 |     double var = 0;
62 | 
63 |     MovingVariance(int size) {
64 |         this.size = size;
65 |     }
66 | 
67 |     double add(double val) {
68 |         if (q.size() >= size) {
69 |             sum -= q.element();
70 |             q.poll();
71 |         }
72 |         q.offer(val);
73 |         sum += val;
74 |         avg = sum / q.size();
75 |         var = 0;
76 |         for (Double x : q) {
77 |             var += Math.pow((x - avg), 2);
78 |         }
79 |         return var / q.size();
80 |     }
81 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # LogFlash
  2 | 
  3 | ## Docker部署
  4 | *请先安装docker、docker-compose、node再进行如下步骤。*
  5 | 
  6 | 1. 下载flink
  7 |     ```bash
  8 |    cd docker && wget https://mirrors.tuna.tsinghua.edu.cn/apache/flink/flink-1.10.0/flink-1.10.0-bin-scala_2.11.tgz
  9 |    ```
 10 | 
 11 | 2. 创建logflash镜像
 12 |    ```bash
 13 |    ./build.sh --job-artifacts LogFlash-1.0-SNAPSHOT.jar --flink-path flink-1.10.0-bin-scala_2.11.tgz
 14 |    ```
 15 |    
 16 | 3. 创建数据库镜像
 17 |     ```bash
 18 |    docker build -t logsql -f Dockerfile.mysql .
 19 |    ```
 20 |    
 21 | 4. 创建file2Stream镜像
 22 |     ```bash
 23 |    docker build -t file2stream -f Dockerfile.file2stream .
 24 |    ```
 25 |    
 26 | 5. 通过resources/config.propeties中的sourceName指定数据输入形式
 27 |     - file：将日志文件放到resources目录下，格式为resources/<日志类型名>/raw/<日志文件>
 28 |     - socket：将日志文件放到data目录下，并在logFilePaths中写入日志路径，以/data开头
 29 |    
 30 | 6. 创建web后端服务器镜像
 31 |     - web服务器使用单独的配置文件连接数据库，创建镜像前，如果修改了MySQL用户名与密码，则要编辑db-server.json配置文件中的用户名与密码与config.properties中一致
 32 |     
 33 |     ```bash
 34 |     docker build -t dbserver -f Dockerfile.dbserver .
 35 |     ```
 36 |     
 37 | 7. 启动web前端
 38 |    ```bash
 39 |    # 安装依赖
 40 |    cd LogFlash_web && npm install --registry=https://registry.npm.taobao.org
 41 |    # 启动服务
 42 |    nohup npm run dev >web.log 2>&1 &
 43 |    ```
 44 |    
 45 | 8. 启动容器
 46 |    ```bash
 47 |    cd .. && FLINK_JOB=Entrance docker-compose up -d
 48 |    ```
 49 | ## 配置参数说明
 50 | 1. 日志数据输入配置参数
 51 | ```
 52 | sourceName=file or socket  #日志数据输入形式（文件或socket）
 53 | socketHost  #socket服务器地址
 54 | socketPort  #socket服务器端口号
 55 | ```
 56 | 2. 日志模板挖掘参数
 57 | ```
 58 | logFormat   #日志格式，支持多种格式匹配，以@符号分隔不同日志格式
 59 | 示例：logFormat=[<Component>][<Level>] <Date> <Time>: <Content>@<TraceId> <Process> <Date> <Time> <Level> <Component>: <Content>
 60 | timeFormat  #时间戳格式，支持多种格式匹配，以@符号分隔不同时间戳格式
 61 | 示例：timeFormat = HH:mm:ss,SSS@HH:mm:ss,SSS
 62 | regex   #日志变量拆分正则
 63 | 示例：regex=@[a-z0-9]+$&\\[[A-Za-z0-9\\-\\/]+\\]
 64 | ```
 65 | 3.TCFG故障诊断模型训练与推断参数 
 66 | ```
 67 | slidingWindowSize   #滑动时间窗口大小（ms）
 68 | slidingWindowStep   #窗口滑动步长（ms）
 69 | maxOutOfOrderness   #最大乱序偏差时间限制（ms）
 70 | gamma   #梯度更新步长
 71 | gradLimitation  #单次最大参数更新限制
 72 | delta   #日志间最小时间差限制（ms）
 73 | beta    #衰变率
 74 | alpha   #参数初始值
 75 | TCFGWriteInterval   #共享内存TCFG更新频率（ms）
 76 | TCFGReadInterval    #异常检测模型更新TCFG频率（ms）
 77 | matrixWriteInterval #共享内存转移参数矩阵更新频率（ms）
 78 | ```
 79 | 4. 共享内存控制参数
 80 | ```
 81 | 共享内存切分（共40mb）：
 82 | #############################
 83 | #      TrainingFlag(1)      #
 84 | #      DetectionFlag(1)     #
 85 | #        TCFGRegion         #
 86 | # TransferParamMatrixRegion #
 87 | #       TuningRegion        #
 88 | #   TemplateUpdateRegion    #
 89 | #      ParseTreeRegion      #
 90 | #############################
 91 | shareMemoryFilePath #共享内存通道文件路径
 92 | transferParamMatrixSize #转移参数矩阵所占内存大小（byte）
 93 | TCFGSize    #TCFG故障诊断模型所占内存大小（byte）
 94 | tuningRegionSize    #待修正子图缓存大小（byte）
 95 | templateUpdateRegionSize    #日志模板更新信息所占内存大小（byte）
 96 | parseTreeRegionSize #日志模板树所占内存大小（byte）
 97 | ```
 98 | 5. 人工反馈机制参数
 99 | ```
100 | suspiciousTimeForLatencyAnomaly #延迟异常存疑观测时间（ms）
101 | suspiciousTimeForSequenceAnomaly    #序列异常存疑观测时间（ms）
102 | suspiciousTimeForRedundancyAnomaly  #冗余异常存疑观测时间（ms）
103 | falseAlarmsProcessingInterval    #人工反馈处理频率（ms）
104 | ```
105 | 6. mysql数据库配置参数
106 | ```
107 | database    #数据库名
108 | databaseUrl #数据库URL
109 | mysqlUser   #用户名
110 | mysqlPassword   #密码
111 | ```
112 | 
113 | 


--------------------------------------------------------------------------------
/src/main/java/workflow/WorkFlowMode2.java:
--------------------------------------------------------------------------------
 1 | package workflow;
 2 | 
 3 | import TCFGmodel.TCFGConstructor;
 4 | import faultdiagnosis.FaultDiagnosisMode2;
 5 | import humanfeedback.SuspiciousRegionMonitor;
 6 | import modelconstruction.MatrixUpdaterMode2;
 7 | import org.apache.flink.api.common.JobExecutionResult;
 8 | import org.apache.flink.api.java.tuple.Tuple7;
 9 | import org.apache.flink.streaming.api.datastream.DataStream;
10 | import org.apache.flink.api.common.typeinfo.Types;
11 | import org.apache.flink.api.java.tuple.Tuple2;
12 | import org.apache.flink.api.java.utils.ParameterTool;
13 | import org.apache.flink.streaming.api.datastream.DataStreamSource;
14 | import org.apache.flink.streaming.api.environment.StreamExecutionEnvironment;
15 | import org.apache.flink.streaming.api.windowing.time.Time;
16 | import org.slf4j.Logger;
17 | import org.slf4j.LoggerFactory;
18 | import templatemining.Parse;
19 | 
20 | 
21 | public class WorkFlowMode2 implements WorkFlow {
22 | 
23 |     @Override
24 |     public void workflow(StreamExecutionEnvironment env, DataStreamSource<String> dataStream, ParameterTool parameter) throws Exception {
25 |         Logger LOG = LoggerFactory.getLogger(WorkFlowMode2.class);
26 |         DataStream<Tuple7<String, String, String, String, String, String, String>> templateStream = dataStream.map(line -> Tuple2.of(parameter.get("logData"), line))
27 |                 .returns(Types.TUPLE(Types.STRING, Types.STRING))
28 |                 .keyBy(t -> t.f0)
29 |                 .process(new Parse());
30 |         //ParamMatrix Update
31 |         templateStream
32 |                 .assignTimestampsAndWatermarks(new WatermarkGenerator.BoundedOutOfOrdernessGenerator())
33 |                 .keyBy(t -> t.f2)
34 |                 .timeWindow(Time.milliseconds(Long.parseLong(parameter.get("slidingWindowSize"))), Time.milliseconds(Long.parseLong(parameter.get("slidingWindowStep"))))
35 |                 .process(new MatrixUpdaterMode2.TransferParamMatrixUpdate());
36 |         //Human Feedback-aware Tuning
37 |         templateStream
38 |                 .assignTimestampsAndWatermarks(new WatermarkGenerator.BoundedOutOfOrdernessGenerator())
39 |                 .keyBy(t -> t.f2)
40 |                 .timeWindow(Time.milliseconds(Long.parseLong(parameter.get("slidingWindowSize"))), Time.milliseconds(Long.parseLong(parameter.get("slidingWindowStep"))))
41 |                 .process(new SuspiciousRegionMonitor.SuspiciousRegionMonitoring());
42 |         //Fault Diagnosis
43 |         templateStream
44 |                 .assignTimestampsAndWatermarks(new WatermarkGenerator.BoundedOutOfOrdernessGenerator())
45 |                 .keyBy(t -> t.f2)
46 |                 .timeWindow(Time.milliseconds(Long.parseLong(parameter.get("slidingWindowSize"))), Time.milliseconds(Long.parseLong(parameter.get("slidingWindowStep"))))
47 |                 .process(new FaultDiagnosisMode2.FaultDiagnosisProcess());
48 |         //TCFG Construction
49 |         templateStream
50 |                 .assignTimestampsAndWatermarks(new WatermarkGenerator.BoundedOutOfOrdernessGenerator())
51 |                 .keyBy(t -> t.f2)
52 |                 .timeWindow(Time.milliseconds(Long.parseLong(parameter.get("slidingWindowSize"))), Time.milliseconds(Long.parseLong(parameter.get("slidingWindowStep"))))
53 |                 .process(new TCFGConstructor.TCFGConstructionProcess());
54 |         JobExecutionResult result = env.execute();
55 |         LOG.info(String.valueOf(result.getAllAccumulatorResults()));
56 |     }
57 | }
58 | 


--------------------------------------------------------------------------------
/src/main/java/workflow/Controller.java:
--------------------------------------------------------------------------------
  1 | package workflow;
  2 | 
  3 | import TCFGmodel.TCFGUtil;
  4 | import dao.MysqlUtil;
  5 | 
  6 | import java.util.HashMap;
  7 | import java.util.Map;
  8 | 
  9 | public class Controller {
 10 | 
 11 |     Map<String,Integer> COMMANDLIST;
 12 |     public Controller() {
 13 |         COMMANDLIST = new HashMap<>();
 14 |         COMMANDLIST.put("CLEANMEMORY",0);
 15 |         COMMANDLIST.put("CLEANDATABASE",1);
 16 |         COMMANDLIST.put("CLEANVALUESTATES",2);
 17 |         COMMANDLIST.put("ENABLEHUMANFEEDBACK",3);
 18 |         COMMANDLIST.put("DISABLEHUMANFEEDBACK",4);
 19 |         COMMANDLIST.put("ENABLEANOMALYDETECTION",5);
 20 |         COMMANDLIST.put("DISABLEANOMALYDETECTION",6);
 21 |     }
 22 | 
 23 | 
 24 |      public void executeCommands (Map<String,String> commands) {
 25 |         for (String key: commands.keySet()) {
 26 |             execute(COMMANDLIST.get(commands.get(key)));
 27 |         }
 28 |      }
 29 | 
 30 |      public int execute(int command) {
 31 |          switch (command) {
 32 |              case 0:
 33 |                  return cleanMemory();
 34 |              case 1:
 35 |                  return cleanDatabase();
 36 |              case 2:
 37 |                  return cleanValuestates();
 38 |              case 3:
 39 |                  return enableHumanFeedback();
 40 |              case 4:
 41 |                  return disableHumanFeedback();
 42 |              case 5:
 43 |                  return enableAnomalyDetection();
 44 |              case 6:
 45 |                  return disableAnomalyDetection();
 46 |              default:
 47 |                  return -1;
 48 |          }
 49 |      }
 50 | 
 51 |      private int cleanMemory() {
 52 |         TCFGUtil tcfgUtil = new TCFGUtil();
 53 |         try {
 54 |             tcfgUtil.cleanShareMemory();
 55 |         }catch (Exception e) {
 56 |             e.printStackTrace();
 57 |         }
 58 |         return 0;
 59 |      }
 60 |      private int cleanDatabase() {
 61 |          MysqlUtil mysqlUtil = new MysqlUtil();
 62 |          mysqlUtil.truncateTables();
 63 |          return 0;
 64 |      }
 65 |      private int cleanValuestates() {
 66 |          Config.valueStates.put("transferParamMatrix", 1);
 67 |          Config.valueStates.put("tcfgValueState", 1);
 68 |          Config.valueStates.put("parseTree", 1);
 69 |          return 0;
 70 |      }
 71 |      private int enableHumanFeedback() {
 72 |          TCFGUtil tcfgUtil = new TCFGUtil();
 73 |          try {
 74 |              tcfgUtil.saveTrainingFlag(0);
 75 |          }catch (Exception e) {
 76 |              e.printStackTrace();
 77 |          }
 78 |          return 0;
 79 |      }
 80 |      private int disableHumanFeedback() {
 81 |          TCFGUtil tcfgUtil = new TCFGUtil();
 82 |          try {
 83 |              tcfgUtil.saveTrainingFlag(1);
 84 |          }catch (Exception e) {
 85 |              e.printStackTrace();
 86 |          }
 87 |          return 0;
 88 |      }
 89 |      private int enableAnomalyDetection() {
 90 |          TCFGUtil tcfgUtil = new TCFGUtil();
 91 |          try {
 92 |              tcfgUtil.saveDetectionFlag(1);
 93 |          } catch (Exception e) {
 94 |              e.printStackTrace();
 95 |          }
 96 |          return 0;
 97 |      }
 98 |      private int disableAnomalyDetection() {
 99 |          TCFGUtil tcfgUtil = new TCFGUtil();
100 |          try {
101 |              tcfgUtil.saveDetectionFlag(0);
102 |          } catch (Exception e) {
103 |              e.printStackTrace();
104 |          }
105 |          return 0;
106 |      }
107 | 
108 | }
109 | 


--------------------------------------------------------------------------------
/src/main/java/modelconstruction/IndenpendencyFilter.java:
--------------------------------------------------------------------------------
 1 | package modelconstruction;
 2 | 
 3 | import TCFGmodel.TCFGUtil;
 4 | import org.apache.flink.api.java.tuple.Tuple7;
 5 | 
 6 | import java.util.ArrayList;
 7 | import java.util.List;
 8 | import java.util.Map;
 9 | 
10 | public class IndenpendencyFilter {
11 | 
12 |     private double calProbability(double ti, double tj, double alphaji,long timeWindow, long delta) {
13 | 
14 |         if (ti-tj <= delta) {
15 |             tj = ti-delta-1;
16 |         }
17 |         double prob = (alphaji/delta)* Math.pow(((TCFGUtil.minMax((double)(ti-tj),delta,timeWindow))*delta+delta)/(double)delta,-1-alphaji);
18 |         if (prob > 1) {
19 |             prob = 1.0;
20 |         }
21 |         return prob;
22 | 
23 |     }
24 | 
25 |     public List<Tuple7> filterIndependentNodes(List<Tuple7> tempList, TransferParamMatrix transferParamMatrix, long timeWindow, long delta) {
26 | 
27 |         if (tempList.size()<2) {
28 |             return tempList;
29 |         }
30 |         List<Tuple7> filteredLogList = new ArrayList<>();
31 |         Tuple7 latestLog = tempList.get(tempList.size()-1);
32 |         Tuple7 tempLog = tempList.get(tempList.size()-1);
33 |         Map<String, Map<String,MatrixTriple>> paramMatrix = transferParamMatrix.getParamMatrix();
34 |         List<Tuple7> leftList = new ArrayList<>();
35 |         for (int i = 0; i <= tempList.size()-2 ; i++) {
36 |             leftList.add(tempList.get(i));
37 |             filteredLogList.add(tempList.get(i));
38 |         }
39 |         filteredLogList.add(latestLog);
40 |         double infection_prob = 1;
41 |         while (leftList.size() != 0) {
42 |             double max_transition_prob = 0;
43 |             int max_log_id = leftList.size();
44 |             for (int i = leftList.size()-1; i >=0 ; i--) {
45 |                 double alphaij = 0;
46 |                 if (paramMatrix.containsKey(leftList.get(i).f6)) {
47 |                     if (paramMatrix.get(leftList.get(i).f6).containsKey(tempLog.f6)) {
48 |                         alphaij = paramMatrix.get(leftList.get(i).f6).get(tempLog.f6).getValue();
49 |                     }
50 |                 }
51 |                 double prob_alphaij = calProbability(Double.valueOf((String)tempLog.f0), Double.valueOf((String)leftList.get(i).f0),alphaij,timeWindow,delta);
52 | 
53 |                 if (max_transition_prob < prob_alphaij) {
54 |                     max_transition_prob = prob_alphaij;
55 |                     max_log_id = i;
56 |                 }
57 |             }
58 |             if (max_log_id == leftList.size()) {
59 |                 break;
60 |             }
61 | 
62 |             infection_prob = infection_prob * max_transition_prob;
63 |             double latest_alphaij = paramMatrix.get(leftList.get(max_log_id).f6).get(latestLog.f6).getValue();
64 |             double latest_prob_alphaij = calProbability(Double.valueOf((String)latestLog.f0), Double.valueOf((String)leftList.get(max_log_id).f0),latest_alphaij,timeWindow,delta);
65 |             if (infection_prob >= latest_prob_alphaij) {
66 |                 if (!tempLog.equals(latestLog)) {
67 |                     filteredLogList.remove(filteredLogList.indexOf(leftList.get(max_log_id)));
68 |                 }
69 |                 tempLog = leftList.get(max_log_id);
70 |                 for (int i = leftList.size()-1; i >= 0; i --) {
71 |                     leftList.remove(i);
72 |                     if (i == max_log_id) {
73 |                         break;
74 |                     }
75 |                 }
76 |             }
77 |             else {
78 |                 break;
79 |             }
80 |         }
81 |         return filteredLogList;
82 |     }
83 | }


--------------------------------------------------------------------------------
/src/main/java/TCFGmodel/TCFG.java:
--------------------------------------------------------------------------------
  1 | package TCFGmodel;
  2 | 
  3 | import modelconstruction.MatrixTriple;
  4 | import modelconstruction.TransferParamMatrix;
  5 | import java.util.ArrayList;
  6 | import java.util.List;
  7 | import java.util.Map;
  8 | 
  9 | /**
 10 |  * Time-weighted Control Flow Graph(TCFG) Model
 11 |  */
 12 | 
 13 | public class TCFG {
 14 |     public static ShareMemory sm;
 15 | 
 16 |     private List<Node> nodes;
 17 |     private List<Edge> edges;
 18 | 
 19 |     public TCFG() {
 20 | 
 21 |         nodes = new ArrayList<>();
 22 |         edges = new ArrayList<>();
 23 |     }
 24 | 
 25 | 
 26 |     public class Node {
 27 |         String node_id;
 28 |         String node_name;
 29 |         String template;
 30 |         int frequency;
 31 | 
 32 |         public String getNode_id() {
 33 |             return node_id;
 34 |         }
 35 |     }
 36 | 
 37 |     public class Edge {
 38 |         Node in_node;
 39 |         Node out_node;
 40 |         long time_weight;
 41 | 
 42 |         public Node getIn_node() {
 43 |             return in_node;
 44 |         }
 45 | 
 46 |         public Node getOut_node() {
 47 |             return out_node;
 48 |         }
 49 | 
 50 |         public long getTime_weight() {
 51 |             return time_weight;
 52 |         }
 53 |     }
 54 | 
 55 |     private boolean ifInNodeList(Node judgeNode) {
 56 |         boolean flag = false;
 57 |         for (Node node: nodes) {
 58 |             if (judgeNode.node_id.equals(node.node_id)) {
 59 |                 flag = true;
 60 |                 break;
 61 |             }
 62 |         }
 63 |         return flag;
 64 |     }
 65 |     public void paramMatrix2TCFG (TransferParamMatrix transferParamMatrix, long delta) {
 66 | 
 67 |         Map<String, Map<String, MatrixTriple>> paramMatrix = transferParamMatrix.getParamMatrix();
 68 |         List<String> eventIDList = transferParamMatrix.getEventIDList();
 69 |         for (String eventID: eventIDList) {
 70 |             TCFG.Node node = new TCFG.Node();
 71 |             node.node_id = eventID;
 72 |             nodes.add(node);
 73 |         }
 74 |         for (String key1: paramMatrix.keySet()) {
 75 |             for (String key2: paramMatrix.get(key1).keySet()) {
 76 |                 double alphaji = paramMatrix.get(key1).get(key2).getValue();
 77 |                 //double transitionProb = tcfgUtil.calDefinitIntegral(delta, 2*delta, 100, alphaji, delta);
 78 |                 if (alphaji > 0.1) {
 79 |                     TCFG.Node in_node_edge = new TCFG.Node();
 80 |                     in_node_edge.node_id = key1;
 81 |                     TCFG.Node out_node_edge = new TCFG.Node();
 82 |                     out_node_edge.node_id = key2;
 83 |                     TCFG.Edge edge = new TCFG.Edge();
 84 |                     edge.in_node = in_node_edge;
 85 |                     edge.out_node = out_node_edge;
 86 |                     edge.time_weight = paramMatrix.get(key1).get(key2).getTimeWeight();
 87 |                     edges.add(edge);
 88 |                 }
 89 |             }
 90 |         }
 91 | 
 92 |     }
 93 | 
 94 | 
 95 |     public List<Node> getNodes() {
 96 |         return nodes;
 97 |     }
 98 | 
 99 |     public void setNodes(List<Node> nodes) {
100 |         this.nodes = nodes;
101 |     }
102 | 
103 |     public List<Edge> getEdges() {
104 |         return edges;
105 |     }
106 | 
107 |     public void setEdges(List<Edge> edges) {
108 |         this.edges = edges;
109 |     }
110 | 
111 |     public void addNode(String nodeID) {
112 |         TCFG.Node node = new TCFG.Node();
113 |         node.node_id = nodeID;
114 |         nodes.add(node);
115 |     }
116 |     public void addEdge(String inNodeID,String outNodeID,long timeWeight) {
117 |         TCFG.Node inNode = new TCFG.Node();
118 |         TCFG.Node outNode = new TCFG.Node();
119 |         inNode.node_id = inNodeID;
120 |         outNode.node_id = outNodeID;
121 |         TCFG.Edge edge = new TCFG.Edge();
122 |         edge.in_node = inNode;
123 |         edge.out_node = outNode;
124 |         edge.time_weight = timeWeight;
125 |         edges.add(edge);
126 |     }
127 | }
128 | 


--------------------------------------------------------------------------------
/src/main/java/TCFGmodel/TCFGConstructor.java:
--------------------------------------------------------------------------------
 1 | package TCFGmodel;
 2 | 
 3 | import com.alibaba.fastjson.JSONObject;
 4 | import modelconstruction.TransferParamMatrix;
 5 | import org.apache.flink.api.common.state.ValueState;
 6 | import org.apache.flink.api.common.state.ValueStateDescriptor;
 7 | import org.apache.flink.api.java.tuple.Tuple7;
 8 | import org.apache.flink.api.java.utils.ParameterTool;
 9 | import org.apache.flink.configuration.Configuration;
10 | import org.apache.flink.streaming.api.functions.windowing.ProcessWindowFunction;
11 | import org.apache.flink.streaming.api.windowing.windows.TimeWindow;
12 | import org.apache.flink.util.Collector;
13 | import workflow.Config;
14 | 
15 | import java.io.File;
16 | import java.io.FileWriter;
17 | import java.util.ArrayList;
18 | import java.util.List;
19 | import static humanfeedback.SuspiciousRegionMonitor.tuningRegion;
20 | 
21 | public class TCFGConstructor {
22 | 
23 |     public static class TCFGConstructionProcess extends ProcessWindowFunction<Tuple7<String, String, String, String, String, String, String>, String, String, TimeWindow> {
24 | 
25 |         private ValueState<TCFGUtil.counter> counterValueState;
26 | 
27 |         @Override
28 |         public void process(String s, Context context, Iterable<Tuple7<String, String, String, String, String, String, String>> input, Collector<String> out) throws Exception {
29 |             ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
30 |             TCFGUtil.counter counter = counterValueState.value();
31 |             if (counter == null) {
32 |                 counter = new TCFGUtil().new counter();
33 |                 counterValueState.update(counter);
34 |             }
35 | 
36 |             if (counter.modResult(parameterTool.getInt("TCFGWriteInterval")) == 0) {
37 |                 //updat TCFG
38 |                 TCFGUtil tcfgUtil = new TCFGUtil();
39 |                 TransferParamMatrix transferParamMatrix = tcfgUtil.getMatrixFromMemory();
40 |                 TCFG tcfg = new TCFG();
41 |                 tcfg.paramMatrix2TCFG(transferParamMatrix, parameterTool.getLong("delta"));
42 |                 //handle human feedback(Lack of testing)
43 |                 List<String> whiteList = tuningRegion.getEventWhiteList();
44 |                 List<TCFG.Edge> edges = tcfg.getEdges();
45 |                 for (String whiteEventID : whiteList) {
46 |                     for (int i = 0; i < edges.size(); i++) {
47 |                         if (edges.get(i).out_node.node_id == whiteEventID) {
48 |                             edges.remove(i--);
49 |                         }
50 |                     }
51 |                 }
52 |                 tcfg.setEdges(edges);
53 |                 tcfgUtil.saveTCFGInMemory(tcfg);
54 |                 counterValueState.update(counter);
55 | 
56 |                 //store in database
57 |                 List list = new ArrayList<>();
58 |                 list.add(transferParamMatrix.getEventInfo());
59 |                 list.add(transferParamMatrix.getParamMatrix());
60 |                 String paramMatrixJSON = JSONObject.toJSONString(list);
61 |                 File file = new File("E:/中兴项目/实验/paramMatrix.json");
62 |                 if(!file.exists()){
63 |                     file.createNewFile();
64 |                 }
65 |                 FileWriter fileWritter = new FileWriter(file,false);
66 |                 fileWritter.write(paramMatrixJSON
67 |                 );
68 | //                MysqlUtil mysqlUtil = new MysqlUtil();
69 | //                mysqlUtil.updateTCFG(paramMatrixJSON);
70 |             }
71 |         }
72 | 
73 |         @Override
74 |         public void open(Configuration parameters) throws Exception {
75 |             ValueStateDescriptor<TCFGUtil.counter> descriptor1 =
76 |                     new ValueStateDescriptor<>(
77 |                             "counterValueState", // the state name
78 |                             TCFGUtil.counter.class // type information
79 |                     );
80 |             counterValueState = getRuntimeContext().getState(descriptor1);
81 |             super.open(parameters);
82 |         }
83 | 
84 |         @Override
85 |         public void close() throws Exception {
86 |             super.close();
87 |         }
88 |     }
89 | }
90 | 


--------------------------------------------------------------------------------
/src/main/java/faultdiagnosis/FaultDiagnosisMode1.java:
--------------------------------------------------------------------------------
  1 | package faultdiagnosis;
  2 | 
  3 | import TCFGmodel.TCFG;
  4 | import TCFGmodel.TCFGUtil;
  5 | import org.apache.flink.api.java.tuple.Tuple7;
  6 | 
  7 | import java.util.ArrayList;
  8 | import java.util.List;
  9 | import java.util.Map;
 10 | 
 11 | //Fault diagnosis with probability inference
 12 | public class FaultDiagnosisMode1 implements FaultDiagnosis {
 13 | 
 14 |     //Power Law
 15 |     @Override
 16 |     public double calProbability(double ti, double tj, double alphaji,long timeWindow, long delta) {
 17 | 
 18 |         double prob = (alphaji/delta)* Math.pow(((TCFGUtil.minMax((double)(ti-tj),delta,timeWindow))*delta+delta)/(double)delta,-1-alphaji);
 19 |         return prob;
 20 | 
 21 |     }
 22 | 
 23 |     @Override
 24 |     public double calProbabilityOfCurrentEntry(List<Tuple7> logList, Map<String, Map<String, Double>> paramMatrix, long timeWindow, long delta) {
 25 | 
 26 |         TCFGUtil faultDiagnosisUtil = new TCFGUtil();
 27 |         Tuple7 logEntryi = logList.get(logList.size()-1);
 28 |         List infectedProbList = new ArrayList();
 29 |         List suvivalProbList = new ArrayList();
 30 |         for (int i = 0; i < logList.size(); i++) {
 31 |             Tuple7 logEntryj = logList.get(i);
 32 |             if (!paramMatrix.keySet().contains(logEntryi.f6) || !paramMatrix.keySet().contains(logEntryj.f6)) {
 33 |                 infectedProbList.add(0.0);
 34 |                 suvivalProbList.add(1.0);
 35 |             }
 36 |             else if (Long.parseLong((String) logEntryi.f0)- Long.parseLong((String) logEntryj.f0) < delta) {
 37 |                 logEntryj.f0 = String.valueOf(Long.parseLong((String)logEntryi.f0) - delta -1);
 38 |             }
 39 |             else {
 40 |                 Double alphaji = paramMatrix.get(logEntryj.f6).get(logEntryi.f6);
 41 |                 if (Long.parseLong((String)logEntryi.f0) - Long.parseLong((String)logEntryj.f0) <= delta) {
 42 |                     logEntryj.f0 = String.valueOf(Long.parseLong((String)logEntryi.f0) - delta -1);
 43 |                 }
 44 |                 double infectedProb = calProbability(Long.parseLong((String) logEntryi.f0), Long.parseLong((String) logEntryj.f0), alphaji,timeWindow, delta);
 45 |                 infectedProbList.add(infectedProb);
 46 |                 double survivalProb = 1-faultDiagnosisUtil.calDefinitIntegral(delta, TCFGUtil.minMax(Long.parseLong((String) logEntryi.f0)- Long.parseLong((String) logEntryj.f0),delta,timeWindow)*delta + delta, 100, alphaji, delta);
 47 |                 suvivalProbList.add(survivalProb);
 48 |             }
 49 |         }
 50 | 
 51 |         double probSum = 0;
 52 | //        List<String> existingTemplates = new ArrayList<>();
 53 | 
 54 |         for (int j = infectedProbList.size()-1; j >=0; j--) {
 55 |             if ((double)infectedProbList.get(j) > 0.1) {
 56 |                 probSum = 0.5;
 57 |                 break;
 58 |             }
 59 | 
 60 |             //Tuple7 logEntryj = logList.get(j);
 61 | //            if (existingTemplates.contains(logEntryj.f6)) {
 62 | //                continue;
 63 | //            }
 64 | //            existingTemplates.add((String)logEntryj.f6);
 65 |             double survivalAll = 1;
 66 |             List<String> existingTemplates_in = new ArrayList<>();
 67 |             for (int x = infectedProbList.size()-1; x >= 0; x--) {
 68 |                 if (j == x) {
 69 |                     continue;
 70 |                 }
 71 |                 //Tuple7 logEntryx = logList.get(x);
 72 | //                if (existingTemplates_in.contains(logEntryx.f6)) {
 73 | //                    continue;
 74 | //                }
 75 | //                existingTemplates_in.add((String)logEntryx.f6);
 76 |                 survivalAll = survivalAll * (double)suvivalProbList.get(x);
 77 |                 //System.out.println(survivalAll);
 78 |             }
 79 |             double probAll = (double)infectedProbList.get(j) * survivalAll;
 80 | 
 81 |             probSum = probSum + probAll;
 82 | 
 83 |         }
 84 | 
 85 | //        if (probSum < 0.01) {
 86 | ////        List<String> existingTemplates = new ArrayList<>();
 87 | //
 88 | //            System.out.println("infectedProbList: " + infectedProbList);
 89 | //            System.out.println("suvivalProbList: " + suvivalProbList);
 90 | //            System.out.println("prob: " + probSum);
 91 | //        }
 92 |         return probSum;
 93 |     }
 94 | 
 95 |     @Override
 96 |     public List<Tuple7> detectSuspiciousRequest(TCFG tcfg, List<Tuple7> logList) {
 97 |         return null;
 98 |     }
 99 | 
100 |     @Override
101 |     public Anomaly faultDiagnosisProcess(TCFG tcfg, List<Tuple7> tempList) {
102 |         return null;
103 |     }
104 | }
105 | 


--------------------------------------------------------------------------------
/src/main/java/workflow/CommandListener.java:
--------------------------------------------------------------------------------
  1 | package workflow;
  2 | 
  3 | import TCFGmodel.TCFGUtil;
  4 | import com.alibaba.fastjson.JSON;
  5 | import dao.AnomalyJSON;
  6 | import dao.MysqlUtil;
  7 | import faultdiagnosis.Anomaly;
  8 | import humanfeedback.SuspiciousRegionMonitor;
  9 | import spark.Request;
 10 | import spark.Response;
 11 | import spark.Route;
 12 | import spark.Spark;
 13 | 
 14 | import java.util.HashMap;
 15 | import java.util.List;
 16 | import java.util.Map;
 17 | 
 18 | public class CommandListener extends Thread {
 19 | 
 20 |     // Usage:
 21 |     // CommandListener listener = new FeedbackListener();
 22 |     // listener.start();
 23 | 
 24 |     private MysqlUtil sql = new MysqlUtil();
 25 | 
 26 |     public Route postAnomalyID = (Request request, Response response) -> {
 27 |         response.header("Access-Control-Allow-Origin", "*");
 28 |         String id = request.splat()[0];
 29 |         Anomaly anomaly = sql.getAnomalyByID(Integer.parseInt(id));
 30 |         SuspiciousRegionMonitor.feedBackFalseAlarms.addAnomalyToFalseAlarms(anomaly);
 31 |         response.status(200);
 32 |         return "OK";
 33 |     };
 34 | 
 35 |     public Route postAnomalyIDs = (Request request, Response response) -> {
 36 |         response.header("Access-Control-Allow-Origin", "*");
 37 |         String IDs = request.body();
 38 |         List<Integer> ids = JSON.parseObject(IDs, List.class);
 39 |         for (int id: ids) {
 40 |             Anomaly anomaly = sql.getAnomalyByID(id);
 41 |             SuspiciousRegionMonitor.feedBackFalseAlarms.addAnomalyToFalseAlarms(anomaly);
 42 |         }
 43 |         response.status(200);
 44 |         return "OK";
 45 |     };
 46 | 
 47 |     public Route postConfig = (Request request, Response response) -> {
 48 |         response.header("Access-Control-Allow-Origin", "*");
 49 |         String config = request.body();
 50 |         //update system configuration
 51 |         Map<String, Object> configMap = JSON.parseObject(config,Map.class);
 52 |         for (Map.Entry<String, Object> obj : configMap.entrySet()){
 53 |             Config.parameter.put(obj.getKey(), obj.getValue().toString());
 54 |         }
 55 |         response.status(200);
 56 |         Map<String, Map<String, String>> ret = new HashMap<>();
 57 |         ret.put("Parameter", Config.parameter);
 58 |         return JSON.toJSONString(ret);
 59 |     };
 60 |     public Route postCommands = (Request request, Response response) -> {
 61 |         response.header("Access-Control-Allow-Origin", "*");
 62 |         //parse CommandStr and execute system updates with workflow.Controller
 63 |         String commandStr = request.body();
 64 |         Map commandMap = JSON.parseObject(commandStr, Map.class);
 65 |         Controller controller = new Controller();
 66 |         controller.executeCommands(commandMap);
 67 |         response.status(200);
 68 |         TCFGUtil tcfgUtil = new TCFGUtil();
 69 |         Map<String, Integer> ret = new HashMap<>();
 70 |         ret.put("Detection", tcfgUtil.getDetectionFlag());
 71 |         ret.put("Training", tcfgUtil.getTrainingFlag());
 72 |         return JSON.toJSONString(ret);
 73 |     };
 74 | 
 75 |     public Route getConfig = (Request request, Response response) -> {
 76 |         response.header("Access-Control-Allow-Origin", "*");
 77 |         Map<String, Map<String, String>> ret = new HashMap<>();
 78 |         ret.put("Parameter", Config.parameter);
 79 |         ret.put("ValueStates", Config.parameter);
 80 |         String json = JSON.toJSONString(ret);
 81 |         System.out.println(json);
 82 |         return json;
 83 |     };
 84 | 
 85 |     public Route getCommands = (Request request, Response response) -> {
 86 |         response.header("Access-Control-Allow-Origin", "*");
 87 |         TCFGUtil tcfgUtil = new TCFGUtil();
 88 |         Map<String, Integer> ret = new HashMap<>();
 89 |         ret.put("Detection", tcfgUtil.getDetectionFlag());
 90 |         ret.put("Training", tcfgUtil.getTrainingFlag());
 91 |         String json = JSON.toJSONString(ret);
 92 |         System.out.println(json);
 93 |         return json;
 94 |     };
 95 | 
 96 |     public Route getTCFG = (Request request, Response response) -> {
 97 |         response.header("Access-Control-Allow-Origin", "*");
 98 |         // get TCFG data
 99 |         response.type("application/json");
100 |         return sql.getTCFG();
101 |     };
102 | 
103 |     public Route getAnomalies = (Request request, Response response) -> {
104 |         response.header("Access-Control-Allow-Origin", "*");
105 |         // get anomalies data
106 |         response.type("application/json");
107 |         List<AnomalyJSON> res = sql.getAnomalies();
108 |         return JSON.toJSONString(res);
109 |     };
110 | 
111 |     @Override
112 |     public void run() {
113 |         Spark.port(30822);
114 |         Spark.post("/Anomaly/*", postAnomalyID);
115 |         Spark.post("/Anomaly", postAnomalyIDs);
116 |         Spark.patch("/Config", postConfig);
117 |         Spark.patch("/CommandList", postCommands);
118 |         Spark.get("/Config", getConfig);
119 |         Spark.get("/CommandList", getCommands);
120 |         Spark.get("/TCFG", getTCFG);
121 |         Spark.get("/Anomalies", getAnomalies);
122 |     }
123 | 
124 |     public void cancel() {
125 |         Spark.stop();
126 |     }
127 | 
128 | }
129 | 


--------------------------------------------------------------------------------
/src/main/java/dao/AnomalyJSON.java:
--------------------------------------------------------------------------------
  1 | package dao;
  2 | 
  3 | import com.alibaba.fastjson.annotation.JSONField;
  4 | 
  5 | public class AnomalyJSON {
  6 |     @JSONField(name = "id")
  7 |     public int id;
  8 |     @JSONField(name = "time_start")
  9 |     public String time_start;
 10 |     @JSONField(name = "time_end")
 11 |     public String time_end;
 12 |     @JSONField(name = "unix_time_start")
 13 |     public String unix_time_start;
 14 |     @JSONField(name = "unix_time_end")
 15 |     public String unix_time_end;
 16 |     @JSONField(name = "level")
 17 |     public String level;
 18 |     @JSONField(name = "component")
 19 |     public String component;
 20 |     @JSONField(name = "content")
 21 |     public String content;
 22 |     @JSONField(name = "template")
 23 |     public String template;
 24 |     @JSONField(name = "param_list")
 25 |     public String param_list;
 26 |     @JSONField(name = "event_id")
 27 |     public String event_id;
 28 |     @JSONField(name = "anomaly_logs")
 29 |     public String anomaly_logs;
 30 |     @JSONField(name = "anomaly_request")
 31 |     public String anomaly_request;
 32 |     @JSONField(name = "anomaly_window")
 33 |     public String anomaly_window;
 34 |     @JSONField(name = "anomaly_type")
 35 |     public String anomaly_type;
 36 |     @JSONField(name = "anomaly_templates")
 37 |     public String anomaly_templates;
 38 | 
 39 |     public AnomalyJSON(int id, String time_start, String time_end, String unix_time_start, String unix_time_end, String level, String component, String content, String template, String param_list, String event_id, String anomaly_logs, String anomaly_request, String anomaly_window, String anomaly_type, String anomaly_templates) {
 40 |         this.id = id;
 41 |         this.time_start = time_start;
 42 |         this.time_end = time_end;
 43 |         this.unix_time_start = unix_time_start;
 44 |         this.unix_time_end = unix_time_end;
 45 |         this.level = level;
 46 |         this.component = component;
 47 |         this.content = content;
 48 |         this.template = template;
 49 |         this.param_list = param_list;
 50 |         this.event_id = event_id;
 51 |         this.anomaly_logs = anomaly_logs;
 52 |         this.anomaly_request = anomaly_request;
 53 |         this.anomaly_window = anomaly_window;
 54 |         this.anomaly_type = anomaly_type;
 55 |         this.anomaly_templates = anomaly_templates;
 56 |     }
 57 | 
 58 |     public int getId() {
 59 |         return id;
 60 |     }
 61 | 
 62 |     public void setId(int id) {
 63 |         this.id = id;
 64 |     }
 65 | 
 66 |     public String getTime_start() {
 67 |         return time_start;
 68 |     }
 69 | 
 70 |     public void setTime_start(String time_start) {
 71 |         this.time_start = time_start;
 72 |     }
 73 | 
 74 |     public String getTime_end() {
 75 |         return time_end;
 76 |     }
 77 | 
 78 |     public void setTime_end(String time_end) {
 79 |         this.time_end = time_end;
 80 |     }
 81 | 
 82 |     public String getUnix_time_start() {
 83 |         return unix_time_start;
 84 |     }
 85 | 
 86 |     public void setUnix_time_start(String unix_time_start) {
 87 |         this.unix_time_start = unix_time_start;
 88 |     }
 89 | 
 90 |     public String getUnix_time_end() {
 91 |         return unix_time_end;
 92 |     }
 93 | 
 94 |     public void setUnix_time_end(String unix_time_end) {
 95 |         this.unix_time_end = unix_time_end;
 96 |     }
 97 | 
 98 |     public String getLevel() {
 99 |         return level;
100 |     }
101 | 
102 |     public void setLevel(String level) {
103 |         this.level = level;
104 |     }
105 | 
106 |     public String getComponent() {
107 |         return component;
108 |     }
109 | 
110 |     public void setComponent(String component) {
111 |         this.component = component;
112 |     }
113 | 
114 |     public String getContent() {
115 |         return content;
116 |     }
117 | 
118 |     public void setContent(String content) {
119 |         this.content = content;
120 |     }
121 | 
122 |     public String getTemplate() {
123 |         return template;
124 |     }
125 | 
126 |     public void setTemplate(String template) {
127 |         this.template = template;
128 |     }
129 | 
130 |     public String getParam_list() {
131 |         return param_list;
132 |     }
133 | 
134 |     public void setParam_list(String param_list) {
135 |         this.param_list = param_list;
136 |     }
137 | 
138 |     public String getEvent_id() {
139 |         return event_id;
140 |     }
141 | 
142 |     public void setEvent_id(String event_id) {
143 |         this.event_id = event_id;
144 |     }
145 | 
146 |     public String getAnomaly_logs() {
147 |         return anomaly_logs;
148 |     }
149 | 
150 |     public void setAnomaly_logs(String anomaly_logs) {
151 |         this.anomaly_logs = anomaly_logs;
152 |     }
153 | 
154 |     public String getAnomaly_request() {
155 |         return anomaly_request;
156 |     }
157 | 
158 |     public void setAnomaly_request(String anomaly_request) {
159 |         this.anomaly_request = anomaly_request;
160 |     }
161 | 
162 |     public String getAnomaly_window() {
163 |         return anomaly_window;
164 |     }
165 | 
166 |     public void setAnomaly_window(String anomaly_window) {
167 |         this.anomaly_window = anomaly_window;
168 |     }
169 | 
170 |     public String getAnomaly_type() {
171 |         return anomaly_type;
172 |     }
173 | 
174 |     public void setAnomaly_type(String anomaly_type) {
175 |         this.anomaly_type = anomaly_type;
176 |     }
177 | 
178 |     public String getAnomaly_templates() {
179 |         return anomaly_templates;
180 |     }
181 | 
182 |     public void setAnomaly_templates(String anomaly_templates) {
183 |         this.anomaly_templates = anomaly_templates;
184 |     }
185 | }
186 | 


--------------------------------------------------------------------------------
/docker/resources/config.properties:
--------------------------------------------------------------------------------
  1 | ###################################################################
  2 | #This config file defines the parameters in Template Mining,
  3 | #TCFG Construction and Fault Diagnosis.
  4 | ###################################################################
  5 | #FineLog supports three modes
  6 | #Mode 1: Event Time Mode that uses log's timestamp to precisely
  7 | #construct TCFG.
  8 | #Mode 2: Injestion Time Mode that uses log's incomming time to
  9 | #infer TCFG
 10 | ###################################################################
 11 | workFlowMode=2
 12 | ###################################################################
 13 | #Parameters in Entrance
 14 | ###################################################################
 15 | logData=adc
 16 | logName=swm_vmp-20191012-174605-058_0.b_zlog.log
 17 | #sourceName can be file, socket, rabbitmq or kafka.
 18 | sourceName=files
 19 | #socket parameters
 20 | socketHost=localhost
 21 | socketPort=30833
 22 | #Kafka parameters
 23 | topic=logs
 24 | bootstrapServer=localhost:9092
 25 | zookeeperConnect=localhost:2181
 26 | groupID=test
 27 | #RabbitMQ parameters
 28 | queue=logs
 29 | rabbitmqHost=localhost
 30 | rabbitmqPort=5672
 31 | virtualHost=/
 32 | rabbitmqUser=guest
 33 | rabbitmqPassword=guest
 34 | #Output/TCFG Write/TCFG Read interval to control Frequency
 35 | outputInterval=1
 36 | TCFGWriteInterval=20
 37 | TCFGReadInterval=50
 38 | matrixWriteInterval=20
 39 | ###################################################################
 40 | #Parameters in Template Mining
 41 | ###################################################################
 42 | #Log format regex
 43 | #logFormat = <Date> <Time> <deltadrc> [<Component1>] <Level> <Component> - <Content>
 44 | #logFormat=<Date> <Time> <id> <Level> <Component> [<RequestID>] <Content>@[<Component>][<Level>] <Date> <Time>: <Content>@<TraceId> <Process> <Date> <Time> <Level> <Component>: <Content>@[<Time>] [<Level>] - <Component> - <Content>@<Date> <Time> <Level> <Component> <Content>@<Date> <Time> <Level> <Component> <Content>@[<Time>] [<Level>] - <Component> - <Content>@<Date> <Time> <Level> <Component> <Content>
 45 | #OpenStack logformat
 46 | logFormat=<Date> <Time> <id> <Level> <Component> [<RequestID>] <Content>
 47 | #Log time format
 48 | #Please specify the timestamp with "Time"
 49 | #timeFormat = HH:mm:ss,SSS
 50 | #timeFormat = HH:mm:ss.SSS@HH:mm:ss,SSS@HH:mm:ss,SSS@HH:mm:ss:SSS@HH:mm:ss,SSS
 51 | #上线数据logformat
 52 | timeFormat = HH:mm:ss.SSS
 53 | #Regex used for preprocessing
 54 | #adc
 55 | #regex=@[a-z0-9]+$&\\[[A-Za-z0-9\\-\\/]+\\]&\\{.+\\}&(\\d+\\.){3}\\d+&(?<=[^A-Za-z0-9])(\\-?\\+?\\d+)(?=[^A-Za-z0-9])|[0-9]+$
 56 | #OpenStack
 57 | regex=([0-9a-zA-Z]*-){4}[0-9a-zA-Z]*&(\\{).*(\\})&([0-9]+\\.){3}[0-9]+(:[0-9]+|)(:|)&\\d{4}-\\d{1,2}-\\d{1,2}T(\\d{1,2}:){2}\\d{1,2}.\\d+&(?<=[^A-Za-z0-9])(\\-?\\+?\\d+)(?=[^A-Za-z0-9])|[0-9]+$
 58 | #openstack
 59 | #regex=([0-9a-zA-Z]*-){4}[0-9a-zA-Z]*&(\\{).*(\\})&([0-9]+\\.){3}[0-9]+(:[0-9]+|)(:|)&\\d{4}-\\d{1,2}-\\d{1,2}T(\\d{1,2}:){2}\\d{1,2}.\\d+&(?<=[^A-Za-z0-9])(\\-?\\+?\\d+)(?=[^A-Za-z0-9])|[0-9]+$
 60 | # print Info
 61 | logInterval=1000
 62 | printLog=false
 63 | ###################################################################
 64 | #Parameters in TCFG Construction
 65 | ###################################################################
 66 | #length of time window(milliseconds).
 67 | timeWindow = 2000
 68 | #Sliding time window parameter
 69 | slidingWindowSize = 4000
 70 | slidingWindowStep = 2000
 71 | #Max out of orderness to handle sequence disorder
 72 | maxOutOfOrderness = 200
 73 | #length of time slag(milliseconds)
 74 | timeSlag = 5000
 75 | #FineLog supports three Distribution Mode
 76 | #Mode 1: Exponential Distribution
 77 | #Mode 2: Power Law Distribution
 78 | #Mode 3: Rayleigh Distribution
 79 | distributionMode = 1
 80 | #Mode 1 Parameters
 81 | #Gradient Update Step Size
 82 | gamma = 0.001
 83 | #Gradient Update Limitation
 84 | gradLimitation = 10
 85 | #Minimum Log Interval (milliseconds,Parameter in Distribution Function)
 86 | delta = 100
 87 | #Decay Rate
 88 | beta = 1
 89 | #transformision parameter(alpha) Intialization
 90 | alpha = 0
 91 | #enable metricsMonitoring
 92 | metricsMonitoring = false
 93 | ###################################################################
 94 | #Parameters in model storing and sharing
 95 | #Memory Partition
 96 | #############################
 97 | #      TrainingFlag(1)      #
 98 | #      DetectionFlag(1)     #
 99 | #        TCFGRegion         #
100 | # TransferParamMatrixRegion #
101 | #       TuningRegion        #
102 | #   TemplateUpdateRegion    #
103 | #      ParseTreeRegion      #
104 | #############################
105 | ###################################################################
106 | shareMemoryFilePath = /opt/models
107 | transferParamMatrixSize = 10485760
108 | TCFGSize = 10485760
109 | tuningRegionSize = 2097152
110 | templateUpdateRegionSize = 2097152
111 | parseTreeRegionSize = 6291455
112 | ###################################################################
113 | #Parameters in Human Feedback
114 | ###################################################################
115 | suspiciousTimeForLatencyAnomaly=1000000000
116 | suspiciousTimeForSequenceAnomaly=0
117 | suspiciousTimeForRedundancyAnomaly=10000000000
118 | falseAlarmsProcessingInterval=1000
119 | ###################################################################
120 | #Parameters in Fault Diagnosis
121 | ###################################################################
122 | ###################################################################
123 | #Parameters in MySQL Utils
124 | ###################################################################
125 | database = anomalies
126 | databaseUrl = mysql:3306
127 | mysqlUser=root
128 | mysqlPassword=jt1118961
129 | templateFilePath=/opt/models/templates.json


--------------------------------------------------------------------------------
/src/main/resources/config.properties:
--------------------------------------------------------------------------------
  1 | ###################################################################
  2 | #This config file defines the parameters in Template Mining,
  3 | #TCFG Construction and Fault Diagnosis.
  4 | ###################################################################
  5 | #FineLog supports three modes
  6 | #Mode 1: Event Time Mode that uses log's timestamp to precisely
  7 | #construct TCFG.
  8 | #Mode 2: Injestion Time Mode that uses log's incomming time to
  9 | #infer TCFG
 10 | ###################################################################
 11 | workFlowMode=2
 12 | ###################################################################
 13 | #Parameters in Entrance
 14 | ###################################################################
 15 | logData=adc
 16 | logName=spiderman-ict.log
 17 | #sourceName can be file, socket, rabbitmq or kafka.
 18 | sourceName=files
 19 | #socket parameters
 20 | socketHost=localhost
 21 | socketPort=30833
 22 | #Kafka parameters
 23 | topic=logs
 24 | bootstrapServer=localhost:9092
 25 | zookeeperConnect=localhost:2181
 26 | groupID=test
 27 | #RabbitMQ parameters
 28 | queue=logs
 29 | rabbitmqHost=localhost
 30 | rabbitmqPort=5672
 31 | virtualHost=/
 32 | rabbitmqUser=guest
 33 | rabbitmqPassword=guest
 34 | #Output/TCFG Write/TCFG Read interval to control Frequency
 35 | outputInterval=1
 36 | TCFGWriteInterval=20
 37 | TCFGReadInterval=50
 38 | matrixWriteInterval=20
 39 | ###################################################################
 40 | #Parameters in Template Mining
 41 | ###################################################################
 42 | #Log format regex
 43 | #logFormat = <Date> <Time> <deltadrc> [<Component1>] <Level> <Component> - <Content>
 44 | #logFormat=<Date> <Time> <id> <Level> <Component> [<RequestID>] <Content>@[<Component>][<Level>] <Date> <Time>: <Content>@<TraceId> <Process> <Date> <Time> <Level> <Component>: <Content>@[<Time>] [<Level>] - <Component> - <Content>@<Date> <Time> <Level> <Component> <Content>@<Date> <Time> <Level> <Component> <Content>@[<Time>] [<Level>] - <Component> - <Content>@<Date> <Time> <Level> <Component> <Content>
 45 | #OpenStack logformat
 46 | logFormat=<Date> <Time> <id> <Level> <Component> [<RequestID>] <Content>
 47 | #Log time format
 48 | #Please specify the timestamp with "Time"
 49 | #timeFormat = HH:mm:ss,SSS
 50 | #timeFormat = HH:mm:ss.SSS@HH:mm:ss,SSS@HH:mm:ss,SSS@HH:mm:ss:SSS@HH:mm:ss,SSS
 51 | #上线数据logformat
 52 | timeFormat = HH:mm:ss.SSS
 53 | #Regex used for preprocessing
 54 | #adc
 55 | #regex=@[a-z0-9]+$&\\[[A-Za-z0-9\\-\\/]+\\]&\\{.+\\}&(\\d+\\.){3}\\d+&(?<=[^A-Za-z0-9])(\\-?\\+?\\d+)(?=[^A-Za-z0-9])|[0-9]+$
 56 | #OpenStack
 57 | regex=([0-9a-zA-Z]*-){4}[0-9a-zA-Z]*&(\\{).*(\\})&([0-9]+\\.){3}[0-9]+(:[0-9]+|)(:|)&\\d{4}-\\d{1,2}-\\d{1,2}T(\\d{1,2}:){2}\\d{1,2}.\\d+&(?<=[^A-Za-z0-9])(\\-?\\+?\\d+)(?=[^A-Za-z0-9])|[0-9]+$
 58 | #openstack
 59 | #regex=([0-9a-zA-Z]*-){4}[0-9a-zA-Z]*&(\\{).*(\\})&([0-9]+\\.){3}[0-9]+(:[0-9]+|)(:|)&\\d{4}-\\d{1,2}-\\d{1,2}T(\\d{1,2}:){2}\\d{1,2}.\\d+&(?<=[^A-Za-z0-9])(\\-?\\+?\\d+)(?=[^A-Za-z0-9])|[0-9]+$
 60 | # print Info
 61 | logInterval=1000
 62 | printLog=false
 63 | ###################################################################
 64 | #Parameters in TCFG Construction
 65 | ###################################################################
 66 | #length of time window(milliseconds).
 67 | timeWindow = 2000
 68 | #Sliding time window parameter
 69 | slidingWindowSize = 4000
 70 | slidingWindowStep = 2000
 71 | #Max out of orderness to handle sequence disorder
 72 | maxOutOfOrderness = 200
 73 | #length of time slag(milliseconds)
 74 | timeSlag = 5000
 75 | #FineLog supports three Distribution Mode
 76 | #Mode 1: Exponential Distribution
 77 | #Mode 2: Power Law Distribution
 78 | #Mode 3: Rayleigh Distribution
 79 | distributionMode = 1
 80 | #Mode 1 Parameters
 81 | #Gradient Update Step Size
 82 | gamma = 0.001
 83 | #Gradient Update Limitation
 84 | gradLimitation = 10
 85 | #Minimum Log Interval (milliseconds,Parameter in Distribution Function)
 86 | delta = 100
 87 | #Decay Rate
 88 | beta = 1
 89 | #transformision parameter(alpha) Intialization
 90 | alpha = 0
 91 | #delete an expired template
 92 | expireTime = 1000000000
 93 | ###################################################################
 94 | #Parameters in model storing and sharing
 95 | #Memory Partition
 96 | #############################
 97 | #      TrainingFlag(1)      #
 98 | #      DetectionFlag(1)     #
 99 | #        TCFGRegion         #
100 | # TransferParamMatrixRegion #
101 | #       TuningRegion        #
102 | #   TemplateUpdateRegion    #
103 | #      ParseTreeRegion      #
104 | #############################
105 | ###################################################################
106 | shareMemoryFilePath = src/main/resources/models
107 | transferParamMatrixSize = 10485760
108 | TCFGSize = 10485760
109 | tuningRegionSize = 2097152
110 | templateUpdateRegionSize = 2097152
111 | parseTreeRegionSize = 6291455
112 | ###################################################################
113 | #Parameters in Human Feedback
114 | ###################################################################
115 | suspiciousTimeForLatencyAnomaly=1000000000
116 | suspiciousTimeForSequenceAnomaly=0
117 | suspiciousTimeForRedundancyAnomaly=10000000000
118 | falseAlarmsProcessingInterval=1000
119 | ###################################################################
120 | #Parameters in Fault Diagnosis
121 | ###################################################################
122 | ###################################################################
123 | #Parameters in MySQL Utils
124 | ###################################################################
125 | database = anomalies
126 | databaseUrl = localhost:3306
127 | mysqlUser=root
128 | mysqlPassword=jt1118961
129 | templateFilePath=src/main/resources/models/templates.json


--------------------------------------------------------------------------------
/src/main/java/Entrance.java:
--------------------------------------------------------------------------------
  1 | import TCFGmodel.TCFGUtil;
  2 | import org.apache.flink.api.common.serialization.SimpleStringSchema;
  3 | import org.apache.flink.api.java.utils.ParameterTool;
  4 | import org.apache.flink.streaming.api.TimeCharacteristic;
  5 | import org.apache.flink.streaming.api.datastream.DataStreamSource;
  6 | import org.apache.flink.streaming.api.environment.StreamExecutionEnvironment;
  7 | import org.apache.flink.streaming.connectors.kafka.FlinkKafkaConsumer;
  8 | import org.apache.flink.streaming.connectors.rabbitmq.RMQSource;
  9 | import org.apache.flink.streaming.connectors.rabbitmq.common.RMQConnectionConfig;
 10 | import org.apache.log4j.Logger;
 11 | import workflow.WorkFlow;
 12 | import workflow.WorkFlowMode1;
 13 | import workflow.WorkFlowMode2;
 14 | 
 15 | import java.io.File;
 16 | import java.util.ArrayList;
 17 | import java.util.List;
 18 | import java.util.Properties;
 19 | 
 20 | public class Entrance {
 21 | 
 22 |     public static DataStreamSource<String> getDataStream(StreamExecutionEnvironment env, Logger log, ParameterTool parameter){
 23 |         String source = parameter.get("sourceName");
 24 |         switch (source) {
 25 |             default:
 26 |                 log.error("Source type can be file, rabbitmq, socket or kafka.");
 27 |                 break;
 28 |             case "socket":
 29 |                 return env.socketTextStream(parameter.get("socketHost"), Integer.parseInt(parameter.get("socketPort")), "\n");
 30 |             case "file":
 31 |                 String input_dir = String.format("src/main/resources/%s/raw", parameter.get("logData"));
 32 |                 return env.readTextFile(input_dir + File.separator + parameter.get("logName"));
 33 |             case "files":
 34 |                 //String dir = "E:/中兴项目/实验/上电阶段数据_191219/hjm/release 5G AAU/67214_1571794768181";
 35 |                 String dir = "E:/中兴项目/实验/tecs_log_good/tecs_log";
 36 | 
 37 |                 List filelist = new ArrayList();
 38 |                 List<File> newfilelist = getFileList(filelist,dir);
 39 |                 for (File file: newfilelist) {
 40 | 
 41 |                     DataStreamSource<String> dataStream = env.readTextFile(file.getAbsolutePath());
 42 |                     System.out.println(file.getAbsolutePath());
 43 |                     try {
 44 |                         WorkFlow workFlow2 = new WorkFlowMode2();
 45 |                         workFlow2.workflow(env, dataStream, parameter);
 46 |                     }catch (Exception e){
 47 |                         System.out.println("error");
 48 |                     }
 49 |                 }
 50 |             case "rabbitmq":
 51 |                 RMQConnectionConfig connectionConfig = new RMQConnectionConfig.Builder()
 52 |                         .setHost(parameter.get("rabbitmqHost"))
 53 |                         .setPort(Integer.parseInt(parameter.get("rabbitmqPort")))
 54 |                         .setVirtualHost(parameter.get("virtualHost"))
 55 |                         .setUserName(parameter.get("rabbitmqUser"))
 56 |                         .setPassword(parameter.get("rabbitmqPassword"))
 57 |                         .build();
 58 |                 return env.addSource(new RMQSource<String>(connectionConfig, parameter.get("queue"), true, new SimpleStringSchema()));
 59 |             case "kafka":
 60 |                 Properties properties = new Properties();
 61 |                 properties.setProperty("bootstrap.servers", parameter.get("bootstrapServer"));
 62 |                 properties.setProperty("zookeeper.connect", parameter.get("zookeeperConnect"));
 63 |                 properties.setProperty("group.id", parameter.get("groupID"));
 64 |                 FlinkKafkaConsumer<String> wordConsumer = new FlinkKafkaConsumer<>(parameter.get("topic"), new SimpleStringSchema(), properties);
 65 |                 wordConsumer.setStartFromEarliest();
 66 |                 return env.addSource(wordConsumer);
 67 |         }
 68 |         return null;
 69 |     }
 70 | 
 71 | 
 72 |     public static void main(String[] args) throws Exception {
 73 |         final Logger log = Logger.getLogger(Entrance.class);
 74 |         ParameterTool parameter = ParameterTool.fromPropertiesFile("src/main/resources/config.properties");
 75 |         String mode = parameter.get("workFlowMode");
 76 |         StreamExecutionEnvironment env = StreamExecutionEnvironment.getExecutionEnvironment().setParallelism(1);
 77 | //        env.getConfig().setGlobalJobParameters(parameter);
 78 |         env.setStreamTimeCharacteristic(TimeCharacteristic.EventTime);
 79 |         DataStreamSource<String> dataStream = getDataStream(env, log, parameter);
 80 |         switch (mode) {
 81 |             default:
 82 |                 log.error("workFlowMode can only be 1 or 2");
 83 |                 break;
 84 |             case "1":
 85 |                 WorkFlow workFlow1 = new WorkFlowMode1();
 86 |                 workFlow1.workflow(env, dataStream, parameter);
 87 |                 break;
 88 |             case "2":
 89 |                 WorkFlow workFlow2 = new WorkFlowMode2();
 90 |                 workFlow2.workflow(env, dataStream, parameter);
 91 |         }
 92 |     }
 93 | 
 94 |     public static List<File> getFileList(List filelist,String strPath) {
 95 |         File dir = new File(strPath);
 96 |         File[] files = dir.listFiles(); // 该文件目录下文件全部放入数组
 97 |         if (files != null) {
 98 |             for (int i = 0; i < files.length; i++) {
 99 |                 String fileName = files[i].getName();
100 |                 if (files[i].isDirectory()) { // 判断是文件还是文件夹
101 |                     getFileList(filelist,files[i].getAbsolutePath()); // 获取文件绝对路径
102 |                 //} else if (fileName.startsWith("swm_vmp-")) {
103 |                 } else if (fileName.startsWith("nova-compute")) {
104 |                     filelist.add(files[i]);
105 |                 } else {
106 |                     continue;
107 |                 }
108 |             }
109 |         }
110 |         return filelist;
111 |     }
112 | }
113 | 
114 | 


--------------------------------------------------------------------------------
/src/main/java/modelconstruction/TransferParamMatrix.java:
--------------------------------------------------------------------------------
  1 | package modelconstruction;
  2 | import org.apache.flink.api.java.tuple.Tuple2;
  3 | 
  4 | import java.io.Serializable;
  5 | import java.util.*;
  6 | 
  7 | 
  8 | //Transfer Parameter Matrix
  9 | public class TransferParamMatrix implements Serializable {
 10 | 
 11 |     private List<String> eventIDList;
 12 |     private Map<String, Tuple2<String,Long>> eventInfo;
 13 |     private Map<String, Map<String,MatrixTriple>> paramMatrix;
 14 | 
 15 |     public TransferParamMatrix() {
 16 |         eventIDList = new ArrayList<>();
 17 |         eventInfo = new HashMap<>();
 18 |         paramMatrix = new HashMap<>();
 19 |     }
 20 | 
 21 |     //Update the parameter matrix with gradient matrix
 22 |     //gamma is the update step length
 23 |     public void updateParam(double gamma, double alpha, String outNode, String inNode,  double gradient){
 24 |         if (!paramMatrix.keySet().contains(outNode)) {
 25 |             Map<String,MatrixTriple> matrixTriples = new HashMap<>();
 26 |             MatrixTriple triple = new MatrixTriple(alpha-gamma*gradient,0);
 27 |             matrixTriples.put(inNode,triple);
 28 |             paramMatrix.put(outNode,matrixTriples);
 29 |             return;
 30 |         }else if (!paramMatrix.get(outNode).keySet().contains(inNode)) {
 31 |             Map<String,MatrixTriple> matrixTriples = paramMatrix.get(outNode);
 32 |             MatrixTriple triple = new MatrixTriple(alpha-gamma*gradient,0);
 33 |             matrixTriples.put(inNode,triple);
 34 |             paramMatrix.put(outNode,matrixTriples);
 35 |             return;
 36 |         }
 37 |         Map<String,MatrixTriple> matrixTriples = paramMatrix.get(outNode);
 38 |         MatrixTriple triple = matrixTriples.get(inNode);
 39 |         MatrixTriple newTriple = new MatrixTriple(triple.getValue()-gamma*gradient,triple.getTimeWeight());
 40 |         if (alpha-gamma*gradient < 0) {
 41 |             triple.setValue(0);
 42 |         }
 43 |         matrixTriples.put(inNode,newTriple);
 44 |         paramMatrix.put(outNode,matrixTriples);
 45 |     }
 46 | 
 47 |     public void updateTimeWeight(String outNode, String inNode, long timeWeight) {
 48 | 
 49 |         if (!paramMatrix.containsKey(outNode)) return;
 50 |         else if (!paramMatrix.get(outNode).containsKey(inNode)) return;
 51 |         if (paramMatrix.get(outNode).get(inNode).getTimeWeight() >= timeWeight) {
 52 |             return;
 53 |         }
 54 |         Map<String,MatrixTriple> matrixTriples = paramMatrix.get(outNode);
 55 |         MatrixTriple triple = matrixTriples.get(inNode);
 56 |         MatrixTriple newTriple = new MatrixTriple(triple.getValue(),timeWeight);
 57 |         matrixTriples.put(inNode,newTriple);
 58 |         paramMatrix.put(outNode,matrixTriples);
 59 |     }
 60 | 
 61 | 
 62 |     public void clearParam() {
 63 |         paramMatrix.clear();
 64 |     }
 65 | 
 66 |     public void updateOccurTime(String eventID,String eventContent, Long eventTime) {
 67 |         Tuple2<String,Long> contentAndTime = new Tuple2<>(eventContent,eventTime);
 68 |         eventInfo.put(eventID,contentAndTime);
 69 |     }
 70 | 
 71 |     //add new template into the paramMatrix and gradMatrix
 72 |     public void addNewTemplate(String eventID, String eventContent, Long eventTime) {
 73 |         if (eventIDList.contains(eventID)) return;
 74 |         eventIDList.add(eventID);
 75 |         Tuple2<String,Long> contentAndTime = new Tuple2<>(eventContent,eventTime);
 76 |         eventInfo.put(eventID,contentAndTime);
 77 |     }
 78 | 
 79 |     public void deleteExpiredTemplate(String eventID) {
 80 |         eventIDList.remove(eventID);
 81 |         eventInfo.remove(eventID);
 82 |         paramMatrix.remove(eventID);
 83 |         for (String outNode: paramMatrix.keySet()) {
 84 |             for(String inNode: paramMatrix.get(outNode).keySet()){
 85 |                 if (inNode.equals(eventID)) {
 86 |                     Map<String,MatrixTriple> newParamTriples = paramMatrix.get(outNode);
 87 |                     newParamTriples.remove(inNode);
 88 |                     paramMatrix.put(outNode,newParamTriples);
 89 |                     break;
 90 |                 }
 91 |             }
 92 |         }
 93 |     }
 94 | 
 95 |     public void decay(double beta) {
 96 |         Map<String, Map<String,MatrixTriple>> newParamMatrix = new HashMap<>();
 97 |         for (String outNode: paramMatrix.keySet()) {
 98 |                 Map<String,MatrixTriple> newParamTriples = new HashMap<>();
 99 |             for(String inNode: paramMatrix.get(outNode).keySet()){
100 |                 MatrixTriple newTriple = new MatrixTriple(paramMatrix.get(outNode).get(inNode).getValue()*beta,paramMatrix.get(outNode).get(inNode).getTimeWeight());
101 |                 newParamTriples.put(inNode,newTriple);
102 |             }
103 |             newParamMatrix.put(outNode,newParamTriples);
104 |         }
105 |         paramMatrix = newParamMatrix;
106 |     }
107 | 
108 |     public double getParam(String outNode, String inNode) {
109 |         if (!paramMatrix.keySet().contains(outNode)) {
110 |             return 0;
111 |         }else if (!paramMatrix.get(outNode).keySet().contains(inNode)) {
112 |             return 0;
113 |         }
114 |         return paramMatrix.get(outNode).get(inNode).getValue();
115 |     }
116 | 
117 |     public double getNorm(){
118 | //        Map<String, Map<String, Double>> matrix = getParamMatrix();
119 | //        double t = 0;
120 | //        for (Map.Entry<String, Map<String, Double>> entry : matrix.entrySet()) {
121 | //            for (double value : entry.getValue().values())
122 | //                t += Math.pow(value, 2);
123 | //        }
124 | //        return Math.sqrt(t);
125 |         return 0;
126 |     }
127 | 
128 |     public List<String> getEventIDList() {
129 |         return eventIDList;
130 |     }
131 | 
132 |     public Map<String, Tuple2<String, Long>> getEventInfo() {
133 |         return eventInfo;
134 |     }
135 | 
136 |     public Map<String, Map<String, MatrixTriple>> getParamMatrix() {
137 |         return paramMatrix;
138 |     }
139 | }
140 | 


--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <project xmlns="http://maven.apache.org/POM/4.0.0"
  3 |          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  4 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  5 |     <modelVersion>4.0.0</modelVersion>
  6 | 
  7 |     <groupId>cn.PKUFineLab</groupId>
  8 |     <artifactId>LogFlash</artifactId>
  9 |     <version>1.0.5-SNAPSHOT</version>
 10 |     <properties>
 11 |         <java.version>1.8</java.version>
 12 |         <flink.version>1.10.0</flink.version>
 13 |         <joinery.version>1.9</joinery.version>
 14 |         <poi.version>4.1.0</poi.version>
 15 |         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 16 |     </properties>
 17 |     <dependencies>
 18 |         <dependency>
 19 |             <groupId>org.apache.flink</groupId>
 20 |             <artifactId>flink-streaming-java_2.11</artifactId>
 21 |             <version>${flink.version}</version>
 22 |             <scope>provided</scope>
 23 |         </dependency>
 24 |         <dependency>
 25 |             <groupId>org.apache.flink</groupId>
 26 |             <artifactId>flink-runtime-web_2.11</artifactId>
 27 |             <version>${flink.version}</version>
 28 |             <scope>provided</scope>
 29 |         </dependency>
 30 |         <dependency>
 31 |             <groupId>joinery</groupId>
 32 |             <artifactId>joinery-dataframe</artifactId>
 33 |             <version>${joinery.version}</version>
 34 |         </dependency>
 35 |         <dependency>
 36 |             <groupId>org.apache.poi</groupId>
 37 |             <artifactId>poi-ooxml</artifactId>
 38 |             <version>${poi.version}</version>
 39 |         </dependency>
 40 |         <dependency>
 41 |             <groupId>org.slf4j</groupId>
 42 |             <artifactId>slf4j-log4j12</artifactId>
 43 |             <version>1.7.15</version>
 44 |         </dependency>
 45 |         <dependency>
 46 |             <groupId>log4j</groupId>
 47 |             <artifactId>log4j</artifactId>
 48 |             <version>1.2.17</version>
 49 |         </dependency>
 50 |         <dependency>
 51 |             <groupId>com.alibaba</groupId>
 52 |             <artifactId>fastjson</artifactId>
 53 |             <version>1.2.67</version>
 54 |         </dependency>
 55 |         <!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
 56 |         <dependency>
 57 |             <groupId>mysql</groupId>
 58 |             <artifactId>mysql-connector-java</artifactId>
 59 |             <version>8.0.18</version>
 60 |         </dependency>
 61 |         <dependency>
 62 |             <groupId>org.apache.flink</groupId>
 63 |             <artifactId>flink-connector-kafka_2.11</artifactId>
 64 |             <version>1.10.0</version>
 65 |         </dependency>
 66 |         <dependency>
 67 |             <groupId>org.apache.flink</groupId>
 68 |             <artifactId>flink-connector-rabbitmq_2.11</artifactId>
 69 |             <version>1.10.0</version>
 70 |         </dependency>
 71 |         <dependency>
 72 |             <groupId>com.sparkjava</groupId>
 73 |             <artifactId>spark-core</artifactId>
 74 |             <version>2.8.0</version>
 75 |         </dependency>
 76 |     </dependencies>
 77 |     <build>
 78 |         <plugins>
 79 |             <plugin>
 80 |                 <groupId>org.apache.maven.plugins</groupId>
 81 |                 <artifactId>maven-shade-plugin</artifactId>
 82 |                 <version>3.1.1</version>
 83 |                 <executions>
 84 |                     <execution>
 85 |                         <phase>package</phase>
 86 |                         <goals>
 87 |                             <goal>shade</goal>
 88 |                         </goals>
 89 |                         <configuration>
 90 |                             <artifactSet>
 91 |                                 <excludes>
 92 |                                     <exclude>com.google.code.findbugs:jsr305</exclude>
 93 |                                     <exclude>org.slf4j:*</exclude>
 94 |                                     <exclude>log4j:*</exclude>
 95 |                                 </excludes>
 96 |                             </artifactSet>
 97 |                             <filters>
 98 |                                 <filter>
 99 |                                     <!--不要拷贝 META-INF 目录下的签名，
100 |                                     否则会引起 SecurityExceptions 。 -->
101 |                                     <artifact>*:*</artifact>
102 |                                     <excludes>
103 |                                         <exclude>META-INF/*.SF</exclude>
104 |                                         <exclude>META-INF/*.DSA</exclude>
105 |                                         <exclude>META-INF/*.RSA</exclude>
106 |                                     </excludes>
107 |                                 </filter>
108 |                             </filters>
109 |                             <transformers>
110 |                                 <transformer
111 |                                         implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
112 |                                     <mainClass>Entrance</mainClass>
113 |                                 </transformer>
114 |                             </transformers>
115 |                         </configuration>
116 |                     </execution>
117 |                 </executions>
118 |             </plugin>
119 |             <plugin>
120 |                 <groupId>org.apache.maven.plugins</groupId>
121 |                 <artifactId>maven-compiler-plugin</artifactId>
122 |                 <configuration>
123 |                     <source>8</source>
124 |                     <target>8</target>
125 |                 </configuration>
126 |             </plugin>
127 |         </plugins>
128 |     </build>
129 |     <repositories>
130 |         <repository>
131 |             <id>jcenter</id>
132 |             <url>https://jcenter.bintray.com/</url>
133 |         </repository>
134 |     </repositories>
135 | </project>


--------------------------------------------------------------------------------
/src/main/java/templatemining/Parse.java:
--------------------------------------------------------------------------------
  1 | package templatemining;
  2 | 
  3 | import TCFGmodel.ShareMemory;
  4 | import TCFGmodel.TCFG;
  5 | import modelconstruction.MetricsMonitoring;
  6 | import org.apache.flink.api.common.accumulators.IntCounter;
  7 | import org.apache.flink.api.common.state.ValueState;
  8 | import org.apache.flink.api.common.state.ValueStateDescriptor;
  9 | import org.apache.flink.api.java.tuple.Tuple2;
 10 | import org.apache.flink.api.java.tuple.Tuple7;
 11 | import org.apache.flink.api.java.utils.ParameterTool;
 12 | import org.apache.flink.configuration.Configuration;
 13 | import org.apache.flink.streaming.api.functions.KeyedProcessFunction;
 14 | import org.apache.flink.util.Collector;
 15 | 
 16 | import java.io.*;
 17 | import java.util.*;
 18 | 
 19 | import joinery.DataFrame;
 20 | import dao.MysqlUtil;
 21 | import TCFGmodel.TCFGUtil;
 22 | import org.slf4j.Logger;
 23 | import org.slf4j.LoggerFactory;
 24 | import workflow.CommandListener;
 25 | import workflow.Config;
 26 | 
 27 | public class Parse extends KeyedProcessFunction<String, Tuple2<String, String>, Tuple7<String, String, String, String, String, String, String>> {
 28 |     private ValueState<Node> parseTree;
 29 |     private final IntCounter templateNum = new IntCounter();
 30 |     private TCFGUtil tcfgUtil;
 31 |     private MetricsMonitoring metricsMonitoring;
 32 |     private CommandListener commandListener;
 33 |     private Logger LOG;
 34 | 
 35 |     @Override
 36 |     public void processElement(Tuple2<String, String> input,
 37 |                                Context ctx,
 38 |                                Collector<Tuple7<String, String, String, String, String, String, String>> out) throws Exception {
 39 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
 40 |         Node rootNode = parseTree.value() == null || Config.valueStates.get("parseTree") == 1? tcfgUtil.getParseTreeRegion() : parseTree.value();
 41 |         Config.valueStates.put("parseTree",0);
 42 |         String[] regex = parameterTool.get("regex").split("&");
 43 |         int depth = 3;
 44 |         int maxChild = 100;
 45 |         double st = 0.5;
 46 |         LogParser parser = new LogParser(regex, parameterTool.get("logFormat"), depth, maxChild, st);
 47 |         DataFrame<String> df_log = parser.load_data(input.f1, parameterTool.get("timeFormat"));
 48 |         if (df_log == null) return;
 49 |         List<String> logmessageL = Arrays.asList(parser.preprocess(df_log.get(0, "Content")).trim().split("[ ]"));
 50 |         LogCluster matchCluster = parser.treeSearch(rootNode, logmessageL);
 51 |         if (matchCluster == null) {
 52 |             LogCluster newCluster = new LogCluster(logmessageL, parser.getHash(String.join(" ", logmessageL)));
 53 |             parser.addSeqToPrefixTree(rootNode, newCluster);
 54 |             matchCluster = newCluster;
 55 |         } else {
 56 |             List<String> oldTemplate = matchCluster.getLogTemplate();
 57 |             List<String> newTemplate = parser.getTemplate(logmessageL, matchCluster.getLogTemplate());
 58 |             if (!String.join(" ", newTemplate).equals(String.join(" ", oldTemplate))) {
 59 |                 matchCluster.setLogTemplate(newTemplate);
 60 |             }
 61 |         }
 62 |         parseTree.update(rootNode);
 63 |         List<String> log_template = new ArrayList<>();
 64 |         log_template.add(String.join(" ", matchCluster.getLogTemplate()));
 65 |         df_log.add("EventTemplate", log_template);
 66 |         String time = df_log.get(0, "Time");
 67 |         String level = df_log.get(0, "Level");
 68 |         String component = df_log.get(0, "Component");
 69 |         String content = df_log.get(0, "Content");
 70 |         String eventTemplate = df_log.get(0, "EventTemplate");
 71 |         String parameterList = parser.get_parameter_list(df_log);
 72 |         parameterList = "\"" + parameterList + "\"";
 73 |         String eventID = matchCluster.getEventID();
 74 |         Tuple7<String, String, String, String, String, String, String> tuple = new Tuple7<>(time, level, component, content, eventTemplate, parameterList, eventID);
 75 |         tuple.f2 = "1";
 76 |         out.collect(tuple);
 77 |         templateNum.add(1);
 78 | //        parser.printTree(rootNode,0);
 79 |         if (parameterTool.getBoolean("printLog")) LOG.info(input.f1);
 80 |         if (templateNum.getLocalValue() % parameterTool.getInt("logInterval") == 0) {
 81 |             LOG.info("已接收日志数量：{}", templateNum.getLocalValue());
 82 |             FileWriter oo = new FileWriter(new File(parameterTool.get("templateFilePath")));
 83 |             Map<String, String> map1 = new HashMap<>();
 84 |             map1 = parser.saveTemplate(rootNode, 0, map1);
 85 |             for (Map.Entry<String, String> m : map1.entrySet()) {
 86 |                 oo.write(m.getKey() + ',');
 87 |                 oo.write(m.getValue() + '\n');
 88 |             }
 89 |             oo.close();
 90 |         }
 91 |     }
 92 | 
 93 |     @Override
 94 |     public void open(Configuration config) throws Exception {
 95 |         ValueStateDescriptor<Node> descriptor_parseTree =
 96 |                 new ValueStateDescriptor<>(
 97 |                         "parseTree",
 98 |                         Node.class
 99 |                 );
100 |         parseTree = getRuntimeContext().getState(descriptor_parseTree);
101 |         getRuntimeContext().addAccumulator("templateNum", templateNum);
102 |         Config.parameter = new HashMap<String, String>() {{
103 |             for (Entry<String, String> value : ParameterTool.fromPropertiesFile("src/main/resources/config.properties").toMap().entrySet()) {
104 |                 put(value.getKey(), value.getValue());
105 |             }
106 |         }};
107 |         LOG = LoggerFactory.getLogger(Parse.class);
108 |         TCFG.sm = new ShareMemory(Config.parameter.get("shareMemoryFilePath"), "TCFG");
109 |         tcfgUtil = new TCFGUtil();
110 |         //tcfgUtil.cleanShareMemory();
111 |         tcfgUtil.initiateShareMemory();
112 |         tcfgUtil.initiateDatabase();
113 |         //metricsMonitoring = new MetricsMonitoring();
114 |         //metricsMonitoring.start();
115 |         commandListener = new CommandListener();
116 |         commandListener.start();
117 |     }
118 | 
119 |     @Override
120 |     public void close() throws Exception {
121 |         if (templateNum.getLocalValue() == 0) return;
122 |         tcfgUtil.saveParseTreeRegion(parseTree.value());
123 | //        MysqlUtil sql = new MysqlUtil();
124 | //        Map<String, String> map = new HashMap<>();
125 | //        map = parser.saveTemplate(parseTree.value(), 0, map);
126 | //        sql.insertTemplate(map);
127 |         //metricsMonitoring.cancel();
128 |         commandListener.cancel();
129 |     }
130 | }
131 | 


--------------------------------------------------------------------------------
/src/main/java/TCFGmodel/ShareMemory.java:
--------------------------------------------------------------------------------
  1 | package TCFGmodel;
  2 | 
  3 | import java.io.File;
  4 | import java.io.IOException;
  5 | import java.io.RandomAccessFile;
  6 | import java.nio.ByteBuffer;
  7 | import java.nio.MappedByteBuffer;
  8 | import java.nio.channels.FileChannel;
  9 | import java.nio.channels.FileLock;
 10 | import java.util.Properties;
 11 | 
 12 | 
 13 | /**
 14 |  * 共享内存操作类
 15 |  *
 16 |  */
 17 | public class ShareMemory {
 18 | 
 19 |     int flen = 41779264;					//开辟共享内存大小
 20 |     int fsize = 0;							//文件的实际大小
 21 |     String shareFileName;					//共享内存文件名
 22 |     String sharePath;						//共享内存路径
 23 |     MappedByteBuffer mapBuf = null;			//定义共享内存缓冲区
 24 |     FileChannel fc = null;					//定义相应的文件通道
 25 |     FileLock fl = null;						//定义文件区域锁定的标记。
 26 |     Properties p = null;
 27 |     RandomAccessFile RAFile = null;			//定义一个随机存取文件对象
 28 | 
 29 |     /**
 30 |      *
 31 |      * @param sp	共享内存文件路径
 32 |      * @param sf	共享内存文件名
 33 |      */
 34 |     public ShareMemory(String sp, String sf) {
 35 |         if (sp.length() != 0) {
 36 |             FileUtil.CreateDir(sp);
 37 |             this.sharePath = sp + File.separator;
 38 |         } else {
 39 |             this.sharePath = sp;
 40 |         }
 41 |         this.shareFileName = sf;
 42 | 
 43 | 
 44 |         try {
 45 |             // 获得一个只读的随机存取文件对象   "rw" 打开以便读取和写入。如果该文件尚不存在，则尝试创建该文件。
 46 |             RAFile = new RandomAccessFile(this.sharePath + this.shareFileName + ".sm", "rw");
 47 |             //获取相应的文件通道
 48 |             fc = RAFile.getChannel();
 49 |             //获取实际文件的大小
 50 |             fsize = (int) fc.size();
 51 |             if (fsize < flen) {
 52 |                 byte bb[] = new byte[flen - fsize];
 53 |                 //创建字节缓冲区
 54 |                 ByteBuffer bf = ByteBuffer.wrap(bb);
 55 |                 bf.clear();
 56 |                 //设置此通道的文件位置。
 57 |                 fc.position(fsize);
 58 |                 //将字节序列从给定的缓冲区写入此通道。
 59 |                 fc.write(bf);
 60 |                 fc.force(false);
 61 | 
 62 |                 fsize = flen;
 63 |             }
 64 |             //将此通道的文件区域直接映射到内存中。
 65 |             mapBuf = fc.map(FileChannel.MapMode.READ_WRITE, 0, fsize);
 66 |         } catch (IOException e) {
 67 |             e.printStackTrace();
 68 |         }
 69 |     }
 70 | 
 71 |     /**
 72 |      *
 73 |      * @param ps		锁定区域开始的位置；必须为非负数
 74 |      * @param len		锁定区域的大小；必须为非负数
 75 |      * @param buff		写入的数据
 76 |      * @return
 77 |      */
 78 |     public synchronized int write(int ps, int len, byte[] buff) {
 79 |         if (ps >= fsize || ps + len >= fsize) {
 80 |             return 0;
 81 |         }
 82 |         //定义文件区域锁定的标记。
 83 |         FileLock fl = null;
 84 |         try {
 85 |             //获取此通道的文件给定区域上的锁定。
 86 |             fl = fc.lock(ps, len, false);
 87 |             if (fl != null) {
 88 |                 byte[] b = new byte[len];
 89 |                 for (int i=0;i<len;i++) {
 90 |                     if (i<buff.length) {
 91 |                         b[i] = buff[i];
 92 |                     }else b[i] = 0;
 93 |                 }
 94 |                 mapBuf.clear();
 95 |                 mapBuf.position(ps);
 96 |                 ByteBuffer bf1 = ByteBuffer.wrap(b);
 97 |                 mapBuf.put(bf1);
 98 |                 //释放此锁定。
 99 |                 fl.release();
100 | 
101 |                 return len;
102 |             }
103 |         } catch (Exception e) {
104 |             if (fl != null) {
105 |                 try {
106 |                     fl.release();
107 |                 } catch (IOException e1) {
108 |                     System.out.println(e1.toString());
109 |                 }
110 |             }
111 |             return 0;
112 |         }
113 | 
114 |         return 0;
115 |     }
116 | 
117 |     /**
118 |      *
119 |      * @param ps		锁定区域开始的位置；必须为非负数
120 |      * @param len		锁定区域的大小；必须为非负数
121 |      * @param buff		要取的数据
122 |      * @return
123 |      */
124 |     public synchronized int read(int ps, int len, byte[] buff) {
125 |         if (ps >= fsize) {
126 |             return 0;
127 |         }
128 |         //定义文件区域锁定的标记。
129 |         FileLock fl = null;
130 |         try {
131 |             fl = fc.lock(ps, len, false);
132 |             if (fl != null) {
133 |                 //System.out.println( "ps="+ps );
134 |                 mapBuf.position(ps);
135 |                 if (mapBuf.remaining() < len) {
136 |                     len = mapBuf.remaining();
137 |                 }
138 | 
139 |                 if (len > 0) {
140 |                     mapBuf.get(buff, 0, len);
141 |                 }
142 | 
143 |                 fl.release();
144 | 
145 |                 return len;
146 |             }
147 |         } catch (Exception e) {
148 |             if (fl != null) {
149 |                 try {
150 |                     fl.release();
151 |                 } catch (IOException e1) {
152 |                     System.out.println(e1.toString());
153 |                 }
154 |             }
155 |             return 0;
156 |         }
157 | 
158 |         return 0;
159 |     }
160 | 
161 |     /**
162 |      * 完成，关闭相关操作
163 |      */
164 |     protected void finalize() throws Throwable {
165 |         if (fc != null) {
166 |             try {
167 |                 fc.close();
168 |             } catch (IOException e) {
169 |                 System.out.println(e.toString());
170 |             }
171 |             fc = null;
172 |         }
173 | 
174 |         if (RAFile != null) {
175 |             try {
176 |                 RAFile.close();
177 |             } catch (IOException e) {
178 |                 System.out.println(e.toString());
179 |             }
180 |             RAFile = null;
181 |         }
182 |         mapBuf = null;
183 |     }
184 | 
185 |     /**
186 |      * 关闭共享内存操作
187 |      */
188 |     public synchronized void closeSMFile() {
189 |         if (fc != null) {
190 |             try {
191 |                 fc.close();
192 |             } catch (IOException e) {
193 |                 System.out.println(e.toString());
194 |             }
195 |             fc = null;
196 |         }
197 | 
198 |         if (RAFile != null) {
199 |             try {
200 |                 RAFile.close();
201 |             } catch (IOException e) {
202 |                 System.out.println(e.toString());
203 |             }
204 |             RAFile = null;
205 |         }
206 |         mapBuf = null;
207 |     }
208 | 
209 |     /**
210 |      *  检查退出
211 |      * @return	true-成功，false-失败
212 |      */
213 |     public synchronized boolean checkToExit() {
214 |         byte bb[] = new byte[1];
215 | 
216 |         if (read(1, 1, bb) > 0) {
217 |             if (bb[0] == 1) {
218 |                 return true;
219 | 
220 |             }
221 |         }
222 | 
223 |         return false;
224 |     }
225 | 
226 |     /**
227 |      * 复位退出
228 |      */
229 |     public synchronized void resetExit() {
230 |         byte bb[] = new byte[1];
231 | 
232 |         bb[0] = 0;
233 |         write(1, 1, bb);
234 | 
235 |     }
236 | 
237 |     /**
238 |      * 退出
239 |      */
240 |     public synchronized void toExit() {
241 |         byte bb[] = new byte[1];
242 | 
243 |         bb[0] = 1;
244 |         write(1, 1, bb);
245 | 
246 |     }
247 | //    private void unmap() {
248 | //        Cleaner cl = ((DirectBuffer)TCFG.sm).cleaner();
249 | //        if (cl != null)
250 | //            cl.clean();
251 | //    }
252 | 
253 | }
254 | 
255 | 


--------------------------------------------------------------------------------
/src/main/java/humanfeedback/SuspiciousRegionMonitor.java:
--------------------------------------------------------------------------------
  1 | package humanfeedback;
  2 | 
  3 | import TCFGmodel.TCFG;
  4 | import TCFGmodel.TCFGUtil;
  5 | import faultdiagnosis.*;
  6 | import org.apache.flink.api.common.state.ValueState;
  7 | import org.apache.flink.api.common.state.ValueStateDescriptor;
  8 | import org.apache.flink.api.java.tuple.Tuple7;
  9 | import org.apache.flink.api.java.utils.ParameterTool;
 10 | import org.apache.flink.configuration.Configuration;
 11 | import org.apache.flink.streaming.api.functions.windowing.ProcessWindowFunction;
 12 | import org.apache.flink.streaming.api.windowing.windows.TimeWindow;
 13 | import org.apache.flink.util.Collector;
 14 | import workflow.Config;
 15 | 
 16 | 
 17 | import java.util.Iterator;
 18 | 
 19 | public class SuspiciousRegionMonitor {
 20 |     public static FeedBackFalseAlarms feedBackFalseAlarms = new FeedBackFalseAlarms();
 21 |     public static SuspiciousRegion suspiciousRegion = new SuspiciousRegion();
 22 |     public static TuningRegion tuningRegion = new TuningRegion();
 23 |     public SuspiciousRegionMonitor() throws Exception{
 24 |         TCFGUtil tcfgUtil = new TCFGUtil();
 25 |         tcfgUtil.getTuningRegionFromMemory();
 26 |     }
 27 | 
 28 |     public static class SuspiciousRegionMonitoring extends ProcessWindowFunction<Tuple7<String, String, String, String, String, String, String>, String, String, TimeWindow> {
 29 | 
 30 |         private ValueState<TCFGUtil.counter> counterValueState;
 31 | 
 32 |         //Tuple7 = <time, level, component, content, eventTemplate, parameterList, eventID>
 33 |         @Override
 34 |         public void process(String s, Context context, Iterable<Tuple7<String, String, String, String, String, String, String>> input, Collector<String> out) throws Exception {
 35 |             ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
 36 |             TCFGUtil.counter counter = counterValueState.value();
 37 |             if (counter == null) {
 38 |                 counter = new TCFGUtil().new counter();
 39 |                 counterValueState.update(counter);
 40 |             }
 41 | 
 42 |             if (counter.modResult(parameterTool.getInt("falseAlarmsProcessingInterval")) == 0) {
 43 |                 //Processing human feedback false alarms
 44 |                 while (!feedBackFalseAlarms.isEmply()) {
 45 |                     Anomaly anomaly = feedBackFalseAlarms.getAnomalyFromFalseAlarms();
 46 |                     if (anomaly.getAnomalyType() == "Sequence") {
 47 |                         suspiciousRegion.sequenceAnomalyQueue.offer(anomaly);
 48 |                     }
 49 |                     if (anomaly.getAnomalyType() == "Latency") {
 50 |                         tuningRegion.addAnomalyToQueue(anomaly);
 51 |                     }
 52 |                     if (anomaly.getAnomalyType() == "Redundancy") {
 53 |                         tuningRegion.addAnomalyToQueue(anomaly);
 54 |                     }
 55 |                 }
 56 | 
 57 |                 //Processing anomaly which is in Suspicious State
 58 |                 if (!suspiciousRegion.isEmpty()) {
 59 |                     FaultDiagnosis faultDiagnosis = new FaultDiagnosisMode2();
 60 |                     TCFGUtil tcfgUtil = new TCFGUtil();
 61 |                     TCFG tcfg = tcfgUtil.getTCFGFromMemory();
 62 |                     long suspiciousTimeForSequenceAnomaly = parameterTool.getLong("suspiciousTimeForSequenceAnomaly");
 63 |                     //long suspiciousTimeForLatencyAnomaly = parameterTool.getLong("suspiciousTimeForLatencyAnomaly");
 64 |                     //long suspiciousTimeForRedundancyAnomaly = parameterTool.getLong("suspiciousTimeForRedundancyAnomaly");
 65 |                     Iterator<Tuple7<String, String, String, String, String, String, String>> iter = input.iterator();
 66 |                     Tuple7 in = iter.next();
 67 |                     long inTime = Long.parseLong((String) in.f0);
 68 |                     //handle sequence anomaly
 69 |                     while (suspiciousRegion.sequenceAnomalyQueue.size() > 0) {
 70 |                         Anomaly anomaly = suspiciousRegion.sequenceAnomalyQueue.element();
 71 |                         long anomalyTime = Long.parseLong((String) anomaly.getAnomalyLog().f0);
 72 |                         //beyond suspicious time window
 73 |                         if (inTime - anomalyTime > suspiciousTimeForSequenceAnomaly) {
 74 |                             Anomaly newAnomaly = faultDiagnosis.faultDiagnosisProcess(tcfg, anomaly.getAnomalyLogList());
 75 |                             if (newAnomaly == null || newAnomaly.getAnomalyType() != "Sequence") {
 76 |                                 suspiciousRegion.sequenceAnomalyQueue.poll();
 77 |                             } else {
 78 |                                 tuningRegion.addEventToWhiteList((String) anomaly.getAnomalyLog().f6);
 79 |                                 suspiciousRegion.sequenceAnomalyQueue.poll();
 80 |                             }
 81 |                         } else {
 82 |                             break;
 83 |                         }
 84 |                     }
 85 |                     //handle latency anomaly
 86 | //                    while (suspiciousRegion.latencyAnomalyQueue.size() > 0) {
 87 | //                        Anomaly anomaly = suspiciousRegion.latencyAnomalyQueue.element();
 88 | //                        long anomalyTime = Long.parseLong((String) anomaly.getAnomalyLog().f0);
 89 | //                        //beyond suspicious time window
 90 | //                        if (inTime - anomalyTime > suspiciousTimeForLatencyAnomaly) {
 91 | //                            //tuningRegion.addAnomalyToQueue(anomaly);
 92 | //                            suspiciousRegion.latencyAnomalyQueue.poll();
 93 | //                        } else {
 94 | //                            break;
 95 | //                        }
 96 | //                    }
 97 | //                    //handle redundancy anomaly
 98 | //                    while (suspiciousRegion.redundancyAnomalyQueue.size() > 0) {
 99 | //                        Anomaly anomaly = suspiciousRegion.redundancyAnomalyQueue.element();
100 | //                        long anomalyTime = Long.parseLong((String) anomaly.getAnomalyLog().f0);
101 | //                        //beyond suspicious time window
102 | //                        if (inTime - anomalyTime > suspiciousTimeForRedundancyAnomaly) {
103 | //                            //tuningRegion.addAnomalyToQueue(anomaly);
104 | //                            suspiciousRegion.redundancyAnomalyQueue.poll();
105 | //                        } else {
106 | //                            break;
107 | //                        }
108 | //                    }
109 |                 }
110 |                 TCFGUtil tcfgUtil = new TCFGUtil();
111 |                 tcfgUtil.saveTuningRegionInMemory();
112 |                 counterValueState.update(counter);
113 |             }
114 | 
115 |         }
116 | 
117 |         @Override
118 |         public void open(Configuration parameters) throws Exception {
119 |             ValueStateDescriptor<TCFGUtil.counter> descriptor1 =
120 |                     new ValueStateDescriptor<>(
121 |                             "counterValueState", // the state name
122 |                             TCFGUtil.counter.class // type information
123 |                     );
124 |             counterValueState = getRuntimeContext().getState(descriptor1);
125 |             super.open(parameters);
126 |         }
127 | 
128 |         @Override
129 |         public void close() throws Exception {
130 |             super.close();
131 |         }
132 |     }
133 | }
134 | 


--------------------------------------------------------------------------------
/src/main/java/modelconstruction/MatrixUpdaterMode2.java:
--------------------------------------------------------------------------------
  1 | package modelconstruction;
  2 | 
  3 | import TCFGmodel.TCFGUtil;
  4 | import faultdiagnosis.Anomaly;
  5 | import org.apache.flink.api.common.state.ValueState;
  6 | import org.apache.flink.api.common.state.ValueStateDescriptor;
  7 | import org.apache.flink.api.java.tuple.Tuple2;
  8 | import org.apache.flink.api.java.tuple.Tuple7;
  9 | import org.apache.flink.api.java.utils.ParameterTool;
 10 | import org.apache.flink.configuration.Configuration;
 11 | import org.apache.flink.streaming.api.functions.windowing.ProcessWindowFunction;
 12 | import org.apache.flink.streaming.api.windowing.windows.TimeWindow;
 13 | import org.apache.flink.util.Collector;
 14 | import workflow.Config;
 15 | 
 16 | import java.util.*;
 17 | 
 18 | import static humanfeedback.SuspiciousRegionMonitor.*;
 19 | 
 20 | 
 21 | public class MatrixUpdaterMode2 implements MatrixUpdater {
 22 | 
 23 |     private List<Tuple7> getTimeWindowLogList(long startTime, List<Tuple7> logList) {
 24 |         List<Tuple7> timeWindowLogList = new ArrayList();
 25 |         for (Tuple7 tuple: logList) {
 26 |             if (Long.parseLong((String)tuple.f0) > startTime) {
 27 |                 timeWindowLogList.add(tuple);
 28 |             }
 29 |         }
 30 |         return timeWindowLogList;
 31 |     }
 32 | 
 33 |     @Override
 34 |     public double calGradientForInfected(long ti, long tj, TransferParamMatrix transferParamMatrix, List<Tuple7> tempList, long timeWindow, long delta) {
 35 | 
 36 |         if (tempList.size() < 2) {
 37 |             return 0;
 38 |         }
 39 |         if (ti-tj <= delta) {
 40 |             tj = ti-delta-1;
 41 |         }
 42 |         double minuend = Math.log(((TCFGUtil.minMax((double)(ti-tj),delta,timeWindow))*delta+delta)/delta);
 43 |         double sum = 0;
 44 |         Tuple7 elementi = tempList.get(tempList.size()-1);
 45 |         for (int i=0; i < tempList.size()-1; i++) {
 46 |             Tuple7 elementk = tempList.get(i);
 47 |             if (Long.parseLong((String)elementi.f0) - Long.parseLong((String)elementk.f0) <= delta) {
 48 |                 elementk.f0 = String.valueOf(Long.parseLong((String)elementi.f0) - delta -1);
 49 |             }
 50 |             double alphaki = transferParamMatrix.getParam((String)elementk.f6,(String)elementi.f6);
 51 |             sum = sum + alphaki/((TCFGUtil.minMax(Long.parseLong((String)elementi.f0) - Long.parseLong((String)elementk.f0),delta,timeWindow))*delta+delta);
 52 |         }
 53 |         if (sum == 0) {
 54 |             return -1;
 55 |         }
 56 |         double subtrahend = 1/((TCFGUtil.minMax((double)(ti-tj),delta,timeWindow))*delta+delta)/sum;
 57 |         return minuend-subtrahend;
 58 |     }
 59 | 
 60 |     @Override
 61 |     public double calGradientForUninfected(long ti, long tj, TransferParamMatrix transferParamMatrix, List<Tuple7> tempList, long delta) {
 62 |         return 0;
 63 |     }
 64 | 
 65 |     public static class TransferParamMatrixUpdate extends ProcessWindowFunction<Tuple7<String, String, String, String, String, String, String>, String, String, TimeWindow> {
 66 | 
 67 |         private ValueState<TransferParamMatrix> transferParamMatrix;
 68 |         private ValueState<TCFGUtil.counter> counterValueState;
 69 | 
 70 |         @Override
 71 |         public void process(String s, Context context, Iterable<Tuple7<String, String, String, String, String, String, String>> input, Collector<String> out) throws Exception {
 72 | 
 73 |             ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
 74 |             TCFGUtil tcfgUtil = new TCFGUtil();
 75 |             long slidingWindowStep = parameterTool.getLong("slidingWindowStep");
 76 | 
 77 |             //Initialize paramMatrix and counter
 78 |             TransferParamMatrix tempTransferParamMatrix = transferParamMatrix.value();
 79 |             if (tempTransferParamMatrix == null || Config.valueStates.get("transferParamMatrix") == 1) {
 80 |                 tempTransferParamMatrix = tcfgUtil.getMatrixFromMemory();
 81 |                 transferParamMatrix.update(tempTransferParamMatrix);
 82 |                 Config.valueStates.put("transferParamMatrix",0);
 83 |             }
 84 |             TCFGUtil.counter counter = counterValueState.value();
 85 |             if (counter == null) {
 86 |                 counter = new TCFGUtil().new counter();
 87 |             }
 88 |             //Update transferParamMatrix in share memory
 89 |             if (counter.modResult(parameterTool.getInt("matrixWriteInterval")) == 0) {
 90 |                 try {
 91 |                     //handle human feedback
 92 |                     List<String> priorEventIDList = tempTransferParamMatrix.getEventIDList();
 93 |                     while (!tuningRegion.isEmpty()) {
 94 |                         Anomaly anomaly = tuningRegion.pollAnomalyFromQueue();
 95 |                         Tuple7 in = anomaly.getAnomalyLog();
 96 |                         if (anomaly.getAnomalyType() == "Latency") {
 97 |                             List<Tuple7> tempList = TCFGUtil.deleteReplica(anomaly.getAnomalyLogList());
 98 |                             for (Tuple7 tuple: tempList) {
 99 |                                 if (!priorEventIDList.contains(tuple.f6))
100 |                                     continue;
101 |                                 tempTransferParamMatrix.updateTimeWeight((String)in.f6,(String)tuple.f6,Long.parseLong((String)in.f0)- Long.parseLong((String)tuple.f0));
102 |                             }
103 |                         }
104 |                         if (anomaly.getAnomalyType() == "Redundancy") {
105 |                             tempTransferParamMatrix.addNewTemplate((String)in.f6,(String)in.f4,Long.valueOf((String)in.f0));
106 |                         }
107 |                     }
108 |                     //delete expired templates
109 |                     Random rand = new Random();
110 |                     int checkIndex = rand.nextInt(priorEventIDList.size());
111 |                     Tuple2<String, Long> tupleInfo = tempTransferParamMatrix.getEventInfo().get(priorEventIDList.get(checkIndex));
112 |                     long windowTime = context.window().getStart();
113 |                     if (windowTime > tupleInfo.f1.longValue() + parameterTool.getLong("expireTime")) {
114 |                         tempTransferParamMatrix.deleteExpiredTemplate(priorEventIDList.get(checkIndex));
115 |                     }
116 |                     //update share memory
117 |                     tcfgUtil.saveMatrixInMemory(tempTransferParamMatrix);
118 |                     //decay
119 |                     tempTransferParamMatrix.decay(parameterTool.getDouble("beta"));
120 |                 } catch (Exception e) {
121 |                     e.printStackTrace();
122 |                 }
123 |             }
124 |             counterValueState.update(counter);
125 | //           int trainingFlag = parameterTool.getInt("trainingFlag");
126 |             //添加一个线程监控matrix的Frobenius norm，如果该数值保持稳定则将trainingFlag调整为0
127 |             int trainingFlag = tcfgUtil.getTrainingFlag();
128 |             //System.out.println(tempTransferParamMatrix.checkConsistency());
129 |             //TCFG Construction process
130 |             List<String> priorEventIDList = tempTransferParamMatrix.getEventIDList();
131 |             List<Tuple7> tempList = new ArrayList<>();
132 |             Iterator<Tuple7<String, String, String, String, String, String, String>> iter = input.iterator();
133 |             if (iter.hasNext()) {
134 |                 while (iter.hasNext()) {
135 |                     Tuple7 in = iter.next();
136 |                     if (trainingFlag == 0 && !priorEventIDList.contains(in.f6)) {
137 |                         continue;
138 |                     }
139 |                     //add new template into the matrix during training
140 |                     if (trainingFlag == 1 && !priorEventIDList.contains(in.f6)) {
141 |                         tempTransferParamMatrix.addNewTemplate((String) in.f6, (String) in.f4, Long.valueOf((String)in.f0));
142 |                     }else {
143 |                         tempTransferParamMatrix.updateOccurTime((String) in.f6, (String) in.f4, Long.valueOf((String)in.f0));
144 |                     }
145 |                     long inTime = Long.parseLong((String) in.f0);
146 |                     //add new template to matrix update process during training
147 |                     if (trainingFlag == 1 || priorEventIDList.contains(in.f6)) {
148 |                         tempList.add(in);
149 |                     }
150 |                     tempList = TCFGUtil.deleteReplica(tempList);
151 |                     //tempList = new IndenpendencyFilter().filterIndependentNodes(tempList, tempTransferParamMatrix, slidingWindowStep, parameterTool.getLong("delta"));
152 |                     if (inTime - context.window().getStart() > slidingWindowStep) {
153 |                         MatrixUpdaterMode2 TCFGConstructer = new MatrixUpdaterMode2();
154 |                         List<Tuple7> slidingWindowList = TCFGConstructer.getTimeWindowLogList(inTime - slidingWindowStep, tempList);
155 |                         //Start grad computation
156 |                         for (Tuple7 tuple : slidingWindowList) {
157 | //                            if (slidingWindowList.indexOf(tuple) == slidingWindowList.size() - 1) {
158 | //                                break;
159 | //                            }
160 |                             if (!tempTransferParamMatrix.getEventIDList().contains(in.f6)) {
161 |                                 break;
162 |                             }
163 |                             //update param matrix during training
164 |                             double gradient = TCFGConstructer.calGradientForInfected(inTime, Long.parseLong((String) tuple.f0), tempTransferParamMatrix, slidingWindowList, slidingWindowStep, parameterTool.getLong("delta"));
165 |                             if (gradient > parameterTool.getDouble("gradLimitation")) {
166 |                                 gradient = parameterTool.getDouble("gradLimitation");
167 |                             }
168 |                             if (gradient < -parameterTool.getDouble("gradLimitation")) {
169 |                                 gradient = -parameterTool.getDouble("gradLimitation");
170 |                             }
171 |                             if (gradient != 0) {
172 |                                 tempTransferParamMatrix.updateParam(parameterTool.getDouble("gamma"),parameterTool.getDouble("alpha"),(String) tuple.f6, (String) in.f6, gradient);
173 |                             }
174 |                             //Update Time Weight
175 |                             if (trainingFlag == 1) {
176 |                                 tempTransferParamMatrix.updateTimeWeight((String) tuple.f6, (String) in.f6, inTime - Long.parseLong((String) tuple.f0));
177 |                             }
178 |                         }
179 |                     }
180 |                 }
181 |                 transferParamMatrix.update(tempTransferParamMatrix);
182 |             }
183 | 
184 |         }
185 | 
186 |         @Override
187 |         public void open(Configuration parameters) throws Exception {
188 |             ValueStateDescriptor<TransferParamMatrix> descriptor =
189 |                     new ValueStateDescriptor<>(
190 |                             "transferParamMatrix", // the state name
191 |                             TransferParamMatrix.class // type information
192 |                     );
193 |             transferParamMatrix = getRuntimeContext().getState(descriptor);
194 | 
195 |             ValueStateDescriptor<TCFGUtil.counter> descriptor1 =
196 |                     new ValueStateDescriptor<>(
197 |                             "counterValueState", // the state name
198 |                             TCFGUtil.counter.class // type information
199 |                     );
200 |             counterValueState = getRuntimeContext().getState(descriptor1);
201 |             super.open(parameters);
202 | 
203 |         }
204 | 
205 |         @Override
206 |         public void close() throws Exception {
207 |             super.close();
208 |         }
209 |     }
210 | }
211 | 


--------------------------------------------------------------------------------
/src/main/java/TCFGmodel/TCFGUtil.java:
--------------------------------------------------------------------------------
  1 | package TCFGmodel;
  2 | 
  3 | import com.alibaba.fastjson.JSON;
  4 | import com.alibaba.fastjson.JSONArray;
  5 | import com.alibaba.fastjson.JSONException;
  6 | import com.alibaba.fastjson.JSONObject;
  7 | import dao.MysqlUtil;
  8 | import humanfeedback.TuningRegion;
  9 | import modelconstruction.TransferParamMatrix;
 10 | import org.apache.flink.api.java.tuple.Tuple7;
 11 | import java.util.*;
 12 | 
 13 | import org.apache.flink.api.java.utils.ParameterTool;
 14 | import templatemining.Node;
 15 | import workflow.Config;
 16 | 
 17 | import static humanfeedback.SuspiciousRegionMonitor.tuningRegion;
 18 | 
 19 | public class TCFGUtil {
 20 | 
 21 |     public static double tanh(double value) {
 22 |         double ex = Math.pow(Math.E, value);// e^x
 23 |         double ey = Math.pow(Math.E, -value);//e^(-x)
 24 |         double sinhx = ex-ey;
 25 |         double coshx = ex+ey;
 26 |         double result = sinhx/coshx;
 27 |         return result;
 28 |     }
 29 | 
 30 |     public static  double minMax(double value, double downLimit, double upLimit) {
 31 |         return (value-downLimit)/(upLimit-downLimit);
 32 |     }
 33 | 
 34 |     public static List<Tuple7> deleteReplica(List<Tuple7> list) {
 35 |         if (list.size()<2) {
 36 |             return list;
 37 |         }
 38 |         List<Tuple7> tempList = new ArrayList<>();
 39 |         for (int i = list.size()- 2; i >=0; i--) {
 40 |             boolean flag = false;
 41 |             for (int j = 0; j < tempList.size(); j++) {
 42 |                 if (tempList.get(j).f6.toString().equals(list.get(i).f6.toString())) {
 43 |                     flag = true;
 44 |                     break;
 45 |                 }
 46 |             }
 47 |             if (flag == false) {
 48 |                 tempList.add(list.get(i));
 49 |             }
 50 |         }
 51 |         List<Tuple7> tempList_reverse = new ArrayList<>();
 52 |         for (int i = tempList.size()- 1; i >=0; i--){
 53 |             tempList_reverse.add(tempList.get(i));
 54 |         }
 55 |         tempList_reverse.add(list.get(list.size()-1));
 56 |         return tempList_reverse;
 57 |     }
 58 | 
 59 | 
 60 |     public class counter {
 61 |         int count;
 62 | 
 63 |         public counter () {
 64 |             TCFGUtil tcfgUtil = new TCFGUtil();
 65 |             this.count = 0;
 66 |         }
 67 | 
 68 |         public int modResult(int interval) {
 69 |             count ++;
 70 |             count = count%interval;
 71 |             return count;
 72 |         }
 73 |     }
 74 | 
 75 |     private double calProbabilityMode1(double x, double alphaji, long delta) {
 76 |         double prob = (alphaji/delta)* Math.pow((x)/(double)delta,-1-alphaji);
 77 |         return prob;
 78 |     }
 79 | 
 80 |     public double calDefinitIntegral(double a, double b, int blocks, double alphaji, long delta) {
 81 | 
 82 |         double sum = 0;
 83 |         double e = (b - a) / (double)blocks;
 84 |         for (int i = 1; i <= blocks; i++) {
 85 |             double midResult = a + (double) i * (b - a) / (double) blocks;
 86 |             sum = sum + calProbabilityMode1(midResult, alphaji, delta);
 87 |         }
 88 |         return sum*e;
 89 |     }
 90 | 
 91 |     public void initiateShareMemory() throws Exception {
 92 |         TCFG tcfg = getTCFGFromMemory()==null?new TCFG():getTCFGFromMemory();
 93 |         TransferParamMatrix tpm = getMatrixFromMemory()==null?new TransferParamMatrix():getMatrixFromMemory();
 94 |         getTuningRegionFromMemory();
 95 |         Map<String, String> templateUpdateRegion = getTemplateUpdateRegion()==null?new HashMap<>():getTemplateUpdateRegion();
 96 |         Node rootNode = getParseTreeRegion()==null?new Node():getParseTreeRegion();
 97 |         saveTCFGInMemory(tcfg);
 98 |         saveMatrixInMemory(tpm);
 99 |         saveTuningRegionInMemory();
100 |         saveTemplateUpdateRegion(templateUpdateRegion);
101 |         saveParseTreeRegion(rootNode);
102 |         saveTrainingFlag(1);
103 |         saveDetectionFlag(0);
104 |     }
105 |     public void cleanShareMemory() throws Exception {
106 |         TransferParamMatrix tpm = new TransferParamMatrix();
107 |         TCFG tcfg = new TCFG();
108 |         Map<String, String> templateUpdateRegion = new HashMap<>();
109 |         Node rootNode = new Node();
110 |         saveTCFGInMemory(tcfg);
111 |         saveMatrixInMemory(tpm);
112 |         saveTuningRegionInMemory();
113 |         saveTemplateUpdateRegion(templateUpdateRegion);
114 |         saveParseTreeRegion(rootNode);
115 |         saveTrainingFlag(1);
116 |         saveDetectionFlag(0);
117 |     }
118 | 
119 |     public void initiateDatabase() {
120 |         MysqlUtil mysqlUtil = new MysqlUtil();
121 |         mysqlUtil.truncateTables();
122 |         mysqlUtil.createAnomalyLogTable();
123 |         mysqlUtil.createTCFGTable();
124 |     }
125 | 
126 |     public TCFG getTCFGFromMemory() throws Exception{
127 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
128 |         int tcfgSize = parameterTool.getInt("TCFGSize");
129 |         byte[] b = new byte[tcfgSize];
130 |         TCFG.sm.read(2, tcfgSize, b);
131 |         JSONObject jsonObject = JSON.parseObject(new String(b,"utf-8").trim());
132 |         if (jsonObject == null) {
133 |             return new TCFG();
134 |         }
135 |         TCFG tcfg = new TCFG();
136 |         JSONArray jsonNodesArray = jsonObject.getJSONArray("nodes");
137 |         Iterator iter1 = jsonNodesArray.iterator();
138 |         while(iter1.hasNext()) {
139 |             JSONObject nodeID = (JSONObject)iter1.next();
140 |             tcfg.addNode((String)nodeID.get("node_id"));
141 |         }
142 |         JSONArray jsonEdgesArray = jsonObject.getJSONArray("edges");
143 |         Iterator iter2 = jsonEdgesArray.iterator();
144 |         while(iter2.hasNext()) {
145 |             JSONObject edgeInfo = (JSONObject)iter2.next();
146 |             tcfg.addEdge(edgeInfo.getJSONObject("in_node").get("node_id").toString(),edgeInfo.getJSONObject("out_node").get("node_id").toString(),edgeInfo.getLong("time_weight"));
147 |         }
148 |         return tcfg;
149 |     }
150 |     public void saveTCFGInMemory(TCFG tcfg) throws Exception{
151 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
152 |         int tcfgSize = parameterTool.getInt("TCFGSize");
153 |         String tcfgStr = JSONObject.toJSONString(tcfg);
154 |         TCFG.sm.write(2, tcfgSize, tcfgStr.getBytes("UTF-8"));
155 |     }
156 |     public TransferParamMatrix getMatrixFromMemory() throws Exception{
157 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
158 |         int tcfgSize = parameterTool.getInt("TCFGSize");
159 |         int transferParamMatrixSize = parameterTool.getInt("transferParamMatrixSize");
160 |         byte[] b = new byte[transferParamMatrixSize];
161 |         TCFG.sm.read(tcfgSize+2, transferParamMatrixSize, b);
162 |         TransferParamMatrix transferParamMatrix = JSONObject.parseObject(new String(b,"utf-8").trim(), TransferParamMatrix.class);
163 |         return transferParamMatrix;
164 |     }
165 |     public void saveMatrixInMemory(TransferParamMatrix transferParamMatrix) throws Exception{
166 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
167 |         int tcfgSize = parameterTool.getInt("TCFGSize");
168 |         int transferParamMatrixSize = parameterTool.getInt("transferParamMatrixSize");
169 |         String matrixStr = JSONObject.toJSONString(transferParamMatrix);
170 |         TCFG.sm.write(2+tcfgSize, transferParamMatrixSize, matrixStr.getBytes("UTF-8"));
171 |     }
172 |     public void getTuningRegionFromMemory() throws Exception{
173 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
174 |         int tcfgSize = parameterTool.getInt("TCFGSize");
175 |         int transferParamMatrixSize = parameterTool.getInt("transferParamMatrixSize");
176 |         int tuningRegionSize = parameterTool.getInt("tuningRegionSize");
177 |         byte[] b = new byte[tuningRegionSize];
178 |         TCFG.sm.read(transferParamMatrixSize+tcfgSize+2, tuningRegionSize, b);
179 |         if (JSONObject.parseObject(new String(b,"utf-8").trim(), TuningRegion.class)!=null)
180 |             tuningRegion = JSONObject.parseObject(new String(b,"utf-8").trim(), TuningRegion.class);
181 |     }
182 |     public void saveTuningRegionInMemory() throws Exception{
183 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
184 |         int tcfgSize = parameterTool.getInt("TCFGSize");
185 |         int transferParamMatrixSize = parameterTool.getInt("transferParamMatrixSize");
186 |         int tuningRegionSize = parameterTool.getInt("tuningRegionSize");
187 |         String tuningRegionStr = JSONObject.toJSONString(tuningRegion);
188 |         TCFG.sm.write(2+tcfgSize+transferParamMatrixSize, tuningRegionSize, tuningRegionStr.getBytes("UTF-8"));
189 |     }
190 | 
191 |     public Map<String, String> getTemplateUpdateRegion() {
192 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
193 |         int tcfgSize = parameterTool.getInt("TCFGSize");
194 |         int transferParamMatrixSize = parameterTool.getInt("transferParamMatrixSize");
195 |         int tuningRegionSize = parameterTool.getInt("tuningRegionSize");
196 |         int templateUpdateRegionSize = parameterTool.getInt("templateUpdateRegionSize");
197 |         byte[] b = new byte[templateUpdateRegionSize];
198 |         TCFG.sm.read(2+tcfgSize+transferParamMatrixSize+tuningRegionSize, templateUpdateRegionSize, b);
199 |         try {
200 |             return JSONObject.parseObject(b, Map.class);
201 |         }
202 |         catch (JSONException e){
203 |             return null;
204 |         }
205 |     }
206 | 
207 |     public void saveTemplateUpdateRegion(Map<String, String> templateUpdateRegion) throws Exception{
208 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
209 |         int tcfgSize = parameterTool.getInt("TCFGSize");
210 |         int transferParamMatrixSize = parameterTool.getInt("transferParamMatrixSize");
211 |         int tuningRegionSize = parameterTool.getInt("tuningRegionSize");
212 |         int templateUpdateRegionSize = parameterTool.getInt("templateUpdateRegionSize");
213 |         String str = JSONObject.toJSONString(templateUpdateRegion);
214 |         TCFG.sm.write(2+tcfgSize+transferParamMatrixSize+tuningRegionSize, templateUpdateRegionSize, str.getBytes("UTF-8"));
215 |     }
216 | 
217 |     public Node getParseTreeRegion() throws Exception {
218 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
219 |         int tcfgSize = parameterTool.getInt("TCFGSize");
220 |         int transferParamMatrixSize = parameterTool.getInt("transferParamMatrixSize");
221 |         int tuningRegionSize = parameterTool.getInt("tuningRegionSize");
222 |         int templateUpdateRegionSize = parameterTool.getInt("templateUpdateRegionSize");
223 |         int parseTreeRegionSie = parameterTool.getInt("parseTreeRegionSize");
224 |         byte[] b = new byte[parseTreeRegionSie];
225 |         TCFG.sm.read(2+tcfgSize+transferParamMatrixSize+tuningRegionSize+templateUpdateRegionSize, parseTreeRegionSie, b);
226 |         return JSONObject.parseObject(new String(b,"utf-8").trim(), Node.class);
227 |     }
228 | 
229 |     public void saveParseTreeRegion(Node parseTreeRegion) throws Exception{
230 |         ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
231 |         int tcfgSize = parameterTool.getInt("TCFGSize");
232 |         int transferParamMatrixSize = parameterTool.getInt("transferParamMatrixSize");
233 |         int tuningRegionSize = parameterTool.getInt("tuningRegionSize");
234 |         int templateUpdateRegionSize = parameterTool.getInt("templateUpdateRegionSize");
235 |         int parseTreeRegionSie = parameterTool.getInt("parseTreeRegionSize");
236 |         String str = JSONObject.toJSONString(parseTreeRegion);
237 |         TCFG.sm.write(2+tcfgSize+transferParamMatrixSize+tuningRegionSize+templateUpdateRegionSize, parseTreeRegionSie, str.getBytes("UTF-8"));
238 |     }
239 | 
240 |     public int getTrainingFlag() {
241 |         byte[] b = new byte[1];
242 |         TCFG.sm.read(0, 1, b);
243 |         return JSONObject.parseObject(b, Integer.class);
244 |     }
245 | 
246 |     public void saveTrainingFlag(int flag) throws Exception{
247 |         String trainingFlag = JSONObject.toJSONString(flag);
248 |         TCFG.sm.write(0, 1, trainingFlag.getBytes("UTF-8"));
249 |     }
250 | 
251 |     public int getDetectionFlag() {
252 |         byte[] b = new byte[1];
253 |         TCFG.sm.read(1, 1, b);
254 |         return JSONObject.parseObject(b, Integer.class);
255 |     }
256 | 
257 |     public void saveDetectionFlag(int flag) throws Exception{
258 |         String trainingFlag = JSONObject.toJSONString(flag);
259 |         TCFG.sm.write(1, 1, trainingFlag.getBytes("UTF-8"));
260 |     }
261 | 
262 |     public static void main(String args[]) {
263 |         TCFGUtil tcfgUtil = new TCFGUtil();
264 |         tcfgUtil.initiateDatabase();
265 |     }
266 | }
267 | 


--------------------------------------------------------------------------------
/src/main/java/templatemining/LogParser.java:
--------------------------------------------------------------------------------
  1 | package templatemining;
  2 | 
  3 | import joinery.DataFrame;
  4 | 
  5 | import java.io.*;
  6 | import java.math.BigInteger;
  7 | import java.security.MessageDigest;
  8 | import java.security.NoSuchAlgorithmException;
  9 | import java.text.ParseException;
 10 | import java.text.SimpleDateFormat;
 11 | import java.util.*;
 12 | import java.util.regex.Matcher;
 13 | import java.util.regex.Pattern;
 14 | 
 15 | public class LogParser implements Serializable {
 16 |     private final String log_format;
 17 |     private final String[] rex;
 18 |     private final int depth;
 19 |     private final int maxChild;
 20 |     private final double st;
 21 | 
 22 |     LogParser(String[] rex, String log_format, int depth, int maxChild, double st) {
 23 |         this.rex = rex;
 24 |         this.log_format = log_format;
 25 |         this.depth = depth - 2;
 26 |         this.maxChild = maxChild;
 27 |         this.st = st;
 28 |     }
 29 | 
 30 |     private Map<String, Object> generate_logFormat_regex(String log_format) {
 31 |         List<String> headers = new ArrayList<>();
 32 |         List<String> splitters = new ArrayList<>();
 33 |         StringBuilder regex = new StringBuilder();
 34 |         String[] s = log_format.split("(<[^<>]+>)");
 35 |         Pattern p = Pattern.compile("(<[^<>]+>)");
 36 |         Matcher m = p.matcher(log_format);
 37 |         for (int i = 0; m.find(); i++) {
 38 |             splitters.add(s[i]);
 39 |             splitters.add(m.group());
 40 |         }
 41 |         int length = splitters.size();
 42 |         for (int i = 0; i < length; i++) {
 43 |             if (i % 2 == 0) {
 44 |                 String splitter = splitters.get(i).replaceAll(" +", "\\\\s+");
 45 |                 if (splitter.contains("["))
 46 |                     splitter = splitter.replaceAll("\\[", "\\\\[");
 47 |                 if (splitter.contains("]"))
 48 |                     splitter = splitter.replaceAll("]", "\\\\]");
 49 |                 regex.append(splitter);
 50 |             } else {
 51 |                 String header = splitters.get(i).replace("<", "").replace(">", "");
 52 |                 headers.add(header);
 53 |                 if (header.equals("Content"))
 54 |                     regex.append(String.format("(?<%s>.*)", header));
 55 |                 else if (header.equals("RequestID"))
 56 |                     regex.append(String.format("(?<%s>.*?)", header));
 57 |                 else
 58 |                     regex.append(String.format("(?<%s>[^\\s]+)", header));
 59 |             }
 60 |         }
 61 |         Pattern re = Pattern.compile("^" + regex + "$");
 62 |         Map<String, Object> map = new HashMap<>();
 63 |         map.put("headers", headers);
 64 |         map.put("regex", re);
 65 |         return map;
 66 |     }
 67 | 
 68 |     public String TimetoStamp(String time, String pattern) throws ParseException {
 69 |         SimpleDateFormat formatter = new SimpleDateFormat(pattern);
 70 |         formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
 71 |         time = String.valueOf(formatter.parse(time).getTime());
 72 |         return time;
 73 |     }
 74 | 
 75 |     private DataFrame<String> s_to_dataFrame(String s, Pattern regex, List<String> headers, String timeFormat) {
 76 |         DataFrame<String> logdf = new DataFrame<>(headers);
 77 |         Matcher m = regex.matcher(s.trim());
 78 |         if (m.find()) {
 79 |             List<String> message = new ArrayList<>();
 80 |             for (String header : headers) {
 81 |                 String t = m.group(header);
 82 |                 if (header.equals("Time")) {
 83 |                     try {
 84 |                         if (headers.contains("Date")) {
 85 |                             t = TimetoStamp(message.get(0) + " " + t, "yyyy-MM-dd " + timeFormat);
 86 |                         } else
 87 |                             t = TimetoStamp(t, timeFormat);
 88 |                     } catch (ParseException e) {
 89 |                         return new DataFrame<>(headers);
 90 |                     }
 91 |                 }
 92 |                 message.add(t);
 93 |             }
 94 |             logdf.append(message);
 95 |         }
 96 |         return logdf;
 97 |     }
 98 | 
 99 |     DataFrame<String> load_data(String s, String timeFormat) {
100 |         String[] l = log_format.split("@");
101 |         String[] t = timeFormat.split("@");
102 |         int length = l.length;
103 |         for (int i = 0; i < length; i++) {
104 |             Map<String, Object> map = generate_logFormat_regex(l[i]);
105 |             List<String> headers = (List<String>) map.get("headers");
106 |             Pattern regex = (Pattern) map.get("regex");
107 |             DataFrame<String> logdf = s_to_dataFrame(s, regex, headers, t[i]);
108 |             if (!logdf.isEmpty()) {
109 |                 return logdf;
110 |             }
111 |         }
112 |         return null;
113 |     }
114 | 
115 |     String preprocess(String line) {
116 |         for (String currentRex : rex) {
117 |             line = line.replaceAll(currentRex, "<*>");
118 |         }
119 |         return line;
120 |     }
121 | 
122 |     // seq1 is template
123 |     private Map<String, Double> seqDist(List<String> seq1, List<String> seq2) {
124 |         double simTokens = 0.0;
125 |         double numOfPar = 0.0;
126 |         double retVal = 1.0;
127 |         if (!seq1.equals(seq2)) {
128 |             for (int i = 0; i < seq1.size(); i++) {
129 |                 String token1 = seq1.get(i);
130 |                 String token2 = seq2.get(i);
131 |                 if (token1.equals("<*>")) {
132 |                     numOfPar += 1;
133 |                     continue;
134 |                 }
135 |                 if (token1.equals(token2)) {
136 |                     simTokens += 1;
137 |                 }
138 |             }
139 |             retVal = simTokens / seq1.size();
140 |         }
141 |         Map<String, Double> map = new HashMap<>();
142 |         map.put("retVal", retVal);
143 |         map.put("numOfPar", numOfPar);
144 |         return map;
145 |     }
146 | 
147 |     private LogCluster fastMatch(List<LogCluster> logClustL, List<String> seq) {
148 |         LogCluster retLogClust = null;
149 |         LogCluster maxClust = null;
150 |         double maxSim = -1;
151 |         double maxNumOfPara = -1;
152 |         for (LogCluster logClust : logClustL) {
153 |             Map<String, Double> map = seqDist(logClust.getLogTemplate(), seq);
154 |             double curSim = map.get("retVal");
155 |             double curNumOfPara = map.get("numOfPar");
156 |             if (curSim > maxSim || (curSim == maxSim && curNumOfPara > maxNumOfPara)) {
157 |                 maxSim = curSim;
158 |                 maxNumOfPara = curNumOfPara;
159 |                 maxClust = logClust;
160 |             }
161 |         }
162 |         if (maxSim >= st) {
163 |             retLogClust = maxClust;
164 |         }
165 |         return retLogClust;
166 |     }
167 | 
168 |     LogCluster treeSearch(Node rn, List<String> seq) {
169 |         LogCluster retLogClust;
170 |         int seqLen = seq.size();
171 | 
172 |         if (!rn.getChildD().containsKey(String.valueOf(seqLen))) {
173 |             return null;
174 |         }
175 |         Node parentn = rn.getChildD().get(String.valueOf(seqLen));
176 |         int currentDepth = 1;
177 |         for (String token : seq) {
178 |             if (currentDepth > depth || currentDepth > seqLen) {
179 |                 break;
180 |             }
181 |             if (parentn.getChildD().containsKey(token)) {
182 |                 parentn = parentn.getChildD().get(token);
183 |             } else if (parentn.getChildD().containsKey("<*>")) {
184 |                 parentn = parentn.getChildD().get("<*>");
185 |             } else {
186 |                 return null;
187 |             }
188 |             currentDepth += 1;
189 |         }
190 |         List<LogCluster> logClustL = parentn.getChildLG();
191 |         retLogClust = fastMatch(logClustL, seq);
192 |         return retLogClust;
193 |     }
194 | 
195 |     private boolean hasNumbers(String content) {
196 |         boolean flag = false;
197 |         Pattern p = Pattern.compile(".*\\d+.*");
198 |         Matcher m = p.matcher(content);
199 |         if (m.matches()) {
200 |             flag = true;
201 |         }
202 |         return flag;
203 |     }
204 | 
205 |     void addSeqToPrefixTree(Node rn, LogCluster logClust) {
206 |         int seqLen = logClust.getLogTemplate().size();
207 |         Node firstLayerNode;
208 |         if (!rn.getChildD().containsKey(String.valueOf(seqLen))) {
209 |             firstLayerNode = new Node(1, String.valueOf(seqLen));
210 |             rn.setChildD(String.valueOf(seqLen), firstLayerNode);
211 |         } else {
212 |             firstLayerNode = rn.getChildD().get(String.valueOf(seqLen));
213 |         }
214 |         Node parentn = firstLayerNode;
215 |         int currentDepth = 1;
216 |         for (String token : logClust.getLogTemplate()) {
217 |             if (!parentn.getChildD().containsKey(token)) {
218 |                 if (!hasNumbers(token)) {
219 |                     if (parentn.getChildD().containsKey("<*>")) {
220 |                         if (parentn.getChildD().size() < maxChild) {
221 |                             Node newNode = new Node(currentDepth + 1, token);
222 |                             parentn.setChildD(token, newNode);
223 |                             parentn = newNode;
224 |                         } else {
225 |                             parentn = parentn.getChildD().get("<*>");
226 |                         }
227 |                     } else {
228 |                         if (parentn.getChildD().size() + 1 < maxChild) {
229 |                             Node newNode = new Node(currentDepth + 1, token);
230 |                             parentn.setChildD(token, newNode);
231 |                             parentn = newNode;
232 |                         } else if (parentn.getChildD().size() + 1 == maxChild) {
233 |                             Node newNode = new Node(currentDepth + 1, "<*>");
234 |                             parentn.setChildD("<*>", newNode);
235 |                             parentn = newNode;
236 |                         } else {
237 |                             parentn = parentn.getChildD().get("<*>");
238 |                         }
239 |                     }
240 |                 } else {
241 |                     if (!parentn.getChildD().containsKey("<*>")) {
242 |                         Node newNode = new Node(currentDepth + 1, "<*>");
243 |                         parentn.setChildD("<*>", newNode);
244 |                         parentn = newNode;
245 |                     } else {
246 |                         parentn = parentn.getChildD().get("<*>");
247 |                     }
248 |                 }
249 |             } else {
250 |                 parentn = parentn.getChildD().get(token);
251 |             }
252 |             currentDepth += 1;
253 |             if (currentDepth > depth || currentDepth > seqLen) {
254 |                 parentn.setChildLG(logClust);
255 |                 break;
256 |             }
257 |         }
258 |     }
259 | 
260 |     List<String> getTemplate(List<String> seq1, List<String> seq2) {
261 |         List<String> retVal = new ArrayList<>();
262 |         int i = 0;
263 |         for (String word : seq1) {
264 |             if (word.equals(seq2.get(i))) {
265 |                 retVal.add(word);
266 |             } else {
267 |                 retVal.add("<*>");
268 |             }
269 |             i += 1;
270 |         }
271 |         return retVal;
272 |     }
273 | 
274 |     String getHash(String template) {
275 |         String resultStr = "";
276 |         try {
277 |             MessageDigest md5 = MessageDigest.getInstance("MD5");
278 |             md5.update(template.getBytes());
279 |             BigInteger bigInt = new BigInteger(1, md5.digest());
280 |             resultStr = bigInt.toString(16);
281 |         } catch (NoSuchAlgorithmException e) {
282 |             e.printStackTrace();
283 |         }
284 |         return resultStr.substring(0, 8);
285 |     }
286 | 
287 |     String get_parameter_list(DataFrame<String> df_log) {
288 |         String template_regex = df_log.get(0, "EventTemplate").replaceAll("<.{1,5}>", "<*>");
289 |         if (!template_regex.contains("<*>")) return "";
290 |         template_regex = template_regex.replaceAll("([^A-Za-z0-9])", "\\\\$0");
291 |         template_regex = template_regex.replaceAll(" +", "\\s+");
292 |         template_regex = "^" + template_regex.replaceAll("\\\\<\\\\\\*\\\\>", "(.*?)") + "$";
293 |         Pattern p = Pattern.compile(template_regex);
294 |         Matcher m = p.matcher(df_log.get(0, "Content"));
295 |         List<String> parameter_list = new ArrayList<>();
296 |         if (m.find()) {
297 |             int num = m.groupCount();
298 |             for (int i = 1; i <= num; i++) {
299 |                 parameter_list.add(m.group(i));
300 |             }
301 |         }
302 |         return parameter_list.toString();
303 |     }
304 | 
305 |     void printTree(Node node, int dep) {
306 |         StringBuilder pStr = new StringBuilder();
307 |         for (int i = 0; i < dep; i++) {
308 |             pStr.append('\t');
309 |         }
310 |         if (node.getDepth() == 0)
311 |             pStr.append("Root");
312 |         else if (node.getDepth() == 1)
313 |             pStr.append('<').append(node.getDigitOrtoken()).append('>');
314 |         else
315 |             pStr.append(node.getDigitOrtoken());
316 |         System.out.println(pStr);
317 |         if (node.getDepth() == depth + 1) {
318 |             List<LogCluster> lg = node.getChildLG();
319 |             for (LogCluster t : lg) {
320 |                 pStr = new StringBuilder();
321 |                 for (int i = 0; i <= dep; i++) {
322 |                     pStr.append('\t');
323 |                 }
324 |                 System.out.println(pStr.append(t.getLogTemplate()));
325 |             }
326 |         }
327 |         for (Map.Entry<String, Node> entry : node.getChildD().entrySet())
328 |             printTree(entry.getValue(), dep + 1);
329 |     }
330 | 
331 |     Map<String, String> saveTemplate(Node node, int dep, Map<String, String> map) {
332 |         if (node.getDepth() == 1 && node.getDigitOrtoken().equals("1")) {
333 |             for (Map.Entry<String, Node> entry : node.getChildD().entrySet()) {
334 |                 List<LogCluster> lg = entry.getValue().getChildLG();
335 |                 for (LogCluster t : lg) {
336 |                     String template = String.join(" ", t.getLogTemplate());
337 |                     map.put(getHash(template), template);
338 |                 }
339 |             }
340 |         }
341 |         if (node.getDepth() == depth + 1) {
342 |             List<LogCluster> lg = node.getChildLG();
343 |             for (LogCluster t : lg) {
344 |                 String template = String.join(" ", t.getLogTemplate());
345 |                 map.put(getHash(template), template);
346 |             }
347 |         }
348 |         for (Map.Entry<String, Node> entry : node.getChildD().entrySet())
349 |             map = saveTemplate(entry.getValue(), dep + 1, map);
350 |         return map;
351 |     }
352 | }
353 | 


--------------------------------------------------------------------------------
/src/main/java/faultdiagnosis/FaultDiagnosisMode2.java:
--------------------------------------------------------------------------------
  1 | package faultdiagnosis;
  2 | 
  3 | import TCFGmodel.TCFG;
  4 | import TCFGmodel.TCFGUtil;
  5 | import dao.MysqlUtil;
  6 | import humanfeedback.SuspiciousRegionMonitor;
  7 | import org.apache.flink.api.common.state.ValueState;
  8 | import org.apache.flink.api.common.state.ValueStateDescriptor;
  9 | import org.apache.flink.api.java.tuple.Tuple7;
 10 | import org.apache.flink.api.java.utils.ParameterTool;
 11 | import org.apache.flink.configuration.Configuration;
 12 | import org.apache.flink.streaming.api.functions.windowing.ProcessWindowFunction;
 13 | import org.apache.flink.streaming.api.windowing.windows.TimeWindow;
 14 | import org.apache.flink.util.Collector;
 15 | import workflow.Config;
 16 | 
 17 | import java.util.ArrayList;
 18 | import java.util.Iterator;
 19 | import java.util.List;
 20 | import java.util.Map;
 21 | 
 22 | //Fault Diagnosis with Sequence anomaly, Redundancy anomaly and latency anomaly
 23 | public class FaultDiagnosisMode2 implements FaultDiagnosis{
 24 | 
 25 |     public static class FaultDiagnosisProcess extends ProcessWindowFunction<Tuple7<String, String, String, String, String, String, String>, String, String, TimeWindow> {
 26 | 
 27 |         private ValueState<TCFG> tcfgValueState;
 28 |         private ValueState<TCFGUtil.counter> counterValueState;
 29 |         private ValueState<Integer> countValueState;
 30 | 
 31 |         private List<Tuple7> getTimeWindowLogList(long startTime, List<Tuple7> logList) {
 32 |             List<Tuple7> timeWindowLogList = new ArrayList();
 33 |             for (Tuple7 tuple: logList) {
 34 |                 if (Long.parseLong((String)tuple.f0)>startTime) {
 35 |                     timeWindowLogList.add(tuple);
 36 |                 }
 37 |             }
 38 |             return timeWindowLogList;
 39 |         }
 40 | 
 41 |         @Override
 42 |         public void process(String s, Context context, Iterable<Tuple7<String, String, String, String, String, String, String>> input, Collector<String> out) throws Exception {
 43 |             ParameterTool parameterTool = ParameterTool.fromMap(Config.parameter);
 44 |             long slidingWindowStep = parameterTool.getLong("slidingWindowStep");
 45 |             TCFGUtil tcfgUtil = new TCFGUtil();
 46 |             TCFG tempTcfgValueState = tcfgValueState.value();
 47 |             //Initialize TCFG and counter
 48 |             if (tempTcfgValueState == null || Config.valueStates.get("tcfgValueState") == 1) {
 49 |                 tempTcfgValueState = tcfgUtil.getTCFGFromMemory();
 50 |                 tcfgValueState.update(tempTcfgValueState);
 51 |                 Config.valueStates.put("tcfgValueState",0);
 52 |             }
 53 |             TCFGUtil.counter counter = counterValueState.value();
 54 |             if (counter == null) {
 55 |                 counter = new TCFGUtil().new counter();
 56 |                 counterValueState.update(counter);
 57 |             }
 58 | 
 59 |             Integer count = countValueState.value();
 60 |             if (count == null) {
 61 |                 count = 0;
 62 |                 countValueState.update(count);
 63 |             }
 64 | 
 65 |             //Update tempTcfgValueState from share memory
 66 |             if (counter.modResult(parameterTool.getInt("TCFGReadInterval")) == 0) {
 67 |                 try {
 68 |                     tempTcfgValueState = tcfgUtil.getTCFGFromMemory();
 69 |                     tcfgValueState.update(tempTcfgValueState);
 70 |                 } catch (Exception e) {
 71 |                     System.out.println("get TCFG failure: " + e);
 72 |                 }
 73 |             }
 74 |             counterValueState.update(counter);
 75 |             int detectionFlag = tcfgUtil.getDetectionFlag();
 76 |             if (detectionFlag == 1) {
 77 |                 //Start Failure Diagnosis Process
 78 |                 Iterator<Tuple7<String, String, String, String, String, String, String>> iter = input.iterator();
 79 |                 List<Tuple7> tempList = new ArrayList<>();
 80 |                 FaultDiagnosis faultDiagnosis = new FaultDiagnosisMode2();
 81 |                 MysqlUtil mysqlUtil = new MysqlUtil();
 82 |                 while (iter.hasNext()) {
 83 |                     Tuple7 in = iter.next();
 84 |                     long inTime = Long.parseLong((String) in.f0);
 85 |                     tempList.add(in);
 86 |                     tempList = TCFGUtil.deleteReplica(tempList);
 87 |                     if (inTime - context.window().getStart() > slidingWindowStep) {
 88 |                         List<Tuple7> slidingWindowList = getTimeWindowLogList(inTime - slidingWindowStep, tempList);
 89 | 
 90 |                         Anomaly anomaly = faultDiagnosis.faultDiagnosisProcess(tempTcfgValueState, slidingWindowList);
 91 |                         if (anomaly != null) {
 92 |                             //set anomaly to Suspicious State
 93 |                             if (anomaly.getAnomalyType() == "Latency") {
 94 |                                 SuspiciousRegionMonitor.suspiciousRegion.latencyAnomalyQueue.offer(anomaly);
 95 |                             }
 96 |                             if (anomaly.getAnomalyType() == "Redundancy") {
 97 |                                 SuspiciousRegionMonitor.suspiciousRegion.redundancyAnomalyQueue.offer(anomaly);
 98 |                             }
 99 |                             System.out.println(anomaly.getAnomalyType());
100 |                             System.out.println(anomaly.getAnomalyLogId());
101 |                             System.out.println(anomaly.getAnomalyLogList());
102 |                             count ++;
103 |                             System.out.println(count);
104 |                             //store and output anomalies
105 |                             //mysqlUtil.insertAnomaly(anomaly);
106 |                         }
107 |                     }
108 |                 }
109 |                 countValueState.update(count);
110 |             }
111 |         }
112 | 
113 |         @Override
114 |         public void open(Configuration parameters) throws Exception {
115 |             ValueStateDescriptor<TCFG> descriptor1 =
116 |                     new ValueStateDescriptor<>(
117 |                             "tcfgValueState", // the state name
118 |                             TCFG.class // type information
119 |                     );
120 |             tcfgValueState = getRuntimeContext().getState(descriptor1);
121 | 
122 |             ValueStateDescriptor<TCFGUtil.counter> descriptor2 =
123 |                     new ValueStateDescriptor<>(
124 |                             "counterValueState", // the state name
125 |                             TCFGUtil.counter.class // type information
126 |                     );
127 |             counterValueState = getRuntimeContext().getState(descriptor2);
128 | 
129 |             ValueStateDescriptor<Integer> descriptor3 =
130 |                     new ValueStateDescriptor<>(
131 |                             "countValueState", // the state name
132 |                             Integer.class // type information
133 |                     );
134 |             countValueState = getRuntimeContext().getState(descriptor3);
135 | 
136 |             super.open(parameters);
137 |         }
138 | 
139 |         @Override
140 |         public void close() throws Exception {
141 |             super.close();
142 |         }
143 |     }
144 | 
145 |     @Override
146 |     public List<Tuple7> detectSuspiciousRequest(TCFG tcfg, List<Tuple7> tempList) {
147 |         List<Tuple7> suspiciousRequest = new ArrayList<>();
148 |         while (tempList.size() != 0) {
149 |             boolean find_flag = false;
150 |             for (int i=0; i< tcfg.getEdges().size(); i++) {
151 |                 String inNodeId = tcfg.getEdges().get(i).getIn_node().getNode_id();
152 |                 String outNodeId = tcfg.getEdges().get(i).getOut_node().getNode_id();
153 |                 if (tempList.get(tempList.size()-1).f6.equals(outNodeId)) {
154 |                     for (int j = tempList.size()-2; j >= 0; j--) {
155 |                         if (tempList.get(j).f6.equals(inNodeId)) {
156 |                             if (!suspiciousRequest.contains(tempList.get(tempList.size()-1))) {
157 |                                 suspiciousRequest.add(tempList.get(tempList.size()-1));
158 |                             }
159 |                             if (!suspiciousRequest.contains(tempList.get(j))) {
160 |                                 suspiciousRequest.add(tempList.get(j));
161 |                             }
162 | 
163 |                             for (int k = tempList.size()-1; k >= 0; k--) {
164 |                                 if (k == j) {
165 |                                     break;
166 |                                 }
167 |                                 tempList.remove(k);
168 |                                 find_flag = true;
169 |                             }
170 |                             break;
171 |                         }
172 |                     }
173 |                     break;
174 |                 }
175 |             }
176 |             if (!find_flag) {
177 |                 tempList.remove(tempList.size() - 1);
178 |             }
179 |         }
180 |         List<Tuple7> suspiciousRequestReverse = new ArrayList<>();
181 |         for (int i = suspiciousRequest.size()-1 ; i >= 0 ; i --) {
182 |             suspiciousRequestReverse.add(suspiciousRequest.get(i));
183 |         }
184 |         return suspiciousRequestReverse;
185 |     }
186 | 
187 |     @Override
188 |     public double calProbability(double ti, double tj, double alphaji, long timeWindow, long delta) {
189 |         return 0;
190 |     }
191 | 
192 |     @Override
193 |     public double calProbabilityOfCurrentEntry(List<Tuple7> logList, Map<String, Map<String, Double>> paramMatrix, long timeWindow, long delta) {
194 |         return 0;
195 |     }
196 | 
197 |     @Override
198 |     public Anomaly faultDiagnosisProcess (TCFG tcfg, List<Tuple7> tempList) {
199 |         Tuple7 latestNode = tempList.get(tempList.size()-1);
200 |         List<String> tempListId = new ArrayList<>();
201 |         for (Tuple7 node: tempList) {
202 |             tempListId.add((String)node.f6);
203 |         }
204 |         tempListId.remove(tempListId.size()-1);
205 | //        if (latestNode.f6.equals("f80a2e40")||latestNode.f6.equals("4e81c689")|| latestNode.f6.equals("3a294bba") || latestNode.f6.equals("c1be6b3b") || latestNode.f6.equals("f254962d") || latestNode.f6.equals("4e0d8acb") || latestNode.f6.equals("8b232782") || latestNode.f6.equals("172d727c") ||latestNode.f6.equals("4fe6a4f8") || latestNode.f6.equals("36fbaa86") || latestNode.f6.equals("5e9cb693") || latestNode.f6.equals("f5ffd670") || latestNode.f6.equals("3872f636") || latestNode.f6.equals("1ffd3268")) {
206 | //            return null;
207 | //        }
208 | //        if (latestNode.f3.toString().contains("[CheckCpu]")||latestNode.f3.toString().startsWith("send")||latestNode.f3.toString().startsWith("Send")||latestNode.f3.toString().contains("success")||latestNode.f3.toString().contains("SUCC")||latestNode.f3.toString().contains("succ")||latestNode.f3.toString().contains("OK")||latestNode.f3.toString().contains("Start")||latestNode.f6.equals("58823732")||latestNode.f6.equals("b51faa17")||latestNode.f6.equals("d68f2498")||latestNode.f6.equals("c4d253a2")||latestNode.f6.equals("89165d37")||latestNode.f6.equals("88234ff9")||latestNode.f6.equals("caeb21e1")
209 | //        ||latestNode.f6.equals("8703810f")||latestNode.f6.equals("9d3aaef1")||latestNode.f6.equals("bcdb661f")||latestNode.f6.equals("86bfa606")||latestNode.f6.equals("b00c60d3")||latestNode.f6.equals("223cd98b")||latestNode.f6.equals("3e9c7d41")||latestNode.f6.equals("58750f7e")||latestNode.f6.equals("b639cfc5")||latestNode.f6.equals("84cd6aa2")||latestNode.f6.equals("1711e72b")||latestNode.f6.equals("54ae584d")||latestNode.f6.equals("73b4fe33")||latestNode.f6.equals("f99dedd9")||latestNode.f6.equals("e7e3bfe4")||latestNode.f6.equals("59f094d4")||latestNode.f6.equals("ab2c0027")) {
210 | //            //ZTE swm log data filtering
211 | //            return null;
212 | //        }
213 | //        if (latestNode.f6.equals("98cda747")||latestNode.f6.equals("d65e5b28")|| latestNode.f6.equals("1b82b726") || latestNode.f6.equals("84e947d0") || latestNode.f6.equals("8b67a5e2") || latestNode.f6.equals("aa98eebb") || latestNode.f6.equals("3a65eb9d") || latestNode.f6.equals("4afb704a") ||latestNode.f6.equals("e38c835d") || latestNode.f6.equals("cf5afd05") || latestNode.f6.equals("b992222b") || latestNode.f6.equals("efa98ab9")) {
214 | //            //ZTE OpenStack log data
215 | //            return null;
216 | //        }
217 |         //Redundancy Anomaly
218 |         boolean redundancy_flag = true;
219 |         for (int i=0; i< tcfg.getNodes().size(); i++) {
220 |             if (latestNode.f6.equals(tcfg.getNodes().get(i).getNode_id())) {
221 |                 redundancy_flag = false;
222 |                 break;
223 |             }
224 |         }
225 |         if (redundancy_flag) {
226 |             Anomaly anomaly = new Anomaly((String) latestNode.f6,latestNode,tempList,tempList,"Redundancy");
227 |             return anomaly;
228 |         }
229 |         //Sequence Anomaly
230 |         boolean is_latency = false;
231 |         boolean is_single_node = true;
232 |         if (tempListId.size() < 2) {
233 |             return null;
234 |         }
235 |         for (int i=0; i< tcfg.getEdges().size(); i++) {
236 |             String inNodeId = tcfg.getEdges().get(i).getIn_node().getNode_id();
237 |             String outNodeId = tcfg.getEdges().get(i).getOut_node().getNode_id();
238 |             long timeWeight = tcfg.getEdges().get(i).getTime_weight();
239 | 
240 |             if (outNodeId.equals(latestNode.f6)) {
241 |                 is_single_node = false;
242 |                 if (tempListId.contains(inNodeId)) {
243 |                     if ((Long.parseLong((String)latestNode.f0)- Long.parseLong((String)tempList.get(tempListId.indexOf(inNodeId)).f0)) <= timeWeight) {
244 |                         return null;
245 |                     }else {
246 |                         is_latency = true;
247 |                     }
248 |                 }
249 |             }
250 |         }
251 |         //latency anomaly
252 |         if (is_latency) {
253 |             List<Tuple7> tempList_l = new ArrayList<>();
254 |             for (Tuple7 tuple: tempList) {
255 |                 tempList_l.add(tuple);
256 |             }
257 |             Anomaly anomaly = new Anomaly((String) latestNode.f6,latestNode,tempList,detectSuspiciousRequest(tcfg,tempList_l),"Latency");
258 |             return anomaly;
259 |         }
260 | 
261 |         //filter single node
262 |         if (is_single_node) {
263 |             return null;
264 |         }
265 | 
266 |         List<Tuple7> tempList_l = new ArrayList<>();
267 |         for (Tuple7 tuple: tempList) {
268 |             tempList_l.add(tuple);
269 |         }
270 |         List<Tuple7> suspiciousRequest = detectSuspiciousRequest(tcfg,tempList_l);
271 |         suspiciousRequest.add(tempList.get(tempList.size()-1));
272 |         Anomaly anomaly = new Anomaly((String) latestNode.f6,latestNode,tempList,suspiciousRequest,"Sequence");
273 |         return anomaly;
274 |     }
275 | 
276 |     public Anomaly interruptionFaultDiagnosisProcess (TCFG tcfg, Tuple7 lastNode) {
277 |         for (int i = 0; i < tcfg.getEdges().size(); i++) {
278 |             String inNodeId = tcfg.getEdges().get(i).getIn_node().getNode_id();
279 |             if (inNodeId.equals(lastNode.f6)) {
280 |                 Anomaly anomaly = new Anomaly((String) lastNode.f6,lastNode,null,null,"Interruption");
281 |                 return anomaly;
282 |             }
283 |         }
284 |         return null;
285 |     }
286 | }
287 | 


--------------------------------------------------------------------------------
/src/main/java/dao/MysqlUtil.java:
--------------------------------------------------------------------------------
  1 | package dao;
  2 | 
  3 | import com.alibaba.fastjson.JSON;
  4 | import faultdiagnosis.Anomaly;
  5 | import org.apache.flink.api.java.tuple.Tuple7;
  6 | import org.apache.flink.api.java.utils.ParameterTool;
  7 | import org.slf4j.Logger;
  8 | import org.slf4j.LoggerFactory;
  9 | import workflow.Config;
 10 | 
 11 | import java.sql.*;
 12 | import java.text.SimpleDateFormat;
 13 | import java.util.ArrayList;
 14 | import java.util.List;
 15 | import java.util.Map;
 16 | import java.util.TimeZone;
 17 | 
 18 | public class MysqlUtil {
 19 | 
 20 |     // MySQL 8.0 以上版本 - JDBC 驱动名及数据库 URL
 21 |     static final String JDBC_DRIVER = "com.mysql.cj.jdbc.Driver";
 22 |     static ParameterTool parameter;
 23 |     static String connectionString;
 24 |     private static final Logger LOG = LoggerFactory.getLogger(MysqlUtil.class);
 25 | 
 26 |     static {
 27 |         parameter = ParameterTool.fromMap(Config.parameter);
 28 |         String database = parameter.get("database");
 29 |         String databaseUrl = parameter.get("databaseUrl");
 30 |         connectionString = "jdbc:mysql://" + databaseUrl + "/" + database + "?useSSL=false&serverTimezone=UTC&allowPublicKeyRetrieval=true";
 31 |     }
 32 | 
 33 | 
 34 |     private String StamptoTime(String time, String pattern) {
 35 |         SimpleDateFormat formatter = new SimpleDateFormat(pattern);
 36 |         formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
 37 |         time = formatter.format(Long.valueOf(time));
 38 |         return time;
 39 |     }
 40 | 
 41 |     public void createAnomalyLogTable() {
 42 |         try {
 43 |             LOG.info("begin createAnomalyLogTable...");
 44 |             Class.forName(JDBC_DRIVER);
 45 |             Connection dbConnection = DriverManager.getConnection(connectionString, parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
 46 |             String createTableSQL = "CREATE TABLE IF NOT EXISTS anomaly_log("
 47 |                     + "id INT(11) PRIMARY KEY NOT NULL AUTO_INCREMENT, "
 48 |                     + "timestart VARCHAR(100) NOT NULL, "
 49 |                     + "timeend VARCHAR(100) NOT NULL, "
 50 |                     + "unixtimestart VARCHAR(15) NOT NULL, "
 51 |                     + "unixtimeend VARCHAR(15) NOT NULL, "
 52 |                     + "level VARCHAR(20), "
 53 |                     + "component VARCHAR(500), "
 54 |                     + "content TEXT, "
 55 |                     + "template TEXT, "
 56 |                     + "paramlist TEXT, "
 57 |                     + "eventid VARCHAR(200), "
 58 |                     + "anomalylogs TEXT, "
 59 |                     + "anomalyrequest TEXT, "
 60 |                     + "anomalywindow VARCHAR(200), "
 61 |                     + "anomalytype VARCHAR(10), "
 62 |                     + "anomalytemplates VARCHAR(500), "
 63 |                     + "logsequence_json TEXT, "
 64 |                     + "tagged BOOLEAN"
 65 |                     + ")";
 66 |             PreparedStatement preparedStatement = dbConnection.prepareStatement(createTableSQL);
 67 |             preparedStatement.executeUpdate();
 68 |             preparedStatement.close();
 69 |             dbConnection.close();
 70 |             LOG.info("createAnomalyLogTable finished...");
 71 |         } catch (Exception e) {
 72 |             e.printStackTrace();
 73 |         }
 74 | 
 75 |     }
 76 | 
 77 |     public void createTCFGTable() {
 78 |         try {
 79 |             LOG.info("begin createTCFGTable...");
 80 |             Class.forName(JDBC_DRIVER);
 81 |             Connection dbConnection = DriverManager.getConnection(connectionString, parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
 82 |             String createTableSQL = "CREATE TABLE IF NOT EXISTS tcfg(id INT(11) PRIMARY KEY NOT NULL,TCFG_json LONGTEXT)";
 83 |             PreparedStatement preparedStatement = dbConnection.prepareStatement(createTableSQL);
 84 |             preparedStatement.executeUpdate();
 85 |             preparedStatement.close();
 86 |             String insertTCFGSQL = "insert into tcfg (id,TCFG_json) values(1,null) ON DUPLICATE KEY UPDATE TCFG_json=null";
 87 |             PreparedStatement preparedStatement1 = dbConnection.prepareStatement(insertTCFGSQL);
 88 |             preparedStatement1.executeUpdate();
 89 |             preparedStatement1.close();
 90 |             dbConnection.close();
 91 |             LOG.info("createTCFGTable finished...");
 92 |         } catch (Exception e) {
 93 |             e.printStackTrace();
 94 |         }
 95 | 
 96 |     }
 97 | 
 98 |     public void updateTCFG(String tcfg) {
 99 |         Connection conn = null;
100 |         Statement stmt = null;
101 |         PreparedStatement ps = null;
102 |         try {
103 |             // 注册 JDBC 驱动
104 |             Class.forName(JDBC_DRIVER);
105 |             // 打开链接
106 |             conn = DriverManager.getConnection(connectionString, parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
107 |             // 执行查询
108 |             stmt = conn.createStatement();
109 |             String sql = "update tcfg set TCFG_json = ? where id=1";
110 |             ps = conn.prepareStatement(sql);
111 |             ps.setString(1, tcfg);
112 |             //update database
113 |             ps.executeUpdate();
114 | 
115 |             // 完成后关闭
116 |             stmt.close();
117 |             conn.close();
118 |         } catch (Exception e) {
119 |             e.printStackTrace();
120 |         } finally {
121 |             try {
122 |                 if (stmt != null) stmt.close();
123 |             } catch (SQLException se2) {
124 |             }
125 |             try {
126 |                 if (conn != null) conn.close();
127 |             } catch (SQLException se) {
128 |                 se.printStackTrace();
129 |             }
130 |         }
131 | 
132 |     }
133 | 
134 |     public String getTCFG() {
135 |         Connection conn = null;
136 |         Statement stmt = null;
137 |         PreparedStatement ps = null;
138 |         try {
139 |             // 注册 JDBC 驱动
140 |             Class.forName(JDBC_DRIVER);
141 |             // 打开链接
142 |             conn = DriverManager.getConnection(connectionString, parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
143 |             // 执行查询
144 |             stmt = conn.createStatement();
145 |             String sql = "select TCFG_json from tcfg where id=1";
146 |             ps = conn.prepareStatement(sql);
147 |             ResultSet rs = ps.executeQuery();
148 |             String res = "";
149 |             while (rs.next()) {
150 |                 res = rs.getString(1);
151 |             }
152 |             // 完成后关闭
153 |             stmt.close();
154 |             conn.close();
155 |             return res;
156 |         } catch (Exception e) {
157 |             e.printStackTrace();
158 |         } finally {
159 |             try {
160 |                 if (stmt != null) stmt.close();
161 |             } catch (SQLException se2) {
162 |             }
163 |             try {
164 |                 if (conn != null) conn.close();
165 |             } catch (SQLException se) {
166 |                 se.printStackTrace();
167 |             }
168 |         }
169 |         return null;
170 |     }
171 | 
172 |     public List<AnomalyJSON> getAnomalies() {
173 |         Connection conn = null;
174 |         Statement stmt = null;
175 |         PreparedStatement ps = null;
176 |         List<AnomalyJSON> res = new ArrayList<>();
177 |         try {
178 |             // 注册 JDBC 驱动
179 |             Class.forName(JDBC_DRIVER);
180 |             // 打开链接
181 |             conn = DriverManager.getConnection(connectionString, parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
182 |             // 执行查询
183 |             stmt = conn.createStatement();
184 |             String sql = "select id,timestart,timeend,unixtimestart,unixtimeend,level,component,content,template,paramlist,eventid,anomalylogs,anomalyrequest,anomalywindow,anomalytype,anomalytemplates from anomaly_log";
185 |             ps = conn.prepareStatement(sql);
186 |             ResultSet rs = ps.executeQuery();
187 | 
188 |             while (rs.next()) {
189 |                 AnomalyJSON json = new AnomalyJSON(
190 |                         Integer.parseInt(rs.getString(1)),
191 |                         rs.getString(2),
192 |                         rs.getString(3),
193 |                         rs.getString(4),
194 |                         rs.getString(5),
195 |                         rs.getString(6),
196 |                         rs.getString(7),
197 |                         rs.getString(8),
198 |                         rs.getString(9),
199 |                         rs.getString(10),
200 |                         rs.getString(11),
201 |                         rs.getString(12),
202 |                         rs.getString(13),
203 |                         rs.getString(14),
204 |                         rs.getString(15),
205 |                         rs.getString(16)
206 |                 );
207 |                 res.add(json);
208 |             }
209 |             // 完成后关闭
210 |             stmt.close();
211 |             conn.close();
212 |             return res;
213 |         } catch (Exception e) {
214 |             e.printStackTrace();
215 |         } finally {
216 |             try {
217 |                 if (stmt != null) stmt.close();
218 |             } catch (SQLException se2) {
219 |             }
220 |             try {
221 |                 if (conn != null) conn.close();
222 |             } catch (SQLException se) {
223 |                 se.printStackTrace();
224 |             }
225 |         }
226 |         return null;
227 |     }
228 | 
229 | 
230 |     public void insertAnomaly(Anomaly anomaly) {
231 |         Connection conn = null;
232 |         Statement stmt = null;
233 |         PreparedStatement ps = null;
234 |         try {
235 |             // 注册 JDBC 驱动
236 |             Class.forName(JDBC_DRIVER);
237 |             // 打开链接
238 |             conn = DriverManager.getConnection(connectionString, parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
239 |             // 执行查询
240 |             stmt = conn.createStatement();
241 |             String sql = "insert into anomaly_log (timestart,timeend,unixtimestart,unixtimeend,level,component,content,template,paramlist,eventid,anomalylogs,anomalyrequest,anomalywindow,anomalytype,anomalytemplates, logsequence_json) values(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
242 |             ps = conn.prepareStatement(sql);
243 |             List anomalylogslist = anomaly.getAnomalyLogList();
244 |             String anomalytype = anomaly.getAnomalyType();
245 |             Tuple7 logcontent = anomaly.getAnomalyLog();
246 |             List anomalyrequestlist = anomaly.getSuspectedAnomalyRequest();
247 |             String unixtimestart = (String) anomaly.getAnomalyLogList().get(0).f0;
248 |             String timestart = StamptoTime(unixtimestart, "HH:mm:ss:SSS");
249 |             String unixtimeend = (String) logcontent.f0;
250 |             String timeend = StamptoTime(unixtimeend, "HH:mm:ss:SSS");
251 |             String level = (String) logcontent.f1;
252 |             String component = (String) logcontent.f2;
253 |             String content = (String) logcontent.f3;
254 |             String template = (String) logcontent.f4;
255 |             String paramlist = (String) logcontent.f5;
256 |             String eventid = (String) logcontent.f6;
257 |             String anomalylogs = "";
258 |             for (Object templog : anomalylogslist) {
259 |                 Tuple7 log = (Tuple7) templog;
260 |                 anomalylogs = anomalylogs + log.f3 + '\n';
261 |             }
262 |             String anomalyrequest = "";
263 |             for (Object templog : anomalyrequestlist) {
264 |                 Tuple7 log = (Tuple7) templog;
265 |                 anomalyrequest = anomalyrequest + log.f3 + '\n';
266 |             }
267 |             String anomalyrequesttemplates = "";
268 |             for (Object templog : anomalyrequestlist) {
269 |                 Tuple7 log = (Tuple7) templog;
270 |                 anomalyrequesttemplates = anomalyrequesttemplates + log.f6 + '\n';
271 |             }
272 |             String anomalywindow = "";
273 |             String logsequence_json = JSON.toJSONString(anomaly);
274 |             ps.setString(1, timestart);
275 |             ps.setString(2, timeend);
276 |             ps.setString(3, unixtimestart);
277 |             ps.setString(4, unixtimeend);
278 |             ps.setString(5, level);
279 |             ps.setString(6, component);
280 |             ps.setString(7, content);
281 |             ps.setString(8, template);
282 |             ps.setString(9, paramlist);
283 |             ps.setString(10, eventid);
284 |             ps.setString(11, anomalylogs);
285 |             ps.setString(12, anomalyrequest);
286 |             ps.setString(13, anomalywindow);
287 |             ps.setString(14, anomalytype);
288 |             ps.setString(15, anomalyrequesttemplates);
289 |             ps.setString(16, logsequence_json);
290 |             //ps.executeUpdate();
291 | 
292 |             // 完成后关闭
293 |             stmt.close();
294 |             conn.close();
295 |         } catch (Exception e) {
296 |             e.printStackTrace();
297 |         } finally {
298 |             try {
299 |                 if (stmt != null) stmt.close();
300 |             } catch (SQLException se2) {
301 |             }
302 |             try {
303 |                 if (conn != null) conn.close();
304 |             } catch (SQLException se) {
305 |                 se.printStackTrace();
306 |             }
307 |         }
308 |     }
309 | 
310 |     public Anomaly getAnomalyByID(int id) {
311 |         Connection conn = null;
312 |         Statement stmt = null;
313 |         PreparedStatement ps = null;
314 |         try {
315 |             // 注册 JDBC 驱动
316 |             Class.forName(JDBC_DRIVER);
317 |             // 打开链接
318 |             conn = DriverManager.getConnection(connectionString, parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
319 |             // 执行查询
320 |             stmt = conn.createStatement();
321 |             String sql = "SELECT logsequence_json FROM anomaly_log WHERE id = ?";
322 |             ps = conn.prepareStatement(sql);
323 |             ps.setInt(1, id);
324 |             ResultSet rs = ps.executeQuery();
325 |             while (rs.next()) {
326 |                 return JSON.parseObject(rs.getString(1), Anomaly.class);
327 |             }
328 |             // 完成后关闭
329 |             rs.close();
330 |             stmt.close();
331 |             conn.close();
332 |         } catch (Exception e) {
333 |             e.printStackTrace();
334 |         } finally {
335 |             try {
336 |                 if (stmt != null) stmt.close();
337 |             } catch (SQLException se2) {
338 |             }
339 |             try {
340 |                 if (conn != null) conn.close();
341 |             } catch (SQLException se) {
342 |                 se.printStackTrace();
343 |             }
344 |         }
345 |         return null;
346 |     }
347 | 
348 |     public String getFailureTypeByFaultId(String faultId) {
349 |         Connection conn = null;
350 |         Statement stmt = null;
351 |         PreparedStatement ps = null;
352 |         try {
353 |             // 注册 JDBC 驱动
354 |             Class.forName(JDBC_DRIVER);
355 |             // 打开链接
356 |             conn = DriverManager.getConnection(connectionString, parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
357 |             // 执行查询
358 |             stmt = conn.createStatement();
359 |             String sql = "SELECT failure_type FROM injection_record_hadoop WHERE fault_id = ?";
360 |             ps = conn.prepareStatement(sql);
361 |             ps.setString(1, faultId);
362 |             ResultSet rs = ps.executeQuery();
363 |             while (rs.next()) {
364 |                 String faultType = rs.getString(1);
365 |                 return faultType;
366 |             }
367 |             // 完成后关闭
368 |             rs.close();
369 |             stmt.close();
370 |             conn.close();
371 |         } catch (Exception e) {
372 |             e.printStackTrace();
373 |         } finally {
374 |             try {
375 |                 if (stmt != null) stmt.close();
376 |             } catch (SQLException se2) {
377 |             }
378 |             try {
379 |                 if (conn != null) conn.close();
380 |             } catch (SQLException se) {
381 |                 se.printStackTrace();
382 |             }
383 |         }
384 |         return null;
385 |     }
386 | 
387 |     public String getActiviatFlagByFaultId(String faultId) {
388 |         Connection conn = null;
389 |         Statement stmt = null;
390 |         PreparedStatement ps = null;
391 |         try {
392 |             // 注册 JDBC 驱动
393 |             Class.forName(JDBC_DRIVER);
394 |             // 打开链接
395 |             conn = DriverManager.getConnection(connectionString, parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
396 |             // 执行查询
397 |             stmt = conn.createStatement();
398 |             String sql = "SELECT activated FROM injection_record_hadoop WHERE fault_id = ?";
399 |             ps = conn.prepareStatement(sql);
400 |             ps.setString(1, faultId);
401 |             ResultSet rs = ps.executeQuery();
402 |             while (rs.next()) {
403 |                 String faultType = rs.getString(1);
404 |                 return faultType;
405 |             }
406 |             // 完成后关闭
407 |             rs.close();
408 |             stmt.close();
409 |             conn.close();
410 |         } catch (Exception e) {
411 |             e.printStackTrace();
412 |         } finally {
413 |             try {
414 |                 if (stmt != null) stmt.close();
415 |             } catch (SQLException se2) {
416 |             }
417 |             try {
418 |                 if (conn != null) conn.close();
419 |             } catch (SQLException se) {
420 |                 se.printStackTrace();
421 |             }
422 |         }
423 |         return null;
424 |     }
425 | 
426 |     public void insertTemplate(Map<String, String> map) {
427 |         Connection conn;
428 |         PreparedStatement ps;
429 |         try {
430 |             Class.forName(JDBC_DRIVER);
431 |             conn = DriverManager.getConnection(connectionString + "&rewriteBatchedStatements=true", parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
432 |             String sql = "INSERT INTO template_log (id, template, number) VALUES(?,?,1) ON DUPLICATE KEY UPDATE number=number+1";
433 |             ps = conn.prepareStatement(sql);
434 |             for (Map.Entry<String, String> m : map.entrySet()) {
435 |                 ps.setString(1, m.getKey());
436 |                 ps.setString(2, m.getValue());
437 |                 ps.addBatch();
438 |             }
439 |             ps.executeBatch();
440 |             conn.close();
441 |         } catch (Exception e) {
442 |             e.printStackTrace();
443 |         }
444 |     }
445 | 
446 |     public void truncateTables() {
447 |         try {
448 |             Class.forName(JDBC_DRIVER);
449 |             Connection dbConnection = DriverManager.getConnection(connectionString, parameter.get("mysqlUser"), parameter.get("mysqlPassword"));
450 |             String createTableSQL = "TRUNCATE table anomaly_log";
451 |             PreparedStatement preparedStatement = dbConnection.prepareStatement(createTableSQL);
452 |             preparedStatement.executeUpdate();
453 |             preparedStatement.close();
454 |             String insertTCFGSQL = "insert into tcfg (id,TCFG_json) values(1,null) ON DUPLICATE KEY UPDATE TCFG_json=null";
455 |             PreparedStatement preparedStatement1 = dbConnection.prepareStatement(insertTCFGSQL);
456 |             preparedStatement1.executeUpdate();
457 |             preparedStatement1.close();
458 |             dbConnection.close();
459 |         } catch (Exception e) {
460 |             e.printStackTrace();
461 |         }
462 |     }
463 | 
464 | }
465 | 


--------------------------------------------------------------------------------